Jump to content

Recommended Posts

Hello,

Yesterday I managed to come down with an ugly mass of malware including Smart Fortress 2012. I downloaded MalwareBytes which thankfully got my computer running again, but is still giving me repeated warnings about blocking Rootkit 0Access.H. Everytime I scan, I find another bunch of the rootkits. Here are my DDS logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sophia at 23:37:53 on 2012-04-30

Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.80 [GMT -7:00]

.

AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\windows\system32\Dwm.exe

C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe

C:\windows\Explorer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Winamp\winampa.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\windows\System32\spoolsv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE

C:\Windows\System32\AsusService.exe

C:\Program Files\EeePC\SHE\SuperHybridEngine.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\EeePC\HotkeyService\HotkeyService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\taskhost.exe

C:\Users\Sophia\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\windows\system32\conhost.exe

C:\Program Files\Opera\opera.exe

C:\windows\system32\conhost.exe

C:\windows\system32\msiexec.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\NOTEPAD.EXE

C:\windows\system32\conhost.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe

uRun: [googletalk] c:\users\sophia\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe

mRun: [superHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe

mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Conime] %windir%\system32\conime.exe

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

StartupFolder: c:\users\sophia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey~1.lnk - c:\program files\eeepc\hotkeyservice\HotKeyMon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{b8a2256e-6225-4d9e-b1c9-c26ca1e22feb}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmchlang.lnk - c:\program files\trend micro\internet security\TmChLang.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\24C454E4A502552434 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\742796E646 : DhcpNameServer = 192.168.1.1 64.59.150.134

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\751667563734F666665656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{853186AB-46C4-45FE-B101-4168BC3608D6} : DhcpNameServer = 64.71.255.198 64.71.255.253

TCP: Interfaces\{F3DE0D00-0A55-4134-BAD8-1F1FA770FF7B} : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-5 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-5 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-5 53328]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-6 29472]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

.

=============== Created Last 30 ================

.

2012-05-01 06:32:29 388096 ----a-r- c:\users\sophia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-05-01 06:32:28 -------- d-----w- c:\program files\Trend Micro

2012-05-01 06:22:15 54016 ----a-w- c:\windows\system32\drivers\jxgc.sys

2012-04-30 15:53:45 -------- d-----w- c:\users\sophia\appdata\local\{F86687B7-AB8A-4FD4-9535-43E43B885297}

2012-04-30 15:52:36 -------- d-----w- c:\users\sophia\appdata\local\{55A5E1F2-E45A-4C22-9824-DDB986C07951}

2012-04-30 06:37:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-30 06:29:43 -------- d-----w- c:\users\sophia\appdata\local\{C2D573D6-F57C-45A5-AA3B-FC96F238D57E}

2012-04-30 05:54:23 -------- d-----w- c:\users\sophia\appdata\roaming\Malwarebytes

2012-04-30 05:53:57 -------- d-----w- c:\programdata\Malwarebytes

2012-04-30 05:53:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-30 05:53:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-30 04:19:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-30 04:19:53 -------- d-----w- c:\program files\common files\PC Tools

2012-04-30 04:19:50 -------- d-----w- c:\program files\PC Tools

2012-04-30 04:15:21 -------- d-----w- c:\programdata\PC Tools

2012-04-30 04:15:12 -------- d-----w- c:\users\sophia\appdata\roaming\TestApp

2012-04-30 04:10:29 87552 ----a-w- c:\programdata\JByNm7Ot.exe

2012-04-30 03:50:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-30 03:49:43 -------- d-----w- c:\program files\common files\Media

2012-04-30 03:49:37 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE

2012-04-27 21:01:17 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38bc171e-8ac5-4f99-8e67-a1c16fba402c}\mpengine.dll

2012-04-12 13:42:42 -------- d-----w- c:\users\sophia\appdata\local\{4790FD7E-E933-47BB-A5ED-236E5AB64449}

2012-04-11 14:13:43 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 14:13:42 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 14:13:42 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 14:13:41 158720 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 14:12:45 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 14:12:40 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-06 20:48:23 -------- d-----w- c:\users\sophia\appdata\roaming\OpenOffice.org

.

==================== Find3M ====================

.

2012-04-30 06:37:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-05 04:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-03 00:00:00 197120 ----a-w- c:\windows\system32\bzpdf.dll

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-23 17:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 23:41:04.07 ===============

Thank you very much!

Attach.txt

Link to post
Share on other sites

Hello cordelia and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall µTorrent, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Hi Maniac,

Thank you so much for your help. I have decided to try and remove the Rootkits before reformatting...I followed your instructions and attached my logs.

For the TDSSKiller, none of the three processes found could be cured so I skipped them all. I have attached the log.

For MalwareBytes, I followed your instructions and removed the one process found. Here is the log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.09

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Sophia :: JONAS-NET [administrator]

Protection: Enabled

01/05/2012 7:37:10 PM

mbam-log-2012-05-01 (19-37-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223956

Time elapsed: 17 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\System32\backupexecrpcservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

MalwareBytes has given me warnings about the following processes in the past couple hours - after I had already scanned, removed, and restarted.

C:\WINDOWS\SYSTEM32\SYMMPI.DLL

ROOTKIT.0ACCESS.H

C:\WINDOWS\SYSTEM32\VX1000.DLL

ROOTKIT.0ACCESS.H

C:\WINDOWS\SYSTEM32\CDRBSDRV.DLL

ROOTKIT.0ACCESS.H

I chose to quarantine all these files, but clearly something is still at work on my computer.

Here is the DDS log (I have attached the other one):

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sophia at 20:54:23 on 2012-05-01

Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.203 [GMT -7:00]

.

AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\windows\system32\Dwm.exe

C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe

C:\windows\Explorer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\System32\spoolsv.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\System32\AsusService.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE

C:\Program Files\EeePC\HotkeyService\HotkeyService.exe

C:\Program Files\EeePC\SHE\SuperHybridEngine.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k WindowsMobile

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\windows\system32\notepad.exe

C:\Program Files\Windows Live\Companion\companionuser.exe

C:\windows\system32\NOTEPAD.EXE

C:\windows\system32\taskmgr.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Opera\opera.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\windows\system32\conhost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\conhost.exe

C:\ProgramData\JByNm7Ot.exe

C:\windows\system32\conhost.exe

C:\ProgramData\JByNm7Ot.exe

C:\ProgramData\JByNm7Ot.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\BingBar\BingBar.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Microsoft\BingBar\BingApp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex

\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer

\SkypeIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared

\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live

\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar

\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting

\StarterHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe

uRun: [googletalk] c:\users\sophia\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe

mRun: [superHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe

mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Conime] %windir%\system32\conime.exe

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\sophia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files

\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe

\AsusVibeLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey~1.lnk - c:\program files\eeepc\hotkeyservice

\HotKeyMon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{b8a2256e-6225-

4d9e-b1c9-c26ca1e22feb}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmchlang.lnk - c:\program files\trend micro\internet

security\TmChLang.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live

\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer

\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:

\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars

\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars

\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:

\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\24C454E4A502552434 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\742796E646 : DhcpNameServer = 192.168.1.1 64.59.150.134

TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\751667563734F666665656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{853186AB-46C4-45FE-B101-4168BC3608D6} : DhcpNameServer = 64.71.255.198 64.71.255.253

TCP: Interfaces\{F3DE0D00-0A55-4134-BAD8-1F1FA770FF7B} : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery

\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-05-01 16:12:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-01 06:32:29 388096 ----a-r- c:\users\sophia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4

-12fcba4883d7}\HiJackThis.exe

2012-05-01 06:32:28 -------- d-----w- c:\program files\Trend Micro

2012-04-30 15:53:45 -------- d-----w- c:\users\sophia\appdata\local\{F86687B7-AB8A-4FD4-9535-43E43B885297}

2012-04-30 15:52:36 -------- d-----w- c:\users\sophia\appdata\local\{55A5E1F2-E45A-4C22-9824-DDB986C07951}

2012-04-30 06:37:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-30 06:29:43 -------- d-----w- c:\users\sophia\appdata\local\{C2D573D6-F57C-45A5-AA3B-FC96F238D57E}

2012-04-30 05:54:23 -------- d-----w- c:\users\sophia\appdata\roaming\Malwarebytes

2012-04-30 05:53:57 -------- d-----w- c:\programdata\Malwarebytes

2012-04-30 05:53:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-30 05:53:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-30 04:19:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-30 04:19:53 -------- d-----w- c:\program files\common files\PC Tools

2012-04-30 04:19:50 -------- d-----w- c:\program files\PC Tools

2012-04-30 04:15:21 -------- d-----w- c:\programdata\PC Tools

2012-04-30 04:15:12 -------- d-----w- c:\users\sophia\appdata\roaming\TestApp

2012-04-30 04:10:29 87552 ----a-w- c:\programdata\JByNm7Ot.exe

2012-04-30 03:50:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-30 03:49:43 -------- d-----w- c:\program files\common files\Media

2012-04-30 03:49:37 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE

2012-04-27 21:01:17 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38bc171e-8ac5-

4f99-8e67-a1c16fba402c}\mpengine.dll

2012-04-12 13:42:42 -------- d-----w- c:\users\sophia\appdata\local\{4790FD7E-E933-47BB-A5ED-236E5AB64449}

2012-04-11 14:13:43 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 14:13:42 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 14:13:42 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 14:13:41 158720 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 14:12:45 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 14:12:40 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-06 20:48:23 -------- d-----w- c:\users\sophia\appdata\roaming\OpenOffice.org

.

==================== Find3M ====================

.

2012-04-30 06:37:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-05 04:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-03 00:00:00 197120 ----a-w- c:\windows\system32\bzpdf.dll

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-23 17:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:59:14.12 ===============

Thank you very much for your help!

TDSSKiller.2.7.33.0_01.05.2012_09.07.15_log.txtAttach.txt

Link to post
Share on other sites

Hi Maniac,

I couldn't post my TDSS log because the forum kept telling me that the post was too long, or my browser would freeze when I posted it. I'll try to post it over multiple posts, then. Sorry for the inconvenience.

TDSS Log, part 1:

09:07:15.0698 1036 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

09:07:17.0609 1036 ============================================================

09:07:17.0610 1036 Current date / time: 2012/05/01 09:07:17.0609

09:07:17.0610 1036 SystemInfo:

09:07:17.0610 1036

09:07:17.0610 1036 OS Version: 6.1.7600 ServicePack: 0.0

09:07:17.0610 1036 Product type: Workstation

09:07:17.0611 1036 ComputerName: JONAS-NET

09:07:17.0611 1036 UserName: Sophia

09:07:17.0611 1036 Windows directory: C:\windows

09:07:17.0611 1036 System windows directory: C:\windows

09:07:17.0612 1036 Processor architecture: Intel x86

09:07:17.0612 1036 Number of processors: 2

09:07:17.0612 1036 Page size: 0x1000

09:07:17.0612 1036 Boot type: Normal boot

09:07:17.0612 1036 ============================================================

09:07:20.0133 1036 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:07:20.0150 1036 ============================================================

09:07:20.0150 1036 \Device\Harddisk0\DR0:

09:07:20.0151 1036 MBR partitions:

09:07:20.0151 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000

09:07:20.0151 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xF5BC800

09:07:20.0151 1036 ============================================================

09:07:20.0208 1036 C: <-> \Device\Harddisk0\DR0\Partition0

09:07:20.0311 1036 D: <-> \Device\Harddisk0\DR0\Partition1

09:07:20.0311 1036 ============================================================

09:07:20.0311 1036 Initialize success

09:07:20.0311 1036 ============================================================

09:07:44.0631 7864 ============================================================

09:07:44.0631 7864 Scan started

09:07:44.0631 7864 Mode: Manual; SigCheck; TDLFS;

09:07:44.0631 7864 ============================================================

09:07:52.0021 7864 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

09:07:54.0416 7864 1394ohci - ok

09:07:55.0095 7864 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

09:07:55.0651 7864 ACPI - ok

09:07:55.0783 7864 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

09:07:56.0279 7864 AcpiPmi - ok

09:07:58.0794 7864 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:07:58.0886 7864 AdobeFlashPlayerUpdateSvc - ok

09:07:59.0427 7864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

09:07:59.0808 7864 adp94xx - ok

09:08:01.0224 7864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

09:08:02.0482 7864 adpahci - ok

09:08:02.0813 7864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

09:08:02.0899 7864 adpu320 - ok

09:08:04.0397 7864 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll

09:08:04.0936 7864 AeLookupSvc - ok

09:08:05.0606 7864 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys

09:08:06.0042 7864 AFD - ok

09:08:06.0123 7864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

09:08:06.0265 7864 agp440 - ok

09:08:06.0494 7864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

09:08:06.0668 7864 aic78xx - ok

09:08:07.0050 7864 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe

09:08:07.0297 7864 ALG - ok

09:08:07.0473 7864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

09:08:07.0525 7864 aliide - ok

09:08:07.0575 7864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

09:08:07.0628 7864 amdagp - ok

09:08:07.0781 7864 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

09:08:07.0828 7864 amdide - ok

09:08:07.0887 7864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

09:08:08.0375 7864 AmdK8 - ok

09:08:08.0569 7864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

09:08:08.0692 7864 AmdPPM - ok

09:08:08.0911 7864 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys

09:08:09.0018 7864 amdsata - ok

09:08:09.0489 7864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

09:08:09.0568 7864 amdsbs - ok

09:08:09.0689 7864 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys

09:08:09.0798 7864 amdxata - ok

09:08:09.0931 7864 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

09:08:10.0220 7864 AppID - ok

09:08:10.0277 7864 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll

09:08:10.0979 7864 AppIDSvc - ok

09:08:12.0756 7864 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll

09:08:13.0727 7864 Appinfo - ok

09:08:14.0317 7864 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

09:08:14.0424 7864 Apple Mobile Device - ok

09:08:14.0673 7864 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

09:08:14.0750 7864 arc - ok

09:08:15.0305 7864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

09:08:15.0518 7864 arcsas - ok

09:08:15.0615 7864 arkbcfltr - ok

09:08:15.0652 7864 arrayssl_vpn_service3,0,1,9 - ok

09:08:16.0143 7864 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe

09:08:16.0348 7864 AsusService ( UnsignedFile.Multi.Generic ) - warning

09:08:16.0348 7864 AsusService - detected UnsignedFile.Multi.Generic (1)

09:08:16.0501 7864 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\windows\system32\DRIVERS\aswFsBlk.sys

09:08:18.0459 7864 aswFsBlk - ok

09:08:18.0560 7864 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\windows\system32\DRIVERS\aswMonFlt.sys

09:08:18.0706 7864 aswMonFlt - ok

09:08:18.0775 7864 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\windows\system32\drivers\aswRdr.sys

09:08:18.0852 7864 aswRdr - ok

09:08:19.0263 7864 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\windows\system32\drivers\aswSP.sys

09:08:19.0375 7864 aswSP - ok

09:08:19.0478 7864 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\windows\system32\drivers\aswTdi.sys

09:08:19.0519 7864 aswTdi - ok

09:08:19.0576 7864 aswUpdSv (5debc3519d489411073fa7e56ffb4a93) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

09:08:19.0672 7864 aswUpdSv - ok

09:08:19.0730 7864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

09:08:20.0512 7864 AsyncMac - ok

09:08:20.0662 7864 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

09:08:20.0708 7864 atapi - ok

09:08:21.0381 7864 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys

09:08:21.0681 7864 athr - ok

09:08:22.0244 7864 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll

09:08:22.0504 7864 AudioEndpointBuilder - ok

09:08:22.0528 7864 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll

09:08:22.0687 7864 Audiosrv - ok

09:08:22.0895 7864 avast! Antivirus (0aaf6b848185899cf76ae04e62eab3d2) C:\Program Files\Alwil Software\Avast4\ashServ.exe

09:08:22.0955 7864 avast! Antivirus - ok

09:08:23.0020 7864 avast! Mail Scanner (b2f564dc59b67763c73269e1a9da7f18) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

09:08:23.0095 7864 avast! Mail Scanner - ok

09:08:23.0399 7864 avast! Web Scanner (d86010c96abadda75356834d6113d37d) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

09:08:23.0464 7864 avast! Web Scanner - ok

09:08:23.0525 7864 avg7updsvc - ok

09:08:23.0686 7864 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll

09:08:23.0993 7864 AxInstSV - ok

09:08:24.0833 7864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

09:08:25.0130 7864 b06bdrv - ok

09:08:25.0403 7864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

09:08:25.0517 7864 b57nd60x - ok

09:08:25.0882 7864 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

09:08:26.0023 7864 BBSvc - ok

09:08:26.0236 7864 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

09:08:26.0466 7864 BBUpdate - ok

09:08:26.0766 7864 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll

09:08:27.0078 7864 BDESVC - ok

09:08:27.0118 7864 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

09:08:27.0261 7864 Beep - ok

09:08:27.0689 7864 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll

09:08:28.0172 7864 BITS - ok

09:08:28.0250 7864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

09:08:28.0456 7864 blbdrive - ok

09:08:28.0749 7864 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

09:08:28.0841 7864 Bonjour Service - ok

09:08:29.0010 7864 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys

09:08:29.0186 7864 bowser - ok

09:08:29.0280 7864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

09:08:29.0429 7864 BrFiltLo - ok

09:08:29.0457 7864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

09:08:29.0551 7864 BrFiltUp - ok

09:08:29.0727 7864 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll

09:08:29.0972 7864 Browser - ok

09:08:30.0076 7864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

09:08:30.0200 7864 Brserid - ok

09:08:30.0298 7864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

09:08:30.0450 7864 BrSerWdm - ok

09:08:30.0490 7864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

09:08:30.0565 7864 BrUsbMdm - ok

09:08:30.0612 7864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

09:08:30.0695 7864 BrUsbSer - ok

09:08:30.0779 7864 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

09:08:30.0887 7864 BthEnum - ok

09:08:30.0956 7864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

09:08:31.0029 7864 BTHMODEM - ok

09:08:31.0276 7864 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

09:08:31.0378 7864 BthPan - ok

09:08:31.0739 7864 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys

09:08:31.0917 7864 BTHPORT - ok

09:08:32.0184 7864 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll

09:08:32.0337 7864 bthserv - ok

09:08:32.0472 7864 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys

09:08:32.0538 7864 BTHUSB - ok

09:08:32.0703 7864 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys

09:08:32.0768 7864 btwaudio - ok

09:08:32.0843 7864 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys

09:08:32.0887 7864 btwavdt - ok

09:08:33.0320 7864 btwdins (f7434401ae320bb97903a3c1865242fb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

09:08:33.0477 7864 btwdins - ok

09:08:33.0538 7864 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

09:08:33.0578 7864 btwl2cap - ok

09:08:33.0634 7864 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys

09:08:33.0669 7864 btwrchid - ok

09:08:33.0779 7864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

09:08:33.0940 7864 cdfs - ok

09:08:34.0076 7864 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

09:08:34.0196 7864 cdrom - ok

09:08:34.0329 7864 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll

09:08:34.0511 7864 CertPropSvc - ok

09:08:34.0603 7864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

09:08:34.0686 7864 circlass - ok

09:08:34.0810 7864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

09:08:34.0890 7864 CLFS - ok

09:08:35.0113 7864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:08:35.0170 7864 clr_optimization_v2.0.50727_32 - ok

09:08:35.0418 7864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:08:35.0580 7864 clr_optimization_v4.0.30319_32 - ok

09:08:35.0658 7864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

09:08:35.0760 7864 CmBatt - ok

09:08:35.0855 7864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

09:08:35.0901 7864 cmdide - ok

09:08:36.0080 7864 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys

09:08:36.0198 7864 CNG - ok

09:08:36.0276 7864 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

09:08:36.0325 7864 Compbatt - ok

09:08:36.0435 7864 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

09:08:36.0519 7864 CompositeBus - ok

09:08:36.0549 7864 COMSysApp - ok

09:08:36.0636 7864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

09:08:36.0701 7864 crcdisk - ok

09:08:37.0002 7864 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll

09:08:37.0243 7864 CryptSvc - ok

09:08:37.0377 7864 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys

09:08:37.0490 7864 ctxusbm - ok

09:08:37.0673 7864 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll

09:08:37.0864 7864 DcomLaunch - ok

09:08:38.0098 7864 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll

09:08:38.0421 7864 defragsvc - ok

09:08:38.0586 7864 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys

09:08:38.0738 7864 DfsC - ok

09:08:38.0960 7864 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll

09:08:39.0231 7864 Dhcp - ok

09:08:39.0350 7864 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

09:08:39.0534 7864 discache - ok

09:08:39.0680 7864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

09:08:39.0729 7864 Disk - ok

09:08:40.0056 7864 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll

09:08:40.0171 7864 Dnscache - ok

09:08:40.0334 7864 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll

09:08:40.0515 7864 dot3svc - ok

09:08:40.0712 7864 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll

09:08:40.0838 7864 DPS - ok

09:08:40.0916 7864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

09:08:41.0041 7864 drmkaud - ok

09:08:41.0681 7864 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys

09:08:41.0796 7864 DXGKrnl - ok

09:08:41.0828 7864 DynDNS_Updater_Service - ok

09:08:42.0232 7864 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll

09:08:42.0396 7864 EapHost - ok

09:08:45.0343 7864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

09:08:45.0667 7864 ebdrv - ok

09:08:46.0786 7864 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe

09:08:46.0891 7864 EFS - ok

09:08:47.0282 7864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

09:08:47.0400 7864 elxstor - ok

09:08:47.0422 7864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

09:08:47.0488 7864 ErrDev - ok

09:08:47.0690 7864 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll

09:08:47.0846 7864 EventSystem - ok

09:08:48.0014 7864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

09:08:48.0154 7864 exfat - ok

09:08:48.0188 7864 fallback - ok

09:08:48.0244 7864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

09:08:48.0409 7864 fastfat - ok

09:08:48.0784 7864 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe

09:08:49.0000 7864 Fax - ok

09:08:49.0083 7864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

09:08:49.0206 7864 fdc - ok

09:08:49.0236 7864 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll

09:08:49.0405 7864 fdPHost - ok

09:08:49.0473 7864 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll

09:08:49.0644 7864 FDResPub - ok

09:08:49.0900 7864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

09:08:50.0011 7864 FileInfo - ok

09:08:50.0108 7864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

09:08:50.0226 7864 Filetrace - ok

09:08:50.0260 7864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

09:08:50.0343 7864 flpydisk - ok

09:08:50.0452 7864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

09:08:50.0512 7864 FltMgr - ok

09:08:52.0004 7864 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll

09:08:52.0269 7864 FontCache - ok

09:08:52.0460 7864 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:08:52.0520 7864 FontCache3.0.0.0 - ok

09:08:52.0617 7864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

09:08:52.0743 7864 FsDepends - ok

09:08:52.0855 7864 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys

09:08:52.0896 7864 fssfltr - ok

09:08:54.0177 7864 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

09:08:54.0374 7864 fsssvc - ok

09:08:54.0935 7864 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys

09:08:54.0983 7864 Fs_Rec - ok

09:08:55.0091 7864 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\windows\system32\drivers\ftdibus.sys

09:08:55.0155 7864 FTDIBUS - ok

09:08:55.0212 7864 ftsata2 - ok

09:08:55.0325 7864 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\windows\system32\drivers\ftser2k.sys

09:08:55.0379 7864 FTSER2K - ok

09:08:55.0559 7864 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

09:08:55.0629 7864 fvevol - ok

09:08:55.0715 7864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

09:08:55.0762 7864 gagp30kx - ok

09:08:55.0805 7864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

09:08:55.0846 7864 GEARAspiWDM - ok

09:08:56.0104 7864 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll

09:08:56.0273 7864 gpsvc - ok

09:08:56.0499 7864 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

09:08:56.0544 7864 gupdate - ok

09:08:56.0615 7864 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

09:08:56.0660 7864 gupdatem - ok

09:08:56.0774 7864 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

09:08:56.0841 7864 gusvc - ok

09:08:56.0872 7864 hcf_msft - ok

09:08:56.0922 7864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

09:08:57.0156 7864 hcw85cir - ok

09:08:57.0366 7864 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

09:08:57.0483 7864 HdAudAddService - ok

09:08:57.0683 7864 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

09:08:57.0810 7864 HDAudBus - ok

09:08:57.0901 7864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

09:08:58.0009 7864 HidBatt - ok

09:08:58.0103 7864 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

09:08:58.0213 7864 HidBth - ok

09:08:58.0262 7864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

09:08:58.0362 7864 HidIr - ok

09:08:58.0432 7864 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll

09:08:58.0553 7864 hidserv - ok

09:08:58.0633 7864 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

09:08:58.0730 7864 HidUsb - ok

09:08:58.0784 7864 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll

09:08:58.0932 7864 hkmsvc - ok

09:08:58.0978 7864 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll

09:08:59.0140 7864 HomeGroupListener - ok

09:08:59.0367 7864 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll

09:08:59.0462 7864 HomeGroupProvider - ok

09:08:59.0531 7864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

09:08:59.0586 7864 HpSAMD - ok

09:08:59.0670 7864 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

09:08:59.0838 7864 HTTP - ok

09:08:59.0878 7864 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

09:08:59.0926 7864 hwpolicy - ok

09:09:00.0109 7864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

09:09:00.0195 7864 i8042prt - ok

09:09:00.0269 7864 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

09:09:00.0390 7864 iaStor - ok

09:09:00.0664 7864 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys

09:09:00.0748 7864 iaStorV - ok

09:09:00.0949 7864 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:09:01.0075 7864 idsvc - ok

09:09:01.0634 7864 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys

09:09:02.0005 7864 igfx - ok

09:09:02.0163 7864 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

09:09:02.0216 7864 iirsp - ok

09:09:02.0329 7864 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll

09:09:02.0525 7864 IKEEXT - ok

09:09:02.0970 7864 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys

09:09:03.0272 7864 IntcAzAudAddService - ok

09:09:03.0436 7864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

09:09:03.0487 7864 intelide - ok

09:09:03.0537 7864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

09:09:03.0608 7864 intelppm - ok

09:09:03.0665 7864 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll

09:09:03.0807 7864 IPBusEnum - ok

09:09:03.0833 7864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

09:09:03.0956 7864 IpFilterDriver - ok

09:09:04.0000 7864 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

09:09:04.0078 7864 IPMIDRV - ok

09:09:04.0125 7864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

09:09:04.0257 7864 IPNAT - ok

09:09:04.0377 7864 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe

09:09:04.0471 7864 iPod Service - ok

09:09:04.0514 7864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

09:09:04.0653 7864 IRENUM - ok

09:09:04.0702 7864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

09:09:04.0751 7864 isapnp - ok

09:09:04.0911 7864 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

09:09:05.0005 7864 iScsiPrt - ok

09:09:05.0080 7864 itmrtsvc - ok

09:09:05.0133 7864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

09:09:05.0191 7864 kbdclass - ok

09:09:05.0225 7864 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

09:09:05.0300 7864 kbdhid - ok

09:09:05.0344 7864 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys

09:09:05.0413 7864 kbfiltr - ok

09:09:05.0472 7864 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

09:09:05.0531 7864 KeyIso - ok

09:09:05.0568 7864 klif - ok

09:09:06.0512 7864 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

09:09:06.0622 7864 Kodak AiO Network Discovery Service - ok

09:09:06.0826 7864 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys

09:09:06.0941 7864 KSecDD - ok

09:09:07.0160 7864 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys

09:09:07.0305 7864 KSecPkg - ok

09:09:07.0580 7864 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll

09:09:07.0822 7864 KtmRm - ok

09:09:08.0001 7864 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys

09:09:08.0113 7864 L1C - ok

09:09:08.0475 7864 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll

09:09:08.0603 7864 LanmanServer - ok

09:09:08.0784 7864 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll

09:09:08.0978 7864 LanmanWorkstation - ok

09:09:09.0098 7864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

09:09:09.0216 7864 lltdio - ok

09:09:09.0339 7864 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll

09:09:09.0579 7864 lltdsvc - ok

09:09:09.0613 7864 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll

09:09:09.0741 7864 lmhosts - ok

09:09:09.0823 7864 LMouFilt - ok

09:09:10.0004 7864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

09:09:10.0080 7864 LSI_FC - ok

09:09:10.0303 7864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

09:09:10.0370 7864 LSI_SAS - ok

09:09:10.0563 7864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

09:09:10.0872 7864 LSI_SAS2 - ok

09:09:11.0038 7864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

09:09:11.0119 7864 LSI_SCSI - ok

09:09:11.0255 7864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

09:09:11.0490 7864 luafv - ok

09:09:11.0523 7864 lusbaudio - ok

09:09:11.0573 7864 macformatservice - ok

09:09:11.0744 7864 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys

09:09:11.0848 7864 MBAMProtector - ok

09:09:12.0171 7864 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:09:12.0372 7864 MBAMService - ok

09:09:12.0496 7864 mclogmanagerservice - ok

09:09:12.0583 7864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

09:09:12.0643 7864 megasas - ok

09:09:12.0905 7864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

09:09:13.0000 7864 MegaSR - ok

09:09:13.0138 7864 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

09:09:13.0308 7864 MMCSS - ok

09:09:13.0398 7864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

09:09:13.0540 7864 Modem - ok

09:09:13.0631 7864 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

09:09:13.0710 7864 monitor - ok

09:09:13.0829 7864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

09:09:13.0881 7864 mouclass - ok

09:09:13.0943 7864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

09:09:14.0047 7864 mouhid - ok

09:09:14.0213 7864 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

09:09:14.0277 7864 mountmgr - ok

09:09:14.0488 7864 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

09:09:14.0570 7864 mpio - ok

09:09:14.0667 7864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

09:09:14.0804 7864 mpsdrv - ok

09:09:14.0907 7864 mr2kserv - ok

09:09:15.0072 7864 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

09:09:15.0176 7864 MRxDAV - ok

09:09:15.0237 7864 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys

09:09:15.0388 7864 mrxsmb - ok

09:09:15.0746 7864 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys

09:09:15.0952 7864 mrxsmb10 - ok

09:09:16.0117 7864 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys

09:09:16.0241 7864 mrxsmb20 - ok

09:09:16.0352 7864 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

09:09:16.0409 7864 msahci - ok

09:09:16.0538 7864 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

09:09:16.0613 7864 msdsm - ok

09:09:16.0840 7864 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe

09:09:16.0943 7864 MSDTC - ok

09:09:17.0030 7864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

09:09:17.0165 7864 Msfs - ok

09:09:17.0195 7864 msfwsvc - ok

09:09:17.0238 7864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

09:09:17.0378 7864 mshidkmdf - ok

09:09:17.0434 7864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

09:09:17.0490 7864 msisadrv - ok

09:09:17.0677 7864 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll

09:09:17.0856 7864 MSiSCSI - ok

09:09:17.0871 7864 msiserver - ok

09:09:17.0942 7864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

09:09:18.0093 7864 MSKSSRV - ok

09:09:18.0127 7864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

09:09:18.0243 7864 MSPCLOCK - ok

09:09:18.0366 7864 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

09:09:18.0506 7864 MSPQM - ok

09:09:18.0835 7864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

09:09:18.0942 7864 MsRPC - ok

09:09:19.0157 7864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

09:09:19.0211 7864 mssmbios - ok

09:09:19.0273 7864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

09:09:19.0410 7864 MSTEE - ok

09:09:19.0462 7864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

09:09:19.0544 7864 MTConfig - ok

09:09:19.0647 7864 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

09:09:19.0700 7864 Mup - ok

09:09:20.0371 7864 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll

09:09:20.0659 7864 napagent - ok

09:09:20.0890 7864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

09:09:21.0062 7864 NativeWifiP - ok

09:09:21.0847 7864 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

09:09:21.0991 7864 NDIS - ok

09:09:22.0034 7864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

09:09:22.0204 7864 NdisCap - ok

09:09:22.0294 7864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

09:09:22.0455 7864 NdisTapi - ok

09:09:22.0576 7864 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

09:09:22.0714 7864 Ndisuio - ok

09:09:22.0896 7864 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

09:09:23.0039 7864 NdisWan - ok

09:09:23.0127 7864 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

09:09:23.0243 7864 NDProxy - ok

09:09:23.0302 7864 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\windows\system32\DRIVERS\netaapl.sys

09:09:23.0411 7864 Netaapl - ok

09:09:23.0499 7864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

09:09:23.0665 7864 NetBIOS - ok

09:09:24.0000 7864 NetBT (14797e657fcfe2f62b1c315bfd6b9006) C:\windows\system32\DRIVERS\netbt.sys

09:09:24.0130 7864 NetBT ( UnsignedFile.Multi.Generic ) - warning

09:09:24.0130 7864 NetBT - detected UnsignedFile.Multi.Generic (1)

09:09:24.0227 7864 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

09:09:24.0293 7864 Netlogon - ok

09:09:24.0886 7864 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll

09:09:25.0288 7864 Netman - ok

09:09:26.0002 7864 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll

09:09:26.0236 7864 netprofm - ok

09:09:26.0676 7864 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:09:26.0765 7864 NetTcpPortSharing - ok

09:09:26.0882 7864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

09:09:26.0931 7864 nfrd960 - ok

09:09:27.0367 7864 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll

09:09:27.0605 7864 NlaSvc - ok

09:09:27.0692 7864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

09:09:27.0807 7864 Npfs - ok

09:09:27.0922 7864 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll

09:09:28.0046 7864 nsi - ok

09:09:28.0098 7864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

09:09:28.0254 7864 nsiproxy - ok

09:09:30.0293 7864 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys

09:09:30.0464 7864 Ntfs - ok

09:09:30.0479 7864 ntlmssp - ok

09:09:30.0551 7864 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

09:09:30.0691 7864 Null - ok

09:09:30.0903 7864 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys

09:09:31.0064 7864 nvraid - ok

09:09:31.0319 7864 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys

09:09:31.0426 7864 nvstor - ok

09:09:31.0664 7864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

09:09:31.0757 7864 nv_agp - ok

09:09:32.0869 7864 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:09:33.0220 7864 odserv - ok

09:09:33.0361 7864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

09:09:33.0424 7864 ohci1394 - ok

09:09:33.0676 7864 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:09:33.0770 7864 ose - ok

09:09:34.0245 7864 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

09:09:34.0525 7864 p2pimsvc - ok

09:09:35.0160 7864 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll

09:09:35.0501 7864 p2psvc - ok

09:09:35.0708 7864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

09:09:35.0844 7864 Parport - ok

09:09:36.0035 7864 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

09:09:36.0139 7864 partmgr - ok

09:09:36.0198 7864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

09:09:36.0284 7864 Parvdm - ok

09:09:36.0646 7864 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll

09:09:36.0785 7864 PcaSvc - ok

09:09:37.0105 7864 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

09:09:37.0250 7864 pci - ok

09:09:37.0308 7864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

09:09:37.0354 7864 pciide - ok

09:09:37.0609 7864 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

09:09:37.0714 7864 pcmcia - ok

09:09:37.0825 7864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

09:09:37.0873 7864 pcw - ok

09:09:38.0679 7864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

09:09:39.0077 7864 PEAUTH - ok

09:09:40.0864 7864 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll

09:09:41.0225 7864 pla - ok

09:09:42.0989 7864 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll

09:09:43.0223 7864 PlugPlay - ok

09:09:43.0286 7864 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll

09:09:43.0382 7864 PNRPAutoReg - ok

09:09:43.0883 7864 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

09:09:43.0955 7864 PNRPsvc - ok

09:09:44.0284 7864 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\windows\system32\DRIVERS\point32.sys

09:09:44.0341 7864 Point32 - ok

09:09:44.0472 7864 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll

09:09:44.0724 7864 PolicyAgent - ok

09:09:44.0991 7864 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll

09:09:45.0251 7864 Power - ok

09:09:45.0318 7864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

09:09:45.0436 7864 PptpMiniport - ok

09:09:45.0472 7864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

09:09:45.0538 7864 Processor - ok

09:09:45.0584 7864 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll

09:09:45.0754 7864 ProfSvc - ok

09:09:45.0848 7864 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

09:09:45.0905 7864 ProtectedStorage - ok

09:09:46.0033 7864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

09:09:46.0167 7864 Psched - ok

09:09:46.0195 7864 qbposdbservices - ok

09:09:46.0450 7864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

09:09:46.0616 7864 ql2300 - ok

09:09:46.0810 7864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

09:09:46.0871 7864 ql40xx - ok

09:09:46.0941 7864 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll

09:09:47.0042 7864 QWAVE - ok

09:09:47.0081 7864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

09:09:47.0160 7864 QWAVEdrv - ok

09:09:47.0238 7864 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll

09:09:47.0299 7864 RapiMgr - ok

09:09:47.0345 7864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

09:09:47.0470 7864 RasAcd - ok

09:09:47.0512 7864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

09:09:47.0647 7864 RasAgileVpn - ok

09:09:47.0702 7864 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll

09:09:47.0836 7864 RasAuto - ok

09:09:47.0870 7864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

09:09:47.0997 7864 Rasl2tp - ok

09:09:48.0041 7864 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll

09:09:48.0194 7864 RasMan - ok

09:09:48.0228 7864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

09:09:48.0344 7864 RasPppoe - ok

09:09:48.0400 7864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

09:09:48.0508 7864 RasSstp - ok

09:09:48.0573 7864 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

09:09:48.0731 7864 rdbss - ok

09:09:48.0800 7864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

09:09:48.0899 7864 rdpbus - ok

09:09:48.0924 7864 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

09:09:49.0051 7864 RDPCDD - ok

09:09:49.0138 7864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

09:09:49.0257 7864 RDPENCDD - ok

09:09:49.0297 7864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

09:09:49.0422 7864 RDPREFMP - ok

09:09:49.0485 7864 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys

09:09:49.0600 7864 RDPWD - ok

09:09:49.0663 7864 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

09:09:49.0727 7864 rdyboost - ok

09:09:49.0790 7864 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll

09:09:49.0915 7864 RemoteAccess - ok

09:09:49.0964 7864 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll

09:09:50.0097 7864 RemoteRegistry - ok

09:09:50.0154 7864 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

09:09:50.0230 7864 RFCOMM - ok

09:09:50.0369 7864 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll

09:09:50.0533 7864 RpcEptMapper - ok

09:09:50.0575 7864 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe

09:09:50.0652 7864 RpcLocator - ok

09:09:50.0718 7864 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll

09:09:50.0850 7864 RpcSs - ok

09:09:50.0896 7864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

09:09:51.0026 7864 rspndr - ok

09:09:51.0060 7864 s116obex - ok

09:09:51.0109 7864 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

09:09:51.0173 7864 SamSs - ok

09:09:51.0311 7864 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

09:09:51.0384 7864 sbp2port - ok

09:09:51.0576 7864 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll

09:09:51.0732 7864 SCardSvr - ok

09:09:51.0759 7864 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

09:09:51.0878 7864 scfilter - ok

09:09:51.0991 7864 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll

09:09:52.0166 7864 Schedule - ok

09:09:52.0201 7864 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll

09:09:52.0324 7864 SCPolicySvc - ok

09:09:52.0374 7864 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll

09:09:52.0508 7864 SDRSVC - ok

09:09:52.0542 7864 se58unic - ok

09:09:52.0593 7864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

09:09:52.0739 7864 secdrv - ok

09:09:52.0778 7864 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll

09:09:52.0936 7864 seclogon - ok

09:09:52.0971 7864 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll

09:09:53.0129 7864 SENS - ok

09:09:53.0234 7864 ser2at (0d78c1c2469888bd18e25406ee9b41f6) C:\windows\system32\DRIVERS\ser2at.sys

09:09:53.0312 7864 ser2at - ok

09:09:53.0365 7864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

09:09:53.0430 7864 Serenum - ok

09:09:53.0475 7864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

09:09:53.0542 7864 Serial - ok

09:09:53.0573 7864 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

09:09:53.0674 7864 sermouse - ok

09:09:53.0753 7864 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll

09:09:53.0924 7864 SessionEnv - ok

09:09:53.0976 7864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys

09:09:54.0043 7864 sffdisk - ok

09:09:54.0085 7864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys

09:09:54.0162 7864 sffp_mmc - ok

09:09:54.0190 7864 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys

09:09:54.0276 7864 sffp_sd - ok

09:09:54.0341 7864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

09:09:54.0401 7864 sfloppy - ok

09:09:54.0492 7864 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll

09:09:54.0644 7864 SharedAccess - ok

09:09:54.0704 7864 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll

09:09:54.0812 7864 ShellHWDetection - ok

09:09:54.0859 7864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

09:09:54.0928 7864 sisagp - ok

09:09:54.0977 7864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

09:09:55.0033 7864 SiSRaid2 - ok

09:09:55.0079 7864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

09:09:55.0131 7864 SiSRaid4 - ok

09:09:55.0175 7864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

09:09:55.0331 7864 Smb - ok

09:09:55.0416 7864 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe

09:09:55.0504 7864 SNMPTRAP - ok

09:09:55.0552 7864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

09:09:55.0605 7864 spldr - ok

09:09:55.0666 7864 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe

09:09:55.0788 7864 Spooler - ok

09:09:56.0076 7864 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe

09:09:56.0346 7864 sppsvc - ok

09:09:56.0878 7864 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll

09:09:57.0170 7864 sppuinotify - ok

09:09:57.0302 7864 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys

09:09:57.0441 7864 srv - ok

09:09:57.0530 7864 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys

09:09:57.0657 7864 srv2 - ok

09:09:57.0699 7864 SRVLOC - ok

09:09:57.0761 7864 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys

09:09:57.0875 7864 srvnet - ok

09:09:57.0918 7864 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll

09:09:58.0093 7864 SSDPSRV - ok

09:09:58.0144 7864 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll

09:09:58.0327 7864 SstpSvc - ok

09:09:58.0380 7864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

09:09:58.0437 7864 stexstor - ok

09:09:58.0617 7864 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll

09:09:58.0779 7864 StiSvc - ok

09:09:58.0854 7864 sursayra (e6d35f3aa51a65eb35c1f2340154a25e) C:\windows\system32\drivers\jxgc.sys

09:09:58.0911 7864 sursayra ( UnsignedFile.Multi.Generic ) - warning

09:09:58.0911 7864 sursayra - detected UnsignedFile.Multi.Generic (1)

09:09:58.0956 7864 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

09:09:59.0012 7864 swenum - ok

09:09:59.0081 7864 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll

09:09:59.0250 7864 swprv - ok

09:09:59.0314 7864 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys

09:09:59.0369 7864 SynTP - ok

09:09:59.0486 7864 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll

09:09:59.0619 7864 SysMain - ok

09:09:59.0649 7864 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll

09:09:59.0767 7864 TabletInputService - ok

09:09:59.0817 7864 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll

09:09:59.0972 7864 TapiSrv - ok

09:10:00.0023 7864 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll

09:10:00.0167 7864 TBS - ok

09:10:00.0401 7864 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys

09:10:00.0540 7864 Tcpip - ok

09:10:00.0603 7864 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys

09:10:00.0721 7864 TCPIP6 - ok

09:10:00.0804 7864 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

09:10:00.0926 7864 tcpipreg - ok

09:10:00.0954 7864 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

09:10:01.0012 7864 TDPIPE - ok

09:10:01.0058 7864 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys

09:10:01.0125 7864 TDTCP - ok

09:10:01.0154 7864 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

09:10:01.0264 7864 tdx - ok

09:10:01.0398 7864 TeamViewer5 (2a96c8fa665c02e6ad596c321b583112) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

09:10:01.0451 7864 TeamViewer5 - ok

09:10:01.0488 7864 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

09:10:01.0538 7864 TermDD - ok

09:10:01.0613 7864 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll

09:10:01.0784 7864 TermService - ok

09:10:01.0810 7864 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll

09:10:01.0895 7864 Themes - ok

09:10:01.0937 7864 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

09:10:02.0054 7864 THREADORDER - ok

09:10:02.0087 7864 tpsrv - ok

09:10:02.0131 7864 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll

09:10:02.0292 7864 TrkWks - ok

09:10:02.0378 7864 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe

09:10:02.0467 7864 TrustedInstaller - ok

09:10:02.0527 7864 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

09:10:02.0648 7864 tssecsrv - ok

09:10:02.0714 7864 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

09:10:02.0843 7864 tunnel - ok

09:10:02.0891 7864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

09:10:02.0941 7864 uagp35 - ok

09:10:02.0984 7864 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys

09:10:03.0108 7864 udfs - ok

09:10:03.0162 7864 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe

09:10:03.0248 7864 UI0Detect - ok

09:10:03.0305 7864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

09:10:03.0355 7864 uliagpkx - ok

09:10:03.0402 7864 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

09:10:03.0458 7864 umbus - ok

09:10:03.0484 7864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

09:10:03.0538 7864 UmPass - ok

09:10:03.0597 7864 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll

09:10:03.0778 7864 upnphost - ok

09:10:03.0816 7864 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\windows\system32\Drivers\usbaapl.sys

09:10:03.0892 7864 USBAAPL - ok

09:10:03.0935 7864 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys

09:10:04.0041 7864 usbccgp - ok

09:10:04.0092 7864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

09:10:04.0157 7864 usbcir - ok

09:10:04.0201 7864 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys

09:10:04.0282 7864 usbehci - ok

09:10:04.0387 7864 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys

09:10:04.0473 7864 usbhub - ok

09:10:04.0505 7864 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys

09:10:04.0570 7864 usbohci - ok

09:10:04.0644 7864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

09:10:04.0748 7864 usbprint - ok

09:10:04.0807 7864 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

09:10:04.0894 7864 usbscan - ok

09:10:04.0939 7864 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS

09:10:05.0054 7864 USBSTOR - ok

09:10:05.0092 7864 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys

09:10:05.0160 7864 usbuhci - ok

09:10:05.0209 7864 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys

09:10:05.0297 7864 usbvideo - ok

09:10:05.0341 7864 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys

09:10:05.0425 7864 usb_rndisx - ok

09:10:05.0457 7864 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll

09:10:05.0579 7864 UxSms - ok

09:10:05.0619 7864 vaiomediaplatform-photoserver-appserver - ok

09:10:05.0669 7864 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

09:10:05.0725 7864 VaultSvc - ok

09:10:05.0753 7864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

09:10:05.0799 7864 vdrvroot - ok

09:10:05.0884 7864 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe

09:10:05.0997 7864 vds - ok

09:10:06.0043 7864 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

09:10:06.0108 7864 vga - ok

09:10:06.0140 7864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

09:10:06.0270 7864 VgaSave - ok

09:10:06.0315 7864 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

09:10:06.0372 7864 vhdmp - ok

09:10:06.0406 7864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

09:10:06.0456 7864 viaagp - ok

09:10:06.0486 7864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

09:10:06.0553 7864 ViaC7 - ok

09:10:06.0581 7864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

09:10:06.0629 7864 viaide - ok

09:10:06.0655 7864 videoacceleratorengine - ok

09:10:06.0688 7864 vnxservice - ok

09:10:06.0741 7864 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

09:10:06.0798 7864 volmgr - ok

09:10:06.0844 7864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

09:10:06.0917 7864 volmgrx - ok

09:10:06.0964 7864 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

09:10:07.0042 7864 volsnap - ok

09:10:07.0089 7864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

09:10:07.0153 7864 vsmraid - ok

09:10:07.0272 7864 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe

09:10:07.0406 7864 VSS - ok

09:10:07.0430 7864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

09:10:07.0499 7864 vwifibus - ok

09:10:07.0537 7864 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

09:10:07.0605 7864 vwififlt - ok

09:10:07.0653 7864 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

09:10:07.0718 7864 vwifimp - ok

09:10:07.0804 7864 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll

09:10:07.0989 7864 W32Time - ok

09:10:08.0051 7864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

09:10:08.0109 7864 WacomPen - ok

09:10:08.0159 7864 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

09:10:08.0277 7864 WANARP - ok

09:10:08.0309 7864 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

09:10:08.0423 7864 Wanarpv6 - ok

09:10:08.0557 7864 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe

09:10:08.0732 7864 wbengine - ok

09:10:08.0790 7864 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll

09:10:08.0890 7864 WbioSrvc - ok

09:10:08.0978 7864 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll

09:10:09.0049 7864 WcesComm - ok

09:10:09.0121 7864 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll

09:10:09.0248 7864 wcncsvc - ok

09:10:09.0287 7864 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll

09:10:09.0421 7864 WcsPlugInService - ok

09:10:09.0493 7864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

09:10:09.0543 7864 Wd - ok

09:10:09.0885 7864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

09:10:09.0980 7864 Wdf01000 - ok

09:10:10.0032 7864 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

09:10:10.0125 7864 WdiServiceHost - ok

09:10:10.0137 7864 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

09:10:10.0228 7864 WdiSystemHost - ok

09:10:10.0311 7864 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll

09:10:10.0430 7864 WebClient - ok

09:10:10.0483 7864 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll

09:10:10.0634 7864 Wecsvc - ok

09:10:10.0681 7864 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll

09:10:10.0803 7864 wercplsupport - ok

09:10:10.0868 7864 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll

09:10:11.0005 7864 WerSvc - ok

09:10:11.0047 7864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

09:10:11.0159 7864 WfpLwf - ok

09:10:11.0201 7864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

09:10:11.0247 7864 WIMMount - ok

09:10:11.0281 7864 WinHttpAutoProxySvc - ok

09:10:11.0365 7864 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll

09:10:11.0504 7864 Winmgmt - ok

09:10:11.0638 7864 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll

09:10:11.0830 7864 WinRM - ok

09:10:11.0966 7864 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys

09:10:12.0041 7864 WinUsb - ok

09:10:12.0151 7864 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll

09:10:12.0306 7864 Wlansvc - ok

09:10:12.0562 7864 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:10:12.0727 7864 wlidsvc - ok

09:10:12.0911 7864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

09:10:12.0982 7864 WmiAcpi - ok

09:10:13.0091 7864 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe

09:10:13.0182 7864 wmiApSrv - ok

09:10:13.0374 7864 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

09:10:13.0568 7864 WMPNetworkSvc - ok

09:10:13.0606 7864 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll

09:10:13.0724 7864 WPCSvc - ok

09:10:13.0758 7864 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll

09:10:13.0903 7864 WPDBusEnum - ok

09:10:13.0990 7864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

09:10:14.0108 7864 ws2ifsl - ok

09:10:14.0128 7864 WSearch - ok

09:10:14.0327 7864 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll

09:10:14.0634 7864 wuauserv - ok

09:10:14.0824 7864 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

09:10:14.0960 7864 WudfPf - ok

09:10:15.0024 7864 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

09:10:15.0152 7864 WUDFRd - ok

09:10:15.0227 7864 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll

09:10:15.0395 7864 wudfsvc - ok

09:10:15.0632 7864 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll

09:10:15.0755 7864 WwanSvc - ok

09:10:15.0867 7864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

09:10:16.0081 7864 \Device\Harddisk0\DR0 - ok

09:10:16.0092 7864 Boot (0x1200) (63216fc123dfb3a96ab997153c169ae1) \Device\Harddisk0\DR0\Partition0

09:10:16.0096 7864 \Device\Harddisk0\DR0\Partition0 - ok

09:10:16.0134 7864 Boot (0x1200) (216285b664e1e91b5f69990f91c2ba61) \Device\Harddisk0\DR0\Partition1

09:10:16.0138 7864 \Device\Harddisk0\DR0\Partition1 - ok

Link to post
Share on other sites

TDSS Log, Part 2:

09:10:16.0140 7864 ============================================================

09:10:16.0140 7864 Scan finished

09:10:16.0140 7864 ============================================================

09:10:16.0211 4164 Detected object count: 3

09:10:16.0212 4164 Actual detected object count: 3

09:11:09.0358 4164 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:09.0358 4164 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:09.0361 4164 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:09.0362 4164 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:11:09.0371 4164 sursayra ( UnsignedFile.Multi.Generic ) - skipped by user

09:11:09.0371 4164 sursayra ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:24:24.0656 3652 ============================================================

19:24:24.0695 3652 Scan started

19:24:24.0695 3652 Mode: Manual; SigCheck; TDLFS;

19:24:24.0695 3652 ============================================================

19:24:30.0833 3652 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

19:24:32.0645 3652 1394ohci - ok

19:24:32.0889 3652 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

19:24:33.0007 3652 ACPI - ok

19:24:33.0244 3652 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

19:24:33.0838 3652 AcpiPmi - ok

19:24:35.0261 3652 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

19:24:35.0621 3652 AdobeFlashPlayerUpdateSvc - ok

19:24:36.0065 3652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

19:24:36.0271 3652 adp94xx - ok

19:24:36.0549 3652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

19:24:36.0755 3652 adpahci - ok

19:24:36.0884 3652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

19:24:37.0145 3652 adpu320 - ok

19:24:37.0245 3652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll

19:24:37.0655 3652 AeLookupSvc - ok

19:24:38.0610 3652 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys

19:24:39.0117 3652 AFD - ok

19:24:39.0278 3652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

19:24:39.0348 3652 agp440 - ok

19:24:39.0526 3652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

19:24:39.0782 3652 aic78xx - ok

19:24:40.0153 3652 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe

19:24:40.0421 3652 ALG - ok

19:24:40.0532 3652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

19:24:40.0648 3652 aliide - ok

19:24:40.0746 3652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

19:24:40.0890 3652 amdagp - ok

19:24:40.0969 3652 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

19:24:41.0041 3652 amdide - ok

19:24:41.0194 3652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

19:24:41.0354 3652 AmdK8 - ok

19:24:41.0511 3652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

19:24:41.0715 3652 AmdPPM - ok

19:24:41.0929 3652 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys

19:24:41.0982 3652 amdsata - ok

19:24:42.0162 3652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

19:24:42.0247 3652 amdsbs - ok

19:24:42.0319 3652 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys

19:24:42.0404 3652 amdxata - ok

19:24:42.0477 3652 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

19:24:42.0699 3652 AppID - ok

19:24:42.0817 3652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll

19:24:43.0677 3652 AppIDSvc - ok

19:24:43.0945 3652 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll

19:24:44.0196 3652 Appinfo - ok

19:24:45.0153 3652 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

19:24:45.0246 3652 Apple Mobile Device - ok

19:24:45.0408 3652 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

19:24:45.0504 3652 arc - ok

19:24:45.0716 3652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

19:24:45.0855 3652 arcsas - ok

19:24:45.0937 3652 arkbcfltr - ok

19:24:45.0997 3652 arrayssl_vpn_service3,0,1,9 - ok

19:24:46.0069 3652 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe

19:24:46.0253 3652 AsusService ( UnsignedFile.Multi.Generic ) - warning

19:24:46.0263 3652 AsusService - detected UnsignedFile.Multi.Generic (1)

19:24:46.0386 3652 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\windows\system32\DRIVERS\aswFsBlk.sys

19:24:46.0572 3652 aswFsBlk - ok

19:24:46.0656 3652 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\windows\system32\DRIVERS\aswMonFlt.sys

19:24:46.0793 3652 aswMonFlt - ok

19:24:46.0890 3652 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\windows\system32\drivers\aswRdr.sys

19:24:46.0930 3652 aswRdr - ok

19:24:47.0280 3652 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\windows\system32\drivers\aswSP.sys

19:24:47.0359 3652 aswSP - ok

19:24:47.0498 3652 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\windows\system32\drivers\aswTdi.sys

19:24:47.0571 3652 aswTdi - ok

19:24:47.0761 3652 aswUpdSv (5debc3519d489411073fa7e56ffb4a93) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

19:24:47.0789 3652 aswUpdSv - ok

19:24:47.0887 3652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

19:24:49.0509 3652 AsyncMac - ok

19:24:49.0651 3652 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

19:24:49.0808 3652 atapi - ok

19:24:52.0311 3652 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys

19:24:52.0776 3652 athr - ok

19:24:53.0671 3652 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll

19:24:53.0968 3652 AudioEndpointBuilder - ok

19:24:54.0005 3652 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll

19:24:54.0149 3652 Audiosrv - ok

19:24:54.0526 3652 avast! Antivirus (0aaf6b848185899cf76ae04e62eab3d2) C:\Program Files\Alwil Software\Avast4\ashServ.exe

19:24:54.0585 3652 avast! Antivirus - ok

19:24:55.0172 3652 avast! Mail Scanner (b2f564dc59b67763c73269e1a9da7f18) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

19:24:55.0318 3652 avast! Mail Scanner - ok

19:24:56.0031 3652 avast! Web Scanner (d86010c96abadda75356834d6113d37d) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

19:24:56.0342 3652 avast! Web Scanner - ok

19:24:56.0516 3652 avg7updsvc - ok

19:24:56.0841 3652 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll

19:24:57.0325 3652 AxInstSV - ok

19:24:57.0994 3652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

19:24:58.0285 3652 b06bdrv - ok

19:24:58.0542 3652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

19:24:58.0784 3652 b57nd60x - ok

19:24:59.0512 3652 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

19:24:59.0720 3652 BBSvc - ok

19:25:00.0347 3652 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

19:25:00.0528 3652 BBUpdate - ok

19:25:00.0603 3652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll

19:25:01.0151 3652 BDESVC - ok

19:25:01.0192 3652 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

19:25:01.0398 3652 Beep - ok

19:25:02.0664 3652 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll

19:25:02.0908 3652 BITS - ok

19:25:02.0938 3652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

19:25:03.0064 3652 blbdrive - ok

19:25:03.0680 3652 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

19:25:03.0865 3652 Bonjour Service - ok

19:25:04.0074 3652 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys

19:25:04.0375 3652 bowser - ok

19:25:04.0464 3652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

19:25:04.0602 3652 BrFiltLo - ok

19:25:04.0667 3652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

19:25:04.0760 3652 BrFiltUp - ok

19:25:04.0905 3652 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll

19:25:05.0105 3652 Browser - ok

19:25:05.0266 3652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

19:25:05.0455 3652 Brserid - ok

19:25:05.0566 3652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

19:25:05.0699 3652 BrSerWdm - ok

19:25:05.0724 3652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

19:25:05.0818 3652 BrUsbMdm - ok

19:25:05.0891 3652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

19:25:05.0992 3652 BrUsbSer - ok

19:25:06.0105 3652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

19:25:06.0311 3652 BthEnum - ok

19:25:06.0383 3652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

19:25:06.0512 3652 BTHMODEM - ok

19:25:06.0584 3652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

19:25:06.0774 3652 BthPan - ok

19:25:06.0940 3652 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys

19:25:07.0185 3652 BTHPORT - ok

19:25:07.0416 3652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll

19:25:07.0622 3652 bthserv - ok

19:25:07.0713 3652 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys

19:25:07.0841 3652 BTHUSB - ok

19:25:08.0079 3652 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys

19:25:08.0288 3652 btwaudio - ok

19:25:08.0549 3652 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys

19:25:08.0626 3652 btwavdt - ok

19:25:09.0820 3652 btwdins (f7434401ae320bb97903a3c1865242fb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

19:25:10.0019 3652 btwdins - ok

19:25:10.0140 3652 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

19:25:10.0276 3652 btwl2cap - ok

19:25:10.0399 3652 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys

19:25:10.0470 3652 btwrchid - ok

19:25:10.0602 3652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

19:25:10.0819 3652 cdfs - ok

19:25:11.0153 3652 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

19:25:11.0416 3652 cdrom - ok

19:25:11.0603 3652 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll

19:25:11.0824 3652 CertPropSvc - ok

19:25:11.0939 3652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

19:25:12.0083 3652 circlass - ok

19:25:12.0331 3652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

19:25:12.0692 3652 CLFS - ok

19:25:13.0153 3652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:25:13.0256 3652 clr_optimization_v2.0.50727_32 - ok

19:25:13.0741 3652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:25:14.0107 3652 clr_optimization_v4.0.30319_32 - ok

19:25:14.0178 3652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

19:25:14.0312 3652 CmBatt - ok

19:25:14.0637 3652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

19:25:14.0749 3652 cmdide - ok

19:25:15.0343 3652 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys

19:25:15.0705 3652 CNG - ok

19:25:15.0883 3652 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

19:25:15.0995 3652 Compbatt - ok

19:25:16.0181 3652 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

19:25:16.0381 3652 CompositeBus - ok

19:25:16.0434 3652 COMSysApp - ok

19:25:16.0498 3652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

19:25:16.0619 3652 crcdisk - ok

19:25:17.0063 3652 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll

19:25:17.0456 3652 CryptSvc - ok

19:25:17.0632 3652 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys

19:25:17.0701 3652 ctxusbm - ok

19:25:17.0852 3652 CVPNDRVA - ok

19:25:18.0584 3652 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll

19:25:18.0877 3652 DcomLaunch - ok

19:25:18.0994 3652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll

19:25:19.0446 3652 defragsvc - ok

19:25:19.0692 3652 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys

19:25:19.0925 3652 DfsC - ok

19:25:20.0483 3652 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll

19:25:20.0882 3652 Dhcp - ok

19:25:21.0083 3652 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

19:25:21.0259 3652 discache - ok

19:25:21.0504 3652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

19:25:21.0615 3652 Disk - ok

19:25:21.0851 3652 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll

19:25:22.0105 3652 Dnscache - ok

19:25:22.0207 3652 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll

19:25:22.0452 3652 dot3svc - ok

19:25:22.0809 3652 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll

19:25:23.0030 3652 DPS - ok

19:25:23.0131 3652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

19:25:23.0274 3652 drmkaud - ok

19:25:23.0422 3652 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys

19:25:23.0627 3652 DXGKrnl - ok

19:25:23.0675 3652 DynDNS_Updater_Service - ok

19:25:23.0932 3652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll

19:25:24.0058 3652 EapHost - ok

19:25:29.0610 3652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

19:25:30.0351 3652 ebdrv - ok

19:25:32.0109 3652 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe

19:25:32.0297 3652 EFS - ok

19:25:34.0575 3652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

19:25:34.0852 3652 elxstor - ok

19:25:34.0926 3652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

19:25:35.0091 3652 ErrDev - ok

19:25:35.0933 3652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll

19:25:36.0163 3652 EventSystem - ok

19:25:36.0479 3652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

19:25:36.0864 3652 exfat - ok

19:25:36.0978 3652 fallback - ok

19:25:37.0815 3652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

19:25:38.0626 3652 fastfat - ok

19:25:40.0630 3652 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe

19:25:41.0186 3652 Fax - ok

19:25:41.0257 3652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

19:25:41.0488 3652 fdc - ok

19:25:41.0976 3652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll

19:25:42.0375 3652 fdPHost - ok

19:25:42.0787 3652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll

19:25:43.0009 3652 FDResPub - ok

19:25:43.0390 3652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

19:25:43.0446 3652 FileInfo - ok

19:25:43.0926 3652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

19:25:44.0325 3652 Filetrace - ok

19:25:44.0514 3652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

19:25:44.0655 3652 flpydisk - ok

19:25:44.0774 3652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

19:25:44.0854 3652 FltMgr - ok

19:25:48.0862 3652 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll

19:25:50.0985 3652 FontCache - ok

19:25:51.0607 3652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:25:51.0887 3652 FontCache3.0.0.0 - ok

19:25:52.0374 3652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

19:25:52.0542 3652 FsDepends - ok

19:25:52.0763 3652 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys

19:25:52.0813 3652 fssfltr - ok

19:25:58.0459 3652 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

19:25:58.0839 3652 fsssvc - ok

19:26:00.0252 3652 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys

19:26:00.0365 3652 Fs_Rec - ok

19:26:00.0689 3652 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\windows\system32\drivers\ftdibus.sys

19:26:00.0812 3652 FTDIBUS - ok

19:26:00.0947 3652 ftsata2 - ok

19:26:01.0455 3652 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\windows\system32\drivers\ftser2k.sys

19:26:01.0566 3652 FTSER2K - ok

19:26:02.0583 3652 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

19:26:02.0995 3652 fvevol - ok

19:26:03.0201 3652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

19:26:03.0395 3652 gagp30kx - ok

19:26:03.0713 3652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

19:26:03.0814 3652 GEARAspiWDM - ok

19:26:04.0321 3652 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll

19:26:04.0634 3652 gpsvc - ok

19:26:06.0707 3652 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

19:26:06.0883 3652 gupdate - ok

19:26:07.0039 3652 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

19:26:07.0166 3652 gupdatem - ok

19:26:07.0656 3652 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

19:26:08.0222 3652 gusvc - ok

19:26:08.0307 3652 hcf_msft - ok

19:26:08.0477 3652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

19:26:09.0054 3652 hcw85cir - ok

19:26:09.0834 3652 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

19:26:10.0090 3652 HdAudAddService - ok

19:26:10.0394 3652 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

19:26:10.0557 3652 HDAudBus - ok

19:26:10.0688 3652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

19:26:10.0807 3652 HidBatt - ok

19:26:11.0186 3652 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

19:26:11.0480 3652 HidBth - ok

19:26:11.0676 3652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

19:26:11.0824 3652 HidIr - ok

19:26:12.0002 3652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll

19:26:12.0605 3652 hidserv - ok

19:26:13.0049 3652 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

19:26:13.0205 3652 HidUsb - ok

19:26:16.0506 3652 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll

19:26:17.0498 3652 hkmsvc - ok

19:26:18.0058 3652 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll

19:26:18.0470 3652 HomeGroupListener - ok

19:26:18.0847 3652 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll

19:26:19.0152 3652 HomeGroupProvider - ok

19:26:19.0275 3652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

19:26:19.0339 3652 HpSAMD - ok

19:26:20.0240 3652 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

19:26:20.0605 3652 HTTP - ok

19:26:20.0683 3652 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

19:26:20.0749 3652 hwpolicy - ok

19:26:21.0068 3652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

19:26:21.0241 3652 i8042prt - ok

19:26:22.0089 3652 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

19:26:22.0252 3652 iaStor - ok

19:26:23.0325 3652 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys

19:26:23.0600 3652 iaStorV - ok

19:26:25.0575 3652 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:26:25.0795 3652 idsvc - ok

19:26:44.0245 3652 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys

19:26:45.0291 3652 igfx - ok

19:26:47.0053 3652 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

19:26:47.0186 3652 iirsp - ok

19:26:48.0827 3652 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll

19:26:49.0972 3652 IKEEXT - ok

19:26:54.0574 3652 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys

19:26:55.0114 3652 IntcAzAudAddService - ok

19:26:56.0395 3652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

19:26:56.0513 3652 intelide - ok

19:26:56.0695 3652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

19:26:56.0874 3652 intelppm - ok

19:26:57.0031 3652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll

19:26:57.0246 3652 IPBusEnum - ok

19:26:57.0473 3652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

19:26:57.0649 3652 IpFilterDriver - ok

19:26:57.0932 3652 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

19:26:58.0105 3652 IPMIDRV - ok

19:26:58.0222 3652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

19:26:58.0374 3652 IPNAT - ok

19:27:00.0330 3652 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe

19:27:00.0498 3652 iPod Service - ok

19:27:00.0623 3652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

19:27:00.0997 3652 IRENUM - ok

19:27:01.0362 3652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

19:27:01.0575 3652 isapnp - ok

19:27:02.0226 3652 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

19:27:02.0434 3652 iScsiPrt - ok

19:27:02.0567 3652 itmrtsvc - ok

19:27:02.0734 3652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

19:27:02.0889 3652 kbdclass - ok

19:27:02.0953 3652 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

19:27:03.0046 3652 kbdhid - ok

19:27:03.0231 3652 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys

19:27:03.0284 3652 kbfiltr - ok

19:27:03.0434 3652 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

19:27:03.0519 3652 KeyIso - ok

19:27:03.0594 3652 klif - ok

19:27:04.0650 3652 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

19:27:04.0965 3652 Kodak AiO Network Discovery Service - ok

19:27:05.0320 3652 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys

19:27:05.0427 3652 KSecDD - ok

19:27:05.0862 3652 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys

19:27:05.0939 3652 KSecPkg - ok

19:27:06.0623 3652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll

19:27:07.0157 3652 KtmRm - ok

19:27:07.0497 3652 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys

19:27:07.0881 3652 L1C - ok

19:27:08.0302 3652 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll

19:27:08.0506 3652 LanmanServer - ok

19:27:08.0697 3652 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll

19:27:08.0905 3652 LanmanWorkstation - ok

19:27:09.0100 3652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

19:27:09.0239 3652 lltdio - ok

19:27:09.0799 3652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll

19:27:10.0462 3652 lltdsvc - ok

19:27:10.0594 3652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll

19:27:11.0372 3652 lmhosts - ok

19:27:11.0616 3652 LMouFilt - ok

19:27:11.0835 3652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

19:27:11.0933 3652 LSI_FC - ok

19:27:12.0527 3652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

19:27:12.0813 3652 LSI_SAS - ok

19:27:12.0941 3652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

19:27:13.0021 3652 LSI_SAS2 - ok

19:27:13.0362 3652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

19:27:13.0571 3652 LSI_SCSI - ok

19:27:13.0839 3652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

19:27:14.0045 3652 luafv - ok

19:27:14.0190 3652 lusbaudio - ok

19:27:14.0223 3652 macformatservice - ok

19:27:14.0858 3652 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys

19:27:15.0115 3652 MBAMProtector - ok

19:27:16.0866 3652 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:27:17.0044 3652 MBAMService - ok

19:27:17.0274 3652 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys

19:27:17.0348 3652 MBAMSwissArmy - ok

19:27:17.0392 3652 mclogmanagerservice - ok

19:27:17.0544 3652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

19:27:17.0647 3652 megasas - ok

19:27:17.0928 3652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

19:27:18.0059 3652 MegaSR - ok

19:27:18.0254 3652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

19:27:18.0437 3652 MMCSS - ok

19:27:18.0539 3652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

19:27:18.0679 3652 Modem - ok

19:27:18.0826 3652 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

19:27:19.0122 3652 monitor - ok

19:27:19.0288 3652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

19:27:19.0353 3652 mouclass - ok

19:27:19.0566 3652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

19:27:19.0734 3652 mouhid - ok

19:27:20.0009 3652 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

19:27:20.0079 3652 mountmgr - ok

19:27:20.0363 3652 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

19:27:20.0442 3652 mpio - ok

19:27:20.0676 3652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

19:27:21.0090 3652 mpsdrv - ok

19:27:21.0226 3652 mr2kserv - ok

19:27:21.0443 3652 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

19:27:21.0575 3652 MRxDAV - ok

19:27:21.0835 3652 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys

19:27:22.0202 3652 mrxsmb - ok

19:27:22.0408 3652 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys

19:27:22.0565 3652 mrxsmb10 - ok

19:27:22.0667 3652 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys

19:27:22.0778 3652 mrxsmb20 - ok

19:27:22.0895 3652 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

19:27:22.0961 3652 msahci - ok

19:27:23.0045 3652 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

19:27:23.0116 3652 msdsm - ok

19:27:23.0232 3652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe

19:27:23.0398 3652 MSDTC - ok

19:27:23.0523 3652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

19:27:23.0697 3652 Msfs - ok

19:27:23.0710 3652 msfwsvc - ok

19:27:23.0742 3652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

19:27:23.0897 3652 mshidkmdf - ok

19:27:23.0981 3652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

19:27:24.0029 3652 msisadrv - ok

19:27:24.0214 3652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll

19:27:24.0379 3652 MSiSCSI - ok

19:27:24.0586 3652 msiserver - ok

19:27:24.0667 3652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

19:27:24.0788 3652 MSKSSRV - ok

19:27:24.0819 3652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

19:27:24.0963 3652 MSPCLOCK - ok

19:27:25.0057 3652 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

19:27:25.0253 3652 MSPQM - ok

19:27:25.0482 3652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

19:27:25.0558 3652 MsRPC - ok

19:27:25.0676 3652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

19:27:25.0732 3652 mssmbios - ok

19:27:25.0776 3652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

19:27:25.0927 3652 MSTEE - ok

19:27:26.0041 3652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

19:27:26.0159 3652 MTConfig - ok

19:27:26.0193 3652 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

19:27:26.0246 3652 Mup - ok

19:27:26.0734 3652 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll

19:27:26.0922 3652 napagent - ok

19:27:27.0103 3652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

19:27:27.0225 3652 NativeWifiP - ok

19:27:27.0663 3652 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

19:27:27.0778 3652 NDIS - ok

19:27:27.0887 3652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

19:27:28.0409 3652 NdisCap - ok

19:27:28.0533 3652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

19:27:28.0702 3652 NdisTapi - ok

19:27:28.0860 3652 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

19:27:29.0062 3652 Ndisuio - ok

19:27:29.0311 3652 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

19:27:29.0474 3652 NdisWan - ok

19:27:29.0605 3652 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

19:27:29.0791 3652 NDProxy - ok

19:27:29.0942 3652 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\windows\system32\DRIVERS\netaapl.sys

19:27:30.0025 3652 Netaapl - ok

19:27:30.0111 3652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

19:27:30.0349 3652 NetBIOS - ok

19:27:30.0810 3652 NetBT (14797e657fcfe2f62b1c315bfd6b9006) C:\windows\system32\DRIVERS\netbt.sys

19:27:30.0932 3652 NetBT ( UnsignedFile.Multi.Generic ) - warning

19:27:30.0962 3652 NetBT - detected UnsignedFile.Multi.Generic (1)

19:27:31.0091 3652 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

19:27:31.0235 3652 Netlogon - ok

19:27:31.0547 3652 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll

19:27:31.0866 3652 Netman - ok

19:27:32.0315 3652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll

19:27:32.0569 3652 netprofm - ok

19:27:32.0996 3652 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:27:33.0079 3652 NetTcpPortSharing - ok

19:27:33.0167 3652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

19:27:33.0264 3652 nfrd960 - ok

19:27:33.0610 3652 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll

19:27:33.0913 3652 NlaSvc - ok

19:27:34.0125 3652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

19:27:34.0437 3652 Npfs - ok

19:27:34.0575 3652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll

19:27:34.0810 3652 nsi - ok

19:27:34.0979 3652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

19:27:35.0190 3652 nsiproxy - ok

19:27:35.0783 3652 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys

19:27:35.0983 3652 Ntfs - ok

19:27:36.0004 3652 ntlmssp - ok

19:27:36.0120 3652 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

19:27:36.0258 3652 Null - ok

19:27:36.0648 3652 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys

19:27:36.0713 3652 nvraid - ok

19:27:36.0782 3652 nvsmu - ok

19:27:37.0607 3652 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys

19:27:37.0739 3652 nvstor - ok

19:27:37.0856 3652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

19:27:37.0931 3652 nv_agp - ok

19:27:38.0571 3652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:27:38.0749 3652 odserv - ok

19:27:38.0879 3652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

19:27:38.0997 3652 ohci1394 - ok

19:27:39.0182 3652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:27:39.0241 3652 ose - ok

19:27:39.0749 3652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

19:27:39.0999 3652 p2pimsvc - ok

19:27:40.0516 3652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll

19:27:40.0676 3652 p2psvc - ok

19:27:40.0764 3652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

19:27:40.0890 3652 Parport - ok

19:27:40.0967 3652 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

19:27:41.0028 3652 partmgr - ok

19:27:41.0095 3652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

19:27:41.0227 3652 Parvdm - ok

19:27:41.0587 3652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll

19:27:41.0686 3652 PcaSvc - ok

19:27:41.0861 3652 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

19:27:41.0921 3652 pci - ok

19:27:41.0982 3652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

19:27:42.0099 3652 pciide - ok

19:27:42.0248 3652 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

19:27:42.0323 3652 pcmcia - ok

19:27:42.0689 3652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

19:27:42.0737 3652 pcw - ok

19:27:43.0194 3652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

19:27:43.0400 3652 PEAUTH - ok

19:27:45.0441 3652 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll

19:27:45.0765 3652 pla - ok

19:27:46.0939 3652 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll

19:27:47.0155 3652 PlugPlay - ok

19:27:47.0292 3652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll

19:27:47.0376 3652 PNRPAutoReg - ok

19:27:47.0786 3652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

19:27:47.0854 3652 PNRPsvc - ok

19:27:48.0259 3652 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\windows\system32\DRIVERS\point32.sys

19:27:48.0318 3652 Point32 - ok

19:27:48.0780 3652 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll

19:27:49.0007 3652 PolicyAgent - ok

19:27:49.0402 3652 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll

19:27:49.0576 3652 Power - ok

19:27:49.0818 3652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

19:27:49.0995 3652 PptpMiniport - ok

19:27:50.0136 3652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

19:27:50.0246 3652 Processor - ok

19:27:50.0666 3652 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll

19:27:50.0838 3652 ProfSvc - ok

19:27:50.0957 3652 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

19:27:51.0012 3652 ProtectedStorage - ok

19:27:51.0074 3652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

19:27:51.0212 3652 Psched - ok

19:27:51.0255 3652 qbposdbservices - ok

19:27:52.0964 3652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

19:27:53.0161 3652 ql2300 - ok

19:27:55.0025 3652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

19:27:55.0140 3652 ql40xx - ok

19:27:55.0490 3652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll

19:27:55.0680 3652 QWAVE - ok

19:27:55.0777 3652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

19:27:55.0885 3652 QWAVEdrv - ok

19:27:56.0532 3652 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll

19:27:56.0627 3652 RapiMgr - ok

19:27:56.0734 3652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

19:27:56.0871 3652 RasAcd - ok

19:27:57.0097 3652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

19:27:57.0400 3652 RasAgileVpn - ok

19:27:57.0557 3652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll

19:27:57.0696 3652 RasAuto - ok

19:27:57.0917 3652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

19:27:58.0113 3652 Rasl2tp - ok

19:27:58.0408 3652 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll

19:27:58.0660 3652 RasMan - ok

19:27:58.0725 3652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

19:27:58.0883 3652 RasPppoe - ok

19:27:59.0016 3652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

19:27:59.0130 3652 RasSstp - ok

19:27:59.0182 3652 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

19:27:59.0487 3652 rdbss - ok

19:27:59.0583 3652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

19:27:59.0751 3652 rdpbus - ok

19:27:59.0852 3652 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

19:28:00.0032 3652 RDPCDD - ok

19:28:00.0132 3652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

19:28:00.0256 3652 RDPENCDD - ok

19:28:00.0314 3652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

19:28:00.0477 3652 RDPREFMP - ok

19:28:00.0737 3652 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys

19:28:01.0075 3652 RDPWD - ok

19:28:01.0367 3652 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

19:28:01.0519 3652 rdyboost - ok

19:28:01.0718 3652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll

19:28:01.0864 3652 RemoteAccess - ok

19:28:02.0077 3652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll

19:28:02.0205 3652 RemoteRegistry - ok

19:28:02.0511 3652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

19:28:02.0675 3652 RFCOMM - ok

19:28:02.0836 3652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll

19:28:03.0034 3652 RpcEptMapper - ok

19:28:03.0209 3652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe

19:28:03.0328 3652 RpcLocator - ok

19:28:04.0118 3652 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll

19:28:04.0340 3652 RpcSs - ok

19:28:04.0551 3652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

19:28:04.0719 3652 rspndr - ok

19:28:04.0808 3652 s116obex - ok

19:28:04.0942 3652 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

19:28:05.0009 3652 SamSs - ok

19:28:05.0185 3652 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

19:28:05.0236 3652 sbp2port - ok

19:28:05.0329 3652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll

19:28:05.0554 3652 SCardSvr - ok

19:28:05.0626 3652 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

19:28:05.0753 3652 scfilter - ok

19:28:11.0993 3652 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll

19:28:12.0232 3652 Schedule - ok

19:28:12.0296 3652 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll

19:28:12.0512 3652 SCPolicySvc - ok

19:28:12.0613 3652 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll

19:28:12.0803 3652 SDRSVC - ok

19:28:12.0880 3652 se58unic - ok

19:28:12.0987 3652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

19:28:13.0116 3652 secdrv - ok

19:28:13.0222 3652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll

19:28:13.0355 3652 seclogon - ok

19:28:13.0466 3652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll

19:28:13.0621 3652 SENS - ok

19:28:13.0801 3652 ser2at (0d78c1c2469888bd18e25406ee9b41f6) C:\windows\system32\DRIVERS\ser2at.sys

19:28:13.0902 3652 ser2at - ok

19:28:13.0930 3652 SeratoUsb - ok

19:28:13.0991 3652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

19:28:14.0078 3652 Serenum - ok

19:28:14.0143 3652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

19:28:14.0233 3652 Serial - ok

19:28:14.0311 3652 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

19:28:14.0394 3652 sermouse - ok

19:28:14.0757 3652 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll

19:28:14.0909 3652 SessionEnv - ok

19:28:14.0983 3652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys

19:28:15.0070 3652 sffdisk - ok

19:28:15.0140 3652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys

19:28:15.0210 3652 sffp_mmc - ok

19:28:15.0288 3652 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys

19:28:15.0404 3652 sffp_sd - ok

19:28:15.0704 3652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

19:28:15.0802 3652 sfloppy - ok

19:28:16.0770 3652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll

19:28:16.0939 3652 SharedAccess - ok

19:28:17.0036 3652 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll

19:28:17.0289 3652 ShellHWDetection - ok

19:28:17.0376 3652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

19:28:17.0425 3652 sisagp - ok

19:28:17.0580 3652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

19:28:17.0657 3652 SiSRaid2 - ok

19:28:17.0802 3652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

19:28:17.0866 3652 SiSRaid4 - ok

19:28:17.0997 3652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

19:28:18.0135 3652 Smb - ok

19:28:18.0310 3652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe

19:28:18.0405 3652 SNMPTRAP - ok

19:28:18.0476 3652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

19:28:18.0529 3652 spldr - ok

19:28:18.0952 3652 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe

19:28:19.0082 3652 Spooler - ok

19:28:22.0298 3652 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe

19:28:22.0718 3652 sppsvc - ok

19:28:23.0843 3652 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll

19:28:24.0157 3652 sppuinotify - ok

19:28:24.0251 3652 Spsmqvsm - ok

19:28:24.0555 3652 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys

19:28:24.0766 3652 srv - ok

19:28:25.0068 3652 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys

19:28:25.0193 3652 srv2 - ok

19:28:25.0248 3652 SRVLOC - ok

19:28:25.0491 3652 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys

19:28:25.0605 3652 srvnet - ok

19:28:25.0799 3652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll

19:28:25.0992 3652 SSDPSRV - ok

19:28:26.0115 3652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll

19:28:26.0408 3652 SstpSvc - ok

19:28:26.0479 3652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

19:28:26.0527 3652 stexstor - ok

19:28:26.0643 3652 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll

19:28:26.0964 3652 StiSvc - ok

19:28:27.0116 3652 sursayra (e6d35f3aa51a65eb35c1f2340154a25e) C:\windows\system32\drivers\jxgc.sys

19:28:27.0176 3652 sursayra ( UnsignedFile.Multi.Generic ) - warning

19:28:27.0177 3652 sursayra - detected UnsignedFile.Multi.Generic (1)

19:28:27.0272 3652 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

19:28:27.0321 3652 swenum - ok

19:28:27.0421 3652 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll

19:28:27.0688 3652 swprv - ok

19:28:27.0807 3652 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys

19:28:27.0870 3652 SynTP - ok

19:28:28.0303 3652 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll

19:28:28.0463 3652 SysMain - ok

19:28:28.0515 3652 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll

19:28:28.0624 3652 TabletInputService - ok

19:28:28.0696 3652 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll

19:28:28.0863 3652 TapiSrv - ok

19:28:28.0912 3652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll

19:28:29.0056 3652 TBS - ok

19:28:29.0255 3652 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys

19:28:29.0404 3652 Tcpip - ok

19:28:29.0445 3652 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys

19:28:29.0560 3652 TCPIP6 - ok

19:28:29.0615 3652 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

19:28:29.0755 3652 tcpipreg - ok

19:28:29.0809 3652 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

19:28:29.0877 3652 TDPIPE - ok

19:28:29.0935 3652 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys

19:28:29.0987 3652 TDTCP - ok

19:28:30.0031 3652 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

19:28:30.0142 3652 tdx - ok

19:28:30.0344 3652 TeamViewer5 (2a96c8fa665c02e6ad596c321b583112) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

19:28:30.0404 3652 TeamViewer5 - ok

19:28:30.0563 3652 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

19:28:30.0613 3652 TermDD - ok

19:28:30.0735 3652 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll

19:28:30.0964 3652 TermService - ok

19:28:31.0018 3652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll

19:28:31.0116 3652 Themes - ok

19:28:31.0184 3652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

19:28:31.0306 3652 THREADORDER - ok

19:28:31.0344 3652 tpsrv - ok

19:28:31.0416 3652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll

19:28:31.0573 3652 TrkWks - ok

19:28:31.0652 3652 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe

19:28:31.0739 3652 TrustedInstaller - ok

19:28:31.0875 3652 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

19:28:32.0034 3652 tssecsrv - ok

19:28:32.0119 3652 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

19:28:32.0249 3652 tunnel - ok

19:28:32.0340 3652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

19:28:32.0390 3652 uagp35 - ok

19:28:32.0467 3652 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys

19:28:32.0609 3652 udfs - ok

19:28:32.0700 3652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe

19:28:32.0809 3652 UI0Detect - ok

19:28:32.0929 3652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

19:28:32.0985 3652 uliagpkx - ok

19:28:33.0027 3652 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

19:28:33.0094 3652 umbus - ok

19:28:33.0142 3652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

19:28:33.0195 3652 UmPass - ok

19:28:33.0401 3652 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll

19:28:33.0583 3652 upnphost - ok

19:28:33.0651 3652 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\windows\system32\Drivers\usbaapl.sys

19:28:33.0757 3652 USBAAPL - ok

19:28:33.0815 3652 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys

19:28:33.0920 3652 usbccgp - ok

19:28:34.0026 3652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

19:28:34.0098 3652 usbcir - ok

19:28:34.0189 3652 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys

19:28:34.0255 3652 usbehci - ok

19:28:34.0378 3652 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys

19:28:34.0495 3652 usbhub - ok

19:28:34.0571 3652 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys

19:28:34.0638 3652 usbohci - ok

19:28:34.0713 3652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

19:28:34.0793 3652 usbprint - ok

19:28:34.0943 3652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

19:28:35.0033 3652 usbscan - ok

19:28:35.0223 3652 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS

19:28:35.0348 3652 USBSTOR - ok

19:28:35.0453 3652 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys

19:28:35.0522 3652 usbuhci - ok

19:28:35.0799 3652 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys

19:28:35.0912 3652 usbvideo - ok

19:28:35.0989 3652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys

19:28:36.0063 3652 usb_rndisx - ok

19:28:36.0176 3652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll

19:28:36.0334 3652 UxSms - ok

19:28:36.0402 3652 vaiomediaplatform-photoserver-appserver - ok

19:28:36.0470 3652 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe

19:28:36.0544 3652 VaultSvc - ok

19:28:36.0611 3652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

19:28:36.0658 3652 vdrvroot - ok

19:28:37.0350 3652 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe

19:28:37.0460 3652 vds - ok

19:28:37.0527 3652 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

19:28:37.0615 3652 vga - ok

19:28:37.0680 3652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

19:28:37.0805 3652 VgaSave - ok

19:28:37.0924 3652 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

19:28:38.0009 3652 vhdmp - ok

19:28:38.0069 3652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

19:28:38.0155 3652 viaagp - ok

19:28:38.0202 3652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

19:28:38.0269 3652 ViaC7 - ok

19:28:38.0319 3652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

19:28:38.0369 3652 viaide - ok

19:28:38.0464 3652 videoacceleratorengine - ok

19:28:38.0549 3652 vnxservice - ok

19:28:38.0705 3652 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

19:28:38.0774 3652 volmgr - ok

19:28:39.0041 3652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

19:28:39.0123 3652 volmgrx - ok

19:28:39.0370 3652 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

19:28:39.0438 3652 volsnap - ok

19:28:39.0617 3652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

19:28:39.0684 3652 vsmraid - ok

19:28:40.0236 3652 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe

19:28:40.0424 3652 VSS - ok

19:28:40.0472 3652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

19:28:40.0557 3652 vwifibus - ok

19:28:40.0663 3652 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

19:28:40.0743 3652 vwififlt - ok

19:28:40.0822 3652 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

19:28:40.0916 3652 vwifimp - ok

19:28:41.0099 3652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll

19:28:41.0266 3652 W32Time - ok

19:28:41.0353 3652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

19:28:41.0443 3652 WacomPen - ok

19:28:41.0495 3652 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

19:28:41.0639 3652 WANARP - ok

19:28:41.0687 3652 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

19:28:41.0800 3652 Wanarpv6 - ok

19:28:42.0133 3652 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe

19:28:42.0320 3652 wbengine - ok

19:28:42.0405 3652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll

19:28:42.0510 3652 WbioSrvc - ok

19:28:42.0806 3652 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll

19:28:42.0892 3652 WcesComm - ok

19:28:43.0070 3652 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll

19:28:43.0230 3652 wcncsvc - ok

19:28:43.0288 3652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll

19:28:43.0428 3652 WcsPlugInService - ok

19:28:43.0565 3652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

19:28:43.0615 3652 Wd - ok

19:28:43.0744 3652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

19:28:43.0835 3652 Wdf01000 - ok

19:28:44.0058 3652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

19:28:44.0162 3652 WdiServiceHost - ok

19:28:44.0186 3652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

19:28:44.0262 3652 WdiSystemHost - ok

19:28:44.0353 3652 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll

19:28:44.0470 3652 WebClient - ok

19:28:44.0599 3652 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll

19:28:44.0743 3652 Wecsvc - ok

19:28:44.0788 3652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll

19:28:44.0927 3652 wercplsupport - ok

19:28:44.0995 3652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll

19:28:45.0141 3652 WerSvc - ok

19:28:45.0229 3652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

19:28:45.0365 3652 WfpLwf - ok

19:28:45.0412 3652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

19:28:45.0461 3652 WIMMount - ok

19:28:45.0504 3652 WinHttpAutoProxySvc - ok

19:28:45.0613 3652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll

19:28:45.0775 3652 Winmgmt - ok

19:28:46.0363 3652 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll

19:28:46.0686 3652 WinRM - ok

19:28:46.0867 3652 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys

19:28:46.0938 3652 WinUsb - ok

19:28:47.0163 3652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll

19:28:47.0324 3652 Wlansvc - ok

19:28:48.0255 3652 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:28:48.0446 3652 wlidsvc - ok

19:28:48.0689 3652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

19:28:48.0771 3652 WmiAcpi - ok

19:28:48.0944 3652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe

19:28:49.0036 3652 wmiApSrv - ok

19:28:50.0130 3652 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

19:28:50.0447 3652 WMPNetworkSvc - ok

19:28:50.0484 3652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll

19:28:50.0633 3652 WPCSvc - ok

19:28:50.0719 3652 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll

19:28:50.0903 3652 WPDBusEnum - ok

19:28:51.0024 3652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

19:28:51.0153 3652 ws2ifsl - ok

19:28:51.0190 3652 WSearch - ok

19:28:52.0333 3652 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll

19:28:52.0632 3652 wuauserv - ok

19:28:52.0945 3652 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

19:28:53.0075 3652 WudfPf - ok

19:28:53.0148 3652 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

19:28:53.0328 3652 WUDFRd - ok

19:28:53.0381 3652 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll

19:28:53.0553 3652 wudfsvc - ok

19:28:53.0667 3652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll

19:28:53.0788 3652 WwanSvc - ok

19:28:53.0966 3652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:28:55.0071 3652 \Device\Harddisk0\DR0 - ok

19:28:55.0112 3652 Boot (0x1200) (63216fc123dfb3a96ab997153c169ae1) \Device\Harddisk0\DR0\Partition0

19:28:55.0116 3652 \Device\Harddisk0\DR0\Partition0 - ok

19:28:55.0168 3652 Boot (0x1200) (216285b664e1e91b5f69990f91c2ba61) \Device\Harddisk0\DR0\Partition1

19:28:55.0174 3652 \Device\Harddisk0\DR0\Partition1 - ok

19:28:55.0176 3652 ============================================================

19:28:55.0176 3652 Scan finished

19:28:55.0176 3652 ============================================================

19:28:55.0664 6800 Detected object count: 3

19:28:55.0664 6800 Actual detected object count: 3

19:36:52.0173 6800 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user

19:36:52.0180 6800 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:36:52.0226 6800 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user

19:36:52.0227 6800 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:36:52.0236 6800 sursayra ( UnsignedFile.Multi.Generic ) - skipped by user

19:36:52.0237 6800 sursayra ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Here's attach.txt. Sorry for the multiple posts.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume1

Install Date: 06/12/2009 2:01:09 PM

System Uptime: 01/05/2012 7:58:16 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | 1005HA

Processor: Intel® Atom CPU N270 @ 1.60GHz | PBGA 437 | 1600/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 18.867 GiB free.

D: is FIXED (NTFS) - 123 GiB total, 90.42 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

AC3Filter 1.63b

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6 MUI

aioprnt

aioscnnr

Alice Greenfingers

AMCap

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUSUpdate for Eee PC

AsusVibe2.0

AsusVibeCheckUpdate

Atheros Client Installation Program

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

avast! Antivirus

Bass Audio Decoder (remove only)

Bing Bar

Bonjour

Bullzip PDF Printer 8.2.0.1394

CD Audio Reader Filter (remove only)

center

Chicken Invaders 2

Citrix online plug-in

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (PNA)

Citrix online plug-in (SSON)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Citrix Web Client

Compatibility Pack for the 2007 Office system

D3DX10

DCoder Image Source (remove only)

DirectVobSub (remove only)

Dream Day Wedding Married in Manhattan

DScaler 5 Mpeg Decoders

E-Cam

Eee Docking 2.4.0

EeeSplendid

essentials

ffdshow v1.1.3966 [2011-08-09]

FFMPEG Core Files (remove only)

FontResizer

Gabest MPEG Splitter (remove only)

GamePark Console

Google Chrome

Google Talk (remove only)

Google Toolbar for Internet Explorer

Google Update Helper

Haali Media Splitter

HiJackThis

Hotkey Service

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

Kodak AIO Printer

KODAK AiO Software

Last.fm 1.5.4.27091

LAV Filters (remove only)

LocaleMe

Malwarebytes Anti-Malware version 1.61.0.1400

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Access MUI (French) 2007

Microsoft Office Access MUI (German) 2007

Microsoft Office Access MUI (Italian) 2007

Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Excel MUI (German) 2007

Microsoft Office Excel MUI (Italian) 2007

Microsoft Office Groove MUI (Dutch) 2007

Microsoft Office Groove MUI (French) 2007

Microsoft Office Groove MUI (German) 2007

Microsoft Office Groove MUI (Italian) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office InfoPath MUI (German) 2007

Microsoft Office InfoPath MUI (Italian) 2007

Microsoft Office Language Pack 2007 - Dutch/Nederlands

Microsoft Office Language Pack 2007 - French/Français

Microsoft Office Language Pack 2007 - German/Deutsch

Microsoft Office Language Pack 2007 - Italian/Italiano

Microsoft Office Live Add-in 1.3

Microsoft Office O MUI (Dutch) 2007

Microsoft Office O MUI (French) 2007

Microsoft Office O MUI (German) 2007

Microsoft Office O MUI (Italian) 2007

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (French) 2007

Microsoft Office OneNote MUI (German) 2007

Microsoft Office OneNote MUI (Italian) 2007

Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office Outlook MUI (German) 2007

Microsoft Office Outlook MUI (Italian) 2007

Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office PowerPoint MUI (Italian) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing (Italian) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Publisher MUI (German) 2007

Microsoft Office Publisher MUI (Italian) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared MUI (German) 2007

Microsoft Office Shared MUI (Italian) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office SharePoint Designer MUI (Dutch) 2007

Microsoft Office SharePoint Designer MUI (French) 2007

Microsoft Office SharePoint Designer MUI (German) 2007

Microsoft Office SharePoint Designer MUI (Italian) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word 2007 Help - Aggiornamento (KB963665)

Microsoft Office Word MUI (Dutch) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word MUI (German) 2007

Microsoft Office Word MUI (Italian) 2007

Microsoft Office X MUI (Dutch) 2007

Microsoft Office X MUI (French) 2007

Microsoft Office X MUI (German) 2007

Microsoft Office X MUI (Italian) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Outlook 2007 Help (KB963677)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

MSVCRT

Oceanis Change Background Windows 7

ocr

OpenOffice.org 3.3

OpenSource AVI Splitter (remove only)

OpenSource DTS/AC3/DD+ Source Filter (remove only)

OpenSource Flash Video Splitter (remove only)

Opera 11.60

PiccoloTaxi

Piggly

PreReq

QuickTime

Ralink RT2860 Wireless LAN Card

RealMedia (remove only)

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit

Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit

Edition

Skype web features

Skype™ 5.5

Smileyville

Super Hybrid Engine

Synaptics Pointing Device Driver

TeamViewer 5

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Outlook 2007 Help (KB963677)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

WIDCOMM Bluetooth Software

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

WinRAR 4.01 (32-bit)

Xfp Ver_2.0.13 - TDK_2.0.17

Zoom Player (remove only)

.

==== Event Viewer Messages From Past Week ========

.

30/04/2012 9:57:03 PM, Error: Service Control Manager [7023] - The Sfusvc

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 9:44:43 PM, Error: Service Control Manager [7023] - The Symredrv

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 9:12:05 PM, Error: Service Control Manager [7023] - The

AlteraByteBlaster service terminated with the following error: The

specified procedure could not be found.

30/04/2012 9:00:06 PM, Error: Service Control Manager [7023] - The

Lktimesync service terminated with the following error: The specified

procedure could not be found.

30/04/2012 8:42:05 PM, Error: Service Control Manager [7023] - The PID_08A0

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 8:27:01 PM, Error: Service Control Manager [7023] - The DELTA

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 8:11:57 PM, Error: Service Control Manager [7023] - The GcKernel

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 8:11:01 PM, Error: Service Control Manager [7023] - The Atiavpci

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 7:57:30 PM, Error: Service Control Manager [7023] - The

Fa_scheduler service terminated with the following error: The specified

procedure could not be found.

30/04/2012 7:49:42 PM, Error: Service Control Manager [7023] - The GBDevice

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 11:57:04 PM, Error: Service Control Manager [7023] - The Msmpsvc

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 11:42:37 PM, Error: Service Control Manager [7023] - The Fsaua

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 11:27:01 PM, Error: Service Control Manager [7023] - The ASUSVRC

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 11:12:02 PM, Error: Service Control Manager [7023] - The

Iksysflt service terminated with the following error: The specified

procedure could not be found.

30/04/2012 10:57:01 PM, Error: Service Control Manager [7023] - The Z800bus

service terminated with the following error: The specified procedure could

not be found.

30/04/2012 10:41:59 PM, Error: Service Control Manager [7023] - The

TMBMServer service terminated with the following error: The specified

procedure could not be found.

30/04/2012 10:27:21 PM, Error: Service Control Manager [7023] - The

Elbycdio service terminated with the following error: The specified

procedure could not be found.

30/04/2012 10:12:00 PM, Error: Service Control Manager [7023] - The

Lmimaint service terminated with the following error: The specified

procedure could not be found.

01/05/2012 9:34:58 AM, Error: Service Control Manager [7023] - The

WMIService service terminated with the following error: The specified

procedure could not be found.

01/05/2012 9:20:20 AM, Error: Service Control Manager [7023] - The

Mcafeeframework service terminated with the following error: The specified

procedure could not be found.

01/05/2012 9:04:57 AM, Error: Service Control Manager [7023] - The RadProbe

service terminated with the following error: The specified procedure could

not be found.

01/05/2012 9:03:38 AM, Error: Service Control Manager [7023] - The Mssql

$sony_mediamgr service terminated with the following error: The specified

procedure could not be found.

01/05/2012 8:58:56 PM, Error: Microsoft-Windows-DNS-Client [1012] - There

was an error while attempting to read the local hosts file.

01/05/2012 8:53:26 PM, Error: Service Control Manager [7023] - The

Smartscaps service terminated with the following error: The specified

procedure could not be found.

01/05/2012 8:39:01 PM, Error: Service Control Manager [7023] - The W39n51

service terminated with the following error: The specified procedure could

not be found.

01/05/2012 8:23:44 PM, Error: Service Control Manager [7023] - The

Patrolagent service terminated with the following error: The specified

procedure could not be found.

01/05/2012 8:16:21 PM, Error: Service Control Manager [7034] - The iPod

Service service terminated unexpectedly. It has done this 1 time(s).

01/05/2012 8:08:48 PM, Error: Service Control Manager [7023] - The

Maya70docserver service terminated with the following error: The specified

procedure could not be found.

01/05/2012 8:07:56 PM, Error: Service Control Manager [7023] - The Lpds

service terminated with the following error: The specified procedure could

not be found.

01/05/2012 7:59:12 PM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: cdrom luafv

01/05/2012 7:59:09 PM, Error: Service Control Manager [7023] - The Ser2plms

service terminated with the following error: The system cannot find the

file specified.

01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The Nvgts

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The Fsaua

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The

Fa_scheduler service terminated with the following error: The specified

module could not be found.

01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The DELTA

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The SED133x

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The Pdlndsdl

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The Msmpsvc

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The

Mcafeeframework service terminated with the following error: The specified

module could not be found.

01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The

Lxrsge10s service terminated with the following error: The specified module

could not be found.

01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The

Lktimesync service terminated with the following error: The specified

module could not be found.

01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The GBDevice

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The

WMIService service terminated with the following error: The specified

module could not be found.

01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The

Videoacceleratorengine service terminated with the following error: The

specified module could not be found.

01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The

Trlokom_rmhsvc service terminated with the following error: The system

cannot find the file specified.

01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The Lmimaint

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:05 PM, Error: Service Control Manager [7003] - The IPsec

Policy Agent service depends the following service: BFE. This service might

not be installed.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Z800bus

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

Wmp54gssvc service terminated with the following error: The specified

module could not be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

TMBMServer service terminated with the following error: The specified

module could not be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Symredrv

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The PID_08A0

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

Oracleorahome92tnslistener service terminated with the following error: The

system cannot find the file specified.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Iksysflt

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The GcKernel

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Elbycdio

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Atiavpci

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

AlteraByteBlaster service terminated with the following error: The

specified module could not be found.

01/05/2012 7:59:04 PM, Error: Service Control Manager [7003] - The IKE and

AuthIP IPsec Keying Modules service depends the following service: BFE. This

service might not be installed.

01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The Sntnlusb

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The RadProbe

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The Computer

Browser service terminated with the following error: The specified service

does not exist as an installed service.

01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The

BootScreen service terminated with the following error: The system cannot

find the file specified.

01/05/2012 7:59:02 PM, Error: Service Control Manager [7023] - The Maplom

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The Sfusvc

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The Mssql

$sony_mediamgr service terminated with the following error: The specified

module could not be found.

01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The Jukebox3

service terminated with the following error: The system cannot find the

file specified.

01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The ASUSVRC

service terminated with the following error: The specified module could not

be found.

01/05/2012 7:54:24 PM, Error: Service Control Manager [7023] - The

Lxrsge10s service terminated with the following error: The specified

procedure could not be found.

01/05/2012 7:40:01 PM, Error: Service Control Manager [7023] - The Pdlndsdl

service terminated with the following error: The specified procedure could

not be found.

01/05/2012 7:23:51 PM, Error: Service Control Manager [7023] - The SED133x

service terminated with the following error: The specified procedure could

not be found.

01/05/2012 7:23:04 PM, Error: Service Control Manager [7011] - A timeout

(30000 milliseconds) was reached while waiting for a transaction response

from the FDResPub service.

01/05/2012 7:22:26 PM, Error: Service Control Manager [7023] - The Maplom

service terminated with the following error: The specified procedure could

not be found.

01/05/2012 7:22:10 PM, Error: Server [2505] - The server could not bind to

the transport \Device\NetBT_Tcpip_{30241194-5E19-4930-8815-E2BA8533BFFD}

because another computer on the network has the same name. The server could

not start.

01/05/2012 6:00:18 AM, Error: Service Control Manager [7011] - A timeout

(30000 milliseconds) was reached while waiting for a transaction response

from the Netman service.

01/05/2012 3:53:03 PM, Error: Service Control Manager [7009] - A timeout

was reached (30000 milliseconds) while waiting for the Windows Error

Reporting Service service to connect.

01/05/2012 3:51:39 PM, Error: Service Control Manager [7011] - A timeout

(30000 milliseconds) was reached while waiting for a transaction response

from the Wlansvc service.

.

==== End Of File ===========================

Link to post
Share on other sites

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I ran ComboFix and it claimed to have found the ZeroAccess rootkit. Now computer is running quite a bit faster and despite MalwareBytes protection running again, I haven't noticed any rootkit warnings yet.

Here's my log:

ComboFix 12-05-03.03 - Sophia 03/05/2012 23:45:16.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.350 [GMT -7:00]

Running from: c:\users\Sophia\Desktop\ComboFix.exe

AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\JByNm7Ot.exe

c:\users\Jonas\AppData\Roaming\.#

c:\windows\$NtUninstallKB44522$\503164951\@

c:\windows\$NtUninstallKB44522$\503164951\cfg.ini

c:\windows\$NtUninstallKB44522$\503164951\Desktop.ini

c:\windows\$NtUninstallKB44522$\503164951\L\xadqgnnk

c:\windows\$NtUninstallKB44522$\503164951\oemid

c:\windows\$NtUninstallKB44522$\503164951\U\00000001.@

c:\windows\$NtUninstallKB44522$\503164951\U\00000002.@

c:\windows\$NtUninstallKB44522$\503164951\U\00000004.@

c:\windows\$NtUninstallKB44522$\503164951\U\80000000.@

c:\windows\$NtUninstallKB44522$\503164951\U\80000004.@

c:\windows\$NtUninstallKB44522$\503164951\U\80000032.@

c:\windows\$NtUninstallKB44522$\503164951\version

c:\windows\$NtUninstallKB44522$\880855060

c:\windows\system32\actser.dll

c:\windows\system32\amfilter.dll

c:\windows\system32\AR5523.dll

c:\windows\system32\artourservice.dll

c:\windows\system32\atinrvxx.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\DXEC02.dll

c:\windows\system32\ipnat.dll

c:\windows\system32\ipsecmon.dll

c:\windows\system32\modemcsa.dll

c:\windows\system32\nfmservice.dll

c:\windows\system32\nsm1bus.dll

c:\windows\system32\oracle_load_balancer_60_client-forms6i.dll

c:\windows\system32\pcradminserver.dll

c:\windows\system32\quickbooksdb.dll

c:\windows\system32\Slpsvdr.dll

c:\windows\system32\smserial.dll

c:\windows\system32\snoopfreesvc.dll

c:\windows\system32\Thumbs.db

c:\windows\system32\usbio.dll

c:\windows\system32\vrmonsvc.dll

c:\windows\system32\zpnodecollector.dll

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At12.job

c:\windows\$NtUninstallKB44522$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_SaiMini

-------\Service_kpf4

.

.

((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))

.

.

2012-05-04 07:10 . 2012-05-04 07:10 -------- d-----w- c:\users\Jonas\AppData\Local\temp

2012-05-04 07:10 . 2012-05-04 07:13 -------- d-----w- c:\users\Sophia\AppData\Local\temp

2012-05-04 07:10 . 2012-05-04 07:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-04 06:58 . 2012-05-04 06:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38BC171E-8AC5-4F99-8E67-A1C16FBA402C}\offreg.dll

2012-05-03 16:35 . 2012-05-03 16:35 -------- d-----w- c:\users\Sophia\Pavark

2012-05-03 16:33 . 2012-05-04 04:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-05-03 16:33 . 2012-05-03 16:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-05-01 06:32 . 2012-05-01 06:32 388096 ----a-r- c:\users\Sophia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-01 06:32 . 2012-05-01 06:32 -------- d-----w- c:\program files\Trend Micro

2012-04-30 06:37 . 2012-04-30 06:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-30 05:54 . 2012-04-30 05:54 -------- d-----w- c:\users\Sophia\AppData\Roaming\Malwarebytes

2012-04-30 05:53 . 2012-04-30 05:53 -------- d-----w- c:\programdata\Malwarebytes

2012-04-30 05:53 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-30 05:53 . 2012-04-30 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-30 04:19 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-30 04:19 . 2012-05-01 03:03 -------- d-----w- c:\program files\Common Files\PC Tools

2012-04-30 04:19 . 2012-04-30 06:25 -------- d-----w- c:\program files\PC Tools

2012-04-30 04:15 . 2012-05-01 02:55 -------- d-----w- c:\programdata\PC Tools

2012-04-30 04:15 . 2012-04-30 04:15 -------- d-----w- c:\users\Sophia\AppData\Roaming\TestApp

2012-04-30 03:49 . 2012-04-30 07:19 -------- d-----w- c:\program files\Common Files\Media

2012-04-30 03:49 . 2012-04-30 06:22 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE

2012-04-27 21:01 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38BC171E-8AC5-4F99-8E67-A1C16FBA402C}\mpengine.dll

2012-04-11 14:13 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 14:13 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 14:13 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 14:13 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 14:12 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 14:12 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-06 20:48 . 2012-04-06 20:48 -------- d-----w- c:\users\Sophia\AppData\Roaming\OpenOffice.org

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-30 06:37 . 2012-01-08 01:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-05 04:39 . 2010-05-16 23:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-03 00:00 . 2012-03-31 23:06 197120 ----a-w- c:\windows\system32\bzpdf.dll

2012-02-23 17:18 . 2009-12-07 00:30 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-22 07:30 . 2012-02-22 07:30 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-22 07:30 . 2012-02-22 07:30 161792 ----a-w- c:\windows\system32\msls31.dll

2012-02-22 07:30 . 2012-02-22 07:30 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-22 07:30 . 2012-02-22 07:30 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-22 07:30 . 2012-02-22 07:30 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-22 07:30 . 2012-02-22 07:30 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-02-22 07:30 . 2012-02-22 07:30 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-02-22 07:30 . 2012-02-22 07:30 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-22 07:30 . 2012-02-22 07:30 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-02-22 07:30 . 2012-02-22 07:30 367104 ----a-w- c:\windows\system32\html.iec

2012-02-22 07:30 . 2012-02-22 07:30 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-22 07:30 . 2012-02-22 07:30 152064 ----a-w- c:\windows\system32\wextract.exe

2012-02-22 07:30 . 2012-02-22 07:30 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-02-22 07:30 . 2012-02-22 07:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-22 07:30 . 2012-02-22 07:30 11776 ----a-w- c:\windows\system32\mshta.exe

2012-02-22 07:30 . 2012-02-22 07:30 101888 ----a-w- c:\windows\system32\admparse.dll

2012-02-22 07:30 . 2012-02-22 07:30 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-15 05:44 . 2012-03-13 21:56 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-15 04:22 . 2012-03-13 21:56 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-15 04:22 . 2012-03-13 21:56 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:41 . 2012-03-13 21:58 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:41 . 2012-03-13 21:58 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-10 05:41 . 2012-03-13 21:58 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-10 05:41 . 2012-03-13 21:58 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-10 05:41 . 2012-03-13 21:58 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-08-17 402608]

"googletalk"="c:\users\Sophia\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]

"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]

"HotkeyService"="AsusSender.exe" [2009-08-18 27648]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-10-26 74752]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R1 etswtnjg;etswtnjg;c:\windows\system32\drivers\etswtnjg.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 133104]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 133104]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]

R3 ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at.sys [2009-10-15 80896]

S1 aswSP;avast! Self Protection; [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-09 65584]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]

S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-20 394672]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

NETSVCS REQUIRES REPAIRS - current entries shown

AeLookupSvc

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Ias

Irmon

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

Remoteaccess

SENS

Sharedaccess

SRService

Tapisrv

Wmi

WmdmPmSp

vnxservice

ESDCR

rootmodem

pinnacleupdatesvc

usbbus

SWUMX20

InCDsrvR

wandrv

sweepsrv.sys

EPOWER

ROCKEYNT

se44bus

PDExchange

tunmp

oracleorahomepagingserver

tbhsd

UWProSys

oracleorahomemanagementserver

vwkernel

avgarcln

SRVLOC

MRV6X32P

ssm_mdm

fallback

cpsvc

NsTrcNT

dlcj_device

USBMN1X1

asmagent

KMW_KBD

JavaQuickStarterService

es1371

s716unic

pgpsdkservice

iviaspi

pdcomp

fasttraksvc

ds1

rtl8185

oracleservicesecinst

nHancer

tpsrv

LMouFilt

mclogmanagerservice

itmrtsvc

bthidmgr

qbposdbservices

mr2kserv

lusbaudio

vaiomediaplatform-photoserver-appserver

arkbcfltr

nvsmu

NIPALK

si3114r

nvstor32

websenserealtimeanalyzer

winproxy

JL2005C

ftrtsvc

agrsrvce

bobo

clipsrv

MaVctrl

tng-doba

cypresslink

lanusb

WaveEnrollmentService

PGPsdkDriver

USB28xxOEM

win32sl

a016bus

stllssvr

SaiNtSub

bgs_sdservice

compaq_rba

noipducservice

ipsecmon

ibmfilter

pdiddcci

retinaengine

WaveFDE

NVTCP

sysmgmthp

pnarp

dpti2o

ProcObsrv

GT890x

sscdmdm

IOSLINK

USBDeviceService

DevUpper

s716obex

flashcom

cmuda

MKEMUSB

umpusbxp

AGV

digictrl

Epfwndis

pacsptisvr

nvrd32

stirusb

WIBUKEY

vmodem

vc8secs

netcfgsvr

CE3

clientservice

W700mgmt

s716nd5

srtspx

nuvaud2

mqdmbus

procexp90

AlteraByteBlaster

wencrservice

wanatw

asuskeyboardservice

OneCareMP

AX88772

viaagp1

nmap

lvhidsvc

TICalc

smstsmgr

persfw

SecureStorageService

SrvcEKIOMngr

hpci

oraclesnmppeerencapsulator

tfsnpool

SGIR

surveyor

tos_sps32

dbmanagerscheduler

KLOGNT

tme3srv

beatjamupnpmusicserver

szkg

SeratoUsb

CVPNDRVA

Spsmqvsm

s116obex

arrayssl_vpn_service3,0,1,9

hcf_msft

msfwsvc

avg7updsvc

klif

se58unic

videoacceleratorengine

macformatservice

transcode360

rpcnet

bc_tdi_f

adiloader

WDM_YAMAHAAC97

kraidsvc

sr

netdevio

cccredmgr

LHidKe

rismxdp

ipahelper.exe

wpsdrvnt

winpppoverethernet

NOWMEMDF

acedrv05

prism_a02

btkrnl

w200mgmt

UMAXPCLS

symndis

DynDNS_Updater_Service

mysql

REVOSENS

sshrmd

nalntservice

nimcdfxk

RTSTOR

AKSIFDH

ctsfm2k

webrootcommagentservice

arcltsrv

harmony

mapserver6.3

cdvp

nscirda

bhmonitorservice

iwebcal

lxdm_device

ftsata2

gv3

ntlmssp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

wercplsupport

EapHost

ProfSvc

schedule

hkmsvc

SessionEnv

winmgmt

browser

Themes

BDESVC

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 06:37]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 01:02]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 01:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-Conime - c:\windows\system32\conime.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,

26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}"=hex:51,66,7a,6c,4c,1d,38,12,47,fc,92,

d7,c9,32,20,08,c6,3c,87,ad,d9,37,22,00

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:72,db,ec,c7,87,26,cd,01

.

[HKEY_USERS\S-1-5-21-525104032-3259978678-3439254954-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-525104032-3259978678-3439254954-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5356)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Citrix\ICA Client\ssonsvr.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Citrix\ICA Client\WFCRUN32.EXE

c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe

c:\program files\EeePC\HotkeyService\HotKeyMon.exe

c:\program files\Citrix\ICA Client\PNAMAIN.EXE

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\AsusSender.exe

c:\windows\system32\AsusSender.exe

c:\windows\system32\AsusSender.exe

c:\windows\system32\AsusSender.exe

.

**************************************************************************

.

Completion time: 2012-05-04 00:25:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-04 07:25

.

Pre-Run: 24,468,480,000 bytes free

Post-Run: 23,787,503,616 bytes free

.

- - End Of File - - ADBCEFF9FF8607308FA30BBEA94F67DB

Thank you!

Link to post
Share on other sites

We have still some work to do.

Step 1

Open notepad and copy and paste next present in the quotebox below in it (don't forget to copy and paste REGEDIT4):

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Finally, reboot your PC.

Step 2

Delete your TDSSKiller copy and download a new fresh one. Re-run it and follow the instructions above again. Post the log file in your next reply.

Link to post
Share on other sites

I ran the registry edit (pasted correctly, including REGEDIT4) and it definitely did not go well...I rebooting my computer and all the icons on the taskbar were blank, my wireless internet didn't work and all my files on both the Desktop and My Documents were completely gone. I needed my computer today so I decided to go ahead and run system restore. I had a restore point (after running ComboFix and everything) so it was no big deal, but I'm not sure what my plan of action should be now.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.