SVCHost Trojan

[Visenya]

This started when I noticed an extra svchost.exe file running and using huge amounts of memory. Description was winrscmde. Malwarebytes finds and quarentines an infected svchost.exe file each time I run it but after rebooting to remove the problem still remains. Malwarebytes is also giving pop ups that is is stopping the same exe file from sending out data to various ip addresses.

Thank you in advance for your time and help!

Attach.txt

DDS.txt

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[Visenya]

Hi MrCharlie - quick question for you.

My mouse runs off USB. I don't have any external usb storage devices plugged in but will the mouse be an issue?

[MrCharlie]

That's OK, just remove any external usb drives. MrC

[Visenya]

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Aryylas [Admin rights]

Mode: Scan -- Date: 08/11/2012 13:08:05

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++

--- User ---

[MBR] f3303991d5b74a996e8ec357ed534486

[bSP] cdd3c03a49747ac14386905d6b4f674b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 56046b1ded5820549956538b4cc8a3a7

[bSP] cdd3c03a49747ac14386905d6b4f674b : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[Visenya]

I forgot to add in my original description of the issues that this also causes frequent redirecting in browser (when clicking on google search result links for example) and occasional random reboots of the system (very infrequent has happened twice I believe?)

[MrCharlie]

OK, run TDSSKiller please, MrC

[Visenya]

13:18:43.0609 2344 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:18:44.0063 2344 ============================================================

13:18:44.0063 2344 Current date / time: 2012/08/11 13:18:44.0063

13:18:44.0063 2344 SystemInfo:

13:18:44.0063 2344

13:18:44.0063 2344 OS Version: 6.1.7600 ServicePack: 0.0

13:18:44.0063 2344 Product type: Workstation

13:18:44.0063 2344 ComputerName: ARYYLAS-PC

13:18:44.0063 2344 UserName: Aryylas

13:18:44.0063 2344 Windows directory: C:\Windows

13:18:44.0063 2344 System windows directory: C:\Windows

13:18:44.0063 2344 Running under WOW64

13:18:44.0063 2344 Processor architecture: Intel x64

13:18:44.0063 2344 Number of processors: 4

13:18:44.0064 2344 Page size: 0x1000

13:18:44.0064 2344 Boot type: Normal boot

13:18:44.0064 2344 ============================================================

13:18:45.0890 2344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:18:45.0902 2344 ============================================================

13:18:45.0902 2344 \Device\Harddisk0\DR0:

13:18:45.0902 2344 MBR partitions:

13:18:45.0902 2344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

13:18:45.0902 2344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000

13:18:45.0902 2344 ============================================================

13:18:45.0925 2344 C: <-> \Device\Harddisk0\DR0\Partition1

13:18:45.0949 2344 D: <-> \Device\Harddisk0\DR0\Partition0

13:18:45.0950 2344 ============================================================

13:18:45.0950 2344 Initialize success

13:18:45.0950 2344 ============================================================

13:19:15.0923 4240 ============================================================

13:19:15.0923 4240 Scan started

13:19:15.0923 4240 Mode: Manual; SigCheck; TDLFS;

13:19:15.0923 4240 ============================================================

13:19:18.0995 4240 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

13:19:19.0136 4240 1394ohci - ok

13:19:19.0184 4240 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

13:19:19.0200 4240 ACPI - ok

13:19:19.0225 4240 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

13:19:19.0318 4240 AcpiPmi - ok

13:19:19.0482 4240 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

13:19:19.0511 4240 Ad-Aware Service - ok

13:19:19.0948 4240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:19:19.0980 4240 adp94xx - ok

13:19:20.0018 4240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:19:20.0034 4240 adpahci - ok

13:19:20.0066 4240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:19:20.0096 4240 adpu320 - ok

13:19:20.0132 4240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:19:20.0294 4240 AeLookupSvc - ok

13:19:20.0433 4240 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

13:19:20.0501 4240 AFD - ok

13:19:20.0561 4240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

13:19:20.0580 4240 agp440 - ok

13:19:20.0635 4240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:19:20.0682 4240 ALG - ok

13:19:20.0704 4240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

13:19:20.0728 4240 aliide - ok

13:19:20.0849 4240 AMD External Events Utility (a5a5573c6718a570aa481d956daf71aa) C:\Windows\system32\atiesrxx.exe

13:19:20.0962 4240 AMD External Events Utility - ok

13:19:21.0042 4240 AMD FUEL Service - ok

13:19:21.0186 4240 AMD FusionUtility Service (72893d5e805cc0a721dac0102329f94e) C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe

13:19:21.0200 4240 AMD FusionUtility Service - ok

13:19:21.0263 4240 AMD Reservation Manager (ed5188382e64f860e0dfd32b2f1f259c) C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe

13:19:21.0280 4240 AMD Reservation Manager - ok

13:19:21.0307 4240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

13:19:21.0320 4240 amdide - ok

13:19:21.0360 4240 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

13:19:21.0370 4240 amdiox64 - ok

13:19:21.0427 4240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:19:21.0469 4240 AmdK8 - ok

13:19:22.0117 4240 amdkmdag (31aa494a9c6ac84eb5269e3cd7f7c97c) C:\Windows\system32\DRIVERS\atikmdag.sys

13:19:22.0266 4240 amdkmdag - ok

13:19:22.0650 4240 amdkmdap (e51a6e189f1aaa87776690d71a803418) C:\Windows\system32\DRIVERS\atikmpag.sys

13:19:22.0703 4240 amdkmdap - ok

13:19:22.0765 4240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:19:22.0816 4240 AmdPPM - ok

13:19:22.0897 4240 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

13:19:22.0923 4240 amdsata - ok

13:19:22.0960 4240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:19:22.0976 4240 amdsbs - ok

13:19:22.0985 4240 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

13:19:22.0996 4240 amdxata - ok

13:19:23.0146 4240 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

13:19:23.0163 4240 AODDriver4.1 - ok

13:19:23.0228 4240 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

13:19:23.0335 4240 AppID - ok

13:19:23.0378 4240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:19:23.0454 4240 AppIDSvc - ok

13:19:23.0494 4240 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

13:19:23.0555 4240 Appinfo - ok

13:19:23.0610 4240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:19:23.0636 4240 arc - ok

13:19:23.0658 4240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:19:23.0672 4240 arcsas - ok

13:19:23.0799 4240 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:19:23.0822 4240 aspnet_state - ok

13:19:23.0857 4240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:19:23.0957 4240 AsyncMac - ok

13:19:23.0974 4240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

13:19:23.0995 4240 atapi - ok

13:19:24.0145 4240 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys

13:19:24.0193 4240 athr - ok

13:19:24.0699 4240 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

13:19:24.0719 4240 AtiHDAudioService - ok

13:19:24.0793 4240 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

13:19:24.0810 4240 AtiPcie - ok

13:19:25.0024 4240 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:19:25.0109 4240 AudioEndpointBuilder - ok

13:19:25.0118 4240 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:19:25.0196 4240 AudioSrv - ok

13:19:25.0242 4240 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

13:19:25.0366 4240 AxInstSV - ok

13:19:25.0456 4240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:19:25.0505 4240 b06bdrv - ok

13:19:25.0537 4240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:19:25.0575 4240 b57nd60a - ok

13:19:25.0618 4240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:19:25.0664 4240 BDESVC - ok

13:19:25.0699 4240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:19:25.0782 4240 Beep - ok

13:19:25.0863 4240 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

13:19:25.0954 4240 BFE - ok

13:19:26.0028 4240 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

13:19:26.0120 4240 BITS - ok

13:19:26.0218 4240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:19:26.0243 4240 blbdrive - ok

13:19:26.0492 4240 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

13:19:26.0561 4240 bowser - ok

13:19:26.0589 4240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:19:26.0643 4240 BrFiltLo - ok

13:19:26.0676 4240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:19:26.0691 4240 BrFiltUp - ok

13:19:26.0737 4240 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

13:19:26.0852 4240 Browser - ok

13:19:26.0902 4240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:19:26.0961 4240 Brserid - ok

13:19:27.0000 4240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:19:27.0062 4240 BrSerWdm - ok

13:19:27.0100 4240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:19:27.0148 4240 BrUsbMdm - ok

13:19:27.0186 4240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:19:27.0238 4240 BrUsbSer - ok

13:19:27.0283 4240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:19:27.0318 4240 BTHMODEM - ok

13:19:27.0352 4240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:19:27.0422 4240 bthserv - ok

13:19:27.0465 4240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:19:27.0534 4240 cdfs - ok

13:19:27.0578 4240 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

13:19:27.0594 4240 cdrom - ok

13:19:27.0631 4240 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

13:19:27.0706 4240 CertPropSvc - ok

13:19:27.0736 4240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:19:27.0775 4240 circlass - ok

13:19:27.0823 4240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:19:27.0842 4240 CLFS - ok

13:19:27.0903 4240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:19:27.0925 4240 clr_optimization_v2.0.50727_32 - ok

13:19:27.0979 4240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:19:28.0001 4240 clr_optimization_v2.0.50727_64 - ok

13:19:28.0114 4240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:19:28.0130 4240 clr_optimization_v4.0.30319_32 - ok

13:19:28.0184 4240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:19:28.0201 4240 clr_optimization_v4.0.30319_64 - ok

13:19:28.0258 4240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:19:28.0274 4240 CmBatt - ok

13:19:28.0310 4240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

13:19:28.0324 4240 cmdide - ok

13:19:28.0390 4240 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

13:19:28.0437 4240 CNG - ok

13:19:28.0457 4240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:19:28.0469 4240 Compbatt - ok

13:19:28.0493 4240 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:19:28.0529 4240 CompositeBus - ok

13:19:28.0553 4240 COMSysApp - ok

13:19:28.0574 4240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:19:28.0599 4240 crcdisk - ok

13:19:28.0649 4240 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

13:19:28.0713 4240 CryptSvc - ok

13:19:28.0771 4240 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

13:19:28.0854 4240 DcomLaunch - ok

13:19:28.0912 4240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:19:28.0962 4240 defragsvc - ok

13:19:29.0011 4240 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

13:19:29.0055 4240 DfsC - ok

13:19:29.0105 4240 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

13:19:29.0209 4240 Dhcp - ok

13:19:29.0239 4240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:19:29.0329 4240 discache - ok

13:19:29.0379 4240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:19:29.0401 4240 Disk - ok

13:19:29.0454 4240 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

13:19:29.0492 4240 Dnscache - ok

13:19:29.0527 4240 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

13:19:29.0603 4240 dot3svc - ok

13:19:29.0636 4240 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

13:19:29.0712 4240 DPS - ok

13:19:29.0754 4240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:19:29.0769 4240 drmkaud - ok

13:19:29.0866 4240 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

13:19:29.0887 4240 DsiWMIService - ok

13:19:30.0009 4240 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

13:19:30.0046 4240 DXGKrnl - ok

13:19:30.0063 4240 EagleX64 - ok

13:19:30.0096 4240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:19:30.0159 4240 EapHost - ok

13:19:30.0553 4240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:19:30.0655 4240 ebdrv - ok

13:19:30.0786 4240 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

13:19:30.0833 4240 EFS - ok

13:19:30.0923 4240 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

13:19:30.0985 4240 ehRecvr - ok

13:19:31.0009 4240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:19:31.0045 4240 ehSched - ok

13:19:31.0156 4240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:19:31.0182 4240 elxstor - ok

13:19:31.0342 4240 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

13:19:31.0371 4240 ePowerSvc - ok

13:19:31.0507 4240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

13:19:31.0553 4240 ErrDev - ok

13:19:31.0596 4240 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys

13:19:31.0606 4240 ETD - ok

13:19:31.0663 4240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:19:31.0731 4240 EventSystem - ok

13:19:31.0770 4240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:19:31.0842 4240 exfat - ok

13:19:31.0877 4240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:19:31.0936 4240 fastfat - ok

13:19:32.0025 4240 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

13:19:32.0084 4240 Fax - ok

13:19:32.0123 4240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:19:32.0151 4240 fdc - ok

13:19:32.0189 4240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:19:32.0245 4240 fdPHost - ok

13:19:32.0268 4240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:19:32.0320 4240 FDResPub - ok

13:19:32.0514 4240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:19:32.0531 4240 FileInfo - ok

13:19:32.0594 4240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:19:32.0728 4240 Filetrace - ok

13:19:32.0900 4240 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:19:32.0918 4240 FLEXnet Licensing Service - ok

13:19:32.0965 4240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:19:33.0034 4240 flpydisk - ok

13:19:33.0086 4240 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

13:19:33.0103 4240 FltMgr - ok

13:19:33.0286 4240 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll

13:19:33.0367 4240 FontCache - ok

13:19:33.0433 4240 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:19:33.0445 4240 FontCache3.0.0.0 - ok

13:19:33.0490 4240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:19:33.0519 4240 FsDepends - ok

13:19:33.0560 4240 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

13:19:33.0576 4240 Fs_Rec - ok

13:19:33.0641 4240 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:19:33.0682 4240 fvevol - ok

13:19:33.0738 4240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:19:33.0750 4240 gagp30kx - ok

13:19:33.0851 4240 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe

13:19:33.0867 4240 GameConsoleService - ok

13:19:33.0946 4240 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

13:19:34.0006 4240 gpsvc - ok

13:19:34.0078 4240 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

13:19:34.0091 4240 GREGService - ok

13:19:34.0137 4240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:19:34.0186 4240 hcw85cir - ok

13:19:34.0233 4240 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

13:19:34.0275 4240 HdAudAddService - ok

13:19:34.0482 4240 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:19:34.0539 4240 HDAudBus - ok

13:19:34.0566 4240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:19:34.0605 4240 HidBatt - ok

13:19:34.0634 4240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:19:34.0678 4240 HidBth - ok

13:19:34.0704 4240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:19:34.0754 4240 HidIr - ok

13:19:34.0788 4240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:19:34.0870 4240 hidserv - ok

13:19:34.0921 4240 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

13:19:34.0960 4240 HidUsb - ok

13:19:34.0986 4240 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

13:19:35.0048 4240 hkmsvc - ok

13:19:35.0067 4240 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

13:19:35.0135 4240 HomeGroupListener - ok

13:19:35.0176 4240 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

13:19:35.0212 4240 HomeGroupProvider - ok

13:19:35.0300 4240 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

13:19:35.0330 4240 HpSAMD - ok

13:19:35.0393 4240 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

13:19:35.0473 4240 HTTP - ok

13:19:35.0508 4240 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

13:19:35.0520 4240 hwpolicy - ok

13:19:35.0544 4240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:19:35.0563 4240 i8042prt - ok

13:19:35.0602 4240 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

13:19:35.0625 4240 iaStorV - ok

13:19:35.0749 4240 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:19:35.0774 4240 idsvc - ok

13:19:36.0280 4240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:19:36.0310 4240 iirsp - ok

13:19:36.0538 4240 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

13:19:36.0637 4240 IKEEXT - ok

13:19:36.0662 4240 IntcAzAudAddService - ok

13:19:36.0676 4240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

13:19:36.0693 4240 intelide - ok

13:19:36.0746 4240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:19:36.0780 4240 intelppm - ok

13:19:36.0811 4240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:19:36.0873 4240 IPBusEnum - ok

13:19:36.0914 4240 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:19:36.0969 4240 IpFilterDriver - ok

13:19:37.0023 4240 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

13:19:37.0092 4240 iphlpsvc - ok

13:19:37.0113 4240 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:19:37.0148 4240 IPMIDRV - ok

13:19:37.0174 4240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:19:37.0252 4240 IPNAT - ok

13:19:37.0293 4240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:19:37.0314 4240 IRENUM - ok

13:19:37.0335 4240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

13:19:37.0351 4240 isapnp - ok

13:19:37.0412 4240 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

13:19:37.0434 4240 iScsiPrt - ok

13:19:37.0477 4240 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys

13:19:37.0497 4240 k57nd60a - ok

13:19:37.0519 4240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:19:37.0530 4240 kbdclass - ok

13:19:37.0556 4240 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

13:19:37.0581 4240 kbdhid - ok

13:19:37.0619 4240 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:19:37.0636 4240 KeyIso - ok

13:19:37.0647 4240 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

13:19:37.0661 4240 KSecDD - ok

13:19:37.0680 4240 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

13:19:37.0699 4240 KSecPkg - ok

13:19:37.0720 4240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:19:37.0789 4240 ksthunk - ok

13:19:37.0829 4240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:19:37.0918 4240 KtmRm - ok

13:19:37.0971 4240 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

13:19:38.0023 4240 LanmanServer - ok

13:19:38.0042 4240 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

13:19:38.0117 4240 LanmanWorkstation - ok

13:19:38.0160 4240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:19:38.0229 4240 lltdio - ok

13:19:38.0269 4240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:19:38.0321 4240 lltdsvc - ok

13:19:38.0470 4240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:19:38.0527 4240 lmhosts - ok

13:19:38.0614 4240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:19:38.0627 4240 LSI_FC - ok

13:19:38.0649 4240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:19:38.0671 4240 LSI_SAS - ok

13:19:38.0687 4240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:19:38.0700 4240 LSI_SAS2 - ok

13:19:38.0723 4240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:19:38.0736 4240 LSI_SCSI - ok

13:19:38.0764 4240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:19:38.0833 4240 luafv - ok

13:19:38.0918 4240 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

13:19:38.0934 4240 MBAMProtector - ok

13:19:39.0024 4240 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:19:39.0046 4240 MBAMService - ok

13:19:39.0097 4240 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

13:19:39.0113 4240 mcdbus - ok

13:19:39.0140 4240 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

13:19:39.0179 4240 Mcx2Svc - ok

13:19:39.0221 4240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:19:39.0235 4240 megasas - ok

13:19:39.0279 4240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:19:39.0297 4240 MegaSR - ok

13:19:39.0317 4240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:19:39.0366 4240 MMCSS - ok

13:19:39.0394 4240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:19:39.0450 4240 Modem - ok

13:19:39.0489 4240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:19:39.0533 4240 monitor - ok

13:19:39.0563 4240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:19:39.0590 4240 mouclass - ok

13:19:39.0606 4240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:19:39.0621 4240 mouhid - ok

13:19:39.0636 4240 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

13:19:39.0648 4240 mountmgr - ok

13:19:39.0777 4240 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:19:39.0790 4240 MozillaMaintenance - ok

13:19:39.0850 4240 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

13:19:39.0867 4240 MpFilter - ok

13:19:39.0909 4240 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

13:19:39.0942 4240 mpio - ok

13:19:39.0966 4240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:19:40.0006 4240 mpsdrv - ok

13:19:40.0090 4240 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

13:19:40.0188 4240 MpsSvc - ok

13:19:40.0220 4240 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

13:19:40.0255 4240 MRxDAV - ok

13:19:40.0503 4240 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:19:40.0562 4240 mrxsmb - ok

13:19:40.0600 4240 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:19:40.0644 4240 mrxsmb10 - ok

13:19:40.0666 4240 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:19:40.0704 4240 mrxsmb20 - ok

13:19:40.0736 4240 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

13:19:40.0747 4240 msahci - ok

13:19:40.0767 4240 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

13:19:40.0785 4240 msdsm - ok

13:19:40.0814 4240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:19:40.0854 4240 MSDTC - ok

13:19:40.0883 4240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:19:40.0938 4240 Msfs - ok

13:19:40.0957 4240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:19:40.0995 4240 mshidkmdf - ok

13:19:41.0002 4240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

13:19:41.0013 4240 msisadrv - ok

13:19:41.0039 4240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:19:41.0112 4240 MSiSCSI - ok

13:19:41.0117 4240 msiserver - ok

13:19:41.0137 4240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:19:41.0196 4240 MSKSSRV - ok

13:19:41.0316 4240 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

13:19:41.0344 4240 MsMpSvc - ok

13:19:41.0356 4240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:19:41.0419 4240 MSPCLOCK - ok

13:19:41.0444 4240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:19:41.0520 4240 MSPQM - ok

13:19:41.0558 4240 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

13:19:41.0586 4240 MsRPC - ok

13:19:41.0602 4240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

13:19:41.0618 4240 mssmbios - ok

13:19:41.0622 4240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:19:41.0681 4240 MSTEE - ok

13:19:41.0717 4240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:19:41.0746 4240 MTConfig - ok

13:19:41.0769 4240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:19:41.0781 4240 Mup - ok

13:19:41.0793 4240 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

13:19:41.0810 4240 mwlPSDFilter - ok

13:19:41.0832 4240 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

13:19:41.0842 4240 mwlPSDNServ - ok

13:19:41.0860 4240 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

13:19:41.0870 4240 mwlPSDVDisk - ok

13:19:42.0010 4240 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

13:19:42.0029 4240 MWLService - ok

13:19:42.0078 4240 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

13:19:42.0151 4240 napagent - ok

13:19:42.0201 4240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:19:42.0250 4240 NativeWifiP - ok

13:19:43.0349 4240 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

13:19:43.0388 4240 NDIS - ok

13:19:43.0433 4240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:19:43.0472 4240 NdisCap - ok

13:19:43.0511 4240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:19:43.0587 4240 NdisTapi - ok

13:19:43.0612 4240 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

13:19:43.0658 4240 Ndisuio - ok

13:19:43.0685 4240 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:19:43.0726 4240 NdisWan - ok

13:19:43.0734 4240 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

13:19:43.0796 4240 NDProxy - ok

13:19:43.0819 4240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:19:43.0883 4240 NetBIOS - ok

13:19:43.0904 4240 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

13:19:43.0968 4240 NetBT - ok

13:19:44.0010 4240 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:19:44.0023 4240 Netlogon - ok

13:19:44.0072 4240 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:19:44.0163 4240 Netman - ok

13:19:44.0970 4240 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:19:44.0982 4240 NetMsmqActivator - ok

13:19:45.0013 4240 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:19:45.0026 4240 NetPipeActivator - ok

13:19:45.0103 4240 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:19:45.0183 4240 netprofm - ok

13:19:45.0189 4240 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:19:45.0201 4240 NetTcpActivator - ok

13:19:45.0208 4240 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:19:45.0219 4240 NetTcpPortSharing - ok

13:19:45.0285 4240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:19:45.0296 4240 nfrd960 - ok

13:19:45.0334 4240 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:19:45.0344 4240 NisDrv - ok

13:19:45.0442 4240 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

13:19:45.0469 4240 NisSrv - ok

13:19:45.0525 4240 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

13:19:45.0595 4240 NlaSvc - ok

13:19:45.0864 4240 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

13:19:45.0918 4240 NOBU - ok

13:19:46.0046 4240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:19:46.0120 4240 Npfs - ok

13:19:46.0155 4240 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:19:46.0227 4240 nsi - ok

13:19:46.0244 4240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:19:46.0299 4240 nsiproxy - ok

13:19:47.0684 4240 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

13:19:47.0740 4240 Ntfs - ok

13:19:47.0849 4240 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

13:19:47.0869 4240 NTI IScheduleSvc - ok

13:19:48.0030 4240 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys

13:19:48.0046 4240 NTIDrvr - ok

13:19:48.0062 4240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:19:48.0141 4240 Null - ok

13:19:48.0173 4240 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

13:19:48.0189 4240 nvraid - ok

13:19:48.0218 4240 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

13:19:48.0248 4240 nvstor - ok

13:19:48.0279 4240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

13:19:48.0304 4240 nv_agp - ok

13:19:48.0724 4240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

13:19:48.0889 4240 ohci1394 - ok

13:19:49.0403 4240 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:19:49.0454 4240 p2pimsvc - ok

13:19:49.0505 4240 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:19:49.0528 4240 p2psvc - ok

13:19:49.0547 4240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:19:49.0562 4240 Parport - ok

13:19:49.0607 4240 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

13:19:49.0621 4240 partmgr - ok

13:19:49.0648 4240 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:19:49.0698 4240 PcaSvc - ok

13:19:49.0737 4240 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

13:19:49.0767 4240 pci - ok

13:19:49.0780 4240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

13:19:49.0799 4240 pciide - ok

13:19:49.0844 4240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:19:49.0860 4240 pcmcia - ok

13:19:49.0870 4240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:19:49.0892 4240 pcw - ok

13:19:49.0945 4240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:19:50.0005 4240 PEAUTH - ok

13:19:50.0106 4240 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:19:50.0153 4240 PerfHost - ok

13:19:51.0416 4240 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

13:19:51.0516 4240 pla - ok

13:19:51.0676 4240 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

13:19:51.0748 4240 PlugPlay - ok

13:19:51.0775 4240 PnkBstrA - ok

13:19:51.0805 4240 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:19:51.0820 4240 PNRPAutoReg - ok

13:19:51.0861 4240 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:19:51.0889 4240 PNRPsvc - ok

13:19:51.0946 4240 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

13:19:52.0042 4240 PolicyAgent - ok

13:19:52.0077 4240 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:19:52.0136 4240 Power - ok

13:19:52.0194 4240 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

13:19:52.0257 4240 PptpMiniport - ok

13:19:52.0293 4240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:19:52.0321 4240 Processor - ok

13:19:52.0365 4240 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

13:19:52.0439 4240 ProfSvc - ok

13:19:52.0488 4240 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:19:52.0502 4240 ProtectedStorage - ok

13:19:52.0554 4240 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

13:19:52.0616 4240 Psched - ok

13:19:52.0714 4240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:19:52.0752 4240 ql2300 - ok

13:19:52.0898 4240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:19:52.0930 4240 ql40xx - ok

13:19:52.0986 4240 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:19:53.0045 4240 QWAVE - ok

13:19:53.0077 4240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:19:53.0123 4240 QWAVEdrv - ok

13:19:53.0150 4240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:19:53.0216 4240 RasAcd - ok

13:19:53.0255 4240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:19:53.0319 4240 RasAgileVpn - ok

13:19:53.0355 4240 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:19:53.0437 4240 RasAuto - ok

13:19:53.0460 4240 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:19:53.0531 4240 Rasl2tp - ok

13:19:53.0563 4240 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

13:19:53.0622 4240 RasMan - ok

13:19:53.0650 4240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:19:53.0706 4240 RasPppoe - ok

13:19:53.0739 4240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:19:53.0809 4240 RasSstp - ok

13:19:53.0849 4240 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

13:19:53.0912 4240 rdbss - ok

13:19:53.0948 4240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:19:53.0979 4240 rdpbus - ok

13:19:54.0005 4240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:19:54.0041 4240 RDPCDD - ok

13:19:54.0067 4240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:19:54.0107 4240 RDPENCDD - ok

13:19:54.0119 4240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:19:54.0169 4240 RDPREFMP - ok

13:19:54.0201 4240 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

13:19:54.0249 4240 RDPWD - ok

13:19:54.0273 4240 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys

13:19:54.0289 4240 rdyboost - ok

13:19:54.0316 4240 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:19:54.0381 4240 RemoteAccess - ok

13:19:54.0630 4240 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:19:54.0713 4240 RemoteRegistry - ok

13:19:54.0743 4240 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:19:54.0822 4240 RpcEptMapper - ok

13:19:54.0844 4240 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:19:54.0890 4240 RpcLocator - ok

13:19:54.0944 4240 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

13:19:55.0007 4240 RpcSs - ok

13:19:55.0046 4240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:19:55.0120 4240 rspndr - ok

13:19:55.0218 4240 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\System32\Drivers\RtsUStor.sys

13:19:55.0243 4240 RSUSBSTOR - ok

13:19:55.0288 4240 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:19:55.0303 4240 SamSs - ok

13:19:55.0592 4240 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

13:19:55.0679 4240 SBAMSvc - ok

13:19:55.0833 4240 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys

13:19:55.0854 4240 sbapifs - ok

13:19:55.0936 4240 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys

13:19:55.0966 4240 SbFw - ok

13:19:56.0013 4240 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys

13:19:56.0024 4240 SBFWIMCL - ok

13:19:56.0045 4240 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys

13:19:56.0056 4240 SBFWIMCLMP - ok

13:19:56.0084 4240 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys

13:19:56.0101 4240 sbhips - ok

13:19:56.0147 4240 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

13:19:56.0173 4240 sbp2port - ok

13:19:56.0225 4240 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

13:19:56.0242 4240 SBRE - ok

13:19:56.0264 4240 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys

13:19:56.0273 4240 sbwtis - ok

13:19:56.0413 4240 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:19:56.0479 4240 SCardSvr - ok

13:19:56.0516 4240 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

13:19:56.0593 4240 scfilter - ok

13:19:56.0759 4240 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

13:19:56.0844 4240 Schedule - ok

13:19:56.0870 4240 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

13:19:56.0917 4240 SCPolicySvc - ok

13:19:56.0956 4240 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

13:19:57.0009 4240 SDRSVC - ok

13:19:57.0086 4240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:19:57.0159 4240 secdrv - ok

13:19:57.0188 4240 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

13:19:57.0245 4240 seclogon - ok

13:19:57.0276 4240 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:19:57.0329 4240 SENS - ok

13:19:57.0357 4240 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:19:57.0392 4240 SensrSvc - ok

13:19:57.0402 4240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:19:57.0440 4240 Serenum - ok

13:19:57.0475 4240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:19:57.0497 4240 Serial - ok

13:19:57.0528 4240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:19:57.0559 4240 sermouse - ok

13:19:57.0610 4240 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

13:19:57.0649 4240 SessionEnv - ok

13:19:57.0658 4240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

13:19:57.0705 4240 sffdisk - ok

13:19:57.0715 4240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:19:57.0747 4240 sffp_mmc - ok

13:19:57.0771 4240 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:19:57.0809 4240 sffp_sd - ok

13:19:57.0850 4240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:19:57.0875 4240 sfloppy - ok

13:19:57.0934 4240 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:19:58.0015 4240 SharedAccess - ok

13:19:58.0078 4240 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

13:19:58.0138 4240 ShellHWDetection - ok

13:19:58.0169 4240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:19:58.0186 4240 SiSRaid2 - ok

13:19:58.0209 4240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:19:58.0223 4240 SiSRaid4 - ok

13:19:58.0308 4240 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe

13:19:58.0321 4240 SkypeUpdate - ok

13:19:58.0366 4240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:19:58.0410 4240 Smb - ok

13:19:58.0444 4240 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:19:58.0486 4240 SNMPTRAP - ok

13:19:58.0512 4240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:19:58.0525 4240 spldr - ok

13:19:58.0583 4240 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

13:19:58.0668 4240 Spooler - ok

13:19:58.0902 4240 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

13:19:59.0030 4240 sppsvc - ok

13:19:59.0163 4240 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:19:59.0248 4240 sppuinotify - ok

13:19:59.0341 4240 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

13:19:59.0371 4240 srv - ok

13:19:59.0424 4240 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

13:19:59.0470 4240 srv2 - ok

13:19:59.0505 4240 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

13:19:59.0541 4240 srvnet - ok

13:19:59.0599 4240 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:19:59.0702 4240 SSDPSRV - ok

13:19:59.0721 4240 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:19:59.0761 4240 SstpSvc - ok

13:19:59.0827 4240 Steam Client Service - ok

13:19:59.0868 4240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:19:59.0906 4240 stexstor - ok

13:19:59.0974 4240 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

13:20:00.0034 4240 stisvc - ok

13:20:00.0109 4240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

13:20:00.0121 4240 swenum - ok

13:20:00.0191 4240 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:20:00.0309 4240 swprv - ok

13:20:00.0988 4240 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

13:20:01.0200 4240 SysMain - ok

13:20:01.0436 4240 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

13:20:01.0683 4240 TabletInputService - ok

13:20:01.0750 4240 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

13:20:01.0847 4240 TapiSrv - ok

13:20:01.0892 4240 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:20:02.0011 4240 TBS - ok

13:20:02.0473 4240 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

13:20:02.0556 4240 Tcpip - ok

13:20:03.0021 4240 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

13:20:03.0082 4240 TCPIP6 - ok

13:20:03.0229 4240 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

13:20:03.0284 4240 tcpipreg - ok

13:20:03.0309 4240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:20:03.0353 4240 TDPIPE - ok

13:20:03.0373 4240 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

13:20:03.0386 4240 TDTCP - ok

13:20:03.0402 4240 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

13:20:03.0487 4240 tdx - ok

13:20:03.0747 4240 TeamViewer7 (2bbb318ea9f34fdc508cea4aab98d770) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

13:20:03.0829 4240 TeamViewer7 - ok

13:20:03.0957 4240 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

13:20:03.0972 4240 TermDD - ok

13:20:04.0045 4240 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

13:20:04.0138 4240 TermService - ok

13:20:04.0180 4240 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:20:04.0234 4240 Themes - ok

13:20:04.0264 4240 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:20:04.0318 4240 THREADORDER - ok

13:20:04.0477 4240 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:20:04.0535 4240 TrkWks - ok

13:20:04.0589 4240 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

13:20:04.0618 4240 TrustedInstaller - ok

13:20:04.0643 4240 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:20:04.0687 4240 tssecsrv - ok

13:20:04.0717 4240 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

13:20:04.0767 4240 tunnel - ok

13:20:04.0812 4240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:20:04.0825 4240 uagp35 - ok

13:20:04.0858 4240 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys

13:20:04.0875 4240 UBHelper - ok

13:20:04.0916 4240 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

13:20:04.0968 4240 udfs - ok

13:20:05.0009 4240 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:20:05.0024 4240 UI0Detect - ok

13:20:05.0053 4240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

13:20:05.0081 4240 uliagpkx - ok

13:20:05.0116 4240 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

13:20:05.0145 4240 umbus - ok

13:20:05.0201 4240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:20:05.0244 4240 UmPass - ok

13:20:05.0330 4240 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

13:20:05.0348 4240 Updater Service - ok

13:20:05.0398 4240 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:20:05.0483 4240 upnphost - ok

13:20:05.0523 4240 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

13:20:05.0567 4240 usbccgp - ok

13:20:05.0601 4240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

13:20:05.0660 4240 usbcir - ok

13:20:05.0673 4240 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

13:20:05.0696 4240 usbehci - ok

13:20:05.0754 4240 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys

13:20:05.0767 4240 usbfilter - ok

13:20:05.0822 4240 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

13:20:05.0844 4240 usbhub - ok

13:20:05.0863 4240 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys

13:20:05.0889 4240 usbohci - ok

13:20:05.0932 4240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:20:05.0977 4240 usbprint - ok

13:20:06.0002 4240 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

13:20:06.0056 4240 USBSTOR - ok

13:20:06.0075 4240 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

13:20:06.0099 4240 usbuhci - ok

13:20:06.0144 4240 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

13:20:06.0174 4240 usbvideo - ok

13:20:06.0213 4240 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:20:06.0269 4240 UxSms - ok

13:20:06.0323 4240 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

13:20:06.0337 4240 VaultSvc - ok

13:20:06.0399 4240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

13:20:06.0410 4240 vdrvroot - ok

13:20:06.0491 4240 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

13:20:06.0549 4240 vds - ok

13:20:06.0580 4240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:20:06.0610 4240 vga - ok

13:20:06.0644 4240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:20:06.0728 4240 VgaSave - ok

13:20:06.0845 4240 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

13:20:06.0873 4240 vhdmp - ok

13:20:06.0886 4240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

13:20:06.0905 4240 viaide - ok

13:20:06.0921 4240 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

13:20:06.0940 4240 volmgr - ok

13:20:06.0964 4240 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

13:20:06.0981 4240 volmgrx - ok

13:20:07.0002 4240 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

13:20:07.0019 4240 volsnap - ok

13:20:07.0087 4240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:20:07.0112 4240 vsmraid - ok

13:20:07.0244 4240 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

13:20:07.0318 4240 VSS - ok

13:20:07.0432 4240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:20:07.0464 4240 vwifibus - ok

13:20:07.0487 4240 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:20:07.0527 4240 vwififlt - ok

13:20:07.0565 4240 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:20:07.0632 4240 vwifimp - ok

13:20:07.0691 4240 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:20:07.0755 4240 W32Time - ok

13:20:07.0795 4240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:20:07.0842 4240 WacomPen - ok

13:20:07.0889 4240 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:20:07.0952 4240 WANARP - ok

13:20:07.0959 4240 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:20:07.0997 4240 Wanarpv6 - ok

13:20:08.0148 4240 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:20:08.0194 4240 WatAdminSvc - ok

13:20:08.0509 4240 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

13:20:08.0617 4240 wbengine - ok

13:20:08.0798 4240 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:20:08.0830 4240 WbioSrvc - ok

13:20:08.0901 4240 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

13:20:08.0971 4240 wcncsvc - ok

13:20:08.0987 4240 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:20:09.0045 4240 WcsPlugInService - ok

13:20:09.0099 4240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:20:09.0126 4240 Wd - ok

13:20:09.0191 4240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:20:09.0233 4240 Wdf01000 - ok

13:20:09.0287 4240 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:20:09.0327 4240 WdiServiceHost - ok

13:20:09.0335 4240 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:20:09.0379 4240 WdiSystemHost - ok

13:20:09.0430 4240 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

13:20:09.0497 4240 WebClient - ok

13:20:09.0536 4240 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:20:09.0633 4240 Wecsvc - ok

13:20:09.0657 4240 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:20:09.0715 4240 wercplsupport - ok

13:20:09.0752 4240 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:20:09.0792 4240 WerSvc - ok

13:20:09.0831 4240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:20:09.0886 4240 WfpLwf - ok

13:20:09.0899 4240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:20:09.0909 4240 WIMMount - ok

13:20:09.0960 4240 WinDefend - ok

13:20:09.0985 4240 WinHttpAutoProxySvc - ok

13:20:10.0056 4240 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:20:10.0136 4240 Winmgmt - ok

13:20:10.0169 4240 WinRing0_1_2_0 - ok

13:20:10.0507 4240 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

13:20:10.0663 4240 WinRM - ok

13:20:10.0920 4240 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:20:10.0966 4240 Wlansvc - ok

13:20:11.0074 4240 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:20:11.0088 4240 wlcrasvc - ok

13:20:11.0384 4240 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:20:11.0434 4240 wlidsvc - ok

13:20:11.0561 4240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:20:11.0592 4240 WmiAcpi - ok

13:20:11.0662 4240 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:20:11.0709 4240 wmiApSrv - ok

13:20:11.0760 4240 WMPNetworkSvc - ok

13:20:11.0793 4240 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:20:11.0818 4240 WPCSvc - ok

13:20:12.0013 4240 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

13:20:12.0079 4240 WPDBusEnum - ok

13:20:12.0110 4240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:20:12.0188 4240 ws2ifsl - ok

13:20:12.0239 4240 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

13:20:12.0295 4240 wscsvc - ok

13:20:12.0303 4240 WSearch - ok

13:20:12.0818 4240 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

13:20:12.0949 4240 wuauserv - ok

13:20:13.0121 4240 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

13:20:13.0194 4240 WudfPf - ok

13:20:13.0231 4240 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

13:20:13.0314 4240 wudfsvc - ok

13:20:13.0372 4240 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:20:13.0433 4240 WwanSvc - ok

13:20:13.0515 4240 X6va008 - ok

13:20:13.0548 4240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:20:13.0615 4240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

13:20:13.0615 4240 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

13:20:13.0675 4240 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:20:13.0675 4240 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:20:13.0713 4240 Boot (0x1200) (17b5b60ef646863fec565267beb34f54) \Device\Harddisk0\DR0\Partition0

13:20:13.0715 4240 \Device\Harddisk0\DR0\Partition0 - ok

13:20:13.0722 4240 Boot (0x1200) (865e9222f9ba25f00c38e21c9624a117) \Device\Harddisk0\DR0\Partition1

13:20:13.0724 4240 \Device\Harddisk0\DR0\Partition1 - ok

13:20:13.0728 4240 ============================================================

13:20:13.0728 4240 Scan finished

13:20:13.0728 4240 ============================================================

13:20:13.0744 5036 Detected object count: 2

13:20:13.0744 5036 Actual detected object count: 2

13:20:47.0194 5036 \Device\Harddisk0\DR0\# - copied to quarantine

13:20:47.0194 5036 \Device\Harddisk0\DR0 - copied to quarantine

13:20:47.0236 5036 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

13:20:47.0238 5036 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

13:20:47.0244 5036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:20:47.0248 5036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:20:47.0260 5036 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

13:20:47.0267 5036 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

13:20:47.0269 5036 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

13:20:47.0270 5036 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

13:20:47.0272 5036 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

13:20:47.0275 5036 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

13:20:47.0277 5036 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

13:20:47.0278 5036 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

13:20:47.0280 5036 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

13:20:47.0281 5036 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

13:20:47.0339 5036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

13:20:47.0345 5036 \Device\Harddisk0\DR0 - ok

13:20:47.0781 5036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

13:20:47.0782 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:20:47.0782 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

13:20:58.0068 4784 Deinitialize success

[MrCharlie]

Make sure you have rebooted before you do this.

Please run it again and just delete this one only: (you don't have to post the log)

13:20:47.0782 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:20:47.0782 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

------------------------------------

Then.......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Visenya]

Hi MrCharlie,

After removing the specified file there were no infections detected when running quick scan with MBAM. I did a small handful (5 or so) google searches and did not get redirected so far, so that is also looking better!

Here is the last MBAM log. I also wanted to say thank you for taking time out of your day to help. People like you make the internet so much better. :)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.11.03

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Aryylas :: ARYYLAS-PC [administrator]

Protection: Enabled

8/11/2012 1:40:31 PM

mbam-log-2012-08-11 (13-40-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 192659

Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Visenya]

Thank you so much for your time and help MrCharlie. I will be sending a paypal donation tonight or by tommorow at the latest as I really appreciate your time and assistance.

[MrCharlie]

OK...Take Care, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!