Jump to content

Recommended Posts

Hello,

 

I need help removing this trojan. I ran Microsoft Security Essentials and got this message.

 

 

Category: Trojan

 

Description: This program is dangerous and executes commands from an attacker.

 

Recommended action: Remove this software immediately.

 

Items:

file:C:\TDSSKiller_Quarantine\15.10.2012_21.37.25\mbr0000\tdlfs0000\tsk0000.dta

file:C:\TDSSKiller_Quarantine\15.10.2012_21.37.25\mbr0000\tdlfs0000\tsk0012.dta

 

My Windows Firewall is not responding either. I'm not sure if it has to do with this trojan.

 

Please help me.

 

Thank you.

Link to post
Share on other sites

Hello Elmer Rivera and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
When did you run TDSSKiller? Did you run it recently?

 

The items being detected by MSE are files that are being held in TDSSKillers quarantine. They cannot cause any damage to your system from their present loaction.

 

Having said that, the alureon rootkit is a serious piece of malware. If you use your machine for any kind of financial transactions please use an uninfected computer to change all of your passwords as soon as you can.

 

 

Lets take a look at your machine with the following scans:

 

  • Please perform the following scan

    • Please download DDS from here and save it to your desktop.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click on the DDS icon to run the tool (may take up to 3 minutes to run). If you are running Vista or Windows 7, Right click on the DDS icon and select "Run as Administrator" to run it.
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • aswMBR

    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.
    Posted Image

     

    • On completion of the scan click save log, save it to your desktop and post in your next reply.
    Posted Image

     

    Please post both DDS logs and the aswMBR log in your next reply.

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455

Run by Elmer at 17:40:24 on 2012-11-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1123 [GMT -8:00]

.

.

============== Running Processes ===============

.

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

c:Program FilesMicrosoft Security ClientMsMpEng.exe

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32atieclxx.exe

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program FilesRealtekAudioHDAAERTSr64.exe

C:Program Files (x86)CinemaNowCinemaNow Media ManagerCinemanowSvc.exe

C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe

C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program Files (x86)GoogleUpdate1.3.21.123GoogleCrashHandler.exe

C:Program Files (x86)GoogleUpdate1.3.21.123GoogleCrashHandler64.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesRealtekAudioHDARtkNGUI64.exe

C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

c:Program FilesMicrosoft Security ClientNisSrv.exe

C:WindowsWindowsMobilewmdc.exe

C:Program FilesZuneZuneLauncher.exe

C:Windowssystem32svchost.exe -k WindowsMobile

C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE

C:WindowsSystem32spooldriversx643DLKAMUI.exe

C:Program FilesMicrosoft Security Clientmsseces.exe

C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program Files (x86)Yahoo!Messengerymsgr_tray.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe

C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe

C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe

C:Program FilesRealtekRtVOsdRtVOsdService.exe

C:Program FilesRealtekRtVOsdRtVOsd.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

c:Program FilesMicrosoft Security ClientMpCmdRun.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)Windows LiveMailwlmail.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)Windows LiveContactswlcomm.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll

uRun: [Messenger (Yahoo!)] "C:PROGRA~2Yahoo!MESSEN~1YahooMessenger.exe" -quiet

mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun: [Microsoft Default Manager] "C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume

mRun: [Norton Online Backup] C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

StartupFolder: C:UsersElmerAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupROLLER~1.LNK - C:UsersElmerAppDataLocalTemp{5F237A53-1AB3-459E-9D9A-BBFFF0520F12}{907B4640-266B-4A21-92FB-CD1A86CD0F63}ATR1.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:Program Files (x86)AmazonAdd to Wish List IE Extensionrun.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}144545131323 : DHCPNameServer = 192.168.1.254

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}3474442343743383 : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}A4026202C402C41657E6462797 : DHCPNameServer = 192.168.1.1

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}C696E6B6379737 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

x64-Run: [synTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe

x64-Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s

x64-Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden

x64-Run: [Windows Mobile Device Center] C:WindowsWindowsMobilewmdc.exe

x64-Run: [Zune Launcher] "c:Program FilesZuneZuneLauncher.exe"

x64-Run: [DLKAStatusMonitor] C:WindowsSystem32spoolDRIVERSx643DLKAMUI.exe

x64-Run: [MSC] "c:Program FilesMicrosoft Security Clientmsseces.exe" -hide -runkey

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:WindowsSystem32driversMpFilter.sys [2012-8-30 228768]

R2 AERTFilters;Andrea RT Filters Service;C:Program FilesRealtekAudioHDAAERTSr64.exe [2010-9-27 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2010-9-27 203264]

R2 CinemaNow Service;CinemaNow Service;C:Program Files (x86)CinemaNowCinemaNow Media ManagerCinemaNowSvc.exe [2010-5-21 140272]

R2 cvhsvc;Client Virtualization Handler;C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2012-9-27 86528]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-6-18 103992]

R2 HPWMISVC;HPWMISVC;C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2010-11-9 26680]

R2 NisDrv;Microsoft Network Inspection System;C:WindowsSystem32driversNisDrvWFP.sys [2012-8-30 128456]

R2 NOBU;Norton Online Backup;C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe [2010-6-1 2804568]

R2 RtVOsdService;RtVOsdService Installer;C:Program FilesRealtekRtVOsdRtVOsdService.exe [2010-6-24 315392]

R2 sftlist;Application Virtualization Client;C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-1 508776]

R3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientNisSrv.exe [2012-9-12 368896]

R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-6-10 539240]

R3 Sftfs;Sftfs;C:WindowsSystem32driversSftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:WindowsSystem32driversSftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:WindowsSystem32driversSftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:WindowsSystem32driversSftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:WindowsSystem32driversusbfilter.sys [2010-9-27 38456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:WindowsSystem32driversfssfltr.sys [2011-3-20 48488]

S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2011-5-13 1492840]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:WindowsSystem32driversnetw5v64.sys [2009-6-10 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:WindowsSystem32driversRtsUStor.sys [2010-9-27 245792]

S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-3-29 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-2-24 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:WindowsSystem32driversyk62x64.sys [2009-6-10 389120]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-26 01:37:40 -------- d-----w- C:UsersElmerAppDataLocal{D3EEC676-5A50-49F1-8E2F-22936E71CCA4}

2012-11-25 22:31:28 76232 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{30290C5D-D920-4AB9-AA92-BF19BF124984}offreg.dll

2012-11-25 22:30:24 9125352 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{30290C5D-D920-4AB9-AA92-BF19BF124984}mpengine.dll

2012-11-25 19:56:06 9125352 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-11-21 18:59:16 -------- d-----w- C:UsersElmerAppDataLocal{9808CC36-9B33-4FF3-806E-E1323BBA1CCA}

2012-11-21 05:58:48 972192 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{26020954-D63E-469F-BC84-F61F7170C292}gapaengine.dll

2012-11-20 19:39:05 -------- d-----w- C:UsersElmerAppDataLocal{9572B412-363C-4765-9C3D-C1D19F095942}

2012-11-20 19:35:43 -------- d-----w- C:UsersElmerAppDataLocal{172C9C74-F775-488C-AF21-FA4D018BE492}

2012-11-20 07:34:17 -------- d-----w- C:UsersElmerAppDataRoaming{90140011-0066-0409-0000-0000000FF1CE}

2012-11-20 07:34:10 -------- d-----w- C:ProgramDataVirtualized Applications

2012-11-20 05:54:48 -------- d-----w- C:WindowsSystem32wbemrepository

2012-11-20 04:35:07 -------- d-----w- C:UsersElmerAppDataLocalCRE

2012-11-20 04:34:48 -------- d-----w- C:UsersElmerAppDataLocalConduit

2012-11-19 19:38:50 -------- d-----w- C:UsersElmerAppDataLocal{CF987E05-945B-4516-9D44-028449519D37}

2012-11-18 21:34:40 -------- d-----w- C:UsersElmerAppDataLocal{A2C155F2-6F50-4192-A914-9FA37592F130}

2012-11-18 05:51:49 -------- d-----w- C:UsersElmerAppDataLocal{92E83760-9C6B-403F-A19B-0FA823AD90AF}

2012-11-17 00:15:10 -------- d-----w- C:ProgramData{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-11-16 19:53:38 -------- d-----w- C:UsersElmerAppDataLocal{125F893A-D719-424D-A006-F04CAA51FCE5}

2012-11-14 19:46:51 -------- d-----w- C:UsersElmerAppDataLocal{CDF3DE25-283C-4604-81A7-09519529E5C1}

2012-11-14 11:11:03 2560 ----a-w- C:WindowsSystem32driversen-USwdf01000.sys.mui

2012-11-14 11:11:02 9728 ----a-w- C:WindowsSystem32Wdfres.dll

2012-11-14 11:11:02 785512 ----a-w- C:WindowsSystem32driversWdf01000.sys

2012-11-14 11:11:02 54376 ----a-w- C:WindowsSystem32driversWdfLdr.sys

2012-11-14 11:01:08 87040 ----a-w- C:WindowsSystem32driversWUDFPf.sys

2012-11-14 11:01:08 198656 ----a-w- C:WindowsSystem32driversWUDFRd.sys

2012-11-14 11:01:06 84992 ----a-w- C:WindowsSystem32WUDFSvc.dll

2012-11-14 11:01:06 194048 ----a-w- C:WindowsSystem32WUDFPlatform.dll

2012-11-14 11:01:04 45056 ----a-w- C:WindowsSystem32WUDFCoinstaller.dll

2012-11-14 11:01:03 744448 ----a-w- C:WindowsSystem32WUDFx.dll

2012-11-14 11:01:03 229888 ----a-w- C:WindowsSystem32WUDFHost.exe

2012-11-14 00:51:28 -------- d-----w- C:UsersElmerAppDataRoaming.minecraft

2012-11-13 20:33:50 -------- d-----w- C:UsersElmerAppDataLocal{4D7FB9E9-3B8F-4202-B8D8-71D84F156A34}

2012-11-12 18:25:40 -------- d-----w- C:UsersElmerAppDataLocal{56698DF5-D8D7-484D-ACD6-14CBA1FF2D7C}

2012-11-12 00:03:15 -------- d-----w- C:UsersElmerAppDataLocal{84D52CF5-DBE8-46BA-AFB3-B8151F945C2B}

2012-11-10 05:08:32 -------- d-----w- C:UsersElmerAppDataLocal{138BEA05-1AE2-4F71-A6F9-282C6E91FE83}

2012-11-09 17:08:08 -------- d-----w- C:UsersElmerAppDataLocal{570C15F2-F458-4609-8E1F-05B230821A91}

2012-11-08 18:20:08 -------- d-----w- C:UsersElmerAppDataLocal{9F8DAB3B-F077-4004-AD9A-00CD28B81A55}

2012-11-07 18:16:46 -------- d-----w- C:UsersElmerAppDataLocal{05E288CB-6855-42D4-87EF-9CC9C03C4974}

2012-11-06 14:41:05 -------- d-----w- C:UsersElmerAppDataLocal{2D5B3F73-13D2-42CF-975C-E59A0EDB2335}

2012-11-05 14:57:51 -------- d-----w- C:UsersElmerAppDataLocal{457F7888-D3E3-4417-AA28-474836570495}

2012-11-02 15:17:17 -------- d-----w- C:UsersElmerAppDataLocal{21A45141-05DE-4C40-AF2E-2FBE78EDBDAB}

2012-11-01 22:32:04 -------- d-----w- C:UsersElmerAppDataLocal{C70DC0DA-A06A-4752-868A-1389A3D09B92}

2012-11-01 02:08:08 -------- d-----w- C:UsersElmerAppDataLocal{647018D7-BE1E-4461-B458-C6A040C031BE}

2012-10-31 15:58:02 -------- d-----w- C:Program Files (x86)jZip

2012-10-31 15:10:36 -------- d-----w- C:UsersElmerAppDataLocaljZip

2012-10-31 11:06:13 -------- d-----w- C:UsersElmerAppDataLocal{2ACC1334-D7D5-4B43-8888-4A51135F8D81}

2012-10-30 12:33:29 -------- d-----w- C:UsersElmerAppDataLocal{DA7E218C-A9FB-4E0C-971A-4715274A99F3}

2012-10-30 00:31:12 -------- d-----w- C:UsersElmerAppDataLocal{ED760010-206A-42EF-A3B5-4C959BD8E8D4}

2012-10-28 04:45:04 -------- d-----w- C:UsersElmerAppDataLocal{9B59AEC9-6EB7-423B-8C07-739F74C8EE5B}

.

==================== Find3M ====================

.

2012-10-18 18:25:58 3149824 ----a-w- C:WindowsSystem32win32k.sys

2012-10-09 18:17:13 55296 ----a-w- C:WindowsSystem32dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:WindowsSystem32dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:WindowsSysWow64dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:WindowsSysWow64dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:WindowsSystem32vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:WindowsSysWow64vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:WindowsSystem32driverstcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:WindowsSystem32nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:WindowsSystem32nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:WindowsSystem32netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:WindowsSystem32netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:WindowsSystem32ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:WindowsSystem32iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:WindowsSysWow64netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:WindowsSysWow64netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:WindowsSysWow64ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:WindowsSystem32driverstcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:WindowsSysWow64synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:WindowsSystem32synceng.dll

2012-09-24 22:32:24 477168 ----a-w- C:WindowsSysWow64npdeployJava1.dll

2012-09-24 22:32:20 473072 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-09-14 19:19:29 2048 ----a-w- C:WindowsSystem32tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:WindowsSysWow64tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:WindowsSystem32driversntfs.sys

2012-08-31 05:03:48 228768 ----a-w- C:WindowsSystem32driversMpFilter.sys

2012-08-31 05:03:48 128456 ----a-w- C:WindowsSystem32driversNisDrvWFP.sys

2012-08-31 00:00:44 73416 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-08-31 00:00:44 696520 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-08-30 18:03:45 5559664 ----a-w- C:WindowsSystem32ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:WindowsSysWow64ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:WindowsSysWow64ntoskrnl.exe

.

============= FINISH: 17:41:17.23 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: DeviceHarddiskVolume1

Install Date: 2/23/2011 7:30:42 PM

System Uptime: 11/22/2012 6:19:34 AM (83 hours ago)

.

Motherboard: Hewlett-Packard | | 1444

Processor: AMD Athlon II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 281 GiB total, 194.719 GiB free.

D: is FIXED (NTFS) - 16 GiB total, 2.344 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP155: 11/8/2012 9:02:13 PM - Windows Update

RP156: 11/12/2012 5:47:01 PM - Windows Update

RP157: 11/14/2012 3:00:17 AM - Windows Update

RP158: 11/16/2012 4:15:36 PM - Installed HP Support Assistant

RP159: 11/16/2012 4:21:20 PM - Windows Modules Installer

RP160: 11/16/2012 4:22:39 PM - Windows Modules Installer

RP161: 11/17/2012 10:34:51 PM - Windows Update

RP162: 11/19/2012 9:33:38 PM - Removed Norton Online Backup

RP163: 11/19/2012 9:37:28 PM - Restore Operation

RP165: 11/19/2012 10:04:18 PM - Windows Update

RP166: 11/25/2012 11:55:40 AM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.0 MUI

Adobe Shockwave Player 11.5

Amazon Add to Wish List IE Extension 1.1

AMD USB Filter Driver

Atheros Driver Installation Program

ATI Catalyst Install Manager

Bejeweled 2 Deluxe

Bing Rewards Client Installer

Blackhawk Striker 2

Build-a-lot 2

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

CinemaNow Media Manager

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 9

CyberLink YouCam

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's Carnival Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

FATE

Final Drive Nitro

Google Chrome

Google Update Helper

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.2.1.1

HP Advisor

HP Customer Experience Enhancements

HP Documentation

HP Game Console

HP Games

HP MediaSmart CinemaNow 2.0

HP Photo Creations

HP Power Manager

HP Quick Launch

HP Setup

HP Software Framework

HP Support Assistant

HP Wireless Assistant

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 20 (64-bit)

Java 6 Update 37

Jewel Quest 3

Jewel Quest Solitaire 2

Junk Mail filter update

jZip

LabelPrint

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Online Backup

Penguins!

PhotoNow!

Plants vs. Zombies

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Recovery Manager

RollerCoaster Tycoon 3 Platinum

Roxio CinemaNow 2.0

RtVOsd

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Synaptics Pointing Device Driver

The Sims™ 2 Double Deluxe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Virtual Families

Virtual Villagers - The Secret City

Visual Studio 2010 x64 Redistributables

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

Windows Mobile Device Updater Component

WinZip 15.5

Yahoo! Messenger

Zuma Deluxe

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

11/25/2012 5:25:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

11/25/2012 5:25:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

11/22/2012 6:19:59 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

11/19/2012 9:56:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

11/19/2012 9:53:31 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

11/19/2012 9:53:31 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

11/19/2012 9:53:31 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITYNETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 9:53:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 9:53:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.28.0).

11/19/2012 9:53:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.28.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070643 Error description: Fatal error during installation.

11/19/2012 9:53:07 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITYSYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 9:53:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 9:41:10 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.2238.0;1.139.2238.0 Engine version: 1.1.8904.0

11/19/2012 12:45:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.139.2366.0).

11/19/2012 12:44:58 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITYNETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 12:44:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 12:44:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2366.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070643 Error description: Fatal error during installation.

11/19/2012 12:44:38 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITYSYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 12:44:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.

11/19/2012 10:47:38 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

11/19/2012 10:47:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

11/19/2012 10:47:36 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

11/19/2012 10:18:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687).

.

==== End Of File ===========================

Link to post
Share on other sites

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-25 17:44:15

-----------------------------

17:44:15.931 OS Version: Windows x64 6.1.7601 Service Pack 1

17:44:15.932 Number of processors: 2 586 0x603

17:44:15.933 ComputerName: ELMER-HP UserName: Elmer

17:44:18.376 Initialize success

17:48:04.651 AVAST engine defs: 12112501

17:48:36.620 Disk 0 (boot) DeviceHarddisk0DR0 -> Device00000059

17:48:36.625 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 11

17:48:36.642 Disk 0 MBR read successfully

17:48:36.645 Disk 0 MBR scan

17:48:36.655 Disk 0 unknown MBR code

17:48:36.673 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

17:48:36.721 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288242 MB offset 409600

17:48:36.779 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16699 MB offset 590729216

17:48:36.878 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768

17:48:37.090 Disk 0 scanning C:Windowssystem32drivers

17:48:58.272 Service scanning

17:49:44.042 Modules scanning

17:49:44.051 Disk 0 trace - called modules:

17:49:44.416 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys

17:49:44.428 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa80031ec740]

17:49:44.441 3 CLASSPNP.SYS[fffff880019b743f] -> nt!IofCallDriver -> [0xfffffa8003193b50]

17:49:44.454 5 amdxata.sys[fffff8800113c7a8] -> nt!IofCallDriver -> Device00000059[0xfffffa800318c060]

17:49:44.990 AVAST engine scan C:Windows

17:49:48.723 AVAST engine scan C:Windowssystem32

17:57:04.283 AVAST engine scan C:Windowssystem32drivers

17:57:32.345 AVAST engine scan C:UsersElmer

18:10:47.630 Disk 0 MBR has been saved successfully to "C:UsersElmerDesktopMBR.dat"

18:10:47.746 The log file has been saved successfully to "C:UsersElmerDesktopaswMBR.txt"

Link to post
Share on other sites

Hello Elmer Rivera

 

Thank you for the logs.

 

I asked you when you ran TDSSKiller but received no feedback. Lets run it again now:

 

Please do not allow the tool to cure anything at this point.

 

  • TDSS Killer

  • Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
  • When the window opens, click on Change Parameters.
  • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
  • Click on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on SKIP.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Link to post
Share on other sites

22:09:06.0448 2764 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

22:09:08.0457 2764 ============================================================

22:09:08.0458 2764 Current date / time: 2012/11/26 22:09:08.0457

22:09:08.0458 2764 SystemInfo:

22:09:08.0458 2764

22:09:08.0458 2764 OS Version: 6.1.7601 ServicePack: 1.0

22:09:08.0458 2764 Product type: Workstation

22:09:08.0458 2764 ComputerName: ELMER-HP

22:09:08.0464 2764 UserName: Elmer

22:09:08.0465 2764 Windows directory: C:Windows

22:09:08.0465 2764 System windows directory: C:Windows

22:09:08.0466 2764 Running under WOW64

22:09:08.0466 2764 Processor architecture: Intel x64

22:09:08.0466 2764 Number of processors: 2

22:09:08.0466 2764 Page size: 0x1000

22:09:08.0466 2764 Boot type: Normal boot

22:09:08.0466 2764 ============================================================

22:09:12.0306 2764 Drive DeviceHarddisk0DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:09:12.0751 2764 ============================================================

22:09:12.0751 2764 DeviceHarddisk0DR0:

22:09:12.0765 2764 MBR partitions:

22:09:12.0765 2764 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

22:09:12.0765 2764 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232F9000

22:09:12.0765 2764 DeviceHarddisk0DR0Partition3: MBR, Type 0x7, StartLBA 0x2335D000, BlocksNum 0x209D800

22:09:12.0765 2764 DeviceHarddisk0DR0Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

22:09:12.0765 2764 ============================================================

22:09:12.0784 2764 C: <-> DeviceHarddisk0DR0Partition2

22:09:12.0823 2764 D: <-> DeviceHarddisk0DR0Partition3

22:09:12.0842 2764 F: <-> DeviceHarddisk0DR0Partition4

22:09:12.0842 2764 ============================================================

22:09:12.0842 2764 Initialize success

22:09:12.0842 2764 ============================================================

22:09:50.0863 5576 ============================================================

22:09:50.0863 5576 Scan started

22:09:50.0863 5576 Mode: Manual; TDLFS;

22:09:50.0863 5576 ============================================================

22:09:51.0449 5576 ================ Scan services =============================

22:09:51.0623 5576 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:Windowssystem32drivers1394ohci.sys

22:09:51.0630 5576 1394ohci - ok

22:09:51.0662 5576 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:Windowssystem32driversACPI.sys

22:09:51.0667 5576 ACPI - ok

22:09:51.0696 5576 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:Windowssystem32driversacpipmi.sys

22:09:51.0698 5576 AcpiPmi - ok

22:09:51.0771 5576 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:Windowssystem32DRIVERSadp94xx.sys

22:09:51.0777 5576 adp94xx - ok

22:09:51.0810 5576 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:Windowssystem32DRIVERSadpahci.sys

22:09:51.0816 5576 adpahci - ok

22:09:51.0840 5576 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:Windowssystem32DRIVERSadpu320.sys

22:09:51.0844 5576 adpu320 - ok

22:09:51.0901 5576 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:WindowsSystem32aelupsvc.dll

22:09:51.0904 5576 AeLookupSvc - ok

22:09:51.0968 5576 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:Program FilesRealtekAudioHDAAERTSr64.exe

22:09:51.0972 5576 AERTFilters - ok

22:09:52.0059 5576 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:Windowssystem32driversafd.sys

22:09:52.0070 5576 AFD - ok

22:09:52.0109 5576 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:Windowssystem32driversagp440.sys

22:09:52.0111 5576 agp440 - ok

22:09:52.0131 5576 [ 3290D6946B5E30E70414990574883DDB ] ALG C:WindowsSystem32alg.exe

22:09:52.0134 5576 ALG - ok

22:09:52.0164 5576 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:Windowssystem32driversaliide.sys

22:09:52.0165 5576 aliide - ok

22:09:52.0197 5576 [ 29C151492510640343B00B63996E4070 ] AMD External Events Utility C:Windowssystem32atiesrxx.exe

22:09:52.0200 5576 AMD External Events Utility - ok

22:09:52.0215 5576 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:Windowssystem32driversamdide.sys

22:09:52.0216 5576 amdide - ok

22:09:52.0238 5576 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:Windowssystem32DRIVERSamdk8.sys

22:09:52.0239 5576 AmdK8 - ok

22:09:52.0422 5576 [ 2C9C4824664C61351FF1E0169262D026 ] amdkmdag C:Windowssystem32DRIVERSatikmdag.sys

22:09:52.0582 5576 amdkmdag - ok

22:09:52.0618 5576 [ EF7382689D3B17AC2983202E7A40AB45 ] amdkmdap C:Windowssystem32DRIVERSatikmpag.sys

22:09:52.0623 5576 amdkmdap - ok

22:09:52.0651 5576 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:Windowssystem32DRIVERSamdppm.sys

22:09:52.0654 5576 AmdPPM - ok

22:09:52.0712 5576 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:Windowssystem32DRIVERSamdsata.sys

22:09:52.0714 5576 amdsata - ok

22:09:52.0743 5576 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:Windowssystem32DRIVERSamdsbs.sys

22:09:52.0747 5576 amdsbs - ok

22:09:52.0768 5576 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:Windowssystem32DRIVERSamdxata.sys

22:09:52.0770 5576 amdxata - ok

22:09:52.0835 5576 [ 89A69C3F2F319B43379399547526D952 ] AppID C:Windowssystem32driversappid.sys

22:09:52.0839 5576 AppID - ok

22:09:52.0869 5576 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:WindowsSystem32appidsvc.dll

22:09:52.0871 5576 AppIDSvc - ok

22:09:52.0906 5576 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:WindowsSystem32appinfo.dll

22:09:52.0908 5576 Appinfo - ok

22:09:52.0929 5576 [ C484F8CEB1717C540242531DB7845C4E ] arc C:Windowssystem32DRIVERSarc.sys

22:09:52.0931 5576 arc - ok

22:09:52.0988 5576 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:Windowssystem32DRIVERSarcsas.sys

22:09:52.0992 5576 arcsas - ok

22:09:53.0015 5576 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:Windowssystem32DRIVERSasyncmac.sys

22:09:53.0017 5576 AsyncMac - ok

22:09:53.0038 5576 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:Windowssystem32driversatapi.sys

22:09:53.0041 5576 atapi - ok

22:09:53.0182 5576 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:Windowssystem32DRIVERSathrx.sys

22:09:53.0409 5576 athr - ok

22:09:53.0443 5576 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:Windowssystem32driversAtiHdmi.sys

22:09:53.0446 5576 AtiHdmiService - ok

22:09:53.0465 5576 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:Windowssystem32DRIVERSAtiPcie.sys

22:09:53.0467 5576 AtiPcie - ok

22:09:53.0531 5576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:WindowsSystem32Audiosrv.dll

22:09:53.0549 5576 AudioEndpointBuilder - ok

22:09:53.0596 5576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:WindowsSystem32Audiosrv.dll

22:09:53.0601 5576 AudioSrv - ok

22:09:53.0643 5576 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:WindowsSystem32AxInstSV.dll

22:09:53.0647 5576 AxInstSV - ok

22:09:53.0706 5576 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:Windowssystem32DRIVERSbxvbda.sys

22:09:53.0713 5576 b06bdrv - ok

22:09:53.0739 5576 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:Windowssystem32DRIVERSb57nd60a.sys

22:09:53.0744 5576 b57nd60a - ok

22:09:53.0807 5576 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:WindowsSystem32bdesvc.dll

22:09:53.0809 5576 BDESVC - ok

22:09:53.0847 5576 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:Windowssystem32driversBeep.sys

22:09:53.0849 5576 Beep - ok

22:09:53.0954 5576 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:WindowsSystem32bfe.dll

22:09:53.0970 5576 BFE - ok

22:09:54.0017 5576 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:WindowsSystem32qmgr.dll

22:09:54.0050 5576 BITS - ok

22:09:54.0083 5576 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:Windowssystem32DRIVERSblbdrive.sys

22:09:54.0085 5576 blbdrive - ok

22:09:54.0127 5576 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:Windowssystem32DRIVERSbowser.sys

22:09:54.0130 5576 bowser - ok

22:09:54.0151 5576 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:Windowssystem32DRIVERSBrFiltLo.sys

22:09:54.0153 5576 BrFiltLo - ok

22:09:54.0185 5576 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:Windowssystem32DRIVERSBrFiltUp.sys

22:09:54.0186 5576 BrFiltUp - ok

22:09:54.0219 5576 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:WindowsSystem32browser.dll

22:09:54.0222 5576 Browser - ok

22:09:54.0252 5576 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:WindowsSystem32DriversBrserid.sys

22:09:54.0257 5576 Brserid - ok

22:09:54.0291 5576 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:WindowsSystem32DriversBrSerWdm.sys

22:09:54.0292 5576 BrSerWdm - ok

22:09:54.0318 5576 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:WindowsSystem32DriversBrUsbMdm.sys

22:09:54.0319 5576 BrUsbMdm - ok

22:09:54.0340 5576 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:WindowsSystem32DriversBrUsbSer.sys

22:09:54.0341 5576 BrUsbSer - ok

22:09:54.0374 5576 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:Windowssystem32DRIVERSbthmodem.sys

22:09:54.0376 5576 BTHMODEM - ok

22:09:54.0425 5576 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:Windowssystem32bthserv.dll

22:09:54.0427 5576 bthserv - ok

22:09:54.0451 5576 [ B8BD2BB284668C84865658C77574381A ] cdfs C:Windowssystem32DRIVERScdfs.sys

22:09:54.0453 5576 cdfs - ok

22:09:54.0478 5576 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:Windowssystem32driverscdrom.sys

22:09:54.0481 5576 cdrom - ok

22:09:54.0523 5576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:WindowsSystem32certprop.dll

22:09:54.0526 5576 CertPropSvc - ok

22:09:54.0607 5576 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:Program Files (x86)CinemaNowCinemaNow Media ManagerCinemanowSvc.exe

22:09:54.0613 5576 CinemaNow Service - ok

22:09:54.0657 5576 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:Windowssystem32DRIVERScirclass.sys

22:09:54.0658 5576 circlass - ok

22:09:54.0710 5576 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:Windowssystem32CLFS.sys

22:09:54.0715 5576 CLFS - ok

22:09:54.0819 5576 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

22:09:54.0823 5576 clr_optimization_v2.0.50727_32 - ok

22:09:54.0882 5576 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe

22:09:54.0887 5576 clr_optimization_v2.0.50727_64 - ok

22:09:54.0979 5576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 c:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe

22:09:55.0004 5576 clr_optimization_v4.0.30319_32 - ok

22:09:55.0034 5576 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 c:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe

22:09:55.0037 5576 clr_optimization_v4.0.30319_64 - ok

22:09:55.0060 5576 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:Windowssystem32DRIVERSCmBatt.sys

22:09:55.0062 5576 CmBatt - ok

22:09:55.0093 5576 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:Windowssystem32driverscmdide.sys

22:09:55.0095 5576 cmdide - ok

22:09:55.0138 5576 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:Windowssystem32Driverscng.sys

22:09:55.0146 5576 CNG - ok

22:09:55.0179 5576 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:Windowssystem32DRIVERScompbatt.sys

22:09:55.0181 5576 Compbatt - ok

22:09:55.0213 5576 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:Windowssystem32driversCompositeBus.sys

22:09:55.0215 5576 CompositeBus - ok

22:09:55.0223 5576 COMSysApp - ok

22:09:55.0285 5576 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:Windowssystem32DRIVERScrcdisk.sys

22:09:55.0287 5576 crcdisk - ok

22:09:55.0324 5576 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:Windowssystem32cryptsvc.dll

22:09:55.0327 5576 CryptSvc - ok

22:09:55.0466 5576 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

22:09:55.0477 5576 cvhsvc - ok

22:09:55.0594 5576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:Windowssystem32rpcss.dll

22:09:55.0609 5576 DcomLaunch - ok

22:09:55.0649 5576 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:WindowsSystem32defragsvc.dll

22:09:55.0655 5576 defragsvc - ok

22:09:55.0711 5576 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:Windowssystem32Driversdfsc.sys

22:09:55.0714 5576 DfsC - ok

22:09:55.0743 5576 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:Windowssystem32dhcpcore.dll

22:09:55.0749 5576 Dhcp - ok

22:09:55.0783 5576 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:Windowssystem32driversdiscache.sys

22:09:55.0784 5576 discache - ok

22:09:55.0840 5576 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:Windowssystem32DRIVERSdisk.sys

22:09:55.0843 5576 Disk - ok

22:09:55.0918 5576 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:WindowsSystem32dnsrslvr.dll

22:09:55.0923 5576 Dnscache - ok

22:09:55.0980 5576 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:WindowsSystem32dot3svc.dll

22:09:55.0985 5576 dot3svc - ok

22:09:56.0069 5576 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:Windowssystem32dps.dll

22:09:56.0074 5576 DPS - ok

22:09:56.0094 5576 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:Windowssystem32driversdrmkaud.sys

22:09:56.0097 5576 drmkaud - ok

22:09:56.0152 5576 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:WindowsSystem32driversdxgkrnl.sys

22:09:56.0164 5576 DXGKrnl - ok

22:09:56.0215 5576 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:WindowsSystem32eapsvc.dll

22:09:56.0217 5576 EapHost - ok

22:09:56.0307 5576 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:Windowssystem32DRIVERSevbda.sys

22:09:56.0358 5576 ebdrv - ok

22:09:56.0390 5576 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:WindowsSystem32lsass.exe

22:09:56.0392 5576 EFS - ok

22:09:56.0484 5576 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:WindowsehomeehRecvr.exe

22:09:56.0500 5576 ehRecvr - ok

22:09:56.0551 5576 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:Windowsehomeehsched.exe

22:09:56.0554 5576 ehSched - ok

22:09:56.0592 5576 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:Windowssystem32DRIVERSelxstor.sys

22:09:56.0601 5576 elxstor - ok

22:09:56.0625 5576 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:Windowssystem32driverserrdev.sys

22:09:56.0627 5576 ErrDev - ok

22:09:56.0684 5576 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:Windowssystem32es.dll

22:09:56.0689 5576 EventSystem - ok

22:09:56.0708 5576 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:Windowssystem32driversexfat.sys

22:09:56.0711 5576 exfat - ok

22:09:56.0735 5576 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:Windowssystem32driversfastfat.sys

22:09:56.0739 5576 fastfat - ok

22:09:56.0790 5576 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:Windowssystem32fxssvc.exe

22:09:56.0800 5576 Fax - ok

22:09:56.0831 5576 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:Windowssystem32DRIVERSfdc.sys

22:09:56.0833 5576 fdc - ok

22:09:56.0876 5576 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:Windowssystem32fdPHost.dll

22:09:56.0878 5576 fdPHost - ok

22:09:56.0895 5576 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:Windowssystem32fdrespub.dll

22:09:56.0896 5576 FDResPub - ok

22:09:56.0918 5576 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:Windowssystem32driversfileinfo.sys

22:09:56.0921 5576 FileInfo - ok

22:09:56.0939 5576 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:Windowssystem32driversfiletrace.sys

22:09:56.0941 5576 Filetrace - ok

22:09:56.0974 5576 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:Windowssystem32DRIVERSflpydisk.sys

22:09:56.0975 5576 flpydisk - ok

22:09:57.0017 5576 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:Windowssystem32driversfltmgr.sys

22:09:57.0022 5576 FltMgr - ok

22:09:57.0073 5576 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:Windowssystem32FntCache.dll

22:09:57.0097 5576 FontCache - ok

22:09:57.0169 5576 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

22:09:57.0172 5576 FontCache3.0.0.0 - ok

22:09:57.0243 5576 [ D43703496149971890703B4B1B723EAC ] FsDepends C:Windowssystem32driversFsDepends.sys

22:09:57.0245 5576 FsDepends - ok

22:09:57.0279 5576 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:Windowssystem32DRIVERSfssfltr.sys

22:09:57.0281 5576 fssfltr - ok

22:09:57.0444 5576 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe

22:09:57.0478 5576 fsssvc - ok

22:09:57.0522 5576 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:Windowssystem32driversFs_Rec.sys

22:09:57.0538 5576 Fs_Rec - ok

22:09:57.0740 5576 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:Windowssystem32DRIVERSfvevol.sys

22:09:57.0751 5576 fvevol - ok

22:09:57.0810 5576 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:Windowssystem32DRIVERSgagp30kx.sys

22:09:57.0883 5576 gagp30kx - ok

22:09:58.0007 5576 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe

22:09:58.0012 5576 GameConsoleService - ok

22:09:58.0074 5576 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:WindowsSystem32gpsvc.dll

22:09:58.0085 5576 gpsvc - ok

22:09:58.0177 5576 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

22:09:58.0180 5576 gupdate - ok

22:09:58.0186 5576 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

22:09:58.0188 5576 gupdatem - ok

22:09:58.0221 5576 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:Windowssystem32drivershcw85cir.sys

22:09:58.0223 5576 hcw85cir - ok

22:09:58.0251 5576 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:Windowssystem32driversHdAudio.sys

22:09:58.0257 5576 HdAudAddService - ok

22:09:58.0279 5576 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:Windowssystem32driversHDAudBus.sys

22:09:58.0282 5576 HDAudBus - ok

22:09:58.0315 5576 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:Windowssystem32DRIVERSHidBatt.sys

22:09:58.0316 5576 HidBatt - ok

22:09:58.0369 5576 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:Windowssystem32DRIVERShidbth.sys

22:09:58.0371 5576 HidBth - ok

22:09:58.0389 5576 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:Windowssystem32DRIVERShidir.sys

22:09:58.0391 5576 HidIr - ok

22:09:58.0430 5576 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:Windowssystem32hidserv.dll

22:09:58.0432 5576 hidserv - ok

22:09:58.0445 5576 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:Windowssystem32DRIVERShidusb.sys

22:09:58.0447 5576 HidUsb - ok

22:09:58.0512 5576 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:Windowssystem32kmsvc.dll

22:09:58.0518 5576 hkmsvc - ok

22:09:58.0566 5576 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:Windowssystem32ListSvc.dll

22:09:58.0571 5576 HomeGroupListener - ok

22:09:58.0618 5576 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:Windowssystem32provsvc.dll

22:09:58.0623 5576 HomeGroupProvider - ok

22:09:58.0724 5576 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

22:09:58.0801 5576 HP Support Assistant Service - ok

22:09:58.0884 5576 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe

22:09:58.0889 5576 HP Wireless Assistant Service - ok

22:09:58.0962 5576 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe

22:09:58.0979 5576 hpqwmiex - ok

22:09:59.0036 5576 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:Windowssystem32driversHpSAMD.sys

22:09:59.0039 5576 HpSAMD - ok

22:09:59.0075 5576 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe

22:09:59.0077 5576 HPWMISVC - ok

22:09:59.0128 5576 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:Windowssystem32driversHTTP.sys

22:09:59.0139 5576 HTTP - ok

22:09:59.0198 5576 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:Windowssystem32drivershwpolicy.sys

22:09:59.0199 5576 hwpolicy - ok

22:09:59.0233 5576 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:Windowssystem32DRIVERSi8042prt.sys

22:09:59.0237 5576 i8042prt - ok

22:09:59.0308 5576 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:Windowssystem32driversiaStorV.sys

22:09:59.0316 5576 iaStorV - ok

22:09:59.0380 5576 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:WindowsMicrosoft.NETFramework64v3.0Windows Communication Foundationinfocard.exe

22:09:59.0403 5576 idsvc - ok

22:09:59.0536 5576 [ A87261EF1546325B559374F5689CF5BC ] igfx C:Windowssystem32DRIVERSigdkmd64.sys

22:09:59.0659 5576 igfx - ok

22:09:59.0749 5576 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:Windowssystem32DRIVERSiirsp.sys

22:09:59.0752 5576 iirsp - ok

22:09:59.0816 5576 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:WindowsSystem32ikeext.dll

22:09:59.0830 5576 IKEEXT - ok

22:09:59.0925 5576 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:Windowssystem32driversRTKVHD64.sys

22:09:59.0955 5576 IntcAzAudAddService - ok

22:09:59.0968 5576 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:Windowssystem32driversintelide.sys

22:09:59.0970 5576 intelide - ok

22:09:59.0996 5576 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:Windowssystem32DRIVERSintelppm.sys

22:09:59.0997 5576 intelppm - ok

22:10:00.0024 5576 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:Windowssystem32ipbusenum.dll

22:10:00.0026 5576 IPBusEnum - ok

22:10:00.0064 5576 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:Windowssystem32DRIVERSipfltdrv.sys

22:10:00.0066 5576 IpFilterDriver - ok

22:10:00.0125 5576 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:Windowssystem32driversIPMIDrv.sys

22:10:00.0127 5576 IPMIDRV - ok

22:10:00.0179 5576 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:Windowssystem32driversipnat.sys

22:10:00.0182 5576 IPNAT - ok

22:10:00.0216 5576 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:Windowssystem32driversirenum.sys

22:10:00.0218 5576 IRENUM - ok

22:10:00.0235 5576 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:Windowssystem32driversisapnp.sys

22:10:00.0237 5576 isapnp - ok

22:10:00.0261 5576 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:Windowssystem32driversmsiscsi.sys

22:10:00.0265 5576 iScsiPrt - ok

22:10:00.0288 5576 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:Windowssystem32driverskbdclass.sys

22:10:00.0290 5576 kbdclass - ok

22:10:00.0325 5576 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:Windowssystem32driverskbdhid.sys

22:10:00.0327 5576 kbdhid - ok

22:10:00.0343 5576 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:Windowssystem32lsass.exe

22:10:00.0345 5576 KeyIso - ok

22:10:00.0411 5576 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:Windowssystem32Driversksecdd.sys

22:10:00.0415 5576 KSecDD - ok

22:10:00.0461 5576 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:Windowssystem32Driversksecpkg.sys

22:10:00.0466 5576 KSecPkg - ok

22:10:00.0502 5576 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:Windowssystem32driversksthunk.sys

22:10:00.0504 5576 ksthunk - ok

22:10:00.0586 5576 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:Windowssystem32msdtckrm.dll

22:10:00.0597 5576 KtmRm - ok

22:10:00.0659 5576 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:Windowssystem32srvsvc.dll

22:10:00.0668 5576 LanmanServer - ok

22:10:00.0714 5576 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:WindowsSystem32wkssvc.dll

22:10:00.0720 5576 LanmanWorkstation - ok

22:10:00.0742 5576 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:Windowssystem32DRIVERSlltdio.sys

22:10:00.0745 5576 lltdio - ok

22:10:00.0773 5576 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:WindowsSystem32lltdsvc.dll

22:10:00.0779 5576 lltdsvc - ok

22:10:00.0791 5576 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:WindowsSystem32lmhsvc.dll

22:10:00.0794 5576 lmhosts - ok

22:10:00.0826 5576 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:Windowssystem32DRIVERSlsi_fc.sys

22:10:00.0829 5576 LSI_FC - ok

22:10:00.0851 5576 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:Windowssystem32DRIVERSlsi_sas.sys

22:10:00.0854 5576 LSI_SAS - ok

22:10:00.0866 5576 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:Windowssystem32DRIVERSlsi_sas2.sys

22:10:00.0869 5576 LSI_SAS2 - ok

22:10:00.0892 5576 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:Windowssystem32DRIVERSlsi_scsi.sys

22:10:00.0894 5576 LSI_SCSI - ok

22:10:00.0905 5576 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:Windowssystem32driversluafv.sys

22:10:00.0908 5576 luafv - ok

22:10:00.0965 5576 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:Windowssystem32Mcx2Svc.dll

22:10:00.0970 5576 Mcx2Svc - ok

22:10:01.0009 5576 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:Windowssystem32DRIVERSmegasas.sys

22:10:01.0011 5576 megasas - ok

22:10:01.0032 5576 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:Windowssystem32DRIVERSMegaSR.sys

22:10:01.0037 5576 MegaSR - ok

22:10:01.0059 5576 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:Windowssystem32mmcss.dll

22:10:01.0061 5576 MMCSS - ok

22:10:01.0091 5576 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:Windowssystem32driversmodem.sys

22:10:01.0093 5576 Modem - ok

22:10:01.0115 5576 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:Windowssystem32DRIVERSmonitor.sys

22:10:01.0117 5576 monitor - ok

22:10:01.0154 5576 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:Windowssystem32DRIVERSmouclass.sys

22:10:01.0157 5576 mouclass - ok

22:10:01.0170 5576 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:Windowssystem32DRIVERSmouhid.sys

22:10:01.0172 5576 mouhid - ok

22:10:01.0208 5576 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:Windowssystem32driversmountmgr.sys

22:10:01.0210 5576 mountmgr - ok

22:10:01.0256 5576 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:Windowssystem32DRIVERSMpFilter.sys

22:10:01.0260 5576 MpFilter - ok

22:10:01.0284 5576 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:Windowssystem32driversmpio.sys

22:10:01.0287 5576 mpio - ok

22:10:01.0310 5576 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:Windowssystem32driversmpsdrv.sys

22:10:01.0312 5576 mpsdrv - ok

22:10:01.0398 5576 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:Windowssystem32mpssvc.dll

22:10:01.0410 5576 MpsSvc - ok

22:10:01.0445 5576 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:Windowssystem32driversmrxdav.sys

22:10:01.0448 5576 MRxDAV - ok

22:10:01.0482 5576 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:Windowssystem32DRIVERSmrxsmb.sys

22:10:01.0485 5576 mrxsmb - ok

22:10:01.0525 5576 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:Windowssystem32DRIVERSmrxsmb10.sys

22:10:01.0529 5576 mrxsmb10 - ok

22:10:01.0547 5576 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:Windowssystem32DRIVERSmrxsmb20.sys

22:10:01.0549 5576 mrxsmb20 - ok

22:10:01.0569 5576 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:Windowssystem32driversmsahci.sys

22:10:01.0570 5576 msahci - ok

22:10:01.0599 5576 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:Windowssystem32driversmsdsm.sys

22:10:01.0602 5576 msdsm - ok

22:10:01.0638 5576 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:WindowsSystem32msdtc.exe

22:10:01.0641 5576 MSDTC - ok

22:10:01.0687 5576 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:Windowssystem32driversMsfs.sys

22:10:01.0689 5576 Msfs - ok

22:10:01.0706 5576 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:WindowsSystem32driversmshidkmdf.sys

22:10:01.0707 5576 mshidkmdf - ok

22:10:01.0739 5576 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:Windowssystem32driversmsisadrv.sys

22:10:01.0741 5576 msisadrv - ok

22:10:01.0824 5576 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:Windowssystem32iscsiexe.dll

22:10:01.0831 5576 MSiSCSI - ok

22:10:01.0840 5576 msiserver - ok

22:10:01.0857 5576 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:Windowssystem32driversMSKSSRV.sys

22:10:01.0859 5576 MSKSSRV - ok

22:10:01.0928 5576 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:Program FilesMicrosoft Security ClientMsMpEng.exe

22:10:01.0929 5576 MsMpSvc - ok

22:10:01.0946 5576 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:Windowssystem32driversMSPCLOCK.sys

22:10:01.0947 5576 MSPCLOCK - ok

22:10:01.0968 5576 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:Windowssystem32driversMSPQM.sys

22:10:01.0969 5576 MSPQM - ok

22:10:02.0014 5576 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:Windowssystem32driversMsRPC.sys

22:10:02.0019 5576 MsRPC - ok

22:10:02.0058 5576 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:Windowssystem32driversmssmbios.sys

22:10:02.0060 5576 mssmbios - ok

22:10:02.0079 5576 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:Windowssystem32driversMSTEE.sys

22:10:02.0080 5576 MSTEE - ok

22:10:02.0101 5576 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:Windowssystem32DRIVERSMTConfig.sys

22:10:02.0102 5576 MTConfig - ok

22:10:02.0120 5576 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:Windowssystem32Driversmup.sys

22:10:02.0122 5576 Mup - ok

22:10:02.0179 5576 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:Windowssystem32qagentRT.dll

22:10:02.0187 5576 napagent - ok

22:10:02.0215 5576 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:Windowssystem32DRIVERSnwifi.sys

22:10:02.0222 5576 NativeWifiP - ok

22:10:02.0274 5576 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:Windowssystem32driversndis.sys

22:10:02.0288 5576 NDIS - ok

22:10:02.0324 5576 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:Windowssystem32DRIVERSndiscap.sys

22:10:02.0326 5576 NdisCap - ok

22:10:02.0341 5576 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:Windowssystem32DRIVERSndistapi.sys

22:10:02.0343 5576 NdisTapi - ok

22:10:02.0384 5576 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:Windowssystem32DRIVERSndisuio.sys

22:10:02.0386 5576 Ndisuio - ok

22:10:02.0432 5576 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:Windowssystem32DRIVERSndiswan.sys

22:10:02.0436 5576 NdisWan - ok

22:10:02.0484 5576 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:Windowssystem32driversNDProxy.sys

22:10:02.0488 5576 NDProxy - ok

22:10:02.0502 5576 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:Windowssystem32DRIVERSnetbios.sys

22:10:02.0504 5576 NetBIOS - ok

22:10:02.0539 5576 [ 09594D1089C523423B32A4229263F068 ] NetBT C:Windowssystem32DRIVERSnetbt.sys

22:10:02.0543 5576 NetBT - ok

22:10:02.0563 5576 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:Windowssystem32lsass.exe

22:10:02.0566 5576 Netlogon - ok

22:10:02.0608 5576 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:WindowsSystem32netman.dll

22:10:02.0614 5576 Netman - ok

22:10:02.0640 5576 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:WindowsSystem32netprofm.dll

22:10:02.0651 5576 netprofm - ok

22:10:02.0684 5576 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:WindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe

22:10:02.0686 5576 NetTcpPortSharing - ok

22:10:02.0831 5576 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:Windowssystem32DRIVERSnetw5v64.sys

22:10:02.0972 5576 netw5v64 - ok

22:10:03.0012 5576 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:Windowssystem32DRIVERSnfrd960.sys

22:10:03.0053 5576 nfrd960 - ok

22:10:03.0100 5576 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:Windowssystem32DRIVERSNisDrvWFP.sys

22:10:03.0104 5576 NisDrv - ok

22:10:03.0158 5576 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:Program FilesMicrosoft Security ClientNisSrv.exe

22:10:03.0167 5576 NisSrv - ok

22:10:03.0209 5576 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:WindowsSystem32nlasvc.dll

22:10:03.0215 5576 NlaSvc - ok

22:10:03.0338 5576 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe

22:10:03.0372 5576 NOBU - ok

22:10:03.0401 5576 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:Windowssystem32driversNpfs.sys

22:10:03.0403 5576 Npfs - ok

22:10:03.0425 5576 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:Windowssystem32nsisvc.dll

22:10:03.0427 5576 nsi - ok

22:10:03.0453 5576 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:Windowssystem32driversnsiproxy.sys

22:10:03.0454 5576 nsiproxy - ok

22:10:03.0538 5576 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:Windowssystem32driversNtfs.sys

22:10:03.0559 5576 Ntfs - ok

22:10:03.0592 5576 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:Windowssystem32driversNull.sys

22:10:03.0594 5576 Null - ok

22:10:03.0635 5576 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:Windowssystem32driversnvraid.sys

22:10:03.0638 5576 nvraid - ok

22:10:03.0678 5576 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:Windowssystem32driversnvstor.sys

22:10:03.0682 5576 nvstor - ok

22:10:03.0720 5576 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:Windowssystem32driversnv_agp.sys

22:10:03.0724 5576 nv_agp - ok

22:10:03.0755 5576 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:Windowssystem32driversohci1394.sys

22:10:03.0758 5576 ohci1394 - ok

22:10:03.0795 5576 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE

22:10:03.0799 5576 ose - ok

22:10:03.0974 5576 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE

22:10:04.0077 5576 osppsvc - ok

22:10:04.0103 5576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:Windowssystem32pnrpsvc.dll

22:10:04.0110 5576 p2pimsvc - ok

22:10:04.0138 5576 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:Windowssystem32p2psvc.dll

22:10:04.0145 5576 p2psvc - ok

22:10:04.0179 5576 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:Windowssystem32DRIVERSparport.sys

22:10:04.0182 5576 Parport - ok

22:10:04.0205 5576 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:Windowssystem32driverspartmgr.sys

22:10:04.0207 5576 partmgr - ok

22:10:04.0222 5576 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:WindowsSystem32pcasvc.dll

22:10:04.0227 5576 PcaSvc - ok

22:10:04.0263 5576 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:Windowssystem32driverspci.sys

22:10:04.0266 5576 pci - ok

22:10:04.0284 5576 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:Windowssystem32driverspciide.sys

22:10:04.0286 5576 pciide - ok

22:10:04.0316 5576 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:Windowssystem32DRIVERSpcmcia.sys

22:10:04.0319 5576 pcmcia - ok

22:10:04.0347 5576 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:Windowssystem32driverspcw.sys

22:10:04.0349 5576 pcw - ok

22:10:04.0374 5576 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:Windowssystem32driverspeauth.sys

22:10:04.0383 5576 PEAUTH - ok

22:10:04.0452 5576 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:WindowsSysWow64perfhost.exe

22:10:04.0454 5576 PerfHost - ok

22:10:04.0524 5576 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:Windowssystem32pla.dll

22:10:04.0543 5576 pla - ok

22:10:04.0604 5576 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:Windowssystem32umpnpmgr.dll

22:10:04.0617 5576 PlugPlay - ok

22:10:04.0640 5576 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:Windowssystem32pnrpauto.dll

22:10:04.0645 5576 PNRPAutoReg - ok

22:10:04.0666 5576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:Windowssystem32pnrpsvc.dll

22:10:04.0670 5576 PNRPsvc - ok

22:10:04.0723 5576 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:WindowsSystem32ipsecsvc.dll

22:10:04.0731 5576 PolicyAgent - ok

22:10:04.0762 5576 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:Windowssystem32umpo.dll

22:10:04.0766 5576 Power - ok

22:10:04.0808 5576 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:Windowssystem32DRIVERSraspptp.sys

22:10:04.0810 5576 PptpMiniport - ok

22:10:04.0837 5576 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:Windowssystem32DRIVERSprocessr.sys

22:10:04.0838 5576 Processor - ok

22:10:04.0874 5576 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:Windowssystem32profsvc.dll

22:10:04.0879 5576 ProfSvc - ok

22:10:04.0894 5576 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:Windowssystem32lsass.exe

22:10:04.0897 5576 ProtectedStorage - ok

22:10:04.0938 5576 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:Windowssystem32DRIVERSpacer.sys

22:10:04.0940 5576 Psched - ok

22:10:04.0989 5576 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:Windowssystem32DRIVERSql2300.sys

22:10:05.0010 5576 ql2300 - ok

22:10:05.0031 5576 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:Windowssystem32DRIVERSql40xx.sys

22:10:05.0033 5576 ql40xx - ok

22:10:05.0070 5576 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:Windowssystem32qwave.dll

22:10:05.0075 5576 QWAVE - ok

22:10:05.0102 5576 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:Windowssystem32driversqwavedrv.sys

22:10:05.0104 5576 QWAVEdrv - ok

22:10:05.0146 5576 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:WindowsWindowsMobilerapimgr.dll

22:10:05.0151 5576 RapiMgr - ok

22:10:05.0166 5576 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:Windowssystem32DRIVERSrasacd.sys

22:10:05.0167 5576 RasAcd - ok

22:10:05.0186 5576 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:Windowssystem32DRIVERSAgileVpn.sys

22:10:05.0188 5576 RasAgileVpn - ok

22:10:05.0200 5576 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:WindowsSystem32rasauto.dll

22:10:05.0203 5576 RasAuto - ok

22:10:05.0244 5576 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:Windowssystem32DRIVERSrasl2tp.sys

22:10:05.0246 5576 Rasl2tp - ok

22:10:05.0282 5576 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:WindowsSystem32rasmans.dll

22:10:05.0294 5576 RasMan - ok

22:10:05.0316 5576 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:Windowssystem32DRIVERSraspppoe.sys

22:10:05.0318 5576 RasPppoe - ok

22:10:05.0328 5576 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:Windowssystem32DRIVERSrassstp.sys

22:10:05.0330 5576 RasSstp - ok

22:10:05.0379 5576 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:Windowssystem32DRIVERSrdbss.sys

22:10:05.0384 5576 rdbss - ok

22:10:05.0411 5576 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:Windowssystem32DRIVERSrdpbus.sys

22:10:05.0413 5576 rdpbus - ok

22:10:05.0438 5576 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:Windowssystem32DRIVERSRDPCDD.sys

22:10:05.0439 5576 RDPCDD - ok

22:10:05.0462 5576 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:Windowssystem32driversrdpencdd.sys

22:10:05.0462 5576 RDPENCDD - ok

22:10:05.0477 5576 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:Windowssystem32driversrdprefmp.sys

22:10:05.0477 5576 RDPREFMP - ok

22:10:05.0501 5576 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:Windowssystem32driversRDPWD.sys

22:10:05.0504 5576 RDPWD - ok

22:10:05.0542 5576 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:Windowssystem32driversrdyboost.sys

22:10:05.0548 5576 rdyboost - ok

22:10:05.0605 5576 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:WindowsSystem32mprdim.dll

22:10:05.0608 5576 RemoteAccess - ok

22:10:05.0641 5576 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:Windowssystem32regsvc.dll

22:10:05.0645 5576 RemoteRegistry - ok

22:10:05.0688 5576 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:WindowsSystem32RpcEpMap.dll

22:10:05.0691 5576 RpcEptMapper - ok

22:10:05.0720 5576 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:Windowssystem32locator.exe

22:10:05.0721 5576 RpcLocator - ok

22:10:05.0777 5576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:Windowssystem32rpcss.dll

22:10:05.0790 5576 RpcSs - ok

22:10:05.0823 5576 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:Windowssystem32DRIVERSrspndr.sys

22:10:05.0826 5576 rspndr - ok

22:10:05.0859 5576 [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR C:Windowssystem32DriversRtsUStor.sys

22:10:05.0863 5576 RSUSBSTOR - ok

22:10:05.0902 5576 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:Windowssystem32DRIVERSRt64win7.sys

22:10:05.0911 5576 RTL8167 - ok

22:10:05.0952 5576 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:Program FilesRealtekRtVOsdRtVOsdService.exe

22:10:06.0043 5576 RtVOsdService - ok

22:10:06.0065 5576 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:Windowssystem32lsass.exe

22:10:06.0066 5576 SamSs - ok

22:10:06.0094 5576 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:Windowssystem32driverssbp2port.sys

22:10:06.0097 5576 sbp2port - ok

22:10:06.0126 5576 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:WindowsSystem32SCardSvr.dll

22:10:06.0131 5576 SCardSvr - ok

22:10:06.0176 5576 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:Windowssystem32DRIVERSscfilter.sys

22:10:06.0177 5576 scfilter - ok

22:10:06.0239 5576 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:Windowssystem32schedsvc.dll

22:10:06.0264 5576 Schedule - ok

22:10:06.0307 5576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:WindowsSystem32certprop.dll

22:10:06.0308 5576 SCPolicySvc - ok

22:10:06.0329 5576 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:Windowssystem32driverssdbus.sys

22:10:06.0331 5576 sdbus - ok

22:10:06.0376 5576 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:WindowsSystem32SDRSVC.dll

22:10:06.0381 5576 SDRSVC - ok

22:10:06.0413 5576 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:Windowssystem32driverssecdrv.sys

22:10:06.0415 5576 secdrv - ok

22:10:06.0458 5576 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:Windowssystem32seclogon.dll

22:10:06.0464 5576 seclogon - ok

22:10:06.0491 5576 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:WindowsSystem32sens.dll

22:10:06.0494 5576 SENS - ok

22:10:06.0510 5576 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:Windowssystem32sensrsvc.dll

22:10:06.0513 5576 SensrSvc - ok

22:10:06.0538 5576 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:Windowssystem32DRIVERSserenum.sys

22:10:06.0539 5576 Serenum - ok

22:10:06.0571 5576 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:Windowssystem32DRIVERSserial.sys

22:10:06.0574 5576 Serial - ok

22:10:06.0613 5576 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:Windowssystem32DRIVERSsermouse.sys

22:10:06.0615 5576 sermouse - ok

22:10:06.0662 5576 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:Windowssystem32sessenv.dll

22:10:06.0668 5576 SessionEnv - ok

22:10:06.0690 5576 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:Windowssystem32driverssffdisk.sys

22:10:06.0691 5576 sffdisk - ok

22:10:06.0705 5576 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:Windowssystem32driverssffp_mmc.sys

22:10:06.0707 5576 sffp_mmc - ok

22:10:06.0725 5576 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:Windowssystem32driverssffp_sd.sys

22:10:06.0727 5576 sffp_sd - ok

22:10:06.0746 5576 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:Windowssystem32DRIVERSsfloppy.sys

22:10:06.0748 5576 sfloppy - ok

22:10:06.0798 5576 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:Windowssystem32DRIVERSSftfslh.sys

22:10:06.0808 5576 Sftfs - ok

22:10:06.0890 5576 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

22:10:06.0901 5576 sftlist - ok

22:10:06.0954 5576 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:Windowssystem32DRIVERSSftplaylh.sys

22:10:06.0959 5576 Sftplay - ok

22:10:06.0976 5576 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:Windowssystem32DRIVERSSftredirlh.sys

22:10:06.0977 5576 Sftredir - ok

22:10:06.0992 5576 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:Windowssystem32DRIVERSSftvollh.sys

22:10:06.0993 5576 Sftvol - ok

22:10:07.0014 5576 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

22:10:07.0018 5576 sftvsa - ok

22:10:07.0064 5576 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:WindowsSystem32shsvcs.dll

22:10:07.0071 5576 ShellHWDetection - ok

22:10:07.0091 5576 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:Windowssystem32DRIVERSSiSRaid2.sys

22:10:07.0093 5576 SiSRaid2 - ok

22:10:07.0148 5576 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:Windowssystem32DRIVERSsisraid4.sys

22:10:07.0150 5576 SiSRaid4 - ok

22:10:07.0182 5576 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:Windowssystem32DRIVERSsmb.sys

22:10:07.0185 5576 Smb - ok

22:10:07.0218 5576 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:WindowsSystem32snmptrap.exe

22:10:07.0221 5576 SNMPTRAP - ok

22:10:07.0228 5576 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:Windowssystem32driversspldr.sys

22:10:07.0230 5576 spldr - ok

22:10:07.0278 5576 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:WindowsSystem32spoolsv.exe

22:10:07.0287 5576 Spooler - ok

22:10:07.0509 5576 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:Windowssystem32sppsvc.exe

22:10:07.0580 5576 sppsvc - ok

22:10:07.0606 5576 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:Windowssystem32sppuinotify.dll

22:10:07.0609 5576 sppuinotify - ok

22:10:07.0675 5576 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:Windowssystem32DRIVERSsrv.sys

22:10:07.0682 5576 srv - ok

22:10:07.0708 5576 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:Windowssystem32DRIVERSsrv2.sys

22:10:07.0714 5576 srv2 - ok

22:10:07.0764 5576 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:Windowssystem32DRIVERSVSTAZL6.SYS

22:10:07.0768 5576 SrvHsfHDA - ok

22:10:07.0816 5576 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:Windowssystem32DRIVERSVSTDPV6.SYS

22:10:07.0834 5576 SrvHsfV92 - ok

22:10:07.0855 5576 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:Windowssystem32DRIVERSVSTCNXT6.SYS

22:10:07.0865 5576 SrvHsfWinac - ok

22:10:07.0908 5576 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:Windowssystem32DRIVERSsrvnet.sys

22:10:07.0911 5576 srvnet - ok

22:10:07.0945 5576 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:WindowsSystem32ssdpsrv.dll

22:10:07.0950 5576 SSDPSRV - ok

22:10:07.0963 5576 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:Windowssystem32sstpsvc.dll

22:10:07.0966 5576 SstpSvc - ok

22:10:07.0989 5576 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:Windowssystem32DRIVERSstexstor.sys

22:10:07.0990 5576 stexstor - ok

22:10:08.0034 5576 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:WindowsSystem32wiaservc.dll

22:10:08.0043 5576 stisvc - ok

22:10:08.0074 5576 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:Windowssystem32driversswenum.sys

22:10:08.0075 5576 swenum - ok

22:10:08.0126 5576 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:WindowsSystem32swprv.dll

22:10:08.0135 5576 swprv - ok

22:10:08.0192 5576 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:Windowssystem32DRIVERSSynTP.sys

22:10:08.0201 5576 SynTP - ok

22:10:08.0287 5576 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:Windowssystem32sysmain.dll

22:10:08.0310 5576 SysMain - ok

22:10:08.0354 5576 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:WindowsSystem32TabSvc.dll

22:10:08.0358 5576 TabletInputService - ok

22:10:08.0378 5576 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:WindowsSystem32tapisrv.dll

22:10:08.0385 5576 TapiSrv - ok

22:10:08.0412 5576 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:WindowsSystem32tbssvc.dll

22:10:08.0415 5576 TBS - ok

22:10:08.0505 5576 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:Windowssystem32driverstcpip.sys

22:10:08.0537 5576 Tcpip - ok

22:10:08.0569 5576 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:Windowssystem32DRIVERStcpip.sys

22:10:08.0582 5576 TCPIP6 - ok

22:10:08.0606 5576 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:Windowssystem32driverstcpipreg.sys

22:10:08.0607 5576 tcpipreg - ok

22:10:08.0646 5576 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:Windowssystem32driverstdpipe.sys

22:10:08.0648 5576 TDPIPE - ok

22:10:08.0686 5576 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:Windowssystem32driverstdtcp.sys

22:10:08.0687 5576 TDTCP - ok

22:10:08.0724 5576 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:Windowssystem32DRIVERStdx.sys

22:10:08.0727 5576 tdx - ok

22:10:08.0743 5576 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:Windowssystem32driverstermdd.sys

22:10:08.0745 5576 TermDD - ok

22:10:08.0793 5576 [ 2E648163254233755035B46DD7B89123 ] TermService C:WindowsSystem32termsrv.dll

22:10:08.0803 5576 TermService - ok

22:10:08.0837 5576 [ F0344071948D1A1FA732231785A0664C ] Themes C:Windowssystem32themeservice.dll

22:10:08.0840 5576 Themes - ok

22:10:08.0856 5576 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:Windowssystem32mmcss.dll

22:10:08.0858 5576 THREADORDER - ok

22:10:08.0887 5576 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:WindowsSystem32trkwks.dll

22:10:08.0890 5576 TrkWks - ok

22:10:08.0965 5576 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:WindowsservicingTrustedInstaller.exe

22:10:08.0973 5576 TrustedInstaller - ok

22:10:09.0023 5576 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:Windowssystem32DRIVERStssecsrv.sys

22:10:09.0026 5576 tssecsrv - ok

22:10:09.0067 5576 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:Windowssystem32driverstsusbflt.sys

22:10:09.0071 5576 TsUsbFlt - ok

22:10:09.0116 5576 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:Windowssystem32DRIVERStunnel.sys

22:10:09.0120 5576 tunnel - ok

22:10:09.0148 5576 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:Windowssystem32DRIVERSuagp35.sys

22:10:09.0152 5576 uagp35 - ok

22:10:09.0194 5576 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:Windowssystem32DRIVERSudfs.sys

22:10:09.0200 5576 udfs - ok

22:10:09.0238 5576 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:Windowssystem32UI0Detect.exe

22:10:09.0241 5576 UI0Detect - ok

22:10:09.0263 5576 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:Windowssystem32driversuliagpkx.sys

22:10:09.0266 5576 uliagpkx - ok

22:10:09.0297 5576 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:Windowssystem32DRIVERSumbus.sys

22:10:09.0299 5576 umbus - ok

22:10:09.0332 5576 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:Windowssystem32DRIVERSumpass.sys

22:10:09.0333 5576 UmPass - ok

22:10:09.0359 5576 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:WindowsSystem32upnphost.dll

22:10:09.0366 5576 upnphost - ok

22:10:09.0398 5576 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:Windowssystem32driversusbaudio.sys

22:10:09.0401 5576 usbaudio - ok

22:10:09.0441 5576 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:Windowssystem32DRIVERSusbccgp.sys

22:10:09.0444 5576 usbccgp - ok

22:10:09.0467 5576 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:Windowssystem32driversusbcir.sys

22:10:09.0469 5576 usbcir - ok

22:10:09.0485 5576 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:Windowssystem32DRIVERSusbehci.sys

22:10:09.0487 5576 usbehci - ok

22:10:09.0522 5576 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:Windowssystem32DRIVERSusbfilter.sys

22:10:09.0524 5576 usbfilter - ok

22:10:09.0544 5576 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:Windowssystem32DRIVERSusbhub.sys

22:10:09.0556 5576 usbhub - ok

22:10:09.0590 5576 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:Windowssystem32DRIVERSusbohci.sys

22:10:09.0592 5576 usbohci - ok

22:10:09.0625 5576 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:Windowssystem32DRIVERSusbprint.sys

22:10:09.0702 5576 usbprint - ok

22:10:09.0768 5576 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:Windowssystem32DRIVERSusbscan.sys

22:10:09.0821 5576 usbscan - ok

22:10:09.0847 5576 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:Windowssystem32DRIVERSUSBSTOR.SYS

22:10:09.0851 5576 USBSTOR - ok

22:10:09.0876 5576 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:Windowssystem32DRIVERSusbuhci.sys

22:10:09.0878 5576 usbuhci - ok

22:10:09.0914 5576 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:WindowsSystem32Driversusbvideo.sys

22:10:09.0918 5576 usbvideo - ok

22:10:09.0941 5576 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:Windowssystem32driversusb8023x.sys

22:10:09.0942 5576 usb_rndisx - ok

22:10:09.0960 5576 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:WindowsSystem32uxsms.dll

22:10:09.0963 5576 UxSms - ok

22:10:09.0974 5576 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:Windowssystem32lsass.exe

22:10:09.0976 5576 VaultSvc - ok

22:10:10.0012 5576 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:Windowssystem32driversvdrvroot.sys

22:10:10.0014 5576 vdrvroot - ok

22:10:10.0062 5576 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:WindowsSystem32vds.exe

22:10:10.0079 5576 vds - ok

22:10:10.0118 5576 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:Windowssystem32DRIVERSvgapnp.sys

22:10:10.0120 5576 vga - ok

22:10:10.0138 5576 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:WindowsSystem32driversvga.sys

22:10:10.0140 5576 VgaSave - ok

22:10:10.0174 5576 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:Windowssystem32driversvhdmp.sys

22:10:10.0178 5576 vhdmp - ok

22:10:10.0213 5576 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:Windowssystem32driversviaide.sys

22:10:10.0215 5576 viaide - ok

22:10:10.0236 5576 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:Windowssystem32driversvolmgr.sys

22:10:10.0239 5576 volmgr - ok

22:10:10.0287 5576 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:Windowssystem32driversvolmgrx.sys

22:10:10.0293 5576 volmgrx - ok

22:10:10.0328 5576 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:Windowssystem32driversvolsnap.sys

22:10:10.0334 5576 volsnap - ok

22:10:10.0362 5576 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:Windowssystem32DRIVERSvsmraid.sys

22:10:10.0365 5576 vsmraid - ok

22:10:10.0431 5576 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:Windowssystem32vssvc.exe

22:10:10.0454 5576 VSS - ok

22:10:10.0474 5576 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:Windowssystem32DRIVERSvwifibus.sys

22:10:10.0476 5576 vwifibus - ok

22:10:10.0500 5576 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:Windowssystem32DRIVERSvwififlt.sys

22:10:10.0502 5576 vwififlt - ok

22:10:10.0515 5576 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:Windowssystem32DRIVERSvwifimp.sys

22:10:10.0517 5576 vwifimp - ok

22:10:10.0542 5576 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:Windowssystem32w32time.dll

22:10:10.0549 5576 W32Time - ok

22:10:10.0588 5576 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:Windowssystem32DRIVERSwacompen.sys

22:10:10.0589 5576 WacomPen - ok

22:10:10.0637 5576 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:Windowssystem32DRIVERSwanarp.sys

22:10:10.0639 5576 WANARP - ok

22:10:10.0658 5576 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:Windowssystem32DRIVERSwanarp.sys

22:10:10.0659 5576 Wanarpv6 - ok

22:10:10.0727 5576 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:Windowssystem32WatWatAdminSvc.exe

22:10:10.0746 5576 WatAdminSvc - ok

22:10:10.0816 5576 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:Windowssystem32wbengine.exe

22:10:10.0844 5576 wbengine - ok

22:10:10.0900 5576 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:WindowsSystem32wbiosrvc.dll

22:10:10.0910 5576 WbioSrvc - ok

22:10:10.0959 5576 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:WindowsWindowsMobilewcescomm.dll

22:10:10.0967 5576 WcesComm - ok

22:10:11.0014 5576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:WindowsSystem32wcncsvc.dll

22:10:11.0023 5576 wcncsvc - ok

22:10:11.0045 5576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:WindowsSystem32WcsPlugInService.dll

22:10:11.0048 5576 WcsPlugInService - ok

22:10:11.0081 5576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:Windowssystem32DRIVERSwd.sys

22:10:11.0083 5576 Wd - ok

22:10:11.0136 5576 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:Windowssystem32driversWdf01000.sys

22:10:11.0150 5576 Wdf01000 - ok

22:10:11.0172 5576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:Windowssystem32wdi.dll

22:10:11.0175 5576 WdiServiceHost - ok

22:10:11.0180 5576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:Windowssystem32wdi.dll

22:10:11.0183 5576 WdiSystemHost - ok

22:10:11.0221 5576 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:WindowsSystem32webclnt.dll

22:10:11.0227 5576 WebClient - ok

22:10:11.0255 5576 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:Windowssystem32wecsvc.dll

22:10:11.0260 5576 Wecsvc - ok

22:10:11.0272 5576 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:WindowsSystem32wercplsupport.dll

22:10:11.0275 5576 wercplsupport - ok

22:10:11.0290 5576 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:WindowsSystem32WerSvc.dll

22:10:11.0293 5576 WerSvc - ok

22:10:11.0308 5576 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:Windowssystem32DRIVERSwfplwf.sys

22:10:11.0310 5576 WfpLwf - ok

22:10:11.0326 5576 [ 05ECAEC3E4529A7153B3136CEB4

Link to post
Share on other sites

22:10:11.0014 5576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:WindowsSystem32wcncsvc.dll

22:10:11.0023 5576 wcncsvc - ok

22:10:11.0045 5576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:WindowsSystem32WcsPlugInService.dll

22:10:11.0048 5576 WcsPlugInService - ok

22:10:11.0081 5576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:Windowssystem32DRIVERSwd.sys

22:10:11.0083 5576 Wd - ok

22:10:11.0136 5576 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:Windowssystem32driversWdf01000.sys

22:10:11.0150 5576 Wdf01000 - ok

22:10:11.0172 5576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:Windowssystem32wdi.dll

22:10:11.0175 5576 WdiServiceHost - ok

22:10:11.0180 5576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:Windowssystem32wdi.dll

22:10:11.0183 5576 WdiSystemHost - ok

22:10:11.0221 5576 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:WindowsSystem32webclnt.dll

22:10:11.0227 5576 WebClient - ok

22:10:11.0255 5576 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:Windowssystem32wecsvc.dll

22:10:11.0260 5576 Wecsvc - ok

22:10:11.0272 5576 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:WindowsSystem32wercplsupport.dll

22:10:11.0275 5576 wercplsupport - ok

22:10:11.0290 5576 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:WindowsSystem32WerSvc.dll

22:10:11.0293 5576 WerSvc - ok

22:10:11.0308 5576 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:Windowssystem32DRIVERSwfplwf.sys

22:10:11.0310 5576 WfpLwf - ok

22:10:11.0326 5576 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:Windowssystem32driverswimmount.sys

22:10:11.0327 5576 WIMMount - ok

22:10:11.0333 5576 WinHttpAutoProxySvc - ok

22:10:11.0390 5576 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:Windowssystem32wbemWMIsvc.dll

22:10:11.0396 5576 Winmgmt - ok

22:10:11.0528 5576 [ BCB1310604AA415C4508708975B3931E ] WinRM C:Windowssystem32WsmSvc.dll

22:10:11.0564 5576 WinRM - ok

22:10:11.0617 5576 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:Windowssystem32DRIVERSWinUSB.sys

22:10:11.0620 5576 WinUSB - ok

22:10:11.0679 5576 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:WindowsSystem32wlansvc.dll

22:10:11.0693 5576 Wlansvc - ok

22:10:11.0841 5576 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:Program FilesWindows LiveMeshwlcrasvc.exe

22:10:11.0845 5576 wlcrasvc - ok

22:10:11.0973 5576 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

22:10:12.0001 5576 wlidsvc - ok

22:10:12.0038 5576 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:Windowssystem32driverswmiacpi.sys

22:10:12.0040 5576 WmiAcpi - ok

22:10:12.0072 5576 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:Windowssystem32wbemWmiApSrv.exe

22:10:12.0076 5576 wmiApSrv - ok

22:10:12.0104 5576 WMPNetworkSvc - ok

22:10:12.0162 5576 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm c:Program FilesZuneWMZuneComm.exe

22:10:12.0172 5576 WMZuneComm - ok

22:10:12.0202 5576 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:WindowsSystem32wpcsvc.dll

22:10:12.0205 5576 WPCSvc - ok

22:10:12.0247 5576 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:Windowssystem32wpdbusenum.dll

22:10:12.0252 5576 WPDBusEnum - ok

22:10:12.0288 5576 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:Windowssystem32driversws2ifsl.sys

22:10:12.0289 5576 ws2ifsl - ok

22:10:12.0296 5576 WSearch - ok

22:10:12.0398 5576 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:Windowssystem32wuaueng.dll

22:10:12.0436 5576 wuauserv - ok

22:10:12.0487 5576 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:Windowssystem32driversWudfPf.sys

22:10:12.0491 5576 WudfPf - ok

22:10:12.0539 5576 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:WindowsSystem32WUDFSvc.dll

22:10:12.0544 5576 wudfsvc - ok

22:10:12.0574 5576 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:WindowsSystem32wwansvc.dll

22:10:12.0580 5576 WwanSvc - ok

22:10:12.0617 5576 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:Windowssystem32DRIVERSyk62x64.sys

22:10:12.0623 5576 yukonw7 - ok

22:10:12.0857 5576 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc c:Program FilesZuneZuneNss.exe

22:10:13.0063 5576 ZuneNetworkSvc - ok

22:10:13.0121 5576 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc c:Program FilesZuneZuneWlanCfgSvc.exe

22:10:13.0134 5576 ZuneWlanCfgSvc - ok

22:10:13.0157 5576 ================ Scan global ===============================

22:10:13.0204 5576 [ BA0CD8C393E8C9F83354106093832C7B ] C:Windowssystem32basesrv.dll

22:10:13.0243 5576 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:Windowssystem32winsrv.dll

22:10:13.0260 5576 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:Windowssystem32winsrv.dll

22:10:13.0289 5576 [ D6160F9D869BA3AF0B787F971DB56368 ] C:Windowssystem32sxssrv.dll

22:10:13.0320 5576 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:Windowssystem32services.exe

22:10:13.0326 5576 [Global] - ok

22:10:13.0327 5576 ================ Scan MBR ==================================

22:10:13.0344 5576 [ E00AB69BB6E3E3576E39282962432658 ] DeviceHarddisk0DR0

22:10:13.0580 5576 DeviceHarddisk0DR0 ( TDSS File System ) - warning

22:10:13.0580 5576 DeviceHarddisk0DR0 - detected TDSS File System (1)

22:10:13.0581 5576 ================ Scan VBR ==================================

22:10:13.0589 5576 [ DEE29DA83CCBF382F01CDB40C12EF0C7 ] DeviceHarddisk0DR0Partition1

22:10:13.0591 5576 DeviceHarddisk0DR0Partition1 - ok

22:10:13.0612 5576 [ 7F34A768B4B35FEAB154A90732D8E48C ] DeviceHarddisk0DR0Partition2

22:10:13.0613 5576 DeviceHarddisk0DR0Partition2 - ok

22:10:13.0648 5576 [ 8755962A004FA13807A363AAACFAC495 ] DeviceHarddisk0DR0Partition3

22:10:13.0650 5576 DeviceHarddisk0DR0Partition3 - ok

22:10:13.0747 5576 [ E664B953FA08A6F72E60FD482C899EE1 ] DeviceHarddisk0DR0Partition4

22:10:13.0748 5576 DeviceHarddisk0DR0Partition4 - ok

22:10:13.0749 5576 ============================================================

22:10:13.0750 5576 Scan finished

22:10:13.0750 5576 ============================================================

22:10:13.0779 5056 Detected object count: 1

22:10:13.0779 5056 Actual detected object count: 1

22:10:36.0394 5056 DeviceHarddisk0DR0 ( TDSS File System ) - skipped by user

22:10:36.0394 5056 DeviceHarddisk0DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

Hello Elmer Rivera

 

Please run TDSSKiller again and this time, select Delete for the following detection:

 

 

22:10:13.0779 5056 Actual detected object count: 1

22:10:36.0394 5056 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

22:10:36.0394 5056 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

 

Once deleted, continue as follows:

  • Combofix

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the TDSSKiller log and the Combofix log in your next reply.

 

You may need to make more than one post to fit all of the information in.

 

Link to post
Share on other sites

07:19:06.0897 0968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

07:19:07.0583 0968 ============================================================

07:19:07.0583 0968 Current date / time: 2012/11/27 07:19:07.0583

07:19:07.0583 0968 SystemInfo:

07:19:07.0583 0968

07:19:07.0583 0968 OS Version: 6.1.7601 ServicePack: 1.0

07:19:07.0583 0968 Product type: Workstation

07:19:07.0583 0968 ComputerName: ELMER-HP

07:19:07.0583 0968 UserName: Elmer

07:19:07.0583 0968 Windows directory: C:Windows

07:19:07.0583 0968 System windows directory: C:Windows

07:19:07.0583 0968 Running under WOW64

07:19:07.0583 0968 Processor architecture: Intel x64

07:19:07.0583 0968 Number of processors: 2

07:19:07.0583 0968 Page size: 0x1000

07:19:07.0583 0968 Boot type: Normal boot

07:19:07.0583 0968 ============================================================

07:19:09.0330 0968 Drive DeviceHarddisk0DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:19:09.0346 0968 ============================================================

07:19:09.0346 0968 DeviceHarddisk0DR0:

07:19:09.0346 0968 MBR partitions:

07:19:09.0346 0968 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

07:19:09.0346 0968 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232F9000

07:19:09.0346 0968 DeviceHarddisk0DR0Partition3: MBR, Type 0x7, StartLBA 0x2335D000, BlocksNum 0x209D800

07:19:09.0346 0968 DeviceHarddisk0DR0Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

07:19:09.0346 0968 ============================================================

07:19:09.0362 0968 C: <-> DeviceHarddisk0DR0Partition2

07:19:09.0408 0968 D: <-> DeviceHarddisk0DR0Partition3

07:19:09.0424 0968 F: <-> DeviceHarddisk0DR0Partition4

07:19:09.0424 0968 ============================================================

07:19:09.0424 0968 Initialize success

07:19:09.0424 0968 ============================================================

07:19:30.0383 3740 ============================================================

07:19:30.0383 3740 Scan started

07:19:30.0383 3740 Mode: Manual; TDLFS;

07:19:30.0383 3740 ============================================================

07:19:32.0239 3740 ================ Scan system memory ========================

07:19:32.0239 3740 System memory - ok

07:19:32.0239 3740 ================ Scan services =============================

07:19:32.0364 3740 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:Windowssystem32drivers1394ohci.sys

07:19:32.0379 3740 1394ohci - ok

07:19:32.0411 3740 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:Windowssystem32driversACPI.sys

07:19:32.0426 3740 ACPI - ok

07:19:32.0457 3740 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:Windowssystem32driversacpipmi.sys

07:19:32.0457 3740 AcpiPmi - ok

07:19:32.0504 3740 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:Windowssystem32DRIVERSadp94xx.sys

07:19:32.0520 3740 adp94xx - ok

07:19:32.0535 3740 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:Windowssystem32DRIVERSadpahci.sys

07:19:32.0551 3740 adpahci - ok

07:19:32.0582 3740 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:Windowssystem32DRIVERSadpu320.sys

07:19:32.0582 3740 adpu320 - ok

07:19:32.0629 3740 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:WindowsSystem32aelupsvc.dll

07:19:32.0629 3740 AeLookupSvc - ok

07:19:32.0691 3740 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:Program FilesRealtekAudioHDAAERTSr64.exe

07:19:32.0691 3740 AERTFilters - ok

07:19:32.0738 3740 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:Windowssystem32driversafd.sys

07:19:32.0754 3740 AFD - ok

07:19:32.0785 3740 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:Windowssystem32driversagp440.sys

07:19:32.0785 3740 agp440 - ok

07:19:32.0801 3740 [ 3290D6946B5E30E70414990574883DDB ] ALG C:WindowsSystem32alg.exe

07:19:32.0816 3740 ALG - ok

07:19:32.0832 3740 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:Windowssystem32driversaliide.sys

07:19:32.0847 3740 aliide - ok

07:19:32.0879 3740 [ 29C151492510640343B00B63996E4070 ] AMD External Events Utility C:Windowssystem32atiesrxx.exe

07:19:32.0879 3740 AMD External Events Utility - ok

07:19:32.0894 3740 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:Windowssystem32driversamdide.sys

07:19:32.0894 3740 amdide - ok

07:19:32.0910 3740 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:Windowssystem32DRIVERSamdk8.sys

07:19:32.0910 3740 AmdK8 - ok

07:19:33.0097 3740 [ 2C9C4824664C61351FF1E0169262D026 ] amdkmdag C:Windowssystem32DRIVERSatikmdag.sys

07:19:33.0253 3740 amdkmdag - ok

07:19:33.0300 3740 [ EF7382689D3B17AC2983202E7A40AB45 ] amdkmdap C:Windowssystem32DRIVERSatikmpag.sys

07:19:33.0300 3740 amdkmdap - ok

07:19:33.0331 3740 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:Windowssystem32DRIVERSamdppm.sys

07:19:33.0331 3740 AmdPPM - ok

07:19:33.0362 3740 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:Windowssystem32DRIVERSamdsata.sys

07:19:33.0362 3740 amdsata - ok

07:19:33.0393 3740 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:Windowssystem32DRIVERSamdsbs.sys

07:19:33.0393 3740 amdsbs - ok

07:19:33.0425 3740 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:Windowssystem32DRIVERSamdxata.sys

07:19:33.0425 3740 amdxata - ok

07:19:33.0471 3740 [ 89A69C3F2F319B43379399547526D952 ] AppID C:Windowssystem32driversappid.sys

07:19:33.0471 3740 AppID - ok

07:19:33.0503 3740 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:WindowsSystem32appidsvc.dll

07:19:33.0503 3740 AppIDSvc - ok

07:19:33.0534 3740 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:WindowsSystem32appinfo.dll

07:19:33.0534 3740 Appinfo - ok

07:19:33.0581 3740 [ C484F8CEB1717C540242531DB7845C4E ] arc C:Windowssystem32DRIVERSarc.sys

07:19:33.0581 3740 arc - ok

07:19:33.0612 3740 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:Windowssystem32DRIVERSarcsas.sys

07:19:33.0627 3740 arcsas - ok

07:19:33.0674 3740 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:Windowssystem32DRIVERSasyncmac.sys

07:19:33.0674 3740 AsyncMac - ok

07:19:33.0705 3740 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:Windowssystem32driversatapi.sys

07:19:33.0705 3740 atapi - ok

07:19:33.0830 3740 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:Windowssystem32DRIVERSathrx.sys

07:19:34.0064 3740 athr - ok

07:19:34.0095 3740 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:Windowssystem32driversAtiHdmi.sys

07:19:34.0095 3740 AtiHdmiService - ok

07:19:34.0111 3740 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:Windowssystem32DRIVERSAtiPcie.sys

07:19:34.0127 3740 AtiPcie - ok

07:19:34.0189 3740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:WindowsSystem32Audiosrv.dll

07:19:34.0205 3740 AudioEndpointBuilder - ok

07:19:34.0220 3740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:WindowsSystem32Audiosrv.dll

07:19:34.0236 3740 AudioSrv - ok

07:19:34.0267 3740 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:WindowsSystem32AxInstSV.dll

07:19:34.0314 3740 AxInstSV - ok

07:19:34.0361 3740 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:Windowssystem32DRIVERSbxvbda.sys

07:19:34.0376 3740 b06bdrv - ok

07:19:34.0407 3740 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:Windowssystem32DRIVERSb57nd60a.sys

07:19:34.0407 3740 b57nd60a - ok

07:19:34.0439 3740 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:WindowsSystem32bdesvc.dll

07:19:34.0439 3740 BDESVC - ok

07:19:34.0470 3740 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:Windowssystem32driversBeep.sys

07:19:34.0470 3740 Beep - ok

07:19:34.0548 3740 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:WindowsSystem32bfe.dll

07:19:34.0563 3740 BFE - ok

07:19:34.0626 3740 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:WindowsSystem32qmgr.dll

07:19:34.0641 3740 BITS - ok

07:19:34.0704 3740 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:Windowssystem32DRIVERSblbdrive.sys

07:19:34.0704 3740 blbdrive - ok

07:19:34.0751 3740 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:Windowssystem32DRIVERSbowser.sys

07:19:34.0751 3740 bowser - ok

07:19:34.0766 3740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:Windowssystem32DRIVERSBrFiltLo.sys

07:19:34.0766 3740 BrFiltLo - ok

07:19:34.0797 3740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:Windowssystem32DRIVERSBrFiltUp.sys

07:19:34.0797 3740 BrFiltUp - ok

07:19:34.0844 3740 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:WindowsSystem32browser.dll

07:19:34.0844 3740 Browser - ok

07:19:34.0875 3740 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:WindowsSystem32DriversBrserid.sys

07:19:34.0875 3740 Brserid - ok

07:19:34.0907 3740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:WindowsSystem32DriversBrSerWdm.sys

07:19:34.0907 3740 BrSerWdm - ok

07:19:34.0922 3740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:WindowsSystem32DriversBrUsbMdm.sys

07:19:34.0922 3740 BrUsbMdm - ok

07:19:34.0953 3740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:WindowsSystem32DriversBrUsbSer.sys

07:19:34.0953 3740 BrUsbSer - ok

07:19:34.0985 3740 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:Windowssystem32DRIVERSbthmodem.sys

07:19:34.0985 3740 BTHMODEM - ok

07:19:35.0016 3740 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:Windowssystem32bthserv.dll

07:19:35.0016 3740 bthserv - ok

07:19:35.0031 3740 [ B8BD2BB284668C84865658C77574381A ] cdfs C:Windowssystem32DRIVERScdfs.sys

07:19:35.0047 3740 cdfs - ok

07:19:35.0078 3740 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:Windowssystem32driverscdrom.sys

07:19:35.0078 3740 cdrom - ok

07:19:35.0125 3740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:WindowsSystem32certprop.dll

07:19:35.0125 3740 CertPropSvc - ok

07:19:35.0187 3740 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:Program Files (x86)CinemaNowCinemaNow Media ManagerCinemanowSvc.exe

07:19:35.0187 3740 CinemaNow Service - ok

07:19:35.0219 3740 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:Windowssystem32DRIVERScirclass.sys

07:19:35.0219 3740 circlass - ok

07:19:35.0265 3740 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:Windowssystem32CLFS.sys

07:19:35.0281 3740 CLFS - ok

07:19:35.0343 3740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

07:19:35.0359 3740 clr_optimization_v2.0.50727_32 - ok

07:19:35.0437 3740 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe

07:19:35.0437 3740 clr_optimization_v2.0.50727_64 - ok

07:19:35.0499 3740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 c:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe

07:19:35.0546 3740 clr_optimization_v4.0.30319_32 - ok

07:19:35.0577 3740 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 c:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe

07:19:35.0577 3740 clr_optimization_v4.0.30319_64 - ok

07:19:35.0609 3740 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:Windowssystem32DRIVERSCmBatt.sys

07:19:35.0609 3740 CmBatt - ok

07:19:35.0640 3740 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:Windowssystem32driverscmdide.sys

07:19:35.0640 3740 cmdide - ok

07:19:35.0687 3740 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:Windowssystem32Driverscng.sys

07:19:35.0687 3740 CNG - ok

07:19:35.0718 3740 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:Windowssystem32DRIVERScompbatt.sys

07:19:35.0718 3740 Compbatt - ok

07:19:35.0765 3740 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:Windowssystem32driversCompositeBus.sys

07:19:35.0765 3740 CompositeBus - ok

07:19:35.0780 3740 COMSysApp - ok

07:19:35.0811 3740 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:Windowssystem32DRIVERScrcdisk.sys

07:19:35.0811 3740 crcdisk - ok

07:19:35.0843 3740 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:Windowssystem32cryptsvc.dll

07:19:35.0858 3740 CryptSvc - ok

07:19:35.0967 3740 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

07:19:35.0999 3740 cvhsvc - ok

07:19:36.0061 3740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:Windowssystem32rpcss.dll

07:19:36.0077 3740 DcomLaunch - ok

07:19:36.0092 3740 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:WindowsSystem32defragsvc.dll

07:19:36.0092 3740 defragsvc - ok

07:19:36.0139 3740 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:Windowssystem32Driversdfsc.sys

07:19:36.0139 3740 DfsC - ok

07:19:36.0170 3740 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:Windowssystem32dhcpcore.dll

07:19:36.0170 3740 Dhcp - ok

07:19:36.0201 3740 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:Windowssystem32driversdiscache.sys

07:19:36.0201 3740 discache - ok

07:19:36.0233 3740 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:Windowssystem32DRIVERSdisk.sys

07:19:36.0233 3740 Disk - ok

07:19:36.0311 3740 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:WindowsSystem32dnsrslvr.dll

07:19:36.0311 3740 Dnscache - ok

07:19:36.0373 3740 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:WindowsSystem32dot3svc.dll

07:19:36.0373 3740 dot3svc - ok

07:19:36.0420 3740 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:Windowssystem32dps.dll

07:19:36.0435 3740 DPS - ok

07:19:36.0467 3740 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:Windowssystem32driversdrmkaud.sys

07:19:36.0467 3740 drmkaud - ok

07:19:36.0529 3740 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:WindowsSystem32driversdxgkrnl.sys

07:19:36.0545 3740 DXGKrnl - ok

07:19:36.0576 3740 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:WindowsSystem32eapsvc.dll

07:19:36.0591 3740 EapHost - ok

07:19:36.0716 3740 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:Windowssystem32DRIVERSevbda.sys

07:19:36.0841 3740 ebdrv - ok

07:19:36.0888 3740 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:WindowsSystem32lsass.exe

07:19:36.0888 3740 EFS - ok

07:19:36.0966 3740 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:WindowsehomeehRecvr.exe

07:19:36.0981 3740 ehRecvr - ok

07:19:37.0013 3740 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:Windowsehomeehsched.exe

07:19:37.0028 3740 ehSched - ok

07:19:37.0059 3740 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:Windowssystem32DRIVERSelxstor.sys

07:19:37.0075 3740 elxstor - ok

07:19:37.0106 3740 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:Windowssystem32driverserrdev.sys

07:19:37.0106 3740 ErrDev - ok

07:19:37.0200 3740 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:Windowssystem32es.dll

07:19:37.0200 3740 EventSystem - ok

07:19:37.0215 3740 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:Windowssystem32driversexfat.sys

07:19:37.0215 3740 exfat - ok

07:19:37.0247 3740 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:Windowssystem32driversfastfat.sys

07:19:37.0247 3740 fastfat - ok

07:19:37.0293 3740 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:Windowssystem32fxssvc.exe

07:19:37.0293 3740 Fax - ok

07:19:37.0325 3740 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:Windowssystem32DRIVERSfdc.sys

07:19:37.0325 3740 fdc - ok

07:19:37.0371 3740 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:Windowssystem32fdPHost.dll

07:19:37.0371 3740 fdPHost - ok

07:19:37.0387 3740 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:Windowssystem32fdrespub.dll

07:19:37.0387 3740 FDResPub - ok

07:19:37.0403 3740 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:Windowssystem32driversfileinfo.sys

07:19:37.0403 3740 FileInfo - ok

07:19:37.0434 3740 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:Windowssystem32driversfiletrace.sys

07:19:37.0434 3740 Filetrace - ok

07:19:37.0449 3740 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:Windowssystem32DRIVERSflpydisk.sys

07:19:37.0449 3740 flpydisk - ok

07:19:37.0496 3740 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:Windowssystem32driversfltmgr.sys

07:19:37.0496 3740 FltMgr - ok

07:19:37.0559 3740 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:Windowssystem32FntCache.dll

07:19:37.0574 3740 FontCache - ok

07:19:37.0652 3740 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

07:19:37.0652 3740 FontCache3.0.0.0 - ok

07:19:37.0715 3740 [ D43703496149971890703B4B1B723EAC ] FsDepends C:Windowssystem32driversFsDepends.sys

07:19:37.0715 3740 FsDepends - ok

07:19:37.0761 3740 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:Windowssystem32DRIVERSfssfltr.sys

07:19:37.0761 3740 fssfltr - ok

07:19:37.0886 3740 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe

07:19:37.0917 3740 fsssvc - ok

07:19:37.0949 3740 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:Windowssystem32driversFs_Rec.sys

07:19:37.0949 3740 Fs_Rec - ok

07:19:37.0995 3740 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:Windowssystem32DRIVERSfvevol.sys

07:19:37.0995 3740 fvevol - ok

07:19:38.0042 3740 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:Windowssystem32DRIVERSgagp30kx.sys

07:19:38.0042 3740 gagp30kx - ok

07:19:38.0105 3740 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe

07:19:38.0120 3740 GameConsoleService - ok

07:19:38.0183 3740 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:WindowsSystem32gpsvc.dll

07:19:38.0198 3740 gpsvc - ok

07:19:38.0292 3740 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

07:19:38.0292 3740 gupdate - ok

07:19:38.0307 3740 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

07:19:38.0307 3740 gupdatem - ok

07:19:38.0339 3740 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:Windowssystem32drivershcw85cir.sys

07:19:38.0339 3740 hcw85cir - ok

07:19:38.0370 3740 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:Windowssystem32driversHdAudio.sys

07:19:38.0370 3740 HdAudAddService - ok

07:19:38.0385 3740 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:Windowssystem32driversHDAudBus.sys

07:19:38.0401 3740 HDAudBus - ok

07:19:38.0432 3740 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:Windowssystem32DRIVERSHidBatt.sys

07:19:38.0432 3740 HidBatt - ok

07:19:38.0463 3740 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:Windowssystem32DRIVERShidbth.sys

07:19:38.0463 3740 HidBth - ok

07:19:38.0479 3740 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:Windowssystem32DRIVERShidir.sys

07:19:38.0479 3740 HidIr - ok

07:19:38.0526 3740 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:Windowssystem32hidserv.dll

07:19:38.0526 3740 hidserv - ok

07:19:38.0541 3740 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:Windowssystem32DRIVERShidusb.sys

07:19:38.0541 3740 HidUsb - ok

07:19:38.0573 3740 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:Windowssystem32kmsvc.dll

07:19:38.0588 3740 hkmsvc - ok

07:19:38.0619 3740 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:Windowssystem32ListSvc.dll

07:19:38.0635 3740 HomeGroupListener - ok

07:19:38.0713 3740 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:Windowssystem32provsvc.dll

07:19:38.0713 3740 HomeGroupProvider - ok

07:19:38.0807 3740 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

07:19:38.0807 3740 HP Support Assistant Service - ok

07:19:38.0853 3740 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe

07:19:38.0853 3740 HP Wireless Assistant Service - ok

07:19:38.0916 3740 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe

07:19:38.0947 3740 hpqwmiex - ok

07:19:38.0978 3740 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:Windowssystem32driversHpSAMD.sys

07:19:38.0978 3740 HpSAMD - ok

07:19:39.0025 3740 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe

07:19:39.0025 3740 HPWMISVC - ok

07:19:39.0072 3740 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:Windowssystem32driversHTTP.sys

07:19:39.0087 3740 HTTP - ok

07:19:39.0134 3740 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:Windowssystem32drivershwpolicy.sys

07:19:39.0134 3740 hwpolicy - ok

07:19:39.0150 3740 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:Windowssystem32DRIVERSi8042prt.sys

07:19:39.0165 3740 i8042prt - ok

07:19:39.0197 3740 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:Windowssystem32driversiaStorV.sys

07:19:39.0212 3740 iaStorV - ok

07:19:39.0275 3740 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:WindowsMicrosoft.NETFramework64v3.0Windows Communication Foundationinfocard.exe

07:19:39.0290 3740 idsvc - ok

07:19:39.0446 3740 [ A87261EF1546325B559374F5689CF5BC ] igfx C:Windowssystem32DRIVERSigdkmd64.sys

07:19:39.0602 3740 igfx - ok

07:19:39.0633 3740 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:Windowssystem32DRIVERSiirsp.sys

07:19:39.0633 3740 iirsp - ok

07:19:39.0711 3740 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:WindowsSystem32ikeext.dll

07:19:39.0743 3740 IKEEXT - ok

07:19:39.0836 3740 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:Windowssystem32driversRTKVHD64.sys

07:19:39.0852 3740 IntcAzAudAddService - ok

07:19:39.0867 3740 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:Windowssystem32driversintelide.sys

07:19:39.0867 3740 intelide - ok

07:19:39.0899 3740 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:Windowssystem32DRIVERSintelppm.sys

07:19:39.0899 3740 intelppm - ok

07:19:39.0930 3740 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:Windowssystem32ipbusenum.dll

07:19:39.0930 3740 IPBusEnum - ok

07:19:39.0961 3740 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:Windowssystem32DRIVERSipfltdrv.sys

07:19:39.0977 3740 IpFilterDriver - ok

07:19:40.0023 3740 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:Windowssystem32driversIPMIDrv.sys

07:19:40.0023 3740 IPMIDRV - ok

07:19:40.0055 3740 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:Windowssystem32driversipnat.sys

07:19:40.0070 3740 IPNAT - ok

07:19:40.0101 3740 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:Windowssystem32driversirenum.sys

07:19:40.0101 3740 IRENUM - ok

07:19:40.0117 3740 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:Windowssystem32driversisapnp.sys

07:19:40.0117 3740 isapnp - ok

07:19:40.0148 3740 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:Windowssystem32driversmsiscsi.sys

07:19:40.0148 3740 iScsiPrt - ok

07:19:40.0195 3740 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:Windowssystem32driverskbdclass.sys

07:19:40.0195 3740 kbdclass - ok

07:19:40.0226 3740 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:Windowssystem32driverskbdhid.sys

07:19:40.0226 3740 kbdhid - ok

07:19:40.0242 3740 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:Windowssystem32lsass.exe

07:19:40.0242 3740 KeyIso - ok

07:19:40.0289 3740 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:Windowssystem32Driversksecdd.sys

07:19:40.0289 3740 KSecDD - ok

07:19:40.0335 3740 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:Windowssystem32Driversksecpkg.sys

07:19:40.0351 3740 KSecPkg - ok

07:19:40.0382 3740 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:Windowssystem32driversksthunk.sys

07:19:40.0382 3740 ksthunk - ok

07:19:40.0429 3740 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:Windowssystem32msdtckrm.dll

07:19:40.0429 3740 KtmRm - ok

07:19:40.0476 3740 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:Windowssystem32srvsvc.dll

07:19:40.0491 3740 LanmanServer - ok

07:19:40.0523 3740 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:WindowsSystem32wkssvc.dll

07:19:40.0538 3740 LanmanWorkstation - ok

07:19:40.0569 3740 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:Windowssystem32DRIVERSlltdio.sys

07:19:40.0569 3740 lltdio - ok

07:19:40.0616 3740 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:WindowsSystem32lltdsvc.dll

07:19:40.0616 3740 lltdsvc - ok

07:19:40.0632 3740 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:WindowsSystem32lmhsvc.dll

07:19:40.0647 3740 lmhosts - ok

07:19:40.0694 3740 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:Windowssystem32DRIVERSlsi_fc.sys

07:19:40.0694 3740 LSI_FC - ok

07:19:40.0725 3740 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:Windowssystem32DRIVERSlsi_sas.sys

07:19:40.0725 3740 LSI_SAS - ok

07:19:40.0741 3740 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:Windowssystem32DRIVERSlsi_sas2.sys

07:19:40.0757 3740 LSI_SAS2 - ok

07:19:40.0772 3740 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:Windowssystem32DRIVERSlsi_scsi.sys

07:19:40.0772 3740 LSI_SCSI - ok

07:19:40.0803 3740 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:Windowssystem32driversluafv.sys

07:19:40.0803 3740 luafv - ok

07:19:40.0866 3740 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:Windowssystem32Mcx2Svc.dll

07:19:40.0866 3740 Mcx2Svc - ok

07:19:40.0913 3740 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:Windowssystem32DRIVERSmegasas.sys

07:19:40.0913 3740 megasas - ok

07:19:40.0944 3740 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:Windowssystem32DRIVERSMegaSR.sys

07:19:40.0959 3740 MegaSR - ok

07:19:40.0991 3740 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:Windowssystem32mmcss.dll

07:19:40.0991 3740 MMCSS - ok

07:19:41.0022 3740 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:Windowssystem32driversmodem.sys

07:19:41.0022 3740 Modem - ok

07:19:41.0037 3740 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:Windowssystem32DRIVERSmonitor.sys

07:19:41.0037 3740 monitor - ok

07:19:41.0084 3740 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:Windowssystem32DRIVERSmouclass.sys

07:19:41.0084 3740 mouclass - ok

07:19:41.0100 3740 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:Windowssystem32DRIVERSmouhid.sys

07:19:41.0100 3740 mouhid - ok

07:19:41.0147 3740 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:Windowssystem32driversmountmgr.sys

07:19:41.0147 3740 mountmgr - ok

07:19:41.0193 3740 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:Windowssystem32DRIVERSMpFilter.sys

07:19:41.0193 3740 MpFilter - ok

07:19:41.0225 3740 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:Windowssystem32driversmpio.sys

07:19:41.0240 3740 mpio - ok

07:19:41.0271 3740 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:Windowssystem32driversmpsdrv.sys

07:19:41.0287 3740 mpsdrv - ok

07:19:41.0365 3740 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:Windowssystem32mpssvc.dll

07:19:41.0381 3740 MpsSvc - ok

07:19:41.0412 3740 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:Windowssystem32driversmrxdav.sys

07:19:41.0412 3740 MRxDAV - ok

07:19:41.0459 3740 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:Windowssystem32DRIVERSmrxsmb.sys

07:19:41.0459 3740 mrxsmb - ok

07:19:41.0505 3740 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:Windowssystem32DRIVERSmrxsmb10.sys

07:19:41.0505 3740 mrxsmb10 - ok

07:19:41.0521 3740 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:Windowssystem32DRIVERSmrxsmb20.sys

07:19:41.0537 3740 mrxsmb20 - ok

07:19:41.0537 3740 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:Windowssystem32driversmsahci.sys

07:19:41.0537 3740 msahci - ok

07:19:41.0552 3740 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:Windowssystem32driversmsdsm.sys

07:19:41.0568 3740 msdsm - ok

07:19:41.0583 3740 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:WindowsSystem32msdtc.exe

07:19:41.0583 3740 MSDTC - ok

07:19:41.0630 3740 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:Windowssystem32driversMsfs.sys

07:19:41.0630 3740 Msfs - ok

07:19:41.0661 3740 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:WindowsSystem32driversmshidkmdf.sys

07:19:41.0661 3740 mshidkmdf - ok

07:19:41.0693 3740 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:Windowssystem32driversmsisadrv.sys

07:19:41.0693 3740 msisadrv - ok

07:19:41.0739 3740 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:Windowssystem32iscsiexe.dll

07:19:41.0739 3740 MSiSCSI - ok

07:19:41.0755 3740 msiserver - ok

07:19:41.0771 3740 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:Windowssystem32driversMSKSSRV.sys

07:19:41.0771 3740 MSKSSRV - ok

07:19:41.0849 3740 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:Program FilesMicrosoft Security ClientMsMpEng.exe

07:19:41.0849 3740 MsMpSvc - ok

07:19:41.0864 3740 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:Windowssystem32driversMSPCLOCK.sys

07:19:41.0880 3740 MSPCLOCK - ok

07:19:41.0880 3740 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:Windowssystem32driversMSPQM.sys

07:19:41.0880 3740 MSPQM - ok

07:19:41.0927 3740 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:Windowssystem32driversMsRPC.sys

07:19:41.0942 3740 MsRPC - ok

07:19:41.0989 3740 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:Windowssystem32driversmssmbios.sys

07:19:41.0989 3740 mssmbios - ok

07:19:42.0005 3740 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:Windowssystem32driversMSTEE.sys

07:19:42.0005 3740 MSTEE - ok

07:19:42.0020 3740 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:Windowssystem32DRIVERSMTConfig.sys

07:19:42.0020 3740 MTConfig - ok

07:19:42.0051 3740 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:Windowssystem32Driversmup.sys

07:19:42.0051 3740 Mup - ok

07:19:42.0098 3740 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:Windowssystem32qagentRT.dll

07:19:42.0098 3740 napagent - ok

07:19:42.0129 3740 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:Windowssystem32DRIVERSnwifi.sys

07:19:42.0129 3740 NativeWifiP - ok

07:19:42.0192 3740 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:Windowssystem32driversndis.sys

07:19:42.0207 3740 NDIS - ok

07:19:42.0254 3740 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:Windowssystem32DRIVERSndiscap.sys

07:19:42.0254 3740 NdisCap - ok

07:19:42.0270 3740 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:Windowssystem32DRIVERSndistapi.sys

07:19:42.0270 3740 NdisTapi - ok

07:19:42.0317 3740 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:Windowssystem32DRIVERSndisuio.sys

07:19:42.0317 3740 Ndisuio - ok

07:19:42.0363 3740 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:Windowssystem32DRIVERSndiswan.sys

07:19:42.0363 3740 NdisWan - ok

07:19:42.0410 3740 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:Windowssystem32driversNDProxy.sys

07:19:42.0410 3740 NDProxy - ok

07:19:42.0426 3740 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:Windowssystem32DRIVERSnetbios.sys

07:19:42.0426 3740 NetBIOS - ok

07:19:42.0488 3740 [ 09594D1089C523423B32A4229263F068 ] NetBT C:Windowssystem32DRIVERSnetbt.sys

07:19:42.0488 3740 NetBT - ok

07:19:42.0519 3740 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:Windowssystem32lsass.exe

07:19:42.0519 3740 Netlogon - ok

07:19:42.0566 3740 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:WindowsSystem32netman.dll

07:19:42.0566 3740 Netman - ok

07:19:42.0597 3740 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:WindowsSystem32netprofm.dll

07:19:42.0597 3740 netprofm - ok

07:19:42.0629 3740 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:WindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe

07:19:42.0644 3740 NetTcpPortSharing - ok

07:19:42.0816 3740 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:Windowssystem32DRIVERSnetw5v64.sys

07:19:42.0956 3740 netw5v64 - ok

07:19:42.0987 3740 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:Windowssystem32DRIVERSnfrd960.sys

07:19:42.0987 3740 nfrd960 - ok

07:19:43.0034 3740 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:Windowssystem32DRIVERSNisDrvWFP.sys

07:19:43.0034 3740 NisDrv - ok

07:19:43.0081 3740 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:Program FilesMicrosoft Security ClientNisSrv.exe

07:19:43.0097 3740 NisSrv - ok

07:19:43.0143 3740 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:WindowsSystem32nlasvc.dll

07:19:43.0143 3740 NlaSvc - ok

07:19:43.0284 3740 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe

07:19:43.0315 3740 NOBU - ok

07:19:43.0331 3740 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:Windowssystem32driversNpfs.sys

07:19:43.0331 3740 Npfs - ok

07:19:43.0362 3740 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:Windowssystem32nsisvc.dll

07:19:43.0362 3740 nsi - ok

07:19:43.0377 3740 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:Windowssystem32driversnsiproxy.sys

07:19:43.0377 3740 nsiproxy - ok

07:19:43.0455 3740 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:Windowssystem32driversNtfs.sys

07:19:43.0471 3740 Ntfs - ok

07:19:43.0502 3740 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:Windowssystem32driversNull.sys

07:19:43.0502 3740 Null - ok

07:19:43.0533 3740 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:Windowssystem32driversnvraid.sys

07:19:43.0533 3740 nvraid - ok

07:19:43.0549 3740 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:Windowssystem32driversnvstor.sys

07:19:43.0565 3740 nvstor - ok

07:19:43.0596 3740 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:Windowssystem32driversnv_agp.sys

07:19:43.0596 3740 nv_agp - ok

07:19:43.0643 3740 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:Windowssystem32driversohci1394.sys

07:19:43.0643 3740 ohci1394 - ok

07:19:43.0705 3740 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE

07:19:43.0705 3740 ose - ok

07:19:43.0877 3740 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:Program Files

Link to post
Share on other sites

Common FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE

07:19:44.0033 3740 osppsvc - ok

07:19:44.0079 3740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:Windowssystem32pnrpsvc.dll

07:19:44.0079 3740 p2pimsvc - ok

07:19:44.0111 3740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:Windowssystem32p2psvc.dll

07:19:44.0111 3740 p2psvc - ok

07:19:44.0142 3740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:Windowssystem32DRIVERSparport.sys

07:19:44.0142 3740 Parport - ok

07:19:44.0173 3740 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:Windowssystem32driverspartmgr.sys

07:19:44.0173 3740 partmgr - ok

07:19:44.0189 3740 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:WindowsSystem32pcasvc.dll

07:19:44.0189 3740 PcaSvc - ok

07:19:44.0220 3740 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:Windowssystem32driverspci.sys

07:19:44.0220 3740 pci - ok

07:19:44.0235 3740 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:Windowssystem32driverspciide.sys

07:19:44.0235 3740 pciide - ok

07:19:44.0267 3740 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:Windowssystem32DRIVERSpcmcia.sys

07:19:44.0282 3740 pcmcia - ok

07:19:44.0313 3740 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:Windowssystem32driverspcw.sys

07:19:44.0313 3740 pcw - ok

07:19:44.0345 3740 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:Windowssystem32driverspeauth.sys

07:19:44.0360 3740 PEAUTH - ok

07:19:44.0438 3740 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:WindowsSysWow64perfhost.exe

07:19:44.0438 3740 PerfHost - ok

07:19:44.0532 3740 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:Windowssystem32pla.dll

07:19:44.0563 3740 pla - ok

07:19:44.0625 3740 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:Windowssystem32umpnpmgr.dll

07:19:44.0641 3740 PlugPlay - ok

07:19:44.0688 3740 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:Windowssystem32pnrpauto.dll

07:19:44.0688 3740 PNRPAutoReg - ok

07:19:44.0719 3740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:Windowssystem32pnrpsvc.dll

07:19:44.0719 3740 PNRPsvc - ok

07:19:44.0766 3740 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:WindowsSystem32ipsecsvc.dll

07:19:44.0781 3740 PolicyAgent - ok

07:19:44.0813 3740 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:Windowssystem32umpo.dll

07:19:44.0828 3740 Power - ok

07:19:44.0875 3740 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:Windowssystem32DRIVERSraspptp.sys

07:19:44.0875 3740 PptpMiniport - ok

07:19:44.0906 3740 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:Windowssystem32DRIVERSprocessr.sys

07:19:44.0906 3740 Processor - ok

07:19:44.0937 3740 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:Windowssystem32profsvc.dll

07:19:44.0953 3740 ProfSvc - ok

07:19:44.0969 3740 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:Windowssystem32lsass.exe

07:19:44.0969 3740 ProtectedStorage - ok

07:19:45.0031 3740 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:Windowssystem32DRIVERSpacer.sys

07:19:45.0031 3740 Psched - ok

07:19:45.0093 3740 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:Windowssystem32DRIVERSql2300.sys

07:19:45.0125 3740 ql2300 - ok

07:19:45.0140 3740 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:Windowssystem32DRIVERSql40xx.sys

07:19:45.0140 3740 ql40xx - ok

07:19:45.0187 3740 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:Windowssystem32qwave.dll

07:19:45.0187 3740 QWAVE - ok

07:19:45.0218 3740 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:Windowssystem32driversqwavedrv.sys

07:19:45.0218 3740 QWAVEdrv - ok

07:19:45.0265 3740 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:WindowsWindowsMobilerapimgr.dll

07:19:45.0281 3740 RapiMgr - ok

07:19:45.0296 3740 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:Windowssystem32DRIVERSrasacd.sys

07:19:45.0296 3740 RasAcd - ok

07:19:45.0312 3740 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:Windowssystem32DRIVERSAgileVpn.sys

07:19:45.0327 3740 RasAgileVpn - ok

07:19:45.0327 3740 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:WindowsSystem32rasauto.dll

07:19:45.0343 3740 RasAuto - ok

07:19:45.0374 3740 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:Windowssystem32DRIVERSrasl2tp.sys

07:19:45.0390 3740 Rasl2tp - ok

07:19:45.0437 3740 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:WindowsSystem32rasmans.dll

07:19:45.0452 3740 RasMan - ok

07:19:45.0468 3740 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:Windowssystem32DRIVERSraspppoe.sys

07:19:45.0468 3740 RasPppoe - ok

07:19:45.0483 3740 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:Windowssystem32DRIVERSrassstp.sys

07:19:45.0483 3740 RasSstp - ok

07:19:45.0530 3740 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:Windowssystem32DRIVERSrdbss.sys

07:19:45.0530 3740 rdbss - ok

07:19:45.0561 3740 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:Windowssystem32DRIVERSrdpbus.sys

07:19:45.0561 3740 rdpbus - ok

07:19:45.0577 3740 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:Windowssystem32DRIVERSRDPCDD.sys

07:19:45.0577 3740 RDPCDD - ok

07:19:45.0608 3740 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:Windowssystem32driversrdpencdd.sys

07:19:45.0608 3740 RDPENCDD - ok

07:19:45.0624 3740 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:Windowssystem32driversrdprefmp.sys

07:19:45.0624 3740 RDPREFMP - ok

07:19:45.0639 3740 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:Windowssystem32driversRDPWD.sys

07:19:45.0655 3740 RDPWD - ok

07:19:45.0733 3740 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:Windowssystem32driversrdyboost.sys

07:19:45.0733 3740 rdyboost - ok

07:19:45.0780 3740 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:WindowsSystem32mprdim.dll

07:19:45.0780 3740 RemoteAccess - ok

07:19:45.0827 3740 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:Windowssystem32regsvc.dll

07:19:45.0827 3740 RemoteRegistry - ok

07:19:45.0842 3740 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:WindowsSystem32RpcEpMap.dll

07:19:45.0842 3740 RpcEptMapper - ok

07:19:45.0873 3740 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:Windowssystem32locator.exe

07:19:45.0873 3740 RpcLocator - ok

07:19:45.0920 3740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:Windowssystem32rpcss.dll

07:19:45.0936 3740 RpcSs - ok

07:19:45.0951 3740 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:Windowssystem32DRIVERSrspndr.sys

07:19:45.0967 3740 rspndr - ok

07:19:45.0998 3740 [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR C:Windowssystem32DriversRtsUStor.sys

07:19:45.0998 3740 RSUSBSTOR - ok

07:19:46.0076 3740 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:Windowssystem32DRIVERSRt64win7.sys

07:19:46.0092 3740 RTL8167 - ok

07:19:46.0123 3740 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:Program FilesRealtekRtVOsdRtVOsdService.exe

07:19:46.0139 3740 RtVOsdService - ok

07:19:46.0154 3740 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:Windowssystem32lsass.exe

07:19:46.0154 3740 SamSs - ok

07:19:46.0185 3740 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:Windowssystem32driverssbp2port.sys

07:19:46.0185 3740 sbp2port - ok

07:19:46.0217 3740 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:WindowsSystem32SCardSvr.dll

07:19:46.0217 3740 SCardSvr - ok

07:19:46.0263 3740 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:Windowssystem32DRIVERSscfilter.sys

07:19:46.0263 3740 scfilter - ok

07:19:46.0326 3740 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:Windowssystem32schedsvc.dll

07:19:46.0341 3740 Schedule - ok

07:19:46.0388 3740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:WindowsSystem32certprop.dll

07:19:46.0388 3740 SCPolicySvc - ok

07:19:46.0404 3740 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:Windowssystem32driverssdbus.sys

07:19:46.0404 3740 sdbus - ok

07:19:46.0451 3740 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:WindowsSystem32SDRSVC.dll

07:19:46.0466 3740 SDRSVC - ok

07:19:46.0497 3740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:Windowssystem32driverssecdrv.sys

07:19:46.0497 3740 secdrv - ok

07:19:46.0544 3740 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:Windowssystem32seclogon.dll

07:19:46.0560 3740 seclogon - ok

07:19:46.0575 3740 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:WindowsSystem32sens.dll

07:19:46.0591 3740 SENS - ok

07:19:46.0607 3740 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:Windowssystem32sensrsvc.dll

07:19:46.0607 3740 SensrSvc - ok

07:19:46.0622 3740 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:Windowssystem32DRIVERSserenum.sys

07:19:46.0638 3740 Serenum - ok

07:19:46.0669 3740 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:Windowssystem32DRIVERSserial.sys

07:19:46.0669 3740 Serial - ok

07:19:46.0731 3740 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:Windowssystem32DRIVERSsermouse.sys

07:19:46.0731 3740 sermouse - ok

07:19:46.0794 3740 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:Windowssystem32sessenv.dll

07:19:46.0809 3740 SessionEnv - ok

07:19:46.0841 3740 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:Windowssystem32driverssffdisk.sys

07:19:46.0856 3740 sffdisk - ok

07:19:46.0872 3740 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:Windowssystem32driverssffp_mmc.sys

07:19:46.0872 3740 sffp_mmc - ok

07:19:46.0887 3740 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:Windowssystem32driverssffp_sd.sys

07:19:46.0903 3740 sffp_sd - ok

07:19:46.0919 3740 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:Windowssystem32DRIVERSsfloppy.sys

07:19:46.0919 3740 sfloppy - ok

07:19:46.0965 3740 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:Windowssystem32DRIVERSSftfslh.sys

07:19:46.0981 3740 Sftfs - ok

07:19:47.0075 3740 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

07:19:47.0075 3740 sftlist - ok

07:19:47.0137 3740 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:Windowssystem32DRIVERSSftplaylh.sys

07:19:47.0137 3740 Sftplay - ok

07:19:47.0153 3740 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:Windowssystem32DRIVERSSftredirlh.sys

07:19:47.0153 3740 Sftredir - ok

07:19:47.0168 3740 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:Windowssystem32DRIVERSSftvollh.sys

07:19:47.0168 3740 Sftvol - ok

07:19:47.0199 3740 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

07:19:47.0199 3740 sftvsa - ok

07:19:47.0262 3740 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:WindowsSystem32shsvcs.dll

07:19:47.0262 3740 ShellHWDetection - ok

07:19:47.0293 3740 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:Windowssystem32DRIVERSSiSRaid2.sys

07:19:47.0293 3740 SiSRaid2 - ok

07:19:47.0324 3740 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:Windowssystem32DRIVERSsisraid4.sys

07:19:47.0324 3740 SiSRaid4 - ok

07:19:47.0355 3740 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:Windowssystem32DRIVERSsmb.sys

07:19:47.0371 3740 Smb - ok

07:19:47.0402 3740 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:WindowsSystem32snmptrap.exe

07:19:47.0418 3740 SNMPTRAP - ok

07:19:47.0433 3740 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:Windowssystem32driversspldr.sys

07:19:47.0433 3740 spldr - ok

07:19:47.0480 3740 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:WindowsSystem32spoolsv.exe

07:19:47.0496 3740 Spooler - ok

07:19:47.0605 3740 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:Windowssystem32sppsvc.exe

07:19:47.0699 3740 sppsvc - ok

07:19:47.0745 3740 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:Windowssystem32sppuinotify.dll

07:19:47.0745 3740 sppuinotify - ok

07:19:47.0808 3740 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:Windowssystem32DRIVERSsrv.sys

07:19:47.0808 3740 srv - ok

07:19:47.0839 3740 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:Windowssystem32DRIVERSsrv2.sys

07:19:47.0855 3740 srv2 - ok

07:19:47.0886 3740 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:Windowssystem32DRIVERSVSTAZL6.SYS

07:19:47.0886 3740 SrvHsfHDA - ok

07:19:47.0948 3740 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:Windowssystem32DRIVERSVSTDPV6.SYS

07:19:47.0964 3740 SrvHsfV92 - ok

07:19:47.0995 3740 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:Windowssystem32DRIVERSVSTCNXT6.SYS

07:19:47.0995 3740 SrvHsfWinac - ok

07:19:48.0042 3740 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:Windowssystem32DRIVERSsrvnet.sys

07:19:48.0042 3740 srvnet - ok

07:19:48.0073 3740 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:WindowsSystem32ssdpsrv.dll

07:19:48.0089 3740 SSDPSRV - ok

07:19:48.0104 3740 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:Windowssystem32sstpsvc.dll

07:19:48.0104 3740 SstpSvc - ok

07:19:48.0135 3740 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:Windowssystem32DRIVERSstexstor.sys

07:19:48.0135 3740 stexstor - ok

07:19:48.0182 3740 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:WindowsSystem32wiaservc.dll

07:19:48.0198 3740 stisvc - ok

07:19:48.0213 3740 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:Windowssystem32driversswenum.sys

07:19:48.0213 3740 swenum - ok

07:19:48.0260 3740 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:WindowsSystem32swprv.dll

07:19:48.0276 3740 swprv - ok

07:19:48.0323 3740 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:Windowssystem32DRIVERSSynTP.sys

07:19:48.0338 3740 SynTP - ok

07:19:48.0432 3740 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:Windowssystem32sysmain.dll

07:19:48.0447 3740 SysMain - ok

07:19:48.0510 3740 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:WindowsSystem32TabSvc.dll

07:19:48.0510 3740 TabletInputService - ok

07:19:48.0541 3740 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:WindowsSystem32tapisrv.dll

07:19:48.0541 3740 TapiSrv - ok

07:19:48.0572 3740 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:WindowsSystem32tbssvc.dll

07:19:48.0572 3740 TBS - ok

07:19:48.0666 3740 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:Windowssystem32driverstcpip.sys

07:19:48.0697 3740 Tcpip - ok

07:19:48.0728 3740 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:Windowssystem32DRIVERStcpip.sys

07:19:48.0744 3740 TCPIP6 - ok

07:19:48.0791 3740 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:Windowssystem32driverstcpipreg.sys

07:19:48.0791 3740 tcpipreg - ok

07:19:48.0822 3740 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:Windowssystem32driverstdpipe.sys

07:19:48.0822 3740 TDPIPE - ok

07:19:48.0869 3740 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:Windowssystem32driverstdtcp.sys

07:19:48.0869 3740 TDTCP - ok

07:19:48.0900 3740 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:Windowssystem32DRIVERStdx.sys

07:19:48.0900 3740 tdx - ok

07:19:48.0947 3740 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:Windowssystem32driverstermdd.sys

07:19:48.0947 3740 TermDD - ok

07:19:48.0993 3740 [ 2E648163254233755035B46DD7B89123 ] TermService C:WindowsSystem32termsrv.dll

07:19:49.0009 3740 TermService - ok

07:19:49.0056 3740 [ F0344071948D1A1FA732231785A0664C ] Themes C:Windowssystem32themeservice.dll

07:19:49.0056 3740 Themes - ok

07:19:49.0071 3740 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:Windowssystem32mmcss.dll

07:19:49.0071 3740 THREADORDER - ok

07:19:49.0103 3740 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:WindowsSystem32trkwks.dll

07:19:49.0103 3740 TrkWks - ok

07:19:49.0181 3740 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:WindowsservicingTrustedInstaller.exe

07:19:49.0181 3740 TrustedInstaller - ok

07:19:49.0227 3740 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:Windowssystem32DRIVERStssecsrv.sys

07:19:49.0243 3740 tssecsrv - ok

07:19:49.0274 3740 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:Windowssystem32driverstsusbflt.sys

07:19:49.0274 3740 TsUsbFlt - ok

07:19:49.0321 3740 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:Windowssystem32DRIVERStunnel.sys

07:19:49.0337 3740 tunnel - ok

07:19:49.0368 3740 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:Windowssystem32DRIVERSuagp35.sys

07:19:49.0368 3740 uagp35 - ok

07:19:49.0415 3740 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:Windowssystem32DRIVERSudfs.sys

07:19:49.0430 3740 udfs - ok

07:19:49.0477 3740 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:Windowssystem32UI0Detect.exe

07:19:49.0477 3740 UI0Detect - ok

07:19:49.0493 3740 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:Windowssystem32driversuliagpkx.sys

07:19:49.0493 3740 uliagpkx - ok

07:19:49.0524 3740 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:Windowssystem32DRIVERSumbus.sys

07:19:49.0539 3740 umbus - ok

07:19:49.0571 3740 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:Windowssystem32DRIVERSumpass.sys

07:19:49.0571 3740 UmPass - ok

07:19:49.0602 3740 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:WindowsSystem32upnphost.dll

07:19:49.0617 3740 upnphost - ok

07:19:49.0649 3740 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:Windowssystem32driversusbaudio.sys

07:19:49.0649 3740 usbaudio - ok

07:19:49.0727 3740 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:Windowssystem32DRIVERSusbccgp.sys

07:19:49.0727 3740 usbccgp - ok

07:19:49.0758 3740 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:Windowssystem32driversusbcir.sys

07:19:49.0758 3740 usbcir - ok

07:19:49.0773 3740 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:Windowssystem32DRIVERSusbehci.sys

07:19:49.0773 3740 usbehci - ok

07:19:49.0805 3740 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:Windowssystem32DRIVERSusbfilter.sys

07:19:49.0805 3740 usbfilter - ok

07:19:49.0836 3740 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:Windowssystem32DRIVERSusbhub.sys

07:19:49.0836 3740 usbhub - ok

07:19:49.0867 3740 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:Windowssystem32DRIVERSusbohci.sys

07:19:49.0867 3740 usbohci - ok

07:19:49.0898 3740 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:Windowssystem32DRIVERSusbprint.sys

07:19:49.0914 3740 usbprint - ok

07:19:49.0945 3740 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:Windowssystem32DRIVERSusbscan.sys

07:19:49.0945 3740 usbscan - ok

07:19:49.0976 3740 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:Windowssystem32DRIVERSUSBSTOR.SYS

07:19:49.0992 3740 USBSTOR - ok

07:19:50.0007 3740 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:Windowssystem32DRIVERSusbuhci.sys

07:19:50.0007 3740 usbuhci - ok

07:19:50.0054 3740 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:WindowsSystem32Driversusbvideo.sys

07:19:50.0054 3740 usbvideo - ok

07:19:50.0070 3740 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:Windowssystem32driversusb8023x.sys

07:19:50.0085 3740 usb_rndisx - ok

07:19:50.0101 3740 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:WindowsSystem32uxsms.dll

07:19:50.0117 3740 UxSms - ok

07:19:50.0132 3740 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:Windowssystem32lsass.exe

07:19:50.0132 3740 VaultSvc - ok

07:19:50.0163 3740 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:Windowssystem32driversvdrvroot.sys

07:19:50.0163 3740 vdrvroot - ok

07:19:50.0210 3740 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:WindowsSystem32vds.exe

07:19:50.0226 3740 vds - ok

07:19:50.0273 3740 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:Windowssystem32DRIVERSvgapnp.sys

07:19:50.0273 3740 vga - ok

07:19:50.0288 3740 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:WindowsSystem32driversvga.sys

07:19:50.0288 3740 VgaSave - ok

07:19:50.0335 3740 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:Windowssystem32driversvhdmp.sys

07:19:50.0335 3740 vhdmp - ok

07:19:50.0366 3740 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:Windowssystem32driversviaide.sys

07:19:50.0366 3740 viaide - ok

07:19:50.0397 3740 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:Windowssystem32driversvolmgr.sys

07:19:50.0397 3740 volmgr - ok

07:19:50.0444 3740 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:Windowssystem32driversvolmgrx.sys

07:19:50.0460 3740 volmgrx - ok

07:19:50.0491 3740 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:Windowssystem32driversvolsnap.sys

07:19:50.0507 3740 volsnap - ok

07:19:50.0538 3740 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:Windowssystem32DRIVERSvsmraid.sys

07:19:50.0553 3740 vsmraid - ok

07:19:50.0616 3740 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:Windowssystem32vssvc.exe

07:19:50.0647 3740 VSS - ok

07:19:50.0663 3740 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:Windowssystem32DRIVERSvwifibus.sys

07:19:50.0663 3740 vwifibus - ok

07:19:50.0694 3740 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:Windowssystem32DRIVERSvwififlt.sys

07:19:50.0709 3740 vwififlt - ok

07:19:50.0709 3740 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:Windowssystem32DRIVERSvwifimp.sys

07:19:50.0709 3740 vwifimp - ok

07:19:50.0741 3740 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:Windowssystem32w32time.dll

07:19:50.0756 3740 W32Time - ok

07:19:50.0787 3740 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:Windowssystem32DRIVERSwacompen.sys

07:19:50.0787 3740 WacomPen - ok

07:19:50.0834 3740 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:Windowssystem32DRIVERSwanarp.sys

07:19:50.0834 3740 WANARP - ok

07:19:50.0865 3740 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:Windowssystem32DRIVERSwanarp.sys

07:19:50.0865 3740 Wanarpv6 - ok

07:19:50.0943 3740 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:Windowssystem32WatWatAdminSvc.exe

07:19:50.0959 3740 WatAdminSvc - ok

07:19:51.0037 3740 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:Windowssystem32wbengine.exe

07:19:51.0068 3740 wbengine - ok

07:19:51.0115 3740 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:WindowsSystem32wbiosrvc.dll

07:19:51.0115 3740 WbioSrvc - ok

07:19:51.0177 3740 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:WindowsWindowsMobilewcescomm.dll

07:19:51.0177 3740 WcesComm - ok

07:19:51.0240 3740 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:WindowsSystem32wcncsvc.dll

07:19:51.0240 3740 wcncsvc - ok

07:19:51.0255 3740 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:WindowsSystem32WcsPlugInService.dll

07:19:51.0255 3740 WcsPlugInService - ok

07:19:51.0287 3740 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:Windowssystem32DRIVERSwd.sys

07:19:51.0287 3740 Wd - ok

07:19:51.0349 3740 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:Windowssystem32driversWdf01000.sys

07:19:51.0365 3740 Wdf01000 - ok

07:19:51.0380 3740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:Windowssystem32wdi.dll

07:19:51.0380 3740 WdiServiceHost - ok

07:19:51.0396 3740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:Windowssystem32wdi.dll

07:19:51.0396 3740 WdiSystemHost - ok

07:19:51.0443 3740 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:WindowsSystem32webclnt.dll

07:19:51.0458 3740 WebClient - ok

07:19:51.0489 3740 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:Windowssystem32wecsvc.dll

07:19:51.0489 3740 Wecsvc - ok

07:19:51.0521 3740 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:WindowsSystem32wercplsupport.dll

07:19:51.0521 3740 wercplsupport - ok

07:19:51.0536 3740 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:WindowsSystem32WerSvc.dll

07:19:51.0536 3740 WerSvc - ok

07:19:51.0567 3740 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:Windowssystem32DRIVERSwfplwf.sys

07:19:51.0567 3740 WfpLwf - ok

07:19:51.0583 3740 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:Windowssystem32driverswimmount.sys

07:19:51.0583 3740 WIMMount - ok

07:19:51.0599 3740 WinHttpAutoProxySvc - ok

07:19:51.0645 3740 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:Windowssystem32wbemWMIsvc.dll

07:19:51.0661 3740 Winmgmt - ok

07:19:51.0770 3740 [ BCB1310604AA415C4508708975B3931E ] WinRM C:Windowssystem32WsmSvc.dll

07:19:51.0801 3740 WinRM - ok

07:19:51.0833 3740 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:Windowssystem32DRIVERSWinUSB.sys

07:19:51.0848 3740 WinUSB - ok

07:19:51.0879 3740 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:WindowsSystem32wlansvc.dll

07:19:51.0895 3740 Wlansvc - ok

07:19:51.0957 3740 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:Program FilesWindows LiveMeshwlcrasvc.exe

07:19:51.0973 3740 wlcrasvc - ok

07:19:52.0098 3740 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

07:19:52.0145 3740 wlidsvc - ok

07:19:52.0160 3740 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:Windowssystem32driverswmiacpi.sys

07:19:52.0160 3740 WmiAcpi - ok

07:19:52.0191 3740 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:Windowssystem32wbemWmiApSrv.exe

07:19:52.0207 3740 wmiApSrv - ok

07:19:52.0223 3740 WMPNetworkSvc - ok

07:19:52.0301 3740 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm c:Program FilesZuneWMZuneComm.exe

07:19:52.0301 3740 WMZuneComm - ok

07:19:52.0332 3740 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:WindowsSystem32wpcsvc.dll

07:19:52.0332 3740 WPCSvc - ok

07:19:52.0363 3740 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:Windowssystem32wpdbusenum.dll

07:19:52.0379 3740 WPDBusEnum - ok

07:19:52.0410 3740 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:Windowssystem32driversws2ifsl.sys

07:19:52.0410 3740 ws2ifsl - ok

07:19:52.0410 3740 WSearch - ok

07:19:52.0519 3740 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:Windowssystem32wuaueng.dll

07:19:52.0581 3740 wuauserv - ok

07:19:52.0628 3740 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:Windowssystem32driversWudfPf.sys

07:19:52.0644 3740 WudfPf - ok

07:19:52.0706 3740 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:WindowsSystem32WUDFSvc.dll

07:19:52.0706 3740 wudfsvc - ok

07:19:52.0753 3740 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:WindowsSystem32wwansvc.dll

07:19:52.0769 3740 WwanSvc - ok

07:19:52.0815 3740 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:Windowssystem32DRIVERSyk62x64.sys

07:19:52.0831 3740 yukonw7 - ok

07:19:53.0049 3740 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc c:Program FilesZuneZuneNss.exe

07:19:53.0283 3740 ZuneNetworkSvc - ok

07:19:53.0346 3740 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc c:Program FilesZuneZuneWlanCfgSvc.exe

07:19:53.0346 3740 ZuneWlanCfgSvc - ok

07:19:53.0361 3740 ================ Scan global ===============================

07:19:53.0408 3740 [ BA0CD8C393E8C9F83354106093832C7B ] C:Windowssystem32basesrv.dll

07:19:53.0471 3740 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:Windowssystem32winsrv.dll

07:19:53.0486 3740 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:Windowssystem32winsrv.dll

07:19:53.0517 3740 [ D6160F9D869BA3AF0B787F971DB56368 ] C:Windowssystem32sxssrv.dll

07:19:53.0549 3740 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:Windowssystem32services.exe

07:19:53.0564 3740 [Global] - ok

07:19:53.0564 3740 ================ Scan MBR ==================================

07:19:53.0580 3740 [ E00AB69BB6E3E3576E39282962432658 ] DeviceHarddisk0DR0

07:19:53.0907 3740 DeviceHarddisk0DR0 ( TDSS File System ) - warning

07:19:53.0907 3740 DeviceHarddisk0DR0 - detected TDSS File System (1)

07:19:53.0907 3740 ================ Scan VBR ==================================

07:19:53.0923 3740 [ DEE29DA83CCBF382F01CDB40C12EF0C7 ] DeviceHarddisk0DR0Partition1

07:19:53.0923 3740 DeviceHarddisk0DR0Partition1 - ok

07:19:53.0954 3740 [ 7F34A768B4B35FEAB154A90732D8E48C ] DeviceHarddisk0DR0Partition2

07:19:53.0954 3740 DeviceHarddisk0DR0Partition2 - ok

07:19:53.0985 3740 [ 8755962A004FA13807A363AAACFAC495 ] DeviceHarddisk0DR0Partition3

07:19:54.0001 3740 DeviceHarddisk0DR0Partition3 - ok

07:19:54.0017 3740 [ E664B953FA08A6F72E60FD482C899EE1 ] DeviceHarddisk0DR0Partition4

07:19:54.0017 3740 DeviceHarddisk0DR0Partition4 - ok

07:19:54.0017 3740 ============================================================

07:19:54.0017 3740 Scan finished

07:19:54.0017 3740 ============================================================

07:19:54.0032 2696 Detected object count: 1

07:19:54.0032 2696 Actual detected object count: 1

07:20:04.0469 2696 DeviceHarddisk0DR0TDLFScmd.dll - copied to quarantine

07:20:04.0578 2696 DeviceHarddisk0DR0TDLFScmd64.dll - copied to quarantine

07:20:04.0718 2696 DeviceHarddisk0DR0TDLFSdrv32 - copied to quarantine

07:20:05.0982 2696 DeviceHarddisk0DR0TDLFSdrv64 - copied to quarantine

07:20:06.0091 2696 DeviceHarddisk0DR0TDLFSservers.dat - copied to quarantine

07:20:06.0107 2696 DeviceHarddisk0DR0TDLFSconfig.ini - copied to quarantine

07:20:06.0107 2696 DeviceHarddisk0DR0TDLFSldr16 - copied to quarantine

07:20:06.0341 2696 DeviceHarddisk0DR0TDLFSldr32 - copied to quarantine

07:20:06.0372 2696 DeviceHarddisk0DR0TDLFSldr64 - copied to quarantine

07:20:06.0387 2696 DeviceHarddisk0DR0TDLFSs - copied to quarantine

07:20:06.0403 2696 DeviceHarddisk0DR0TDLFSldrm - copied to quarantine

07:20:06.0403 2696 DeviceHarddisk0DR0TDLFSu - copied to quarantine

07:20:06.0481 2696 DeviceHarddisk0DR0TDLFSph.dll - copied to quarantine

07:20:06.0497 2696 DeviceHarddisk0DR0TDLFS - deleted

07:20:06.0497 2696 DeviceHarddisk0DR0 ( TDSS File System ) - User select action: Delete

Link to post
Share on other sites

I ran the combo fix. it produced a log, but when i tried to go into my google chrome or internet explorer to reply i was not able to. It gave me an error message saying they were deleted. i restarted my computer and it worked fine. I was not able to save the combofix log. i dont want to run it again. please advise on what to do next. thank you very much

Link to post
Share on other sites

Hello Elmer Rivera

 

I ran the combo fix. it produced a log, but when i tried to go into my google chrome or internet explorer to reply i was not able to. It gave me an error message saying they were deleted. i restarted my computer and it worked fine.

The error message you most likely received was "illegal Operation attempted on a registry key that has been marked for deletion"

 

Your programs were not deleted. This is a known (harmless) issue with combofix and a reboot solves the problem.

 

I do need to see the combofix log in order for us to continue.

 

Please navigate to C:\ComboFix.txt and post the log in your next reply.

Link to post
Share on other sites

ComboFix 12-11-27.01 - Elmer 11/27/2012 7:30.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1429 [GMT -8:00]

Running from: c:usersElmerDesktopComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:windowssvchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))

.

.

2012-11-27 05:22 . 2012-11-08 17:24 9125352 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C8F35E6A-8348-4652-BE55-11CD00D41244}mpengine.dll

2012-11-25 22:30 . 2012-11-08 17:24 9125352 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-11-21 05:58 . 2012-11-21 05:58 972192 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{26020954-D63E-469F-BC84-F61F7170C292}gapaengine.dll

2012-11-20 07:34 . 2012-11-20 07:34 -------- d-----w- c:usersElmerAppDataRoaming{90140011-0066-0409-0000-0000000FF1CE}

2012-11-20 07:34 . 2012-11-20 07:34 -------- d-----w- c:programdataVirtualized Applications

2012-11-20 05:54 . 2012-11-27 15:41 -------- d-----w- c:windowssystem32wbemrepository

2012-11-20 04:35 . 2012-11-20 04:35 -------- d-----w- c:usersElmerAppDataLocalCRE

2012-11-20 04:34 . 2012-11-20 04:39 -------- d-----w- c:usersElmerAppDataLocalConduit

2012-11-17 00:15 . 2012-11-17 00:15 -------- d-----w- c:programdata{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-11-16 19:57 . 2012-11-16 19:58 -------- d-----w- c:program files (x86)Google

2012-11-14 11:11 . 2012-07-26 04:47 2560 ----a-w- c:windowssystem32driversen-USwdf01000.sys.mui

2012-11-14 11:11 . 2012-07-26 04:55 785512 ----a-w- c:windowssystem32driversWdf01000.sys

2012-11-14 11:11 . 2012-07-26 04:55 54376 ----a-w- c:windowssystem32driversWdfLdr.sys

2012-11-14 11:11 . 2012-07-26 02:36 9728 ----a-w- c:windowssystem32Wdfres.dll

2012-11-14 11:01 . 2012-07-26 02:26 87040 ----a-w- c:windowssystem32driversWUDFPf.sys

2012-11-14 11:01 . 2012-07-26 02:26 198656 ----a-w- c:windowssystem32driversWUDFRd.sys

2012-11-14 11:01 . 2012-07-26 03:08 84992 ----a-w- c:windowssystem32WUDFSvc.dll

2012-11-14 11:01 . 2012-07-26 03:08 194048 ----a-w- c:windowssystem32WUDFPlatform.dll

2012-11-14 11:01 . 2012-07-26 03:08 45056 ----a-w- c:windowssystem32WUDFCoinstaller.dll

2012-11-14 11:01 . 2012-07-26 03:08 229888 ----a-w- c:windowssystem32WUDFHost.exe

2012-11-14 11:01 . 2012-07-26 03:08 744448 ----a-w- c:windowssystem32WUDFx.dll

2012-11-14 00:51 . 2012-11-20 05:39 -------- d-----w- c:usersElmerAppDataRoaming.minecraft

2012-10-31 15:58 . 2012-10-31 15:58 -------- d-----w- c:program files (x86)jZip

2012-10-31 15:10 . 2012-10-31 15:58 -------- d-----w- c:usersElmerAppDataLocaljZip

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 11:02 . 2011-02-25 06:46 66395536 ----a-w- c:windowssystem32MRT.exe

2012-09-24 22:32 . 2012-05-22 06:41 477168 ----a-w- c:windowsSysWow64npdeployJava1.dll

2012-09-24 22:32 . 2010-07-11 05:29 473072 ----a-w- c:windowsSysWow64deployJava1.dll

2012-09-14 19:19 . 2012-10-09 20:40 2048 ----a-w- c:windowssystem32tzres.dll

2012-09-14 18:28 . 2012-10-09 20:40 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-08-31 18:19 . 2012-10-09 20:41 1659760 ----a-w- c:windowssystem32driversntfs.sys

2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:windowssystem32driversMpFilter.sys

2012-08-31 05:03 . 2012-08-31 05:03 128456 ----a-w- c:windowssystem32driversNisDrvWFP.sys

2012-08-31 00:00 . 2012-08-31 00:00 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-31 00:00 . 2011-07-09 02:13 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-08-30 18:03 . 2012-10-09 20:41 5559664 ----a-w- c:windowssystem32ntoskrnl.exe

2012-08-30 17:12 . 2012-10-09 20:41 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-09 20:41 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

2012-07-10 01:46 351136 ----a-w- c:program files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Messenger (Yahoo!)"="c:progra~2Yahoo!MESSEN~1YahooMessenger.exe" [2011-08-22 6276408]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2010-06-17 98304]

"Microsoft Default Manager"="c:program files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2010-05-10 439568]

"Norton Online Backup"="c:program files (x86)SymantecNorton Online BackupNOBuClient.exe" [2010-06-01 1155928]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-01-04 37296]

"HP Quick Launch"="c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe" [2010-11-09 586296]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-09-17 254896]

.

c:usersElmerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

RollerCoaster Tycoon 3 Registration.lnk - c:usersElmerAppDataLocalTemp{5F237A53-1AB3-459E-9D9A-BBFFF0520F12}{907B4640-266B-4A21-92FB-CD1A86CD0F63}ATR1.exe [N/A]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2012-09-13 368896]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2010-05-07 245792]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-02-25 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-23 57184]

S2 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2010-09-20 203264]

S2 CinemaNow Service;CinemaNow Service;c:program files (x86)CinemaNowCinemaNow Media ManagerCinemanowSvc.exe [2010-05-21 140272]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624]

S2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2012-09-27 86528]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:program filesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-06-18 103992]

S2 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2010-11-09 26680]

S2 NOBU;Norton Online Backup;c:program files (x86)SymantecNorton Online BackupNOBuAgent.exe SERVICE [x]

S2 RtVOsdService;RtVOsdService Installer;c:program filesRealtekRtVOsdRtVOsdService.exe [2010-06-24 315392]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2011-06-10 539240]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:windowssystem32DRIVERSusbfilter.sys [2009-12-22 38456]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-27 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-11-16 19:57]

.

2012-11-27 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-11-16 19:57]

.

2012-11-20 c:windowsTasksHPCeeScheduleForElmer.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RTHDVCPL"="c:program filesRealtekAudioHDARtkNGUI64.exe" [2011-09-22 6489704]

"HPWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe" [2010-06-18 8192]

"Windows Mobile Device Center"="c:windowsWindowsMobilewmdc.exe" [2007-05-31 660360]

"Zune Launcher"="c:program filesZuneZuneLauncher.exe" [2011-08-05 163552]

"DLKAStatusMonitor"="c:windowssystem32spoolDRIVERSx643DLKAMUI.exe" [2009-09-06 1679360]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:windowssystem32blank.htm

mLocal Page = c:windowsSysWOW64blank.htm

IE: {{25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:program files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-47915462.sys

HKLM-Run-SynTPEnh - c:program files (x86)SynapticsSynTPSynTPEnh.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:program files (x86)InstallShield Installation Information{EE202411-2C26-49E8-9784-1BC1DBF7DE96}setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApproved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:9b,e4,c3,30,68,8d,cd,01

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)GoogleUpdate1.3.21.123GoogleCrashHandler.exe

c:program files (x86)Hewlett-PackardSharedhpqWmiEx.exe

.

**************************************************************************

.

Completion time: 2012-11-27 07:50:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-27 15:50

.

Pre-Run: 208,907,243,520 bytes free

Post-Run: 211,050,242,048 bytes free

.

- - End Of File - - 7CEE64DA42DDB92F1AA631879C913B7A

Link to post
Share on other sites

Hello Elmer Rivera

 

Thank you for the Combofix log.

 

Please work your way through the following steps:

 

  • Temporary File Cleaner

    • Download TFC to your desktop.
    • Close any open windows.
    • Right click the TFC icon and select "Run as Administrator" to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish.
    • Once complete it should automatically reboot your machine.
    • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
    • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
  • Please perform the following scan:

    • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.
    • Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
    • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
    • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
  • Please run the following scan

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the MBAM and ESET logs along with a new set of DDS logs and let me know how the machine is running in your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

 

Database version: v2012.11.29.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Elmer :: ELMER-HP [administrator]

 

Protection: Enabled

 

11/29/2012 11:39:51 AM

mbam-log-2012-11-29 (11-39-51).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223275

Time elapsed: 3 minute(s), 45 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

C:TDSSKiller_Quarantine15.10.2012_21.37.25mbr0000tdlfs0000tsk0001.dta Win64/Olmarik.AK trojan

C:TDSSKiller_Quarantine15.10.2012_21.37.25mbr0000tdlfs0000tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan

C:TDSSKiller_Quarantine27.11.2012_07.19.07tdlfs0000tsk0001.dta Win64/Olmarik.AK trojan

C:TDSSKiller_Quarantine27.11.2012_07.19.07tdlfs0000tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan

C:UsersElmerDownloadsjZipSetup-r100-w.exe Win32/Toolbar.SearchSuite application

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455

Run by Elmer at 14:50:53 on 2012-11-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1161 [GMT -8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

c:Program FilesMicrosoft Security ClientMsMpEng.exe

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32atieclxx.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program FilesRealtekAudioHDAAERTSr64.exe

C:Program Files (x86)CinemaNowCinemaNow Media ManagerCinemanowSvc.exe

C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k secsvcs

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

C:Windowssystem32taskhost.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesRealtekAudioHDARtkNGUI64.exe

C:WindowsWindowsMobilewmdc.exe

C:Program FilesZuneZuneLauncher.exe

C:WindowsSystem32spooldriversx643DLKAMUI.exe

C:Program FilesMicrosoft Security Clientmsseces.exe

C:Program Files (x86)GoogleUpdate1.3.21.123GoogleCrashHandler.exe

C:Windowssystem32svchost.exe -k WindowsMobile

C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)GoogleUpdate1.3.21.123GoogleCrashHandler64.exe

C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)Yahoo!Messengerymsgr_tray.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe

C:Program FilesRealtekRtVOsdRtVOsdService.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe

C:Program FilesRealtekRtVOsdRtVOsd.exe

C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Windowssystem32taskhost.exe

C:Program Files (x86)GoogleChromeApplicationchrome.exe

C:Program Files (x86)Windows LiveMailwlmail.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Program Files (x86)Windows LiveContactswlcomm.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll

uRun: [Messenger (Yahoo!)] "C:PROGRA~2Yahoo!MESSEN~1YahooMessenger.exe" -quiet

mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun: [Microsoft Default Manager] "C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent

StartupFolder: C:UsersElmerAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupROLLER~1.LNK - C:UsersElmerAppDataLocalTemp{5F237A53-1AB3-459E-9D9A-BBFFF0520F12}{907B4640-266B-4A21-92FB-CD1A86CD0F63}ATR1.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:Program Files (x86)AmazonAdd to Wish List IE Extensionrun.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}144545131323 : DHCPNameServer = 192.168.1.254

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}3474442343743383 : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}A4026202C402C41657E6462797 : DHCPNameServer = 192.168.1.1

TCP: Interfaces{C88B7E74-1C5E-443B-B718-E54840EF3F97}C696E6B6379737 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

x64-Run: [synTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe

x64-Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s

x64-Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden

x64-Run: [Windows Mobile Device Center] C:WindowsWindowsMobilewmdc.exe

x64-Run: [Zune Launcher] "c:Program FilesZuneZuneLauncher.exe"

x64-Run: [DLKAStatusMonitor] C:WindowsSystem32spoolDRIVERSx643DLKAMUI.exe

x64-Run: [MSC] "c:Program FilesMicrosoft Security Clientmsseces.exe" -hide -runkey

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:WindowsSystem32driversMpFilter.sys [2012-8-30 228768]

R2 AERTFilters;Andrea RT Filters Service;C:Program FilesRealtekAudioHDAAERTSr64.exe [2010-9-27 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2010-9-27 203264]

R2 CinemaNow Service;CinemaNow Service;C:Program Files (x86)CinemaNowCinemaNow Media ManagerCinemaNowSvc.exe [2010-5-21 140272]

R2 cvhsvc;Client Virtualization Handler;C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE [2012-1-4 822624]

R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2012-11-29 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-6-10 539240]

R3 Sftfs;Sftfs;C:WindowsSystem32driversSftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:WindowsSystem32driversSftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:WindowsSystem32driversSftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:WindowsSystem32driversSftvollh.sys [2011-10-1 22376]

R3 usbfilter;AMD USB Filter Driver;C:WindowsSystem32driversusbfilter.sys [2010-9-27 38456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:WindowsSystem32driversfssfltr.sys [2011-3-20 48488]

S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2011-5-13 1492840]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:WindowsSystem32driversnetw5v64.sys [2009-6-10 5434368]

S3 NisDrv;Microsoft Network Inspection System;C:WindowsSystem32driversNisDrvWFP.sys [2012-8-30 128456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:WindowsSystem32driversRtsUStor.sys [2010-9-27 245792]

S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-3-29 59392]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:WindowsSystem32driversyk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2012-11-29 19:46:18 -------- d-----w- C:Program Files (x86)ESET

2012-11-29 19:45:40 9125352 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{35C2EDB0-112F-4A0A-9797-99A94EC15516}mpengine.dll

2012-11-29 19:38:49 -------- d-----w- C:UsersElmerAppDataRoamingMalwarebytes

2012-11-29 19:38:28 -------- d-----w- C:ProgramDataMalwarebytes

2012-11-29 19:38:27 25928 ----a-w- C:WindowsSystem32driversmbam.sys

2012-11-29 19:38:27 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware

2012-11-29 19:22:42 -------- d-----w- C:UsersElmerAppDataLocal{77B4CAEE-A9A3-4E6F-BDE0-BFA58F102D04}

2012-11-28 19:33:44 9125352 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-11-28 19:29:36 -------- d-----w- C:UsersElmerAppDataLocal{6657CC84-F031-4DFF-9BA6-EC4F7199309D}

2012-11-27 21:54:35 -------- d-----w- C:UsersElmerAppDataLocal{3234CE99-1D08-4219-B5B5-699E0078C1FA}

2012-11-27 15:51:52 9125352 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{E9C7BBF2-CF4E-4C4C-B2D8-48A78A647359}mpengine.dll

2012-11-27 15:45:00 -------- d-----w- C:$RECYCLE.BIN

2012-11-27 15:27:38 98816 ----a-w- C:Windowssed.exe

2012-11-27 15:27:38 256000 ----a-w- C:WindowsPEV.exe

2012-11-27 15:27:38 208896 ----a-w- C:WindowsMBR.exe

2012-11-27 09:18:54 -------- d-----w- C:UsersElmerAppDataLocal{6821911C-C092-4808-93C1-2B653855686B}

2012-11-26 20:16:30 -------- d-----w- C:UsersElmerAppDataLocal{45985F97-4AD2-4AD1-AAAE-AA5A7432AF85}

2012-11-26 01:37:40 -------- d-----w- C:UsersElmerAppDataLocal{D3EEC676-5A50-49F1-8E2F-22936E71CCA4}

2012-11-21 18:59:16 -------- d-----w- C:UsersElmerAppDataLocal{9808CC36-9B33-4FF3-806E-E1323BBA1CCA}

2012-11-21 05:58:48 972192 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{26020954-D63E-469F-BC84-F61F7170C292}gapaengine.dll

2012-11-20 19:39:05 -------- d-----w- C:UsersElmerAppDataLocal{9572B412-363C-4765-9C3D-C1D19F095942}

2012-11-20 19:35:43 -------- d-----w- C:UsersElmerAppDataLocal{172C9C74-F775-488C-AF21-FA4D018BE492}

2012-11-20 07:34:17 -------- d-----w- C:UsersElmerAppDataRoaming{90140011-0066-0409-0000-0000000FF1CE}

2012-11-20 07:34:10 -------- d-----w- C:ProgramDataVirtualized Applications

2012-11-20 05:54:48 -------- d-----w- C:WindowsSystem32wbemrepository

2012-11-20 04:35:07 -------- d-----w- C:UsersElmerAppDataLocalCRE

2012-11-20 04:34:48 -------- d-----w- C:UsersElmerAppDataLocalConduit

2012-11-19 19:38:50 -------- d-----w- C:UsersElmerAppDataLocal{CF987E05-945B-4516-9D44-028449519D37}

2012-11-18 21:34:40 -------- d-----w- C:UsersElmerAppDataLocal{A2C155F2-6F50-4192-A914-9FA37592F130}

2012-11-18 05:51:49 -------- d-----w- C:UsersElmerAppDataLocal{92E83760-9C6B-403F-A19B-0FA823AD90AF}

2012-11-17 00:15:10 -------- d-----w- C:ProgramData{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-11-16 19:53:38 -------- d-----w- C:UsersElmerAppDataLocal{125F893A-D719-424D-A006-F04CAA51FCE5}

2012-11-14 19:46:51 -------- d-----w- C:UsersElmerAppDataLocal{CDF3DE25-283C-4604-81A7-09519529E5C1}

2012-11-14 11:11:03 2560 ----a-w- C:WindowsSystem32driversen-USwdf01000.sys.mui

2012-11-14 11:11:02 9728 ----a-w- C:WindowsSystem32Wdfres.dll

2012-11-14 11:11:02 785512 ----a-w- C:WindowsSystem32driversWdf01000.sys

2012-11-14 11:11:02 54376 ----a-w- C:WindowsSystem32driversWdfLdr.sys

2012-11-14 11:01:08 87040 ----a-w- C:WindowsSystem32driversWUDFPf.sys

2012-11-14 11:01:08 198656 ----a-w- C:WindowsSystem32driversWUDFRd.sys

2012-11-14 11:01:06 84992 ----a-w- C:WindowsSystem32WUDFSvc.dll

2012-11-14 11:01:06 194048 ----a-w- C:WindowsSystem32WUDFPlatform.dll

2012-11-14 11:01:04 45056 ----a-w- C:WindowsSystem32WUDFCoinstaller.dll

2012-11-14 11:01:03 744448 ----a-w- C:WindowsSystem32WUDFx.dll

2012-11-14 11:01:03 229888 ----a-w- C:WindowsSystem32WUDFHost.exe

2012-11-14 00:51:28 -------- d-----w- C:UsersElmerAppDataRoaming.minecraft

2012-11-13 20:33:50 -------- d-----w- C:UsersElmerAppDataLocal{4D7FB9E9-3B8F-4202-B8D8-71D84F156A34}

2012-11-12 18:25:40 -------- d-----w- C:UsersElmerAppDataLocal{56698DF5-D8D7-484D-ACD6-14CBA1FF2D7C}

2012-11-12 00:03:15 -------- d-----w- C:UsersElmerAppDataLocal{84D52CF5-DBE8-46BA-AFB3-B8151F945C2B}

2012-11-10 05:08:32 -------- d-----w- C:UsersElmerAppDataLocal{138BEA05-1AE2-4F71-A6F9-282C6E91FE83}

2012-11-09 17:08:08 -------- d-----w- C:UsersElmerAppDataLocal{570C15F2-F458-4609-8E1F-05B230821A91}

2012-11-08 18:20:08 -------- d-----w- C:UsersElmerAppDataLocal{9F8DAB3B-F077-4004-AD9A-00CD28B81A55}

2012-11-07 18:16:46 -------- d-----w- C:UsersElmerAppDataLocal{05E288CB-6855-42D4-87EF-9CC9C03C4974}

2012-11-06 14:41:05 -------- d-----w- C:UsersElmerAppDataLocal{2D5B3F73-13D2-42CF-975C-E59A0EDB2335}

2012-11-05 14:57:51 -------- d-----w- C:UsersElmerAppDataLocal{457F7888-D3E3-4417-AA28-474836570495}

2012-11-02 15:17:17 -------- d-----w- C:UsersElmerAppDataLocal{21A45141-05DE-4C40-AF2E-2FBE78EDBDAB}

2012-11-01 22:32:04 -------- d-----w- C:UsersElmerAppDataLocal{C70DC0DA-A06A-4752-868A-1389A3D09B92}

2012-11-01 02:08:08 -------- d-----w- C:UsersElmerAppDataLocal{647018D7-BE1E-4461-B458-C6A040C031BE}

2012-10-31 15:58:02 -------- d-----w- C:Program Files (x86)jZip

2012-10-31 15:10:36 -------- d-----w- C:UsersElmerAppDataLocaljZip

2012-10-31 11:06:13 -------- d-----w- C:UsersElmerAppDataLocal{2ACC1334-D7D5-4B43-8888-4A51135F8D81}

.

==================== Find3M ====================

.

2012-10-18 18:25:58 3149824 ----a-w- C:WindowsSystem32win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:WindowsapppatchAppPatch64AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:WindowsapppatchAppPatch64AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:WindowsapppatchAcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:WindowsSystem32dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:WindowsSystem32dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:WindowsSysWow64dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:WindowsSysWow64dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:WindowsSystem32vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:WindowsSysWow64vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:WindowsSystem32driverstcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:WindowsSystem32nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:WindowsSystem32nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:WindowsSystem32netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:WindowsSystem32netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:WindowsSystem32ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:WindowsSystem32iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:WindowsSysWow64netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:WindowsSysWow64netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:WindowsSysWow64ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:WindowsSystem32driverstcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:WindowsSysWow64synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:WindowsSystem32synceng.dll

2012-09-24 22:32:24 477168 ----a-w- C:WindowsSysWow64npdeployJava1.dll

2012-09-24 22:32:20 473072 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-09-14 19:19:29 2048 ----a-w- C:WindowsSystem32tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:WindowsSysWow64tzres.dll

.

============= FINISH: 14:53:01.48 ===============

Link to post
Share on other sites

Hello Elmer Rivera

 

Lets take care of those ESET detections now:

 

  • Please search for and delete the following files and folders

  • NOTE: DO NOT double click on ANY executable (.exe) files in the next step!!!
  • Right-click your "Start" button and select "Explore".
  • Navigate to and delete the following files/folders in bold.

C:\TDSSKiller_Quarantine <==== Delete this folder.

 

C:\Users\Elmer\Downloads\jZipSetup-r100-w.exe <==== Delete this file.

Once you have deleted the items above Empty your Recycle Bin.

 

Your latest DDS log appears to be clean.

 

How is the machine running at the moment?

 

Link to post
Share on other sites

Hello Elmer Rivera

 

If the machine is back to normal we can remove our tools:

 

  • Please Uninstall Combofix

    • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
    • A Run box will open.
    • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
  • Removal of Tools

    • You no longer need DDS, aswMBR or TDSSKiller. Please delete them from your machine.
    • As for MBAM, you should keep it updated and scan your machine once a week. Its a great utility.
    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...