12 replies to this topic

[cordelia]

Hello,
Yesterday I managed to come down with an ugly mass of malware including Smart Fortress 2012. I downloaded MalwareBytes which thankfully got my computer running again, but is still giving me repeated warnings about blocking Rootkit 0Access.H. Everytime I scan, I find another bunch of the rootkits. Here are my DDS logs:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Sophia at 23:37:53 on 2012-04-30
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.80 [GMT -7:00]
.
AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
C:\windows\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\System32\AsusService.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\taskhost.exe
C:\Users\Sophia\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\windows\system32\conhost.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\conhost.exe
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\conhost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [googletalk] c:\users\sophia\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\sophia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey~1.lnk - c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{b8a2256e-6225-4d9e-b1c9-c26ca1e22feb}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmchlang.lnk - c:\program files\trend micro\internet security\TmChLang.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\24C454E4A502552434 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\742796E646 : DhcpNameServer = 192.168.1.1 64.59.150.134
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\751667563734F666665656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{853186AB-46C4-45FE-B101-4168BC3608D6} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{F3DE0D00-0A55-4134-BAD8-1F1FA770FF7B} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-5 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-5 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-5 53328]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-6 29472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2012-05-01 06:32:29 388096 ----a-r- c:\users\sophia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-01 06:32:28 -------- d-----w- c:\program files\Trend Micro
2012-05-01 06:22:15 54016 ----a-w- c:\windows\system32\drivers\jxgc.sys
2012-04-30 15:53:45 -------- d-----w- c:\users\sophia\appdata\local\{F86687B7-AB8A-4FD4-9535-43E43B885297}
2012-04-30 15:52:36 -------- d-----w- c:\users\sophia\appdata\local\{55A5E1F2-E45A-4C22-9824-DDB986C07951}
2012-04-30 06:37:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 06:29:43 -------- d-----w- c:\users\sophia\appdata\local\{C2D573D6-F57C-45A5-AA3B-FC96F238D57E}
2012-04-30 05:54:23 -------- d-----w- c:\users\sophia\appdata\roaming\Malwarebytes
2012-04-30 05:53:57 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 05:53:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 05:53:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 04:19:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-30 04:19:53 -------- d-----w- c:\program files\common files\PC Tools
2012-04-30 04:19:50 -------- d-----w- c:\program files\PC Tools
2012-04-30 04:15:21 -------- d-----w- c:\programdata\PC Tools
2012-04-30 04:15:12 -------- d-----w- c:\users\sophia\appdata\roaming\TestApp
2012-04-30 04:10:29 87552 ----a-w- c:\programdata\JByNm7Ot.exe
2012-04-30 03:50:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-30 03:49:43 -------- d-----w- c:\program files\common files\Media
2012-04-30 03:49:37 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE
2012-04-27 21:01:17 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38bc171e-8ac5-4f99-8e67-a1c16fba402c}\mpengine.dll
2012-04-12 13:42:42 -------- d-----w- c:\users\sophia\appdata\local\{4790FD7E-E933-47BB-A5ED-236E5AB64449}
2012-04-11 14:13:43 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 14:13:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 14:13:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 14:13:41 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 14:12:45 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 14:12:40 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 20:48:23 -------- d-----w- c:\users\sophia\appdata\roaming\OpenOffice.org
.
==================== Find3M ====================
.
2012-04-30 06:37:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 04:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-03 00:00:00 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 17:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:41:04.07 ===============

Thank you very much!

Attached Files

•  Attach.txt   27.19K   14 downloads

[Maniac]

Hello cordelia and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Step 1

Please uninstall µTorrent, because of our policy:
http://forums.malwar...showtopic=97700


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[cordelia]

Hi Maniac,
Thank you so much for your help. I have decided to try and remove the Rootkits before reformatting...I followed your instructions and attached my logs.

For the TDSSKiller, none of the three processes found could be cured so I skipped them all. I have attached the log.

For MalwareBytes, I followed your instructions and removed the one process found. Here is the log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Sophia :: JONAS-NET [administrator]

Protection: Enabled

01/05/2012 7:37:10 PM
mbam-log-2012-05-01 (19-37-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223956
Time elapsed: 17 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\backupexecrpcservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

MalwareBytes has given me warnings about the following processes in the past couple hours - after I had already scanned, removed, and restarted.

C:\WINDOWS\SYSTEM32\SYMMPI.DLL
ROOTKIT.0ACCESS.H

C:\WINDOWS\SYSTEM32\VX1000.DLL
ROOTKIT.0ACCESS.H

C:\WINDOWS\SYSTEM32\CDRBSDRV.DLL
ROOTKIT.0ACCESS.H
I chose to quarantine all these files, but clearly something is still at work on my computer.

Here is the DDS log (I have attached the other one):
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Sophia at 20:54:23 on 2012-05-01
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.203 [GMT -7:00]
.
AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
C:\windows\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\System32\spoolsv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\notepad.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\taskmgr.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Opera\opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
C:\ProgramData\JByNm7Ot.exe
C:\windows\system32\conhost.exe
C:\ProgramData\JByNm7Ot.exe
C:\ProgramData\JByNm7Ot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\BingBar\BingBar.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft\BingBar\BingApp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex

\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer

\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared

\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live

\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar

\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting

\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [googletalk] c:\users\sophia\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\sophia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files

\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe

\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey~1.lnk - c:\program files\eeepc\hotkeyservice

\HotKeyMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{b8a2256e-6225-

4d9e-b1c9-c26ca1e22feb}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmchlang.lnk - c:\program files\trend micro\internet

security\TmChLang.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live

\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:

\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars

\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars

\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:

\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\24C454E4A502552434 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\742796E646 : DhcpNameServer = 192.168.1.1 64.59.150.134
TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\751667563734F666665656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{853186AB-46C4-45FE-B101-4168BC3608D6} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{F3DE0D00-0A55-4134-BAD8-1F1FA770FF7B} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery

\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-01 16:12:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-01 06:32:29 388096 ----a-r- c:\users\sophia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4

-12fcba4883d7}\HiJackThis.exe
2012-05-01 06:32:28 -------- d-----w- c:\program files\Trend Micro
2012-04-30 15:53:45 -------- d-----w- c:\users\sophia\appdata\local\{F86687B7-AB8A-4FD4-9535-43E43B885297}
2012-04-30 15:52:36 -------- d-----w- c:\users\sophia\appdata\local\{55A5E1F2-E45A-4C22-9824-DDB986C07951}
2012-04-30 06:37:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 06:29:43 -------- d-----w- c:\users\sophia\appdata\local\{C2D573D6-F57C-45A5-AA3B-FC96F238D57E}
2012-04-30 05:54:23 -------- d-----w- c:\users\sophia\appdata\roaming\Malwarebytes
2012-04-30 05:53:57 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 05:53:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 05:53:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 04:19:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-30 04:19:53 -------- d-----w- c:\program files\common files\PC Tools
2012-04-30 04:19:50 -------- d-----w- c:\program files\PC Tools
2012-04-30 04:15:21 -------- d-----w- c:\programdata\PC Tools
2012-04-30 04:15:12 -------- d-----w- c:\users\sophia\appdata\roaming\TestApp
2012-04-30 04:10:29 87552 ----a-w- c:\programdata\JByNm7Ot.exe
2012-04-30 03:50:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-30 03:49:43 -------- d-----w- c:\program files\common files\Media
2012-04-30 03:49:37 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE
2012-04-27 21:01:17 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38bc171e-8ac5-

4f99-8e67-a1c16fba402c}\mpengine.dll
2012-04-12 13:42:42 -------- d-----w- c:\users\sophia\appdata\local\{4790FD7E-E933-47BB-A5ED-236E5AB64449}
2012-04-11 14:13:43 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 14:13:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 14:13:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 14:13:41 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 14:12:45 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 14:12:40 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 20:48:23 -------- d-----w- c:\users\sophia\appdata\roaming\OpenOffice.org
.
==================== Find3M ====================
.
2012-04-30 06:37:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 04:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-03 00:00:00 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 17:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:59:14.12 ===============

Thank you very much for your help!

 TDSSKiller.2.7.33.0_01.05.2012_09.07.15_log.txt   227.34K   13 downloads  Attach.txt   22.88K   9 downloads

[Maniac]

Please don't attach your log files. I have a problem with TDSSKiller log. Please post them.

[cordelia]

Hi Maniac,

I couldn't post my TDSS log because the forum kept telling me that the post was too long, or my browser would freeze when I posted it. I'll try to post it over multiple posts, then. Sorry for the inconvenience.

TDSS Log, part 1:

09:07:15.0698 1036 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
09:07:17.0609 1036 ============================================================
09:07:17.0610 1036 Current date / time: 2012/05/01 09:07:17.0609
09:07:17.0610 1036 SystemInfo:
09:07:17.0610 1036
09:07:17.0610 1036 OS Version: 6.1.7600 ServicePack: 0.0
09:07:17.0610 1036 Product type: Workstation
09:07:17.0611 1036 ComputerName: JONAS-NET
09:07:17.0611 1036 UserName: Sophia
09:07:17.0611 1036 Windows directory: C:\windows
09:07:17.0611 1036 System windows directory: C:\windows
09:07:17.0612 1036 Processor architecture: Intel x86
09:07:17.0612 1036 Number of processors: 2
09:07:17.0612 1036 Page size: 0x1000
09:07:17.0612 1036 Boot type: Normal boot
09:07:17.0612 1036 ============================================================
09:07:20.0133 1036 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:07:20.0150 1036 ============================================================
09:07:20.0150 1036 \Device\Harddisk0\DR0:
09:07:20.0151 1036 MBR partitions:
09:07:20.0151 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
09:07:20.0151 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xF5BC800
09:07:20.0151 1036 ============================================================
09:07:20.0208 1036 C: <-> \Device\Harddisk0\DR0\Partition0
09:07:20.0311 1036 D: <-> \Device\Harddisk0\DR0\Partition1
09:07:20.0311 1036 ============================================================
09:07:20.0311 1036 Initialize success
09:07:20.0311 1036 ============================================================
09:07:44.0631 7864 ============================================================
09:07:44.0631 7864 Scan started
09:07:44.0631 7864 Mode: Manual; SigCheck; TDLFS;
09:07:44.0631 7864 ============================================================
09:07:52.0021 7864 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
09:07:54.0416 7864 1394ohci - ok
09:07:55.0095 7864 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
09:07:55.0651 7864 ACPI - ok
09:07:55.0783 7864 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
09:07:56.0279 7864 AcpiPmi - ok
09:07:58.0794 7864 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:07:58.0886 7864 AdobeFlashPlayerUpdateSvc - ok
09:07:59.0427 7864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
09:07:59.0808 7864 adp94xx - ok
09:08:01.0224 7864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
09:08:02.0482 7864 adpahci - ok
09:08:02.0813 7864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
09:08:02.0899 7864 adpu320 - ok
09:08:04.0397 7864 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
09:08:04.0936 7864 AeLookupSvc - ok
09:08:05.0606 7864 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
09:08:06.0042 7864 AFD - ok
09:08:06.0123 7864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
09:08:06.0265 7864 agp440 - ok
09:08:06.0494 7864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
09:08:06.0668 7864 aic78xx - ok
09:08:07.0050 7864 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
09:08:07.0297 7864 ALG - ok
09:08:07.0473 7864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
09:08:07.0525 7864 aliide - ok
09:08:07.0575 7864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
09:08:07.0628 7864 amdagp - ok
09:08:07.0781 7864 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
09:08:07.0828 7864 amdide - ok
09:08:07.0887 7864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
09:08:08.0375 7864 AmdK8 - ok
09:08:08.0569 7864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
09:08:08.0692 7864 AmdPPM - ok
09:08:08.0911 7864 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
09:08:09.0018 7864 amdsata - ok
09:08:09.0489 7864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
09:08:09.0568 7864 amdsbs - ok
09:08:09.0689 7864 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
09:08:09.0798 7864 amdxata - ok
09:08:09.0931 7864 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
09:08:10.0220 7864 AppID - ok
09:08:10.0277 7864 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
09:08:10.0979 7864 AppIDSvc - ok
09:08:12.0756 7864 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
09:08:13.0727 7864 Appinfo - ok
09:08:14.0317 7864 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:08:14.0424 7864 Apple Mobile Device - ok
09:08:14.0673 7864 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
09:08:14.0750 7864 arc - ok
09:08:15.0305 7864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
09:08:15.0518 7864 arcsas - ok
09:08:15.0615 7864 arkbcfltr - ok
09:08:15.0652 7864 arrayssl_vpn_service3,0,1,9 - ok
09:08:16.0143 7864 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
09:08:16.0348 7864 AsusService ( UnsignedFile.Multi.Generic ) - warning
09:08:16.0348 7864 AsusService - detected UnsignedFile.Multi.Generic (1)
09:08:16.0501 7864 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\windows\system32\DRIVERS\aswFsBlk.sys
09:08:18.0459 7864 aswFsBlk - ok
09:08:18.0560 7864 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\windows\system32\DRIVERS\aswMonFlt.sys
09:08:18.0706 7864 aswMonFlt - ok
09:08:18.0775 7864 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\windows\system32\drivers\aswRdr.sys
09:08:18.0852 7864 aswRdr - ok
09:08:19.0263 7864 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\windows\system32\drivers\aswSP.sys
09:08:19.0375 7864 aswSP - ok
09:08:19.0478 7864 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\windows\system32\drivers\aswTdi.sys
09:08:19.0519 7864 aswTdi - ok
09:08:19.0576 7864 aswUpdSv (5debc3519d489411073fa7e56ffb4a93) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
09:08:19.0672 7864 aswUpdSv - ok
09:08:19.0730 7864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
09:08:20.0512 7864 AsyncMac - ok
09:08:20.0662 7864 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
09:08:20.0708 7864 atapi - ok
09:08:21.0381 7864 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
09:08:21.0681 7864 athr - ok
09:08:22.0244 7864 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
09:08:22.0504 7864 AudioEndpointBuilder - ok
09:08:22.0528 7864 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
09:08:22.0687 7864 Audiosrv - ok
09:08:22.0895 7864 avast! Antivirus (0aaf6b848185899cf76ae04e62eab3d2) C:\Program Files\Alwil Software\Avast4\ashServ.exe
09:08:22.0955 7864 avast! Antivirus - ok
09:08:23.0020 7864 avast! Mail Scanner (b2f564dc59b67763c73269e1a9da7f18) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
09:08:23.0095 7864 avast! Mail Scanner - ok
09:08:23.0399 7864 avast! Web Scanner (d86010c96abadda75356834d6113d37d) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
09:08:23.0464 7864 avast! Web Scanner - ok
09:08:23.0525 7864 avg7updsvc - ok
09:08:23.0686 7864 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
09:08:23.0993 7864 AxInstSV - ok
09:08:24.0833 7864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
09:08:25.0130 7864 b06bdrv - ok
09:08:25.0403 7864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
09:08:25.0517 7864 b57nd60x - ok
09:08:25.0882 7864 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:08:26.0023 7864 BBSvc - ok
09:08:26.0236 7864 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:08:26.0466 7864 BBUpdate - ok
09:08:26.0766 7864 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
09:08:27.0078 7864 BDESVC - ok
09:08:27.0118 7864 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
09:08:27.0261 7864 Beep - ok
09:08:27.0689 7864 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll
09:08:28.0172 7864 BITS - ok
09:08:28.0250 7864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
09:08:28.0456 7864 blbdrive - ok
09:08:28.0749 7864 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
09:08:28.0841 7864 Bonjour Service - ok
09:08:29.0010 7864 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
09:08:29.0186 7864 bowser - ok
09:08:29.0280 7864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
09:08:29.0429 7864 BrFiltLo - ok
09:08:29.0457 7864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
09:08:29.0551 7864 BrFiltUp - ok
09:08:29.0727 7864 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
09:08:29.0972 7864 Browser - ok
09:08:30.0076 7864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
09:08:30.0200 7864 Brserid - ok
09:08:30.0298 7864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
09:08:30.0450 7864 BrSerWdm - ok
09:08:30.0490 7864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
09:08:30.0565 7864 BrUsbMdm - ok
09:08:30.0612 7864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
09:08:30.0695 7864 BrUsbSer - ok
09:08:30.0779 7864 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
09:08:30.0887 7864 BthEnum - ok
09:08:30.0956 7864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
09:08:31.0029 7864 BTHMODEM - ok
09:08:31.0276 7864 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
09:08:31.0378 7864 BthPan - ok
09:08:31.0739 7864 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
09:08:31.0917 7864 BTHPORT - ok
09:08:32.0184 7864 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
09:08:32.0337 7864 bthserv - ok
09:08:32.0472 7864 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
09:08:32.0538 7864 BTHUSB - ok
09:08:32.0703 7864 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
09:08:32.0768 7864 btwaudio - ok
09:08:32.0843 7864 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
09:08:32.0887 7864 btwavdt - ok
09:08:33.0320 7864 btwdins (f7434401ae320bb97903a3c1865242fb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:08:33.0477 7864 btwdins - ok
09:08:33.0538 7864 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
09:08:33.0578 7864 btwl2cap - ok
09:08:33.0634 7864 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
09:08:33.0669 7864 btwrchid - ok
09:08:33.0779 7864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
09:08:33.0940 7864 cdfs - ok
09:08:34.0076 7864 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
09:08:34.0196 7864 cdrom - ok
09:08:34.0329 7864 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
09:08:34.0511 7864 CertPropSvc - ok
09:08:34.0603 7864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
09:08:34.0686 7864 circlass - ok
09:08:34.0810 7864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
09:08:34.0890 7864 CLFS - ok
09:08:35.0113 7864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:08:35.0170 7864 clr_optimization_v2.0.50727_32 - ok
09:08:35.0418 7864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:08:35.0580 7864 clr_optimization_v4.0.30319_32 - ok
09:08:35.0658 7864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
09:08:35.0760 7864 CmBatt - ok
09:08:35.0855 7864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
09:08:35.0901 7864 cmdide - ok
09:08:36.0080 7864 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
09:08:36.0198 7864 CNG - ok
09:08:36.0276 7864 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
09:08:36.0325 7864 Compbatt - ok
09:08:36.0435 7864 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
09:08:36.0519 7864 CompositeBus - ok
09:08:36.0549 7864 COMSysApp - ok
09:08:36.0636 7864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
09:08:36.0701 7864 crcdisk - ok
09:08:37.0002 7864 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
09:08:37.0243 7864 CryptSvc - ok
09:08:37.0377 7864 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
09:08:37.0490 7864 ctxusbm - ok
09:08:37.0673 7864 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
09:08:37.0864 7864 DcomLaunch - ok
09:08:38.0098 7864 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
09:08:38.0421 7864 defragsvc - ok
09:08:38.0586 7864 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
09:08:38.0738 7864 DfsC - ok
09:08:38.0960 7864 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
09:08:39.0231 7864 Dhcp - ok
09:08:39.0350 7864 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
09:08:39.0534 7864 discache - ok
09:08:39.0680 7864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
09:08:39.0729 7864 Disk - ok
09:08:40.0056 7864 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
09:08:40.0171 7864 Dnscache - ok
09:08:40.0334 7864 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
09:08:40.0515 7864 dot3svc - ok
09:08:40.0712 7864 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
09:08:40.0838 7864 DPS - ok
09:08:40.0916 7864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
09:08:41.0041 7864 drmkaud - ok
09:08:41.0681 7864 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
09:08:41.0796 7864 DXGKrnl - ok
09:08:41.0828 7864 DynDNS_Updater_Service - ok
09:08:42.0232 7864 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
09:08:42.0396 7864 EapHost - ok
09:08:45.0343 7864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
09:08:45.0667 7864 ebdrv - ok
09:08:46.0786 7864 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
09:08:46.0891 7864 EFS - ok
09:08:47.0282 7864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
09:08:47.0400 7864 elxstor - ok
09:08:47.0422 7864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
09:08:47.0488 7864 ErrDev - ok
09:08:47.0690 7864 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
09:08:47.0846 7864 EventSystem - ok
09:08:48.0014 7864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
09:08:48.0154 7864 exfat - ok
09:08:48.0188 7864 fallback - ok
09:08:48.0244 7864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
09:08:48.0409 7864 fastfat - ok
09:08:48.0784 7864 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
09:08:49.0000 7864 Fax - ok
09:08:49.0083 7864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
09:08:49.0206 7864 fdc - ok
09:08:49.0236 7864 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
09:08:49.0405 7864 fdPHost - ok
09:08:49.0473 7864 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
09:08:49.0644 7864 FDResPub - ok
09:08:49.0900 7864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
09:08:50.0011 7864 FileInfo - ok
09:08:50.0108 7864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
09:08:50.0226 7864 Filetrace - ok
09:08:50.0260 7864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
09:08:50.0343 7864 flpydisk - ok
09:08:50.0452 7864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
09:08:50.0512 7864 FltMgr - ok
09:08:52.0004 7864 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
09:08:52.0269 7864 FontCache - ok
09:08:52.0460 7864 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:08:52.0520 7864 FontCache3.0.0.0 - ok
09:08:52.0617 7864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
09:08:52.0743 7864 FsDepends - ok
09:08:52.0855 7864 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys
09:08:52.0896 7864 fssfltr - ok
09:08:54.0177 7864 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:08:54.0374 7864 fsssvc - ok
09:08:54.0935 7864 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
09:08:54.0983 7864 Fs_Rec - ok
09:08:55.0091 7864 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\windows\system32\drivers\ftdibus.sys
09:08:55.0155 7864 FTDIBUS - ok
09:08:55.0212 7864 ftsata2 - ok
09:08:55.0325 7864 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\windows\system32\drivers\ftser2k.sys
09:08:55.0379 7864 FTSER2K - ok
09:08:55.0559 7864 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
09:08:55.0629 7864 fvevol - ok
09:08:55.0715 7864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
09:08:55.0762 7864 gagp30kx - ok
09:08:55.0805 7864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:08:55.0846 7864 GEARAspiWDM - ok
09:08:56.0104 7864 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
09:08:56.0273 7864 gpsvc - ok
09:08:56.0499 7864 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
09:08:56.0544 7864 gupdate - ok
09:08:56.0615 7864 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
09:08:56.0660 7864 gupdatem - ok
09:08:56.0774 7864 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:08:56.0841 7864 gusvc - ok
09:08:56.0872 7864 hcf_msft - ok
09:08:56.0922 7864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
09:08:57.0156 7864 hcw85cir - ok
09:08:57.0366 7864 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
09:08:57.0483 7864 HdAudAddService - ok
09:08:57.0683 7864 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
09:08:57.0810 7864 HDAudBus - ok
09:08:57.0901 7864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
09:08:58.0009 7864 HidBatt - ok
09:08:58.0103 7864 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
09:08:58.0213 7864 HidBth - ok
09:08:58.0262 7864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
09:08:58.0362 7864 HidIr - ok
09:08:58.0432 7864 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
09:08:58.0553 7864 hidserv - ok
09:08:58.0633 7864 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
09:08:58.0730 7864 HidUsb - ok
09:08:58.0784 7864 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
09:08:58.0932 7864 hkmsvc - ok
09:08:58.0978 7864 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
09:08:59.0140 7864 HomeGroupListener - ok
09:08:59.0367 7864 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
09:08:59.0462 7864 HomeGroupProvider - ok
09:08:59.0531 7864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
09:08:59.0586 7864 HpSAMD - ok
09:08:59.0670 7864 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
09:08:59.0838 7864 HTTP - ok
09:08:59.0878 7864 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
09:08:59.0926 7864 hwpolicy - ok
09:09:00.0109 7864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
09:09:00.0195 7864 i8042prt - ok
09:09:00.0269 7864 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
09:09:00.0390 7864 iaStor - ok
09:09:00.0664 7864 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
09:09:00.0748 7864 iaStorV - ok
09:09:00.0949 7864 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:09:01.0075 7864 idsvc - ok
09:09:01.0634 7864 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
09:09:02.0005 7864 igfx - ok
09:09:02.0163 7864 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
09:09:02.0216 7864 iirsp - ok
09:09:02.0329 7864 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
09:09:02.0525 7864 IKEEXT - ok
09:09:02.0970 7864 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys
09:09:03.0272 7864 IntcAzAudAddService - ok
09:09:03.0436 7864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
09:09:03.0487 7864 intelide - ok
09:09:03.0537 7864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
09:09:03.0608 7864 intelppm - ok
09:09:03.0665 7864 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
09:09:03.0807 7864 IPBusEnum - ok
09:09:03.0833 7864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
09:09:03.0956 7864 IpFilterDriver - ok
09:09:04.0000 7864 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
09:09:04.0078 7864 IPMIDRV - ok
09:09:04.0125 7864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
09:09:04.0257 7864 IPNAT - ok
09:09:04.0377 7864 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
09:09:04.0471 7864 iPod Service - ok
09:09:04.0514 7864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
09:09:04.0653 7864 IRENUM - ok
09:09:04.0702 7864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
09:09:04.0751 7864 isapnp - ok
09:09:04.0911 7864 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
09:09:05.0005 7864 iScsiPrt - ok
09:09:05.0080 7864 itmrtsvc - ok
09:09:05.0133 7864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
09:09:05.0191 7864 kbdclass - ok
09:09:05.0225 7864 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
09:09:05.0300 7864 kbdhid - ok
09:09:05.0344 7864 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
09:09:05.0413 7864 kbfiltr - ok
09:09:05.0472 7864 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
09:09:05.0531 7864 KeyIso - ok
09:09:05.0568 7864 klif - ok
09:09:06.0512 7864 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
09:09:06.0622 7864 Kodak AiO Network Discovery Service - ok
09:09:06.0826 7864 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
09:09:06.0941 7864 KSecDD - ok
09:09:07.0160 7864 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
09:09:07.0305 7864 KSecPkg - ok
09:09:07.0580 7864 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
09:09:07.0822 7864 KtmRm - ok
09:09:08.0001 7864 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
09:09:08.0113 7864 L1C - ok
09:09:08.0475 7864 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll
09:09:08.0603 7864 LanmanServer - ok
09:09:08.0784 7864 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
09:09:08.0978 7864 LanmanWorkstation - ok
09:09:09.0098 7864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
09:09:09.0216 7864 lltdio - ok
09:09:09.0339 7864 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
09:09:09.0579 7864 lltdsvc - ok
09:09:09.0613 7864 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
09:09:09.0741 7864 lmhosts - ok
09:09:09.0823 7864 LMouFilt - ok
09:09:10.0004 7864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
09:09:10.0080 7864 LSI_FC - ok
09:09:10.0303 7864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
09:09:10.0370 7864 LSI_SAS - ok
09:09:10.0563 7864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
09:09:10.0872 7864 LSI_SAS2 - ok
09:09:11.0038 7864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
09:09:11.0119 7864 LSI_SCSI - ok
09:09:11.0255 7864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
09:09:11.0490 7864 luafv - ok
09:09:11.0523 7864 lusbaudio - ok
09:09:11.0573 7864 macformatservice - ok
09:09:11.0744 7864 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
09:09:11.0848 7864 MBAMProtector - ok
09:09:12.0171 7864 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:09:12.0372 7864 MBAMService - ok
09:09:12.0496 7864 mclogmanagerservice - ok
09:09:12.0583 7864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
09:09:12.0643 7864 megasas - ok
09:09:12.0905 7864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
09:09:13.0000 7864 MegaSR - ok
09:09:13.0138 7864 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
09:09:13.0308 7864 MMCSS - ok
09:09:13.0398 7864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
09:09:13.0540 7864 Modem - ok
09:09:13.0631 7864 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
09:09:13.0710 7864 monitor - ok
09:09:13.0829 7864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
09:09:13.0881 7864 mouclass - ok
09:09:13.0943 7864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
09:09:14.0047 7864 mouhid - ok
09:09:14.0213 7864 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
09:09:14.0277 7864 mountmgr - ok
09:09:14.0488 7864 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
09:09:14.0570 7864 mpio - ok
09:09:14.0667 7864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
09:09:14.0804 7864 mpsdrv - ok
09:09:14.0907 7864 mr2kserv - ok
09:09:15.0072 7864 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
09:09:15.0176 7864 MRxDAV - ok
09:09:15.0237 7864 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
09:09:15.0388 7864 mrxsmb - ok
09:09:15.0746 7864 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
09:09:15.0952 7864 mrxsmb10 - ok
09:09:16.0117 7864 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
09:09:16.0241 7864 mrxsmb20 - ok
09:09:16.0352 7864 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
09:09:16.0409 7864 msahci - ok
09:09:16.0538 7864 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
09:09:16.0613 7864 msdsm - ok
09:09:16.0840 7864 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
09:09:16.0943 7864 MSDTC - ok
09:09:17.0030 7864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
09:09:17.0165 7864 Msfs - ok
09:09:17.0195 7864 msfwsvc - ok
09:09:17.0238 7864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
09:09:17.0378 7864 mshidkmdf - ok
09:09:17.0434 7864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
09:09:17.0490 7864 msisadrv - ok
09:09:17.0677 7864 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
09:09:17.0856 7864 MSiSCSI - ok
09:09:17.0871 7864 msiserver - ok
09:09:17.0942 7864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
09:09:18.0093 7864 MSKSSRV - ok
09:09:18.0127 7864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
09:09:18.0243 7864 MSPCLOCK - ok
09:09:18.0366 7864 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
09:09:18.0506 7864 MSPQM - ok
09:09:18.0835 7864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
09:09:18.0942 7864 MsRPC - ok
09:09:19.0157 7864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
09:09:19.0211 7864 mssmbios - ok
09:09:19.0273 7864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
09:09:19.0410 7864 MSTEE - ok
09:09:19.0462 7864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
09:09:19.0544 7864 MTConfig - ok
09:09:19.0647 7864 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
09:09:19.0700 7864 Mup - ok
09:09:20.0371 7864 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
09:09:20.0659 7864 napagent - ok
09:09:20.0890 7864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
09:09:21.0062 7864 NativeWifiP - ok
09:09:21.0847 7864 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
09:09:21.0991 7864 NDIS - ok
09:09:22.0034 7864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
09:09:22.0204 7864 NdisCap - ok
09:09:22.0294 7864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
09:09:22.0455 7864 NdisTapi - ok
09:09:22.0576 7864 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
09:09:22.0714 7864 Ndisuio - ok
09:09:22.0896 7864 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
09:09:23.0039 7864 NdisWan - ok
09:09:23.0127 7864 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
09:09:23.0243 7864 NDProxy - ok
09:09:23.0302 7864 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\windows\system32\DRIVERS\netaapl.sys
09:09:23.0411 7864 Netaapl - ok
09:09:23.0499 7864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
09:09:23.0665 7864 NetBIOS - ok
09:09:24.0000 7864 NetBT (14797e657fcfe2f62b1c315bfd6b9006) C:\windows\system32\DRIVERS\netbt.sys
09:09:24.0130 7864 NetBT ( UnsignedFile.Multi.Generic ) - warning
09:09:24.0130 7864 NetBT - detected UnsignedFile.Multi.Generic (1)
09:09:24.0227 7864 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
09:09:24.0293 7864 Netlogon - ok
09:09:24.0886 7864 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
09:09:25.0288 7864 Netman - ok
09:09:26.0002 7864 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
09:09:26.0236 7864 netprofm - ok
09:09:26.0676 7864 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:09:26.0765 7864 NetTcpPortSharing - ok
09:09:26.0882 7864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
09:09:26.0931 7864 nfrd960 - ok
09:09:27.0367 7864 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
09:09:27.0605 7864 NlaSvc - ok
09:09:27.0692 7864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
09:09:27.0807 7864 Npfs - ok
09:09:27.0922 7864 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
09:09:28.0046 7864 nsi - ok
09:09:28.0098 7864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
09:09:28.0254 7864 nsiproxy - ok
09:09:30.0293 7864 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
09:09:30.0464 7864 Ntfs - ok
09:09:30.0479 7864 ntlmssp - ok
09:09:30.0551 7864 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
09:09:30.0691 7864 Null - ok
09:09:30.0903 7864 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
09:09:31.0064 7864 nvraid - ok
09:09:31.0319 7864 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
09:09:31.0426 7864 nvstor - ok
09:09:31.0664 7864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
09:09:31.0757 7864 nv_agp - ok
09:09:32.0869 7864 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:09:33.0220 7864 odserv - ok
09:09:33.0361 7864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
09:09:33.0424 7864 ohci1394 - ok
09:09:33.0676 7864 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:09:33.0770 7864 ose - ok
09:09:34.0245 7864 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
09:09:34.0525 7864 p2pimsvc - ok
09:09:35.0160 7864 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
09:09:35.0501 7864 p2psvc - ok
09:09:35.0708 7864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
09:09:35.0844 7864 Parport - ok
09:09:36.0035 7864 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
09:09:36.0139 7864 partmgr - ok
09:09:36.0198 7864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
09:09:36.0284 7864 Parvdm - ok
09:09:36.0646 7864 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
09:09:36.0785 7864 PcaSvc - ok
09:09:37.0105 7864 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
09:09:37.0250 7864 pci - ok
09:09:37.0308 7864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
09:09:37.0354 7864 pciide - ok
09:09:37.0609 7864 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
09:09:37.0714 7864 pcmcia - ok
09:09:37.0825 7864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
09:09:37.0873 7864 pcw - ok
09:09:38.0679 7864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
09:09:39.0077 7864 PEAUTH - ok
09:09:40.0864 7864 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
09:09:41.0225 7864 pla - ok
09:09:42.0989 7864 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
09:09:43.0223 7864 PlugPlay - ok
09:09:43.0286 7864 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
09:09:43.0382 7864 PNRPAutoReg - ok
09:09:43.0883 7864 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
09:09:43.0955 7864 PNRPsvc - ok
09:09:44.0284 7864 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\windows\system32\DRIVERS\point32.sys
09:09:44.0341 7864 Point32 - ok
09:09:44.0472 7864 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
09:09:44.0724 7864 PolicyAgent - ok
09:09:44.0991 7864 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
09:09:45.0251 7864 Power - ok
09:09:45.0318 7864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
09:09:45.0436 7864 PptpMiniport - ok
09:09:45.0472 7864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
09:09:45.0538 7864 Processor - ok
09:09:45.0584 7864 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
09:09:45.0754 7864 ProfSvc - ok
09:09:45.0848 7864 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
09:09:45.0905 7864 ProtectedStorage - ok
09:09:46.0033 7864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
09:09:46.0167 7864 Psched - ok
09:09:46.0195 7864 qbposdbservices - ok
09:09:46.0450 7864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
09:09:46.0616 7864 ql2300 - ok
09:09:46.0810 7864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
09:09:46.0871 7864 ql40xx - ok
09:09:46.0941 7864 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
09:09:47.0042 7864 QWAVE - ok
09:09:47.0081 7864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
09:09:47.0160 7864 QWAVEdrv - ok
09:09:47.0238 7864 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll
09:09:47.0299 7864 RapiMgr - ok
09:09:47.0345 7864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
09:09:47.0470 7864 RasAcd - ok
09:09:47.0512 7864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
09:09:47.0647 7864 RasAgileVpn - ok
09:09:47.0702 7864 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
09:09:47.0836 7864 RasAuto - ok
09:09:47.0870 7864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
09:09:47.0997 7864 Rasl2tp - ok
09:09:48.0041 7864 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
09:09:48.0194 7864 RasMan - ok
09:09:48.0228 7864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
09:09:48.0344 7864 RasPppoe - ok
09:09:48.0400 7864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
09:09:48.0508 7864 RasSstp - ok
09:09:48.0573 7864 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
09:09:48.0731 7864 rdbss - ok
09:09:48.0800 7864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
09:09:48.0899 7864 rdpbus - ok
09:09:48.0924 7864 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
09:09:49.0051 7864 RDPCDD - ok
09:09:49.0138 7864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
09:09:49.0257 7864 RDPENCDD - ok
09:09:49.0297 7864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
09:09:49.0422 7864 RDPREFMP - ok
09:09:49.0485 7864 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
09:09:49.0600 7864 RDPWD - ok
09:09:49.0663 7864 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
09:09:49.0727 7864 rdyboost - ok
09:09:49.0790 7864 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
09:09:49.0915 7864 RemoteAccess - ok
09:09:49.0964 7864 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
09:09:50.0097 7864 RemoteRegistry - ok
09:09:50.0154 7864 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
09:09:50.0230 7864 RFCOMM - ok
09:09:50.0369 7864 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
09:09:50.0533 7864 RpcEptMapper - ok
09:09:50.0575 7864 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
09:09:50.0652 7864 RpcLocator - ok
09:09:50.0718 7864 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
09:09:50.0850 7864 RpcSs - ok
09:09:50.0896 7864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
09:09:51.0026 7864 rspndr - ok
09:09:51.0060 7864 s116obex - ok
09:09:51.0109 7864 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
09:09:51.0173 7864 SamSs - ok
09:09:51.0311 7864 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
09:09:51.0384 7864 sbp2port - ok
09:09:51.0576 7864 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
09:09:51.0732 7864 SCardSvr - ok
09:09:51.0759 7864 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
09:09:51.0878 7864 scfilter - ok
09:09:51.0991 7864 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
09:09:52.0166 7864 Schedule - ok
09:09:52.0201 7864 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
09:09:52.0324 7864 SCPolicySvc - ok
09:09:52.0374 7864 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
09:09:52.0508 7864 SDRSVC - ok
09:09:52.0542 7864 se58unic - ok
09:09:52.0593 7864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
09:09:52.0739 7864 secdrv - ok
09:09:52.0778 7864 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
09:09:52.0936 7864 seclogon - ok
09:09:52.0971 7864 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
09:09:53.0129 7864 SENS - ok
09:09:53.0234 7864 ser2at (0d78c1c2469888bd18e25406ee9b41f6) C:\windows\system32\DRIVERS\ser2at.sys
09:09:53.0312 7864 ser2at - ok
09:09:53.0365 7864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
09:09:53.0430 7864 Serenum - ok
09:09:53.0475 7864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
09:09:53.0542 7864 Serial - ok
09:09:53.0573 7864 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
09:09:53.0674 7864 sermouse - ok
09:09:53.0753 7864 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
09:09:53.0924 7864 SessionEnv - ok
09:09:53.0976 7864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
09:09:54.0043 7864 sffdisk - ok
09:09:54.0085 7864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
09:09:54.0162 7864 sffp_mmc - ok
09:09:54.0190 7864 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
09:09:54.0276 7864 sffp_sd - ok
09:09:54.0341 7864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
09:09:54.0401 7864 sfloppy - ok
09:09:54.0492 7864 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
09:09:54.0644 7864 SharedAccess - ok
09:09:54.0704 7864 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
09:09:54.0812 7864 ShellHWDetection - ok
09:09:54.0859 7864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
09:09:54.0928 7864 sisagp - ok
09:09:54.0977 7864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
09:09:55.0033 7864 SiSRaid2 - ok
09:09:55.0079 7864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
09:09:55.0131 7864 SiSRaid4 - ok
09:09:55.0175 7864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
09:09:55.0331 7864 Smb - ok
09:09:55.0416 7864 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
09:09:55.0504 7864 SNMPTRAP - ok
09:09:55.0552 7864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
09:09:55.0605 7864 spldr - ok
09:09:55.0666 7864 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
09:09:55.0788 7864 Spooler - ok
09:09:56.0076 7864 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
09:09:56.0346 7864 sppsvc - ok
09:09:56.0878 7864 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
09:09:57.0170 7864 sppuinotify - ok
09:09:57.0302 7864 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
09:09:57.0441 7864 srv - ok
09:09:57.0530 7864 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
09:09:57.0657 7864 srv2 - ok
09:09:57.0699 7864 SRVLOC - ok
09:09:57.0761 7864 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
09:09:57.0875 7864 srvnet - ok
09:09:57.0918 7864 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
09:09:58.0093 7864 SSDPSRV - ok
09:09:58.0144 7864 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
09:09:58.0327 7864 SstpSvc - ok
09:09:58.0380 7864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
09:09:58.0437 7864 stexstor - ok
09:09:58.0617 7864 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
09:09:58.0779 7864 StiSvc - ok
09:09:58.0854 7864 sursayra (e6d35f3aa51a65eb35c1f2340154a25e) C:\windows\system32\drivers\jxgc.sys
09:09:58.0911 7864 sursayra ( UnsignedFile.Multi.Generic ) - warning
09:09:58.0911 7864 sursayra - detected UnsignedFile.Multi.Generic (1)
09:09:58.0956 7864 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
09:09:59.0012 7864 swenum - ok
09:09:59.0081 7864 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
09:09:59.0250 7864 swprv - ok
09:09:59.0314 7864 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
09:09:59.0369 7864 SynTP - ok
09:09:59.0486 7864 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
09:09:59.0619 7864 SysMain - ok
09:09:59.0649 7864 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
09:09:59.0767 7864 TabletInputService - ok
09:09:59.0817 7864 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
09:09:59.0972 7864 TapiSrv - ok
09:10:00.0023 7864 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
09:10:00.0167 7864 TBS - ok
09:10:00.0401 7864 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
09:10:00.0540 7864 Tcpip - ok
09:10:00.0603 7864 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
09:10:00.0721 7864 TCPIP6 - ok
09:10:00.0804 7864 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
09:10:00.0926 7864 tcpipreg - ok
09:10:00.0954 7864 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
09:10:01.0012 7864 TDPIPE - ok
09:10:01.0058 7864 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
09:10:01.0125 7864 TDTCP - ok
09:10:01.0154 7864 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
09:10:01.0264 7864 tdx - ok
09:10:01.0398 7864 TeamViewer5 (2a96c8fa665c02e6ad596c321b583112) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
09:10:01.0451 7864 TeamViewer5 - ok
09:10:01.0488 7864 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
09:10:01.0538 7864 TermDD - ok
09:10:01.0613 7864 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
09:10:01.0784 7864 TermService - ok
09:10:01.0810 7864 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
09:10:01.0895 7864 Themes - ok
09:10:01.0937 7864 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
09:10:02.0054 7864 THREADORDER - ok
09:10:02.0087 7864 tpsrv - ok
09:10:02.0131 7864 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
09:10:02.0292 7864 TrkWks - ok
09:10:02.0378 7864 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
09:10:02.0467 7864 TrustedInstaller - ok
09:10:02.0527 7864 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
09:10:02.0648 7864 tssecsrv - ok
09:10:02.0714 7864 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
09:10:02.0843 7864 tunnel - ok
09:10:02.0891 7864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
09:10:02.0941 7864 uagp35 - ok
09:10:02.0984 7864 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
09:10:03.0108 7864 udfs - ok
09:10:03.0162 7864 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
09:10:03.0248 7864 UI0Detect - ok
09:10:03.0305 7864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
09:10:03.0355 7864 uliagpkx - ok
09:10:03.0402 7864 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
09:10:03.0458 7864 umbus - ok
09:10:03.0484 7864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
09:10:03.0538 7864 UmPass - ok
09:10:03.0597 7864 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
09:10:03.0778 7864 upnphost - ok
09:10:03.0816 7864 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\windows\system32\Drivers\usbaapl.sys
09:10:03.0892 7864 USBAAPL - ok
09:10:03.0935 7864 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
09:10:04.0041 7864 usbccgp - ok
09:10:04.0092 7864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
09:10:04.0157 7864 usbcir - ok
09:10:04.0201 7864 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys
09:10:04.0282 7864 usbehci - ok
09:10:04.0387 7864 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
09:10:04.0473 7864 usbhub - ok
09:10:04.0505 7864 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
09:10:04.0570 7864 usbohci - ok
09:10:04.0644 7864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
09:10:04.0748 7864 usbprint - ok
09:10:04.0807 7864 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
09:10:04.0894 7864 usbscan - ok
09:10:04.0939 7864 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
09:10:05.0054 7864 USBSTOR - ok
09:10:05.0092 7864 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
09:10:05.0160 7864 usbuhci - ok
09:10:05.0209 7864 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
09:10:05.0297 7864 usbvideo - ok
09:10:05.0341 7864 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
09:10:05.0425 7864 usb_rndisx - ok
09:10:05.0457 7864 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
09:10:05.0579 7864 UxSms - ok
09:10:05.0619 7864 vaiomediaplatform-photoserver-appserver - ok
09:10:05.0669 7864 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
09:10:05.0725 7864 VaultSvc - ok
09:10:05.0753 7864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
09:10:05.0799 7864 vdrvroot - ok
09:10:05.0884 7864 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
09:10:05.0997 7864 vds - ok
09:10:06.0043 7864 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
09:10:06.0108 7864 vga - ok
09:10:06.0140 7864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
09:10:06.0270 7864 VgaSave - ok
09:10:06.0315 7864 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
09:10:06.0372 7864 vhdmp - ok
09:10:06.0406 7864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
09:10:06.0456 7864 viaagp - ok
09:10:06.0486 7864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
09:10:06.0553 7864 ViaC7 - ok
09:10:06.0581 7864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
09:10:06.0629 7864 viaide - ok
09:10:06.0655 7864 videoacceleratorengine - ok
09:10:06.0688 7864 vnxservice - ok
09:10:06.0741 7864 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
09:10:06.0798 7864 volmgr - ok
09:10:06.0844 7864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
09:10:06.0917 7864 volmgrx - ok
09:10:06.0964 7864 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
09:10:07.0042 7864 volsnap - ok
09:10:07.0089 7864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
09:10:07.0153 7864 vsmraid - ok
09:10:07.0272 7864 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
09:10:07.0406 7864 VSS - ok
09:10:07.0430 7864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
09:10:07.0499 7864 vwifibus - ok
09:10:07.0537 7864 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
09:10:07.0605 7864 vwififlt - ok
09:10:07.0653 7864 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
09:10:07.0718 7864 vwifimp - ok
09:10:07.0804 7864 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
09:10:07.0989 7864 W32Time - ok
09:10:08.0051 7864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
09:10:08.0109 7864 WacomPen - ok
09:10:08.0159 7864 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
09:10:08.0277 7864 WANARP - ok
09:10:08.0309 7864 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
09:10:08.0423 7864 Wanarpv6 - ok
09:10:08.0557 7864 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
09:10:08.0732 7864 wbengine - ok
09:10:08.0790 7864 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
09:10:08.0890 7864 WbioSrvc - ok
09:10:08.0978 7864 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll
09:10:09.0049 7864 WcesComm - ok
09:10:09.0121 7864 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
09:10:09.0248 7864 wcncsvc - ok
09:10:09.0287 7864 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
09:10:09.0421 7864 WcsPlugInService - ok
09:10:09.0493 7864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
09:10:09.0543 7864 Wd - ok
09:10:09.0885 7864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
09:10:09.0980 7864 Wdf01000 - ok
09:10:10.0032 7864 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
09:10:10.0125 7864 WdiServiceHost - ok
09:10:10.0137 7864 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
09:10:10.0228 7864 WdiSystemHost - ok
09:10:10.0311 7864 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
09:10:10.0430 7864 WebClient - ok
09:10:10.0483 7864 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
09:10:10.0634 7864 Wecsvc - ok
09:10:10.0681 7864 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
09:10:10.0803 7864 wercplsupport - ok
09:10:10.0868 7864 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
09:10:11.0005 7864 WerSvc - ok
09:10:11.0047 7864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
09:10:11.0159 7864 WfpLwf - ok
09:10:11.0201 7864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
09:10:11.0247 7864 WIMMount - ok
09:10:11.0281 7864 WinHttpAutoProxySvc - ok
09:10:11.0365 7864 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
09:10:11.0504 7864 Winmgmt - ok
09:10:11.0638 7864 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
09:10:11.0830 7864 WinRM - ok
09:10:11.0966 7864 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
09:10:12.0041 7864 WinUsb - ok
09:10:12.0151 7864 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
09:10:12.0306 7864 Wlansvc - ok
09:10:12.0562 7864 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:10:12.0727 7864 wlidsvc - ok
09:10:12.0911 7864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
09:10:12.0982 7864 WmiAcpi - ok
09:10:13.0091 7864 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
09:10:13.0182 7864 wmiApSrv - ok
09:10:13.0374 7864 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:10:13.0568 7864 WMPNetworkSvc - ok
09:10:13.0606 7864 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
09:10:13.0724 7864 WPCSvc - ok
09:10:13.0758 7864 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
09:10:13.0903 7864 WPDBusEnum - ok
09:10:13.0990 7864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
09:10:14.0108 7864 ws2ifsl - ok
09:10:14.0128 7864 WSearch - ok
09:10:14.0327 7864 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
09:10:14.0634 7864 wuauserv - ok
09:10:14.0824 7864 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
09:10:14.0960 7864 WudfPf - ok
09:10:15.0024 7864 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
09:10:15.0152 7864 WUDFRd - ok
09:10:15.0227 7864 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
09:10:15.0395 7864 wudfsvc - ok
09:10:15.0632 7864 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
09:10:15.0755 7864 WwanSvc - ok
09:10:15.0867 7864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:10:16.0081 7864 \Device\Harddisk0\DR0 - ok
09:10:16.0092 7864 Boot (0x1200) (63216fc123dfb3a96ab997153c169ae1) \Device\Harddisk0\DR0\Partition0
09:10:16.0096 7864 \Device\Harddisk0\DR0\Partition0 - ok
09:10:16.0134 7864 Boot (0x1200) (216285b664e1e91b5f69990f91c2ba61) \Device\Harddisk0\DR0\Partition1
09:10:16.0138 7864 \Device\Harddisk0\DR0\Partition1 - ok

[cordelia]

TDSS Log, Part 2:



09:10:16.0140 7864 ============================================================
09:10:16.0140 7864 Scan finished
09:10:16.0140 7864 ============================================================
09:10:16.0211 4164 Detected object count: 3
09:10:16.0212 4164 Actual detected object count: 3
09:11:09.0358 4164 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
09:11:09.0358 4164 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:11:09.0361 4164 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
09:11:09.0362 4164 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:11:09.0371 4164 sursayra ( UnsignedFile.Multi.Generic ) - skipped by user
09:11:09.0371 4164 sursayra ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:24.0656 3652 ============================================================
19:24:24.0695 3652 Scan started
19:24:24.0695 3652 Mode: Manual; SigCheck; TDLFS;
19:24:24.0695 3652 ============================================================
19:24:30.0833 3652 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
19:24:32.0645 3652 1394ohci - ok
19:24:32.0889 3652 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
19:24:33.0007 3652 ACPI - ok
19:24:33.0244 3652 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
19:24:33.0838 3652 AcpiPmi - ok
19:24:35.0261 3652 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:24:35.0621 3652 AdobeFlashPlayerUpdateSvc - ok
19:24:36.0065 3652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
19:24:36.0271 3652 adp94xx - ok
19:24:36.0549 3652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
19:24:36.0755 3652 adpahci - ok
19:24:36.0884 3652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
19:24:37.0145 3652 adpu320 - ok
19:24:37.0245 3652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
19:24:37.0655 3652 AeLookupSvc - ok
19:24:38.0610 3652 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
19:24:39.0117 3652 AFD - ok
19:24:39.0278 3652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
19:24:39.0348 3652 agp440 - ok
19:24:39.0526 3652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
19:24:39.0782 3652 aic78xx - ok
19:24:40.0153 3652 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
19:24:40.0421 3652 ALG - ok
19:24:40.0532 3652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
19:24:40.0648 3652 aliide - ok
19:24:40.0746 3652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
19:24:40.0890 3652 amdagp - ok
19:24:40.0969 3652 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
19:24:41.0041 3652 amdide - ok
19:24:41.0194 3652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
19:24:41.0354 3652 AmdK8 - ok
19:24:41.0511 3652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
19:24:41.0715 3652 AmdPPM - ok
19:24:41.0929 3652 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
19:24:41.0982 3652 amdsata - ok
19:24:42.0162 3652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
19:24:42.0247 3652 amdsbs - ok
19:24:42.0319 3652 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
19:24:42.0404 3652 amdxata - ok
19:24:42.0477 3652 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
19:24:42.0699 3652 AppID - ok
19:24:42.0817 3652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
19:24:43.0677 3652 AppIDSvc - ok
19:24:43.0945 3652 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
19:24:44.0196 3652 Appinfo - ok
19:24:45.0153 3652 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
19:24:45.0246 3652 Apple Mobile Device - ok
19:24:45.0408 3652 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
19:24:45.0504 3652 arc - ok
19:24:45.0716 3652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
19:24:45.0855 3652 arcsas - ok
19:24:45.0937 3652 arkbcfltr - ok
19:24:45.0997 3652 arrayssl_vpn_service3,0,1,9 - ok
19:24:46.0069 3652 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
19:24:46.0253 3652 AsusService ( UnsignedFile.Multi.Generic ) - warning
19:24:46.0263 3652 AsusService - detected UnsignedFile.Multi.Generic (1)
19:24:46.0386 3652 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\windows\system32\DRIVERS\aswFsBlk.sys
19:24:46.0572 3652 aswFsBlk - ok
19:24:46.0656 3652 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\windows\system32\DRIVERS\aswMonFlt.sys
19:24:46.0793 3652 aswMonFlt - ok
19:24:46.0890 3652 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\windows\system32\drivers\aswRdr.sys
19:24:46.0930 3652 aswRdr - ok
19:24:47.0280 3652 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\windows\system32\drivers\aswSP.sys
19:24:47.0359 3652 aswSP - ok
19:24:47.0498 3652 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\windows\system32\drivers\aswTdi.sys
19:24:47.0571 3652 aswTdi - ok
19:24:47.0761 3652 aswUpdSv (5debc3519d489411073fa7e56ffb4a93) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
19:24:47.0789 3652 aswUpdSv - ok
19:24:47.0887 3652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
19:24:49.0509 3652 AsyncMac - ok
19:24:49.0651 3652 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
19:24:49.0808 3652 atapi - ok
19:24:52.0311 3652 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
19:24:52.0776 3652 athr - ok
19:24:53.0671 3652 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
19:24:53.0968 3652 AudioEndpointBuilder - ok
19:24:54.0005 3652 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
19:24:54.0149 3652 Audiosrv - ok
19:24:54.0526 3652 avast! Antivirus (0aaf6b848185899cf76ae04e62eab3d2) C:\Program Files\Alwil Software\Avast4\ashServ.exe
19:24:54.0585 3652 avast! Antivirus - ok
19:24:55.0172 3652 avast! Mail Scanner (b2f564dc59b67763c73269e1a9da7f18) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
19:24:55.0318 3652 avast! Mail Scanner - ok
19:24:56.0031 3652 avast! Web Scanner (d86010c96abadda75356834d6113d37d) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
19:24:56.0342 3652 avast! Web Scanner - ok
19:24:56.0516 3652 avg7updsvc - ok
19:24:56.0841 3652 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
19:24:57.0325 3652 AxInstSV - ok
19:24:57.0994 3652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
19:24:58.0285 3652 b06bdrv - ok
19:24:58.0542 3652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
19:24:58.0784 3652 b57nd60x - ok
19:24:59.0512 3652 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:24:59.0720 3652 BBSvc - ok
19:25:00.0347 3652 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:25:00.0528 3652 BBUpdate - ok
19:25:00.0603 3652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
19:25:01.0151 3652 BDESVC - ok
19:25:01.0192 3652 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
19:25:01.0398 3652 Beep - ok
19:25:02.0664 3652 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll
19:25:02.0908 3652 BITS - ok
19:25:02.0938 3652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
19:25:03.0064 3652 blbdrive - ok
19:25:03.0680 3652 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
19:25:03.0865 3652 Bonjour Service - ok
19:25:04.0074 3652 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
19:25:04.0375 3652 bowser - ok
19:25:04.0464 3652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:25:04.0602 3652 BrFiltLo - ok
19:25:04.0667 3652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:25:04.0760 3652 BrFiltUp - ok
19:25:04.0905 3652 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
19:25:05.0105 3652 Browser - ok
19:25:05.0266 3652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
19:25:05.0455 3652 Brserid - ok
19:25:05.0566 3652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
19:25:05.0699 3652 BrSerWdm - ok
19:25:05.0724 3652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
19:25:05.0818 3652 BrUsbMdm - ok
19:25:05.0891 3652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
19:25:05.0992 3652 BrUsbSer - ok
19:25:06.0105 3652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
19:25:06.0311 3652 BthEnum - ok
19:25:06.0383 3652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
19:25:06.0512 3652 BTHMODEM - ok
19:25:06.0584 3652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
19:25:06.0774 3652 BthPan - ok
19:25:06.0940 3652 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
19:25:07.0185 3652 BTHPORT - ok
19:25:07.0416 3652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
19:25:07.0622 3652 bthserv - ok
19:25:07.0713 3652 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
19:25:07.0841 3652 BTHUSB - ok
19:25:08.0079 3652 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
19:25:08.0288 3652 btwaudio - ok
19:25:08.0549 3652 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
19:25:08.0626 3652 btwavdt - ok
19:25:09.0820 3652 btwdins (f7434401ae320bb97903a3c1865242fb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:25:10.0019 3652 btwdins - ok
19:25:10.0140 3652 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
19:25:10.0276 3652 btwl2cap - ok
19:25:10.0399 3652 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
19:25:10.0470 3652 btwrchid - ok
19:25:10.0602 3652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
19:25:10.0819 3652 cdfs - ok
19:25:11.0153 3652 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
19:25:11.0416 3652 cdrom - ok
19:25:11.0603 3652 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
19:25:11.0824 3652 CertPropSvc - ok
19:25:11.0939 3652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
19:25:12.0083 3652 circlass - ok
19:25:12.0331 3652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
19:25:12.0692 3652 CLFS - ok
19:25:13.0153 3652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:13.0256 3652 clr_optimization_v2.0.50727_32 - ok
19:25:13.0741 3652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:25:14.0107 3652 clr_optimization_v4.0.30319_32 - ok
19:25:14.0178 3652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
19:25:14.0312 3652 CmBatt - ok
19:25:14.0637 3652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
19:25:14.0749 3652 cmdide - ok
19:25:15.0343 3652 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
19:25:15.0705 3652 CNG - ok
19:25:15.0883 3652 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
19:25:15.0995 3652 Compbatt - ok
19:25:16.0181 3652 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
19:25:16.0381 3652 CompositeBus - ok
19:25:16.0434 3652 COMSysApp - ok
19:25:16.0498 3652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
19:25:16.0619 3652 crcdisk - ok
19:25:17.0063 3652 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
19:25:17.0456 3652 CryptSvc - ok
19:25:17.0632 3652 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
19:25:17.0701 3652 ctxusbm - ok
19:25:17.0852 3652 CVPNDRVA - ok
19:25:18.0584 3652 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
19:25:18.0877 3652 DcomLaunch - ok
19:25:18.0994 3652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
19:25:19.0446 3652 defragsvc - ok
19:25:19.0692 3652 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
19:25:19.0925 3652 DfsC - ok
19:25:20.0483 3652 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
19:25:20.0882 3652 Dhcp - ok
19:25:21.0083 3652 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
19:25:21.0259 3652 discache - ok
19:25:21.0504 3652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
19:25:21.0615 3652 Disk - ok
19:25:21.0851 3652 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
19:25:22.0105 3652 Dnscache - ok
19:25:22.0207 3652 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
19:25:22.0452 3652 dot3svc - ok
19:25:22.0809 3652 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
19:25:23.0030 3652 DPS - ok
19:25:23.0131 3652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
19:25:23.0274 3652 drmkaud - ok
19:25:23.0422 3652 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
19:25:23.0627 3652 DXGKrnl - ok
19:25:23.0675 3652 DynDNS_Updater_Service - ok
19:25:23.0932 3652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
19:25:24.0058 3652 EapHost - ok
19:25:29.0610 3652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
19:25:30.0351 3652 ebdrv - ok
19:25:32.0109 3652 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
19:25:32.0297 3652 EFS - ok
19:25:34.0575 3652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
19:25:34.0852 3652 elxstor - ok
19:25:34.0926 3652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
19:25:35.0091 3652 ErrDev - ok
19:25:35.0933 3652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
19:25:36.0163 3652 EventSystem - ok
19:25:36.0479 3652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
19:25:36.0864 3652 exfat - ok
19:25:36.0978 3652 fallback - ok
19:25:37.0815 3652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
19:25:38.0626 3652 fastfat - ok
19:25:40.0630 3652 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
19:25:41.0186 3652 Fax - ok
19:25:41.0257 3652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
19:25:41.0488 3652 fdc - ok
19:25:41.0976 3652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
19:25:42.0375 3652 fdPHost - ok
19:25:42.0787 3652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
19:25:43.0009 3652 FDResPub - ok
19:25:43.0390 3652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
19:25:43.0446 3652 FileInfo - ok
19:25:43.0926 3652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
19:25:44.0325 3652 Filetrace - ok
19:25:44.0514 3652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
19:25:44.0655 3652 flpydisk - ok
19:25:44.0774 3652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
19:25:44.0854 3652 FltMgr - ok
19:25:48.0862 3652 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
19:25:50.0985 3652 FontCache - ok
19:25:51.0607 3652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:25:51.0887 3652 FontCache3.0.0.0 - ok
19:25:52.0374 3652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
19:25:52.0542 3652 FsDepends - ok
19:25:52.0763 3652 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys
19:25:52.0813 3652 fssfltr - ok
19:25:58.0459 3652 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:25:58.0839 3652 fsssvc - ok
19:26:00.0252 3652 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
19:26:00.0365 3652 Fs_Rec - ok
19:26:00.0689 3652 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\windows\system32\drivers\ftdibus.sys
19:26:00.0812 3652 FTDIBUS - ok
19:26:00.0947 3652 ftsata2 - ok
19:26:01.0455 3652 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\windows\system32\drivers\ftser2k.sys
19:26:01.0566 3652 FTSER2K - ok
19:26:02.0583 3652 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
19:26:02.0995 3652 fvevol - ok
19:26:03.0201 3652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
19:26:03.0395 3652 gagp30kx - ok
19:26:03.0713 3652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:26:03.0814 3652 GEARAspiWDM - ok
19:26:04.0321 3652 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
19:26:04.0634 3652 gpsvc - ok
19:26:06.0707 3652 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:26:06.0883 3652 gupdate - ok
19:26:07.0039 3652 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:26:07.0166 3652 gupdatem - ok
19:26:07.0656 3652 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:26:08.0222 3652 gusvc - ok
19:26:08.0307 3652 hcf_msft - ok
19:26:08.0477 3652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
19:26:09.0054 3652 hcw85cir - ok
19:26:09.0834 3652 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
19:26:10.0090 3652 HdAudAddService - ok
19:26:10.0394 3652 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
19:26:10.0557 3652 HDAudBus - ok
19:26:10.0688 3652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
19:26:10.0807 3652 HidBatt - ok
19:26:11.0186 3652 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
19:26:11.0480 3652 HidBth - ok
19:26:11.0676 3652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
19:26:11.0824 3652 HidIr - ok
19:26:12.0002 3652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
19:26:12.0605 3652 hidserv - ok
19:26:13.0049 3652 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
19:26:13.0205 3652 HidUsb - ok
19:26:16.0506 3652 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
19:26:17.0498 3652 hkmsvc - ok
19:26:18.0058 3652 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
19:26:18.0470 3652 HomeGroupListener - ok
19:26:18.0847 3652 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
19:26:19.0152 3652 HomeGroupProvider - ok
19:26:19.0275 3652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
19:26:19.0339 3652 HpSAMD - ok
19:26:20.0240 3652 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
19:26:20.0605 3652 HTTP - ok
19:26:20.0683 3652 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
19:26:20.0749 3652 hwpolicy - ok
19:26:21.0068 3652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
19:26:21.0241 3652 i8042prt - ok
19:26:22.0089 3652 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
19:26:22.0252 3652 iaStor - ok
19:26:23.0325 3652 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
19:26:23.0600 3652 iaStorV - ok
19:26:25.0575 3652 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:26:25.0795 3652 idsvc - ok
19:26:44.0245 3652 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
19:26:45.0291 3652 igfx - ok
19:26:47.0053 3652 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
19:26:47.0186 3652 iirsp - ok
19:26:48.0827 3652 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
19:26:49.0972 3652 IKEEXT - ok
19:26:54.0574 3652 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys
19:26:55.0114 3652 IntcAzAudAddService - ok
19:26:56.0395 3652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
19:26:56.0513 3652 intelide - ok
19:26:56.0695 3652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
19:26:56.0874 3652 intelppm - ok
19:26:57.0031 3652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
19:26:57.0246 3652 IPBusEnum - ok
19:26:57.0473 3652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:26:57.0649 3652 IpFilterDriver - ok
19:26:57.0932 3652 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
19:26:58.0105 3652 IPMIDRV - ok
19:26:58.0222 3652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
19:26:58.0374 3652 IPNAT - ok
19:27:00.0330 3652 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
19:27:00.0498 3652 iPod Service - ok
19:27:00.0623 3652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
19:27:00.0997 3652 IRENUM - ok
19:27:01.0362 3652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
19:27:01.0575 3652 isapnp - ok
19:27:02.0226 3652 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
19:27:02.0434 3652 iScsiPrt - ok
19:27:02.0567 3652 itmrtsvc - ok
19:27:02.0734 3652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
19:27:02.0889 3652 kbdclass - ok
19:27:02.0953 3652 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
19:27:03.0046 3652 kbdhid - ok
19:27:03.0231 3652 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
19:27:03.0284 3652 kbfiltr - ok
19:27:03.0434 3652 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
19:27:03.0519 3652 KeyIso - ok
19:27:03.0594 3652 klif - ok
19:27:04.0650 3652 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
19:27:04.0965 3652 Kodak AiO Network Discovery Service - ok
19:27:05.0320 3652 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
19:27:05.0427 3652 KSecDD - ok
19:27:05.0862 3652 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
19:27:05.0939 3652 KSecPkg - ok
19:27:06.0623 3652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
19:27:07.0157 3652 KtmRm - ok
19:27:07.0497 3652 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
19:27:07.0881 3652 L1C - ok
19:27:08.0302 3652 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll
19:27:08.0506 3652 LanmanServer - ok
19:27:08.0697 3652 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
19:27:08.0905 3652 LanmanWorkstation - ok
19:27:09.0100 3652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
19:27:09.0239 3652 lltdio - ok
19:27:09.0799 3652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
19:27:10.0462 3652 lltdsvc - ok
19:27:10.0594 3652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
19:27:11.0372 3652 lmhosts - ok
19:27:11.0616 3652 LMouFilt - ok
19:27:11.0835 3652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
19:27:11.0933 3652 LSI_FC - ok
19:27:12.0527 3652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
19:27:12.0813 3652 LSI_SAS - ok
19:27:12.0941 3652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:27:13.0021 3652 LSI_SAS2 - ok
19:27:13.0362 3652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:27:13.0571 3652 LSI_SCSI - ok
19:27:13.0839 3652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
19:27:14.0045 3652 luafv - ok
19:27:14.0190 3652 lusbaudio - ok
19:27:14.0223 3652 macformatservice - ok
19:27:14.0858 3652 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
19:27:15.0115 3652 MBAMProtector - ok
19:27:16.0866 3652 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:27:17.0044 3652 MBAMService - ok
19:27:17.0274 3652 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
19:27:17.0348 3652 MBAMSwissArmy - ok
19:27:17.0392 3652 mclogmanagerservice - ok
19:27:17.0544 3652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
19:27:17.0647 3652 megasas - ok
19:27:17.0928 3652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
19:27:18.0059 3652 MegaSR - ok
19:27:18.0254 3652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:27:18.0437 3652 MMCSS - ok
19:27:18.0539 3652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
19:27:18.0679 3652 Modem - ok
19:27:18.0826 3652 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
19:27:19.0122 3652 monitor - ok
19:27:19.0288 3652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
19:27:19.0353 3652 mouclass - ok
19:27:19.0566 3652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
19:27:19.0734 3652 mouhid - ok
19:27:20.0009 3652 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
19:27:20.0079 3652 mountmgr - ok
19:27:20.0363 3652 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
19:27:20.0442 3652 mpio - ok
19:27:20.0676 3652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
19:27:21.0090 3652 mpsdrv - ok
19:27:21.0226 3652 mr2kserv - ok
19:27:21.0443 3652 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
19:27:21.0575 3652 MRxDAV - ok
19:27:21.0835 3652 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
19:27:22.0202 3652 mrxsmb - ok
19:27:22.0408 3652 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:27:22.0565 3652 mrxsmb10 - ok
19:27:22.0667 3652 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:27:22.0778 3652 mrxsmb20 - ok
19:27:22.0895 3652 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
19:27:22.0961 3652 msahci - ok
19:27:23.0045 3652 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
19:27:23.0116 3652 msdsm - ok
19:27:23.0232 3652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
19:27:23.0398 3652 MSDTC - ok
19:27:23.0523 3652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
19:27:23.0697 3652 Msfs - ok
19:27:23.0710 3652 msfwsvc - ok
19:27:23.0742 3652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
19:27:23.0897 3652 mshidkmdf - ok
19:27:23.0981 3652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
19:27:24.0029 3652 msisadrv - ok
19:27:24.0214 3652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
19:27:24.0379 3652 MSiSCSI - ok
19:27:24.0586 3652 msiserver - ok
19:27:24.0667 3652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
19:27:24.0788 3652 MSKSSRV - ok
19:27:24.0819 3652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
19:27:24.0963 3652 MSPCLOCK - ok
19:27:25.0057 3652 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
19:27:25.0253 3652 MSPQM - ok
19:27:25.0482 3652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
19:27:25.0558 3652 MsRPC - ok
19:27:25.0676 3652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
19:27:25.0732 3652 mssmbios - ok
19:27:25.0776 3652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
19:27:25.0927 3652 MSTEE - ok
19:27:26.0041 3652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
19:27:26.0159 3652 MTConfig - ok
19:27:26.0193 3652 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
19:27:26.0246 3652 Mup - ok
19:27:26.0734 3652 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
19:27:26.0922 3652 napagent - ok
19:27:27.0103 3652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
19:27:27.0225 3652 NativeWifiP - ok
19:27:27.0663 3652 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
19:27:27.0778 3652 NDIS - ok
19:27:27.0887 3652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
19:27:28.0409 3652 NdisCap - ok
19:27:28.0533 3652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
19:27:28.0702 3652 NdisTapi - ok
19:27:28.0860 3652 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
19:27:29.0062 3652 Ndisuio - ok
19:27:29.0311 3652 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
19:27:29.0474 3652 NdisWan - ok
19:27:29.0605 3652 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
19:27:29.0791 3652 NDProxy - ok
19:27:29.0942 3652 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\windows\system32\DRIVERS\netaapl.sys
19:27:30.0025 3652 Netaapl - ok
19:27:30.0111 3652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
19:27:30.0349 3652 NetBIOS - ok
19:27:30.0810 3652 NetBT (14797e657fcfe2f62b1c315bfd6b9006) C:\windows\system32\DRIVERS\netbt.sys
19:27:30.0932 3652 NetBT ( UnsignedFile.Multi.Generic ) - warning
19:27:30.0962 3652 NetBT - detected UnsignedFile.Multi.Generic (1)
19:27:31.0091 3652 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
19:27:31.0235 3652 Netlogon - ok
19:27:31.0547 3652 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
19:27:31.0866 3652 Netman - ok
19:27:32.0315 3652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
19:27:32.0569 3652 netprofm - ok
19:27:32.0996 3652 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:33.0079 3652 NetTcpPortSharing - ok
19:27:33.0167 3652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
19:27:33.0264 3652 nfrd960 - ok
19:27:33.0610 3652 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
19:27:33.0913 3652 NlaSvc - ok
19:27:34.0125 3652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
19:27:34.0437 3652 Npfs - ok
19:27:34.0575 3652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
19:27:34.0810 3652 nsi - ok
19:27:34.0979 3652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
19:27:35.0190 3652 nsiproxy - ok
19:27:35.0783 3652 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
19:27:35.0983 3652 Ntfs - ok
19:27:36.0004 3652 ntlmssp - ok
19:27:36.0120 3652 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
19:27:36.0258 3652 Null - ok
19:27:36.0648 3652 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
19:27:36.0713 3652 nvraid - ok
19:27:36.0782 3652 nvsmu - ok
19:27:37.0607 3652 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
19:27:37.0739 3652 nvstor - ok
19:27:37.0856 3652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
19:27:37.0931 3652 nv_agp - ok
19:27:38.0571 3652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:27:38.0749 3652 odserv - ok
19:27:38.0879 3652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
19:27:38.0997 3652 ohci1394 - ok
19:27:39.0182 3652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:39.0241 3652 ose - ok
19:27:39.0749 3652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:27:39.0999 3652 p2pimsvc - ok
19:27:40.0516 3652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
19:27:40.0676 3652 p2psvc - ok
19:27:40.0764 3652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
19:27:40.0890 3652 Parport - ok
19:27:40.0967 3652 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
19:27:41.0028 3652 partmgr - ok
19:27:41.0095 3652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
19:27:41.0227 3652 Parvdm - ok
19:27:41.0587 3652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
19:27:41.0686 3652 PcaSvc - ok
19:27:41.0861 3652 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
19:27:41.0921 3652 pci - ok
19:27:41.0982 3652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
19:27:42.0099 3652 pciide - ok
19:27:42.0248 3652 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
19:27:42.0323 3652 pcmcia - ok
19:27:42.0689 3652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
19:27:42.0737 3652 pcw - ok
19:27:43.0194 3652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
19:27:43.0400 3652 PEAUTH - ok
19:27:45.0441 3652 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
19:27:45.0765 3652 pla - ok
19:27:46.0939 3652 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
19:27:47.0155 3652 PlugPlay - ok
19:27:47.0292 3652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
19:27:47.0376 3652 PNRPAutoReg - ok
19:27:47.0786 3652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:27:47.0854 3652 PNRPsvc - ok
19:27:48.0259 3652 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\windows\system32\DRIVERS\point32.sys
19:27:48.0318 3652 Point32 - ok
19:27:48.0780 3652 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
19:27:49.0007 3652 PolicyAgent - ok
19:27:49.0402 3652 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
19:27:49.0576 3652 Power - ok
19:27:49.0818 3652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
19:27:49.0995 3652 PptpMiniport - ok
19:27:50.0136 3652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
19:27:50.0246 3652 Processor - ok
19:27:50.0666 3652 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
19:27:50.0838 3652 ProfSvc - ok
19:27:50.0957 3652 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
19:27:51.0012 3652 ProtectedStorage - ok
19:27:51.0074 3652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
19:27:51.0212 3652 Psched - ok
19:27:51.0255 3652 qbposdbservices - ok
19:27:52.0964 3652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
19:27:53.0161 3652 ql2300 - ok
19:27:55.0025 3652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
19:27:55.0140 3652 ql40xx - ok
19:27:55.0490 3652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
19:27:55.0680 3652 QWAVE - ok
19:27:55.0777 3652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
19:27:55.0885 3652 QWAVEdrv - ok
19:27:56.0532 3652 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll
19:27:56.0627 3652 RapiMgr - ok
19:27:56.0734 3652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
19:27:56.0871 3652 RasAcd - ok
19:27:57.0097 3652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
19:27:57.0400 3652 RasAgileVpn - ok
19:27:57.0557 3652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
19:27:57.0696 3652 RasAuto - ok
19:27:57.0917 3652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
19:27:58.0113 3652 Rasl2tp - ok
19:27:58.0408 3652 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
19:27:58.0660 3652 RasMan - ok
19:27:58.0725 3652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
19:27:58.0883 3652 RasPppoe - ok
19:27:59.0016 3652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
19:27:59.0130 3652 RasSstp - ok
19:27:59.0182 3652 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
19:27:59.0487 3652 rdbss - ok
19:27:59.0583 3652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
19:27:59.0751 3652 rdpbus - ok
19:27:59.0852 3652 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
19:28:00.0032 3652 RDPCDD - ok
19:28:00.0132 3652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
19:28:00.0256 3652 RDPENCDD - ok
19:28:00.0314 3652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
19:28:00.0477 3652 RDPREFMP - ok
19:28:00.0737 3652 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
19:28:01.0075 3652 RDPWD - ok
19:28:01.0367 3652 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
19:28:01.0519 3652 rdyboost - ok
19:28:01.0718 3652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
19:28:01.0864 3652 RemoteAccess - ok
19:28:02.0077 3652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
19:28:02.0205 3652 RemoteRegistry - ok
19:28:02.0511 3652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
19:28:02.0675 3652 RFCOMM - ok
19:28:02.0836 3652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
19:28:03.0034 3652 RpcEptMapper - ok
19:28:03.0209 3652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
19:28:03.0328 3652 RpcLocator - ok
19:28:04.0118 3652 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
19:28:04.0340 3652 RpcSs - ok
19:28:04.0551 3652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
19:28:04.0719 3652 rspndr - ok
19:28:04.0808 3652 s116obex - ok
19:28:04.0942 3652 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
19:28:05.0009 3652 SamSs - ok
19:28:05.0185 3652 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
19:28:05.0236 3652 sbp2port - ok
19:28:05.0329 3652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
19:28:05.0554 3652 SCardSvr - ok
19:28:05.0626 3652 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
19:28:05.0753 3652 scfilter - ok
19:28:11.0993 3652 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
19:28:12.0232 3652 Schedule - ok
19:28:12.0296 3652 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
19:28:12.0512 3652 SCPolicySvc - ok
19:28:12.0613 3652 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
19:28:12.0803 3652 SDRSVC - ok
19:28:12.0880 3652 se58unic - ok
19:28:12.0987 3652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
19:28:13.0116 3652 secdrv - ok
19:28:13.0222 3652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
19:28:13.0355 3652 seclogon - ok
19:28:13.0466 3652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
19:28:13.0621 3652 SENS - ok
19:28:13.0801 3652 ser2at (0d78c1c2469888bd18e25406ee9b41f6) C:\windows\system32\DRIVERS\ser2at.sys
19:28:13.0902 3652 ser2at - ok
19:28:13.0930 3652 SeratoUsb - ok
19:28:13.0991 3652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
19:28:14.0078 3652 Serenum - ok
19:28:14.0143 3652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
19:28:14.0233 3652 Serial - ok
19:28:14.0311 3652 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
19:28:14.0394 3652 sermouse - ok
19:28:14.0757 3652 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
19:28:14.0909 3652 SessionEnv - ok
19:28:14.0983 3652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
19:28:15.0070 3652 sffdisk - ok
19:28:15.0140 3652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
19:28:15.0210 3652 sffp_mmc - ok
19:28:15.0288 3652 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
19:28:15.0404 3652 sffp_sd - ok
19:28:15.0704 3652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
19:28:15.0802 3652 sfloppy - ok
19:28:16.0770 3652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
19:28:16.0939 3652 SharedAccess - ok
19:28:17.0036 3652 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
19:28:17.0289 3652 ShellHWDetection - ok
19:28:17.0376 3652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
19:28:17.0425 3652 sisagp - ok
19:28:17.0580 3652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:28:17.0657 3652 SiSRaid2 - ok
19:28:17.0802 3652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
19:28:17.0866 3652 SiSRaid4 - ok
19:28:17.0997 3652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
19:28:18.0135 3652 Smb - ok
19:28:18.0310 3652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
19:28:18.0405 3652 SNMPTRAP - ok
19:28:18.0476 3652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
19:28:18.0529 3652 spldr - ok
19:28:18.0952 3652 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
19:28:19.0082 3652 Spooler - ok
19:28:22.0298 3652 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
19:28:22.0718 3652 sppsvc - ok
19:28:23.0843 3652 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
19:28:24.0157 3652 sppuinotify - ok
19:28:24.0251 3652 Spsmqvsm - ok
19:28:24.0555 3652 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
19:28:24.0766 3652 srv - ok
19:28:25.0068 3652 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
19:28:25.0193 3652 srv2 - ok
19:28:25.0248 3652 SRVLOC - ok
19:28:25.0491 3652 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
19:28:25.0605 3652 srvnet - ok
19:28:25.0799 3652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
19:28:25.0992 3652 SSDPSRV - ok
19:28:26.0115 3652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
19:28:26.0408 3652 SstpSvc - ok
19:28:26.0479 3652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
19:28:26.0527 3652 stexstor - ok
19:28:26.0643 3652 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
19:28:26.0964 3652 StiSvc - ok
19:28:27.0116 3652 sursayra (e6d35f3aa51a65eb35c1f2340154a25e) C:\windows\system32\drivers\jxgc.sys
19:28:27.0176 3652 sursayra ( UnsignedFile.Multi.Generic ) - warning
19:28:27.0177 3652 sursayra - detected UnsignedFile.Multi.Generic (1)
19:28:27.0272 3652 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
19:28:27.0321 3652 swenum - ok
19:28:27.0421 3652 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
19:28:27.0688 3652 swprv - ok
19:28:27.0807 3652 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
19:28:27.0870 3652 SynTP - ok
19:28:28.0303 3652 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
19:28:28.0463 3652 SysMain - ok
19:28:28.0515 3652 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
19:28:28.0624 3652 TabletInputService - ok
19:28:28.0696 3652 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
19:28:28.0863 3652 TapiSrv - ok
19:28:28.0912 3652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
19:28:29.0056 3652 TBS - ok
19:28:29.0255 3652 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
19:28:29.0404 3652 Tcpip - ok
19:28:29.0445 3652 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
19:28:29.0560 3652 TCPIP6 - ok
19:28:29.0615 3652 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
19:28:29.0755 3652 tcpipreg - ok
19:28:29.0809 3652 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
19:28:29.0877 3652 TDPIPE - ok
19:28:29.0935 3652 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
19:28:29.0987 3652 TDTCP - ok
19:28:30.0031 3652 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
19:28:30.0142 3652 tdx - ok
19:28:30.0344 3652 TeamViewer5 (2a96c8fa665c02e6ad596c321b583112) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
19:28:30.0404 3652 TeamViewer5 - ok
19:28:30.0563 3652 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
19:28:30.0613 3652 TermDD - ok
19:28:30.0735 3652 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
19:28:30.0964 3652 TermService - ok
19:28:31.0018 3652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
19:28:31.0116 3652 Themes - ok
19:28:31.0184 3652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:28:31.0306 3652 THREADORDER - ok
19:28:31.0344 3652 tpsrv - ok
19:28:31.0416 3652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
19:28:31.0573 3652 TrkWks - ok
19:28:31.0652 3652 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
19:28:31.0739 3652 TrustedInstaller - ok
19:28:31.0875 3652 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
19:28:32.0034 3652 tssecsrv - ok
19:28:32.0119 3652 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
19:28:32.0249 3652 tunnel - ok
19:28:32.0340 3652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
19:28:32.0390 3652 uagp35 - ok
19:28:32.0467 3652 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
19:28:32.0609 3652 udfs - ok
19:28:32.0700 3652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
19:28:32.0809 3652 UI0Detect - ok
19:28:32.0929 3652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
19:28:32.0985 3652 uliagpkx - ok
19:28:33.0027 3652 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
19:28:33.0094 3652 umbus - ok
19:28:33.0142 3652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
19:28:33.0195 3652 UmPass - ok
19:28:33.0401 3652 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
19:28:33.0583 3652 upnphost - ok
19:28:33.0651 3652 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\windows\system32\Drivers\usbaapl.sys
19:28:33.0757 3652 USBAAPL - ok
19:28:33.0815 3652 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
19:28:33.0920 3652 usbccgp - ok
19:28:34.0026 3652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
19:28:34.0098 3652 usbcir - ok
19:28:34.0189 3652 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys
19:28:34.0255 3652 usbehci - ok
19:28:34.0378 3652 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
19:28:34.0495 3652 usbhub - ok
19:28:34.0571 3652 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
19:28:34.0638 3652 usbohci - ok
19:28:34.0713 3652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
19:28:34.0793 3652 usbprint - ok
19:28:34.0943 3652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
19:28:35.0033 3652 usbscan - ok
19:28:35.0223 3652 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:28:35.0348 3652 USBSTOR - ok
19:28:35.0453 3652 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
19:28:35.0522 3652 usbuhci - ok
19:28:35.0799 3652 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
19:28:35.0912 3652 usbvideo - ok
19:28:35.0989 3652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
19:28:36.0063 3652 usb_rndisx - ok
19:28:36.0176 3652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
19:28:36.0334 3652 UxSms - ok
19:28:36.0402 3652 vaiomediaplatform-photoserver-appserver - ok
19:28:36.0470 3652 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
19:28:36.0544 3652 VaultSvc - ok
19:28:36.0611 3652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
19:28:36.0658 3652 vdrvroot - ok
19:28:37.0350 3652 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
19:28:37.0460 3652 vds - ok
19:28:37.0527 3652 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
19:28:37.0615 3652 vga - ok
19:28:37.0680 3652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
19:28:37.0805 3652 VgaSave - ok
19:28:37.0924 3652 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
19:28:38.0009 3652 vhdmp - ok
19:28:38.0069 3652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
19:28:38.0155 3652 viaagp - ok
19:28:38.0202 3652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
19:28:38.0269 3652 ViaC7 - ok
19:28:38.0319 3652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
19:28:38.0369 3652 viaide - ok
19:28:38.0464 3652 videoacceleratorengine - ok
19:28:38.0549 3652 vnxservice - ok
19:28:38.0705 3652 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
19:28:38.0774 3652 volmgr - ok
19:28:39.0041 3652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
19:28:39.0123 3652 volmgrx - ok
19:28:39.0370 3652 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
19:28:39.0438 3652 volsnap - ok
19:28:39.0617 3652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
19:28:39.0684 3652 vsmraid - ok
19:28:40.0236 3652 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
19:28:40.0424 3652 VSS - ok
19:28:40.0472 3652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
19:28:40.0557 3652 vwifibus - ok
19:28:40.0663 3652 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
19:28:40.0743 3652 vwififlt - ok
19:28:40.0822 3652 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
19:28:40.0916 3652 vwifimp - ok
19:28:41.0099 3652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
19:28:41.0266 3652 W32Time - ok
19:28:41.0353 3652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
19:28:41.0443 3652 WacomPen - ok
19:28:41.0495 3652 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
19:28:41.0639 3652 WANARP - ok
19:28:41.0687 3652 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
19:28:41.0800 3652 Wanarpv6 - ok
19:28:42.0133 3652 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
19:28:42.0320 3652 wbengine - ok
19:28:42.0405 3652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
19:28:42.0510 3652 WbioSrvc - ok
19:28:42.0806 3652 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll
19:28:42.0892 3652 WcesComm - ok
19:28:43.0070 3652 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
19:28:43.0230 3652 wcncsvc - ok
19:28:43.0288 3652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
19:28:43.0428 3652 WcsPlugInService - ok
19:28:43.0565 3652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
19:28:43.0615 3652 Wd - ok
19:28:43.0744 3652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
19:28:43.0835 3652 Wdf01000 - ok
19:28:44.0058 3652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:28:44.0162 3652 WdiServiceHost - ok
19:28:44.0186 3652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:28:44.0262 3652 WdiSystemHost - ok
19:28:44.0353 3652 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
19:28:44.0470 3652 WebClient - ok
19:28:44.0599 3652 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
19:28:44.0743 3652 Wecsvc - ok
19:28:44.0788 3652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
19:28:44.0927 3652 wercplsupport - ok
19:28:44.0995 3652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
19:28:45.0141 3652 WerSvc - ok
19:28:45.0229 3652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
19:28:45.0365 3652 WfpLwf - ok
19:28:45.0412 3652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
19:28:45.0461 3652 WIMMount - ok
19:28:45.0504 3652 WinHttpAutoProxySvc - ok
19:28:45.0613 3652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
19:28:45.0775 3652 Winmgmt - ok
19:28:46.0363 3652 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
19:28:46.0686 3652 WinRM - ok
19:28:46.0867 3652 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
19:28:46.0938 3652 WinUsb - ok
19:28:47.0163 3652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
19:28:47.0324 3652 Wlansvc - ok
19:28:48.0255 3652 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:48.0446 3652 wlidsvc - ok
19:28:48.0689 3652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
19:28:48.0771 3652 WmiAcpi - ok
19:28:48.0944 3652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
19:28:49.0036 3652 wmiApSrv - ok
19:28:50.0130 3652 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:28:50.0447 3652 WMPNetworkSvc - ok
19:28:50.0484 3652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
19:28:50.0633 3652 WPCSvc - ok
19:28:50.0719 3652 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
19:28:50.0903 3652 WPDBusEnum - ok
19:28:51.0024 3652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
19:28:51.0153 3652 ws2ifsl - ok
19:28:51.0190 3652 WSearch - ok
19:28:52.0333 3652 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
19:28:52.0632 3652 wuauserv - ok
19:28:52.0945 3652 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
19:28:53.0075 3652 WudfPf - ok
19:28:53.0148 3652 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
19:28:53.0328 3652 WUDFRd - ok
19:28:53.0381 3652 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
19:28:53.0553 3652 wudfsvc - ok
19:28:53.0667 3652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
19:28:53.0788 3652 WwanSvc - ok
19:28:53.0966 3652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:28:55.0071 3652 \Device\Harddisk0\DR0 - ok
19:28:55.0112 3652 Boot (0x1200) (63216fc123dfb3a96ab997153c169ae1) \Device\Harddisk0\DR0\Partition0
19:28:55.0116 3652 \Device\Harddisk0\DR0\Partition0 - ok
19:28:55.0168 3652 Boot (0x1200) (216285b664e1e91b5f69990f91c2ba61) \Device\Harddisk0\DR0\Partition1
19:28:55.0174 3652 \Device\Harddisk0\DR0\Partition1 - ok
19:28:55.0176 3652 ============================================================
19:28:55.0176 3652 Scan finished
19:28:55.0176 3652 ============================================================
19:28:55.0664 6800 Detected object count: 3
19:28:55.0664 6800 Actual detected object count: 3
19:36:52.0173 6800 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:52.0180 6800 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:52.0226 6800 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:52.0227 6800 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:52.0236 6800 sursayra ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:52.0237 6800 sursayra ( UnsignedFile.Multi.Generic ) - User select action: Skip

[cordelia]

Here's attach.txt. Sorry for the multiple posts.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 06/12/2009 2:01:09 PM
System Uptime: 01/05/2012 7:58:16 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | PBGA 437 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 18.867 GiB free.
D: is FIXED (NTFS) - 123 GiB total, 90.42 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6 MUI
aioprnt
aioscnnr
Alice Greenfingers
AMCap
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate for Eee PC
AsusVibe2.0
AsusVibeCheckUpdate
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Antivirus
Bass Audio Decoder (remove only)
Bing Bar
Bonjour
Bullzip PDF Printer 8.2.0.1394
CD Audio Reader Filter (remove only)
center
Chicken Invaders 2
Citrix online plug-in
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (PNA)
Citrix online plug-in (SSON)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Citrix Web Client
Compatibility Pack for the 2007 Office system
D3DX10
DCoder Image Source (remove only)
DirectVobSub (remove only)
Dream Day Wedding Married in Manhattan
DScaler 5 Mpeg Decoders
E-Cam
Eee Docking 2.4.0
EeeSplendid
essentials
ffdshow v1.1.3966 [2011-08-09]
FFMPEG Core Files (remove only)
FontResizer
Gabest MPEG Splitter (remove only)
GamePark Console
Google Chrome
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
HiJackThis
Hotkey Service
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
Last.fm 1.5.4.27091
LAV Filters (remove only)
LocaleMe
Malwarebytes Anti-Malware version 1.61.0.1400
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office Language Pack 2007 - Dutch/Nederlands
Microsoft Office Language Pack 2007 - French/Français
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Office Language Pack 2007 - Italian/Italiano
Microsoft Office Live Add-in 1.3
Microsoft Office O MUI (Dutch) 2007
Microsoft Office O MUI (French) 2007
Microsoft Office O MUI (German) 2007
Microsoft Office O MUI (Italian) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Dutch) 2007
Microsoft Office SharePoint Designer MUI (French) 2007
Microsoft Office SharePoint Designer MUI (German) 2007
Microsoft Office SharePoint Designer MUI (Italian) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Office X MUI (Dutch) 2007
Microsoft Office X MUI (French) 2007
Microsoft Office X MUI (German) 2007
Microsoft Office X MUI (Italian) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
MSVCRT
Oceanis Change Background Windows 7
ocr
OpenOffice.org 3.3
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Opera 11.60
PiccoloTaxi
Piggly
PreReq
QuickTime
Ralink RT2860 Wireless LAN Card
RealMedia (remove only)
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit

Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit

Edition
Skype web features
Skype™ 5.5
Smileyville
Super Hybrid Engine
Synaptics Pointing Device Driver
TeamViewer 5
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR 4.01 (32-bit)
Xfp Ver_2.0.13 - TDK_2.0.17
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
30/04/2012 9:57:03 PM, Error: Service Control Manager [7023] - The Sfusvc

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 9:44:43 PM, Error: Service Control Manager [7023] - The Symredrv

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 9:12:05 PM, Error: Service Control Manager [7023] - The

AlteraByteBlaster service terminated with the following error: The

specified procedure could not be found.
30/04/2012 9:00:06 PM, Error: Service Control Manager [7023] - The

Lktimesync service terminated with the following error: The specified

procedure could not be found.
30/04/2012 8:42:05 PM, Error: Service Control Manager [7023] - The PID_08A0

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 8:27:01 PM, Error: Service Control Manager [7023] - The DELTA

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 8:11:57 PM, Error: Service Control Manager [7023] - The GcKernel

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 8:11:01 PM, Error: Service Control Manager [7023] - The Atiavpci

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 7:57:30 PM, Error: Service Control Manager [7023] - The

Fa_scheduler service terminated with the following error: The specified

procedure could not be found.
30/04/2012 7:49:42 PM, Error: Service Control Manager [7023] - The GBDevice

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 11:57:04 PM, Error: Service Control Manager [7023] - The Msmpsvc

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 11:42:37 PM, Error: Service Control Manager [7023] - The Fsaua

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 11:27:01 PM, Error: Service Control Manager [7023] - The ASUSVRC

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 11:12:02 PM, Error: Service Control Manager [7023] - The

Iksysflt service terminated with the following error: The specified

procedure could not be found.
30/04/2012 10:57:01 PM, Error: Service Control Manager [7023] - The Z800bus

service terminated with the following error: The specified procedure could

not be found.
30/04/2012 10:41:59 PM, Error: Service Control Manager [7023] - The

TMBMServer service terminated with the following error: The specified

procedure could not be found.
30/04/2012 10:27:21 PM, Error: Service Control Manager [7023] - The

Elbycdio service terminated with the following error: The specified

procedure could not be found.
30/04/2012 10:12:00 PM, Error: Service Control Manager [7023] - The

Lmimaint service terminated with the following error: The specified

procedure could not be found.
01/05/2012 9:34:58 AM, Error: Service Control Manager [7023] - The

WMIService service terminated with the following error: The specified

procedure could not be found.
01/05/2012 9:20:20 AM, Error: Service Control Manager [7023] - The

Mcafeeframework service terminated with the following error: The specified

procedure could not be found.
01/05/2012 9:04:57 AM, Error: Service Control Manager [7023] - The RadProbe

service terminated with the following error: The specified procedure could

not be found.
01/05/2012 9:03:38 AM, Error: Service Control Manager [7023] - The Mssql

$sony_mediamgr service terminated with the following error: The specified

procedure could not be found.
01/05/2012 8:58:56 PM, Error: Microsoft-Windows-DNS-Client [1012] - There

was an error while attempting to read the local hosts file.
01/05/2012 8:53:26 PM, Error: Service Control Manager [7023] - The

Smartscaps service terminated with the following error: The specified

procedure could not be found.
01/05/2012 8:39:01 PM, Error: Service Control Manager [7023] - The W39n51

service terminated with the following error: The specified procedure could

not be found.
01/05/2012 8:23:44 PM, Error: Service Control Manager [7023] - The

Patrolagent service terminated with the following error: The specified

procedure could not be found.
01/05/2012 8:16:21 PM, Error: Service Control Manager [7034] - The iPod

Service service terminated unexpectedly. It has done this 1 time(s).
01/05/2012 8:08:48 PM, Error: Service Control Manager [7023] - The

Maya70docserver service terminated with the following error: The specified

procedure could not be found.
01/05/2012 8:07:56 PM, Error: Service Control Manager [7023] - The Lpds

service terminated with the following error: The specified procedure could

not be found.
01/05/2012 7:59:12 PM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: cdrom luafv
01/05/2012 7:59:09 PM, Error: Service Control Manager [7023] - The Ser2plms

service terminated with the following error: The system cannot find the

file specified.
01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The Nvgts

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The Fsaua

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The

Fa_scheduler service terminated with the following error: The specified

module could not be found.
01/05/2012 7:59:07 PM, Error: Service Control Manager [7023] - The DELTA

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The SED133x

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The Pdlndsdl

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The Msmpsvc

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The

Mcafeeframework service terminated with the following error: The specified

module could not be found.
01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The

Lxrsge10s service terminated with the following error: The specified module

could not be found.
01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The

Lktimesync service terminated with the following error: The specified

module could not be found.
01/05/2012 7:59:06 PM, Error: Service Control Manager [7023] - The GBDevice

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The

WMIService service terminated with the following error: The specified

module could not be found.
01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The

Videoacceleratorengine service terminated with the following error: The

specified module could not be found.
01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The

Trlokom_rmhsvc service terminated with the following error: The system

cannot find the file specified.
01/05/2012 7:59:05 PM, Error: Service Control Manager [7023] - The Lmimaint

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:05 PM, Error: Service Control Manager [7003] - The IPsec

Policy Agent service depends the following service: BFE. This service might

not be installed.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Z800bus

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

Wmp54gssvc service terminated with the following error: The specified

module could not be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

TMBMServer service terminated with the following error: The specified

module could not be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Symredrv

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The PID_08A0

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

Oracleorahome92tnslistener service terminated with the following error: The

system cannot find the file specified.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Iksysflt

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The GcKernel

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Elbycdio

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The Atiavpci

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7023] - The

AlteraByteBlaster service terminated with the following error: The

specified module could not be found.
01/05/2012 7:59:04 PM, Error: Service Control Manager [7003] - The IKE and

AuthIP IPsec Keying Modules service depends the following service: BFE. This

service might not be installed.
01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The Sntnlusb

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The RadProbe

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The Computer

Browser service terminated with the following error: The specified service

does not exist as an installed service.
01/05/2012 7:59:03 PM, Error: Service Control Manager [7023] - The

BootScreen service terminated with the following error: The system cannot

find the file specified.
01/05/2012 7:59:02 PM, Error: Service Control Manager [7023] - The Maplom

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The Sfusvc

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The Mssql

$sony_mediamgr service terminated with the following error: The specified

module could not be found.
01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The Jukebox3

service terminated with the following error: The system cannot find the

file specified.
01/05/2012 7:58:59 PM, Error: Service Control Manager [7023] - The ASUSVRC

service terminated with the following error: The specified module could not

be found.
01/05/2012 7:54:24 PM, Error: Service Control Manager [7023] - The

Lxrsge10s service terminated with the following error: The specified

procedure could not be found.
01/05/2012 7:40:01 PM, Error: Service Control Manager [7023] - The Pdlndsdl

service terminated with the following error: The specified procedure could

not be found.
01/05/2012 7:23:51 PM, Error: Service Control Manager [7023] - The SED133x

service terminated with the following error: The specified procedure could

not be found.
01/05/2012 7:23:04 PM, Error: Service Control Manager [7011] - A timeout

(30000 milliseconds) was reached while waiting for a transaction response

from the FDResPub service.
01/05/2012 7:22:26 PM, Error: Service Control Manager [7023] - The Maplom

service terminated with the following error: The specified procedure could

not be found.
01/05/2012 7:22:10 PM, Error: Server [2505] - The server could not bind to

the transport \Device\NetBT_Tcpip_{30241194-5E19-4930-8815-E2BA8533BFFD}

because another computer on the network has the same name. The server could

not start.
01/05/2012 6:00:18 AM, Error: Service Control Manager [7011] - A timeout

(30000 milliseconds) was reached while waiting for a transaction response

from the Netman service.
01/05/2012 3:53:03 PM, Error: Service Control Manager [7009] - A timeout

was reached (30000 milliseconds) while waiting for the Windows Error

Reporting Service service to connect.
01/05/2012 3:51:39 PM, Error: Service Control Manager [7011] - A timeout

(30000 milliseconds) was reached while waiting for a transaction response

from the Wlansvc service.
.
==== End Of File ===========================

[Maniac]

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[cordelia]

I ran ComboFix and it claimed to have found the ZeroAccess rootkit. Now computer is running quite a bit faster and despite MalwareBytes protection running again, I haven't noticed any rootkit warnings yet.

Here's my log:
ComboFix 12-05-03.03 - Sophia 03/05/2012 23:45:16.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.350 [GMT -7:00]
Running from: c:\users\Sophia\Desktop\ComboFix.exe
AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\JByNm7Ot.exe
c:\users\Jonas\AppData\Roaming\.#
c:\windows\$NtUninstallKB44522$\503164951\@
c:\windows\$NtUninstallKB44522$\503164951\cfg.ini
c:\windows\$NtUninstallKB44522$\503164951\Desktop.ini
c:\windows\$NtUninstallKB44522$\503164951\L\xadqgnnk
c:\windows\$NtUninstallKB44522$\503164951\oemid
c:\windows\$NtUninstallKB44522$\503164951\U\00000001.@
c:\windows\$NtUninstallKB44522$\503164951\U\00000002.@
c:\windows\$NtUninstallKB44522$\503164951\U\00000004.@
c:\windows\$NtUninstallKB44522$\503164951\U\80000000.@
c:\windows\$NtUninstallKB44522$\503164951\U\80000004.@
c:\windows\$NtUninstallKB44522$\503164951\U\80000032.@
c:\windows\$NtUninstallKB44522$\503164951\version
c:\windows\$NtUninstallKB44522$\880855060
c:\windows\system32\actser.dll
c:\windows\system32\amfilter.dll
c:\windows\system32\AR5523.dll
c:\windows\system32\artourservice.dll
c:\windows\system32\atinrvxx.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\DXEC02.dll
c:\windows\system32\ipnat.dll
c:\windows\system32\ipsecmon.dll
c:\windows\system32\modemcsa.dll
c:\windows\system32\nfmservice.dll
c:\windows\system32\nsm1bus.dll
c:\windows\system32\oracle_load_balancer_60_client-forms6i.dll
c:\windows\system32\pcradminserver.dll
c:\windows\system32\quickbooksdb.dll
c:\windows\system32\Slpsvdr.dll
c:\windows\system32\smserial.dll
c:\windows\system32\snoopfreesvc.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\usbio.dll
c:\windows\system32\vrmonsvc.dll
c:\windows\system32\zpnodecollector.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\$NtUninstallKB44522$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SaiMini
-------\Service_kpf4
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 07:10 . 2012-05-04 07:10 -------- d-----w- c:\users\Jonas\AppData\Local\temp
2012-05-04 07:10 . 2012-05-04 07:13 -------- d-----w- c:\users\Sophia\AppData\Local\temp
2012-05-04 07:10 . 2012-05-04 07:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 06:58 . 2012-05-04 06:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38BC171E-8AC5-4F99-8E67-A1C16FBA402C}\offreg.dll
2012-05-03 16:35 . 2012-05-03 16:35 -------- d-----w- c:\users\Sophia\Pavark
2012-05-03 16:33 . 2012-05-04 04:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-03 16:33 . 2012-05-03 16:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-01 06:32 . 2012-05-01 06:32 388096 ----a-r- c:\users\Sophia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-01 06:32 . 2012-05-01 06:32 -------- d-----w- c:\program files\Trend Micro
2012-04-30 06:37 . 2012-04-30 06:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 05:54 . 2012-04-30 05:54 -------- d-----w- c:\users\Sophia\AppData\Roaming\Malwarebytes
2012-04-30 05:53 . 2012-04-30 05:53 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 05:53 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 05:53 . 2012-04-30 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 04:19 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-30 04:19 . 2012-05-01 03:03 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-30 04:19 . 2012-04-30 06:25 -------- d-----w- c:\program files\PC Tools
2012-04-30 04:15 . 2012-05-01 02:55 -------- d-----w- c:\programdata\PC Tools
2012-04-30 04:15 . 2012-04-30 04:15 -------- d-----w- c:\users\Sophia\AppData\Roaming\TestApp
2012-04-30 03:49 . 2012-04-30 07:19 -------- d-----w- c:\program files\Common Files\Media
2012-04-30 03:49 . 2012-04-30 06:22 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE
2012-04-27 21:01 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38BC171E-8AC5-4F99-8E67-A1C16FBA402C}\mpengine.dll
2012-04-11 14:13 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 14:13 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 14:13 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 14:13 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 14:12 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 14:12 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 20:48 . 2012-04-06 20:48 -------- d-----w- c:\users\Sophia\AppData\Roaming\OpenOffice.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 06:37 . 2012-01-08 01:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 04:39 . 2010-05-16 23:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-03 00:00 . 2012-03-31 23:06 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-02-23 17:18 . 2009-12-07 00:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 07:30 . 2012-02-22 07:30 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 07:30 . 2012-02-22 07:30 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 07:30 . 2012-02-22 07:30 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 07:30 . 2012-02-22 07:30 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 07:30 . 2012-02-22 07:30 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 07:30 . 2012-02-22 07:30 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 07:30 . 2012-02-22 07:30 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 07:30 . 2012-02-22 07:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 07:30 . 2012-02-22 07:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 07:30 . 2012-02-22 07:30 367104 ----a-w- c:\windows\system32\html.iec
2012-02-22 07:30 . 2012-02-22 07:30 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 07:30 . 2012-02-22 07:30 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 07:30 . 2012-02-22 07:30 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 07:30 . 2012-02-22 07:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 07:30 . 2012-02-22 07:30 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 07:30 . 2012-02-22 07:30 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-22 07:30 . 2012-02-22 07:30 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-15 05:44 . 2012-03-13 21:56 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 21:56 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 21:56 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-13 21:58 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 21:58 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 21:58 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 21:58 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 21:58 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-08-17 402608]
"googletalk"="c:\users\Sophia\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]
"HotkeyService"="AsusSender.exe" [2009-08-18 27648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-10-26 74752]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 etswtnjg;etswtnjg;c:\windows\system32\drivers\etswtnjg.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 133104]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 133104]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]
R3 ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at.sys [2009-10-15 80896]
S1 aswSP;avast! Self Protection; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-09 65584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-20 394672]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
vnxservice
ESDCR
rootmodem
pinnacleupdatesvc
usbbus
SWUMX20
InCDsrvR
wandrv
sweepsrv.sys
EPOWER
ROCKEYNT
se44bus
PDExchange
tunmp
oracleorahomepagingserver
tbhsd
UWProSys
oracleorahomemanagementserver
vwkernel
avgarcln
SRVLOC
MRV6X32P
ssm_mdm
fallback
cpsvc
NsTrcNT
dlcj_device
USBMN1X1
asmagent
KMW_KBD
JavaQuickStarterService
es1371
s716unic
pgpsdkservice
iviaspi
pdcomp
fasttraksvc
ds1
rtl8185
oracleservicesecinst
nHancer
tpsrv
LMouFilt
mclogmanagerservice
itmrtsvc
bthidmgr
qbposdbservices
mr2kserv
lusbaudio
vaiomediaplatform-photoserver-appserver
arkbcfltr
nvsmu
NIPALK
si3114r
nvstor32
websenserealtimeanalyzer
winproxy
JL2005C
ftrtsvc
agrsrvce
bobo
clipsrv
MaVctrl
tng-doba
cypresslink
lanusb
WaveEnrollmentService
PGPsdkDriver
USB28xxOEM
win32sl
a016bus
stllssvr
SaiNtSub
bgs_sdservice
compaq_rba
noipducservice
ipsecmon
ibmfilter
pdiddcci
retinaengine
WaveFDE
NVTCP
sysmgmthp
pnarp
dpti2o
ProcObsrv
GT890x
sscdmdm
IOSLINK
USBDeviceService
DevUpper
s716obex
flashcom
cmuda
MKEMUSB
umpusbxp
AGV
digictrl
Epfwndis
pacsptisvr
nvrd32
stirusb
WIBUKEY
vmodem
vc8secs
netcfgsvr
CE3
clientservice
W700mgmt
s716nd5
srtspx
nuvaud2
mqdmbus
procexp90
AlteraByteBlaster
wencrservice
wanatw
asuskeyboardservice
OneCareMP
AX88772
viaagp1
nmap
lvhidsvc
TICalc
smstsmgr
persfw
SecureStorageService
SrvcEKIOMngr
hpci
oraclesnmppeerencapsulator
tfsnpool
SGIR
surveyor
tos_sps32
dbmanagerscheduler
KLOGNT
tme3srv
beatjamupnpmusicserver
szkg
SeratoUsb
CVPNDRVA
Spsmqvsm
s116obex
arrayssl_vpn_service3,0,1,9
hcf_msft
msfwsvc
avg7updsvc
klif
se58unic
videoacceleratorengine
macformatservice
transcode360
rpcnet
bc_tdi_f
adiloader
WDM_YAMAHAAC97
kraidsvc
sr
netdevio
cccredmgr
LHidKe
rismxdp
ipahelper.exe
wpsdrvnt
winpppoverethernet
NOWMEMDF
acedrv05
prism_a02
btkrnl
w200mgmt
UMAXPCLS
symndis
DynDNS_Updater_Service
mysql
REVOSENS
sshrmd
nalntservice
nimcdfxk
RTSTOR
AKSIFDH
ctsfm2k
webrootcommagentservice
arcltsrv
harmony
mapserver6.3
cdvp
nscirda
bhmonitorservice
iwebcal
lxdm_device
ftsata2
gv3
ntlmssp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 06:37]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 01:02]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,
26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}"=hex:51,66,7a,6c,4c,1d,38,12,47,fc,92,
d7,c9,32,20,08,c6,3c,87,ad,d9,37,22,00
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,db,ec,c7,87,26,cd,01
.
[HKEY_USERS\S-1-5-21-525104032-3259978678-3439254954-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-525104032-3259978678-3439254954-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5356)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Citrix\ICA Client\WFCRUN32.EXE
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\Citrix\ICA Client\PNAMAIN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\AsusSender.exe
c:\windows\system32\AsusSender.exe
c:\windows\system32\AsusSender.exe
c:\windows\system32\AsusSender.exe
.
**************************************************************************
.
Completion time: 2012-05-04 00:25:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 07:25
.
Pre-Run: 24,468,480,000 bytes free
Post-Run: 23,787,503,616 bytes free
.
- - End Of File - - ADBCEFF9FF8607308FA30BBEA94F67DB

Thank you!

[Maniac]

We have still some work to do.


Step 1

Open notepad and copy and paste next present in the quotebox below in it (don't forget to copy and paste REGEDIT4):

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
  76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
  65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
  00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
  62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
  49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
  57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
  6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
  61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
  52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
  75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
  63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
  68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
  56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
  73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
  6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
  57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Finally, reboot your PC.


Step 2

Delete your TDSSKiller copy and download a new fresh one. Re-run it and follow the instructions above again. Post the log file in your next reply.

[cordelia]

I ran the registry edit (pasted correctly, including REGEDIT4) and it definitely did not go well...I rebooting my computer and all the icons on the taskbar were blank, my wireless internet didn't work and all my files on both the Desktop and My Documents were completely gone. I needed my computer today so I decided to go ahead and run system restore. I had a restore point (after running ComboFix and everything) so it was no big deal, but I'm not sure what my plan of action should be now.

[Maniac]

Check again Backdoor Warning in my first post.
http://forums.malwar...ndpost&p=547778

Anything is possible to happen, so that I warned you. I recommend you reinstall.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!