Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

afdll[space].exe Disappears and Reappers


  • Please log in to reply
11 replies to this topic

#1 the_awesome_waffle

the_awesome_waffle

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 03 May 2012 - 04:23 PM

Two days ago, I must admit I was being an idiot. I found the site skyrim-online.com and downloaded their RAR file. I went to an online (trusted) RAR to ZIP converter, and converted it. I extracted the program and ran the RUN-ME-FIRST.exe . This released a couple viruses that my NIS easily took care of. I was a little startled and immediately deleted these files. I ran a full system scan in NIS just to check, with no problems. Then I received one of those little "high memory usage reminders" by Norton, by a task called afdll .exe (yes a space before .exe). I open taskmanager and see the program, that keeps disappearing and reappearing in the task list. I look at the properties and see it is located in my %appdata%/local/temp, and copied itself to my startup folder. I go to appdata and it is not there. I wait and refresh several times, but the exe is a no-show (I have show hidden files and folders enabled BTW). Worried now, I created a quick batch file:
:1
taskkill /F /IM "afdll .exe"
goto :1
I have been keeping that open at all times until I find a fix to get rid of these. I also have an image of the task's properties tab:
Posted Image
Posted Image

Please help me get rid of this! Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:10 AM

Posted 03 May 2012 - 07:16 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 the_awesome_waffle

the_awesome_waffle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 04 May 2012 - 04:57 PM

Thank you very very much Broni. Here are the logs from the programs:

Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````

FSS:
Farbar Service Scanner Version: 30-04-2012 01
Ran by Bradmaster (administrator) on 03-05-2012 at 19:56:13
Running from "C:\Users\Bradmaster\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Bradmaster (administrator) on 03-05-2012 at 19:57:41
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B95 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="ethernet_9" nexthop=5.0.0.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.1.1 publish=Yes
set interface interface="ethernet_9" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Wireless Network Connection" address=192.168.1.100 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Brad_PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 5A-59-F9-89-93-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
Physical Address. . . . . . . . . : 38-59-F9-89-93-4E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8df:4199:9f74:e367%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 423123449
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E5-E4-73-E8-9A-8F-B3-2F-8C
DNS Servers . . . . . . . . . . . : 74.211.94.70
74.211.15.210
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : NB4WDS.COM
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : E8-9A-8F-B3-2F-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{617FC7C0-93DC-4A0E-B997-F8DD85D59376}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.NB4WDS.COM:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3EBBB0FA-DD09-4BB2-96D5-C8913417A253}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:cf0:3b97:b52c:a1b9(Preferred)
Link-local IPv6 Address . . . . . : fe80::cf0:3b97:b52c:a1b9%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 74.211.94.70

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging google.com [74.125.224.195] with 32 bytes of data:
Reply from 74.125.224.195: bytes=32 time=24ms TTL=55
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 74.211.94.70

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=41ms TTL=54
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 74.211.94.70

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
===========================================================================
Interface List
15...5a 59 f9 89 93 4e ......Microsoft Virtual WiFi Miniport Adapter
13...38 59 f9 89 93 4e ......Atheros AR5B95 Wireless Network Adapter
11...e8 9a 8f b3 2f 8c ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 281
192.168.1.100 255.255.255.255 On-link 192.168.1.100 281
192.168.1.255 255.255.255.255 On-link 192.168.1.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:cf0:3b97:b52c:a1b9/128
On-link
13 281 fe80::/64 On-link
14 306 fe80::/64 On-link
13 281 fe80::8df:4199:9f74:e367/128
On-link
14 306 fe80::cf0:3b97:b52c:a1b9/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/03/2012 07:58:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0x1754
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:58:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0x3fc
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:58:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0x1438
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:57:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0x210
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:57:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0x1378
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:57:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0xda4
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:57:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0xd20
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:57:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0xe78
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:55:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0x10bc
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3

Error: (05/03/2012 07:54:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: afdll .exe, version: 1.0.0.0, time stamp: 0x4f8eeaf3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7314e2d4
Faulting process id: 0x10ac
Faulting application start time: 0xafdll .exe0
Faulting application path: afdll .exe1
Faulting module path: afdll .exe2
Report Id: afdll .exe3


System errors:
=============
Error: (05/03/2012 02:19:18 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (05/02/2012 07:07:06 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (05/02/2012 02:50:38 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (05/01/2012 02:41:20 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (04/30/2012 08:33:49 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (04/30/2012 02:37:42 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (04/29/2012 03:06:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (04/29/2012 03:06:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (04/29/2012 11:10:53 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (04/28/2012 07:28:26 PM) (Source: Microsoft-Windows-Kernel-General) (User: SYSTEM)
Description: 0x8000002a45\??\C:\System Volume Information\Syscache.hve


Microsoft Office Sessions:
=========================
Error: (05/03/2012 07:58:58 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4b7001cd299977c981a0C:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknownb5c6fb4a-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:58:56 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4177c01cd299976c3aa42C:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknownb4bc612b-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:58:54 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4117c01cd2999759098bfC:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknownb38e1268-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:58:16 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4175401cd29995edeaedfC:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknown9cf1bbfb-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:58:08 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d43fc01cd299959f8129eC:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknown97ee6826-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:58:06 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4143801cd299958fe2221C:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknown96eaf229-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:57:19 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d421001cd29993ca70082C:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknown7ae6949b-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:57:19 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4137801cd29993ca961e2C:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknown7ae61f6a-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:57:14 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4da401cd299939d0fcceC:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknown77d59a99-958c-11e1-bd74-e89a8fb32f8c

Error: (05/03/2012 07:57:12 PM) (Source: Application Error)(User: )
Description: afdll .exe1.0.0.04f8eeaf3unknown0.0.0.000000000c00000fd7314e2d4d2001cd2999382b9f78C:\Users\Bradmaster\AppData\Local\Temp\afdll .exeunknown764b48d0-958c-11e1-bd74-e89a8fb32f8c


=========================== Installed Programs ============================

Acer Backup Manager (Version: 3.0.0.99)
Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0517.2011)
Acer Updater (Version: 1.02.3500)
Adobe AIR (Version: 2.7.0.19480)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Alcor Micro USB Card Reader (Version: 1.2.42.68439)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.2.43)
Backup Manager V3 (Version: 3.0.0.99)
Bonjour (Version: 3.0.0.10)
BrickForce 1.4.40 (Version: 1.4.40)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.1720.00)
clear.fi (Version: 9.0.7709)
clear.fi Client (Version: 1.00.3500)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (Version: 1.2.52)
Fraps (remove only)
Free M4a to MP3 Converter 7.0
Free Screen Recorder v2.9 (Version: 2.9)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Garmin Communicator Plugin (Version: 4.0.1)
Garmin Communicator Plugin x64 (Version: 4.0.1)
Garmin USB Drivers (Version: 2.3.0.0)
Google Chrome (Version: 18.0.1025.168)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.11752)
Google Talk Plugin (Version: 2.8.7.6830)
Google Update Helper (Version: 1.3.21.111)
Identity Card (Version: 1.00.3501)
iExplorer 2.2.1.3
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2342)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 26 (64-bit) (Version: 6.0.260)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 (64-bit) (Version: 7.0.0)
Java™ 7 Update 3 (64-bit) (Version: 7.0.30)
Java™ SE Development Kit 6 Update 26 (64-bit) (Version: 1.6.0.260)
Java™ SE Development Kit 7 Update 3 (64-bit) (Version: 1.7.0.30)
JavaFX 2.0.3 (64-bit) (Version: 2.0.3)
JavaFX 2.0.3 SDK (64-bit) (Version: 2.0.3)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
MCSkin3D version 1.3 (Version: 1.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Minecraft PC Gamer Demo version 1.5 (Version: 1.5)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MyWinLocker (Version: 4.0.14.25)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
NOOK for PC (Version: 2.5.4.7070)
Norton Internet Security (Version: 19.7.0.9)
Norton Online Backup (Version: 2.1.17869)
Notepad++ (Version: 6.0)
NTI Media Maker 9 (Version: 9.0.2.8942)
Paint.NET v3.5.10 (Version: 3.60.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.6374)
Shredder (Version: 2.0.8.9)
Skype™ 5.8 (Version: 5.8.158)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
Techne (Version: 1.3.0.15)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VideoPad Video Editor
WavePad Sound Editor
Welcome Center (Version: 1.02.3503)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Wizard101 (Version: 1.0.0)
YouTube Downloader 3.5

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 1899.86 MB
Available physical RAM: 797.48 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 2148.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.3 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:343.03 GB) NTFS

========================= Users: ========================================

User accounts for \\BRAD_PC

Administrator Bradmaster Guest


**** End of log ****

MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bradmaster :: BRAD_PC [administrator]

Protection: Enabled

5/3/2012 8:01:46 PM
mbam-log-2012-05-03 (20-01-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222635
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Bradmaster\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)
[/spoiler]

aswMBR:
[spoiler]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 14:38:44
-----------------------------
14:38:44.585 OS Version: Windows x64 6.1.7601 Service Pack 1
14:38:44.585 Number of processors: 2 586 0x2A07
14:38:44.585 ComputerName: BRAD_PC UserName:
14:38:49.032 Initialize success
14:38:59.030 AVAST engine defs: 12050301
14:39:00.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:39:00.809 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
14:39:00.847 Disk 0 MBR read successfully
14:39:00.851 Disk 0 MBR scan
14:39:00.857 Disk 0 Windows 7 default MBR code
14:39:00.870 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
14:39:00.892 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
14:39:00.907 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461478 MB offset 31664128
14:39:00.956 Disk 0 scanning C:\Windows\system32\drivers
14:39:13.789 Service scanning
14:40:22.687 Modules scanning
14:40:22.705 Disk 0 trace - called modules:
14:40:22.729 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
14:40:23.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005895380]
14:40:23.128 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003a80050]
14:40:27.241 AVAST engine scan C:\Windows
14:40:34.893 AVAST engine scan C:\Windows\system32
14:48:33.762 AVAST engine scan C:\Windows\system32\drivers
14:49:11.019 AVAST engine scan C:\Users\Bradmaster
14:54:04.016 File: C:\Users\Bradmaster\AppData\Local\Temp\afdll .exe **INFECTED** Win32:Malware-gen
14:54:04.169 File: C:\Users\Bradmaster\AppData\Local\Temp\afdll.exe **INFECTED** Win32:Malware-gen
14:57:37.204 File: C:\Users\Bradmaster\Desktop\Minecraft Stuff\Creatron\creatron\upnp.exe **INFECTED** Win32:Malware-gen
15:18:58.485 File: C:\Users\Bradmaster\Dropbox\Minecraft Stuff\Creatron\creatron\upnp.exe **INFECTED** Win32:Malware-gen
15:38:50.508 AVAST engine scan C:\ProgramData
15:42:53.883 Scan finished successfully
15:46:42.198 Disk 0 MBR has been saved successfully to "C:\Users\Bradmaster\Desktop\logs\MBR.dat"
15:46:42.464 The log file has been saved successfully to "C:\Users\Bradmaster\Desktop\logs\aswMBR.txt"

Edited by the_awesome_waffle, 04 May 2012 - 05:54 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:10 AM

Posted 04 May 2012 - 05:40 PM

Please repost all logs without spoilers.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 the_awesome_waffle

the_awesome_waffle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 04 May 2012 - 05:54 PM

I edited the post without spoilers.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:10 AM

Posted 04 May 2012 - 05:59 PM

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

====================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 the_awesome_waffle

the_awesome_waffle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 04 May 2012 - 07:53 PM

Bootkit Remover:

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c6500000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...


GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-04 18:44:59
Windows 6.1.7601 Service Pack 1
Running: trd5jfsg.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Bradmaster\AppData\Local\CrashDumps\afdll .exe(1).2392.dmp 1612788 bytes
File C:\Users\Bradmaster\AppData\Local\CrashDumps\afdll .exe.2364.dmp 0 bytes
File C:\Users\Bradmaster\AppData\Local\CrashDumps\afdll .exe.4160.dmp 0 bytes
File C:\Users\Bradmaster\AppData\Local\CrashDumps\afdll .exe.5296.dmp 0 bytes
File C:\Users\Bradmaster\AppData\Local\CrashDumps\afdll .exe.5372.dmp 0 bytes
File C:\Users\Bradmaster\AppData\Local\CrashDumps\afdll .exe.5920.dmp 0 bytes
File C:\Users\Bradmaster\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_afdll .exe_eb7be57343eb74de3264214218dd3555881f72a_13e5e3a1 0 bytes
File C:\Users\Bradmaster\AppData\Local\Temp\WER8CBC.tmp.appcompat.txt 0 bytes

---- EOF - GMER 1.0.15 ----

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:10 AM

Posted 04 May 2012 - 08:02 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 the_awesome_waffle

the_awesome_waffle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 04 May 2012 - 08:29 PM

TDSSKILLER:


19:27:37.0774 6032 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:27:38.0184 6032 ============================================================
19:27:38.0184 6032 Current date / time: 2012/05/04 19:27:38.0184
19:27:38.0184 6032 SystemInfo:
19:27:38.0184 6032
19:27:38.0184 6032 OS Version: 6.1.7601 ServicePack: 1.0
19:27:38.0184 6032 Product type: Workstation
19:27:38.0184 6032 ComputerName: BRAD_PC
19:27:38.0184 6032 UserName: Bradmaster
19:27:38.0184 6032 Windows directory: C:\Windows
19:27:38.0184 6032 System windows directory: C:\Windows
19:27:38.0184 6032 Running under WOW64
19:27:38.0184 6032 Processor architecture: Intel x64
19:27:38.0184 6032 Number of processors: 2
19:27:38.0184 6032 Page size: 0x1000
19:27:38.0184 6032 Boot type: Normal boot
19:27:38.0184 6032 ============================================================
19:27:40.0354 6032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:40.0569 6032 ============================================================
19:27:40.0569 6032 \Device\Harddisk0\DR0:
19:27:40.0609 6032 MBR partitions:
19:27:40.0609 6032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
19:27:40.0609 6032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
19:27:40.0609 6032 ============================================================
19:27:40.0654 6032 C: <-> \Device\Harddisk0\DR0\Partition1
19:27:40.0739 6032 ============================================================
19:27:40.0739 6032 Initialize success
19:27:40.0739 6032 ============================================================
19:27:47.0467 1764 ============================================================
19:27:47.0467 1764 Scan started
19:27:47.0467 1764 Mode: Manual;
19:27:47.0467 1764 ============================================================
19:27:49.0922 1764 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:27:49.0957 1764 1394ohci - ok
19:27:50.0002 1764 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:27:50.0032 1764 ACPI - ok
19:27:50.0077 1764 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:27:50.0077 1764 AcpiPmi - ok
19:27:50.0187 1764 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:27:50.0192 1764 AdobeARMservice - ok
19:27:50.0266 1764 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:27:50.0301 1764 adp94xx - ok
19:27:50.0360 1764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:27:50.0367 1764 adpahci - ok
19:27:50.0419 1764 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:27:50.0444 1764 adpu320 - ok
19:27:50.0476 1764 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:27:50.0479 1764 AeLookupSvc - ok
19:27:50.0559 1764 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:27:50.0593 1764 AFD - ok
19:27:50.0626 1764 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:27:50.0642 1764 agp440 - ok
19:27:50.0679 1764 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:27:50.0683 1764 ALG - ok
19:27:50.0701 1764 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:27:50.0721 1764 aliide - ok
19:27:50.0735 1764 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:27:50.0738 1764 amdide - ok
19:27:50.0765 1764 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:27:50.0769 1764 AmdK8 - ok
19:27:50.0779 1764 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:27:50.0783 1764 AmdPPM - ok
19:27:50.0822 1764 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:27:50.0862 1764 amdsata - ok
19:27:50.0908 1764 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:27:50.0925 1764 amdsbs - ok
19:27:51.0032 1764 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:27:51.0036 1764 amdxata - ok
19:27:51.0084 1764 AmUStor (92a848f962da91c631147d566414bb7e) C:\Windows\system32\drivers\AmUStor.SYS
19:27:51.0104 1764 AmUStor - ok
19:27:51.0157 1764 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:27:51.0160 1764 AppID - ok
19:27:51.0186 1764 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:27:51.0201 1764 AppIDSvc - ok
19:27:51.0225 1764 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:27:51.0239 1764 Appinfo - ok
19:27:51.0352 1764 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:27:51.0358 1764 Apple Mobile Device - ok
19:27:51.0391 1764 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:27:51.0395 1764 arc - ok
19:27:51.0426 1764 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:27:51.0440 1764 arcsas - ok
19:27:51.0551 1764 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:27:51.0596 1764 aspnet_state - ok
19:27:51.0623 1764 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:27:51.0626 1764 AsyncMac - ok
19:27:51.0660 1764 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:27:51.0673 1764 atapi - ok
19:27:51.0847 1764 athr (cc406da84e7dd3fa3ad20340dbc66cf2) C:\Windows\system32\DRIVERS\athrx.sys
19:27:51.0953 1764 athr - ok
19:27:52.0128 1764 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:27:52.0153 1764 AudioEndpointBuilder - ok
19:27:52.0168 1764 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:27:52.0173 1764 AudioSrv - ok
19:27:52.0238 1764 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:27:52.0253 1764 AxInstSV - ok
19:27:52.0338 1764 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:27:52.0358 1764 b06bdrv - ok
19:27:52.0403 1764 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:27:52.0438 1764 b57nd60a - ok
19:27:52.0478 1764 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:27:52.0483 1764 BDESVC - ok
19:27:52.0498 1764 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:27:52.0503 1764 Beep - ok
19:27:52.0603 1764 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:27:52.0653 1764 BFE - ok
19:27:52.0999 1764 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
19:27:53.0089 1764 BHDrvx64 - ok
19:27:53.0244 1764 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:27:53.0324 1764 BITS - ok
19:27:53.0389 1764 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:27:53.0394 1764 blbdrive - ok
19:27:53.0489 1764 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:27:53.0514 1764 Bonjour Service - ok
19:27:53.0539 1764 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:27:53.0554 1764 bowser - ok
19:27:53.0574 1764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:27:53.0574 1764 BrFiltLo - ok
19:27:53.0579 1764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:27:53.0584 1764 BrFiltUp - ok
19:27:53.0609 1764 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:27:53.0614 1764 Browser - ok
19:27:53.0649 1764 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:27:53.0674 1764 Brserid - ok
19:27:53.0684 1764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:27:53.0694 1764 BrSerWdm - ok
19:27:53.0704 1764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:27:53.0709 1764 BrUsbMdm - ok
19:27:53.0714 1764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:27:53.0719 1764 BrUsbSer - ok
19:27:53.0734 1764 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:27:53.0739 1764 BTHMODEM - ok
19:27:53.0769 1764 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:27:53.0789 1764 bthserv - ok
19:27:53.0909 1764 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys
19:27:53.0924 1764 ccSet_NIS - ok
19:27:54.0009 1764 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:27:54.0014 1764 cdfs - ok
19:27:54.0049 1764 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:27:54.0049 1764 cdrom - ok
19:27:54.0089 1764 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:27:54.0104 1764 CertPropSvc - ok
19:27:54.0134 1764 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:27:54.0144 1764 circlass - ok
19:27:54.0179 1764 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:27:54.0224 1764 CLFS - ok
19:27:54.0279 1764 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:54.0299 1764 clr_optimization_v2.0.50727_32 - ok
19:27:54.0329 1764 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:27:54.0354 1764 clr_optimization_v2.0.50727_64 - ok
19:27:54.0424 1764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:54.0559 1764 clr_optimization_v4.0.30319_32 - ok
19:27:54.0614 1764 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:27:54.0689 1764 clr_optimization_v4.0.30319_64 - ok
19:27:54.0724 1764 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:27:54.0739 1764 CmBatt - ok
19:27:54.0754 1764 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:27:54.0759 1764 cmdide - ok
19:27:54.0844 1764 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:27:54.0869 1764 CNG - ok
19:27:54.0899 1764 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:27:54.0909 1764 Compbatt - ok
19:27:54.0934 1764 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:27:54.0949 1764 CompositeBus - ok
19:27:54.0964 1764 COMSysApp - ok
19:27:54.0989 1764 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:27:54.0989 1764 crcdisk - ok
19:27:55.0034 1764 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:27:55.0039 1764 CryptSvc - ok
19:27:55.0199 1764 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:27:55.0239 1764 cvhsvc - ok
19:27:55.0299 1764 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:27:55.0324 1764 DcomLaunch - ok
19:27:55.0469 1764 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:27:55.0499 1764 defragsvc - ok
19:27:55.0564 1764 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:27:55.0569 1764 DfsC - ok
19:27:55.0639 1764 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:27:55.0654 1764 Dhcp - ok
19:27:55.0664 1764 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:27:55.0679 1764 discache - ok
19:27:55.0714 1764 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:27:55.0714 1764 Disk - ok
19:27:55.0739 1764 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:27:55.0744 1764 Dnscache - ok
19:27:55.0774 1764 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:27:55.0784 1764 dot3svc - ok
19:27:55.0804 1764 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:27:55.0809 1764 DPS - ok
19:27:55.0834 1764 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:27:55.0844 1764 drmkaud - ok
19:27:55.0929 1764 DsiWMIService (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:27:55.0949 1764 DsiWMIService - ok
19:27:56.0019 1764 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:27:56.0084 1764 DXGKrnl - ok
19:27:56.0124 1764 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:27:56.0124 1764 EapHost - ok
19:27:56.0344 1764 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:27:56.0469 1764 ebdrv - ok
19:27:56.0589 1764 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:27:56.0624 1764 eeCtrl - ok
19:27:56.0759 1764 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:27:56.0764 1764 EFS - ok
19:27:56.0809 1764 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
19:27:56.0839 1764 EgisTec Ticket Service - ok
19:27:57.0099 1764 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:27:57.0164 1764 ehRecvr - ok
19:27:57.0194 1764 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:27:57.0199 1764 ehSched - ok
19:27:57.0299 1764 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:27:57.0339 1764 elxstor - ok
19:27:57.0469 1764 ePowerSvc (ac5c64f828c0a6a1350971501ac2a0c7) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:27:57.0519 1764 ePowerSvc - ok
19:27:57.0674 1764 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:27:57.0704 1764 EraserUtilRebootDrv - ok
19:27:57.0829 1764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:27:57.0834 1764 ErrDev - ok
19:27:57.0894 1764 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:27:57.0914 1764 EventSystem - ok
19:27:57.0944 1764 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:27:57.0949 1764 exfat - ok
19:27:57.0974 1764 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:27:57.0989 1764 fastfat - ok
19:27:58.0149 1764 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:27:58.0189 1764 Fax - ok
19:27:58.0219 1764 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:27:58.0219 1764 fdc - ok
19:27:58.0244 1764 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:27:58.0244 1764 fdPHost - ok
19:27:58.0254 1764 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:27:58.0259 1764 FDResPub - ok
19:27:58.0289 1764 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:27:58.0294 1764 FileInfo - ok
19:27:58.0304 1764 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:27:58.0304 1764 Filetrace - ok
19:27:58.0424 1764 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:27:58.0499 1764 FLEXnet Licensing Service - ok
19:27:58.0539 1764 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:27:58.0544 1764 flpydisk - ok
19:27:58.0594 1764 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:27:58.0614 1764 FltMgr - ok
19:27:58.0714 1764 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:27:58.0764 1764 FontCache - ok
19:27:58.0819 1764 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:27:58.0839 1764 FontCache3.0.0.0 - ok
19:27:58.0894 1764 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:27:58.0899 1764 FsDepends - ok
19:27:58.0949 1764 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:27:58.0964 1764 Fs_Rec - ok
19:27:59.0014 1764 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:27:59.0049 1764 fvevol - ok
19:27:59.0094 1764 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:27:59.0099 1764 gagp30kx - ok
19:27:59.0154 1764 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:59.0169 1764 GEARAspiWDM - ok
19:27:59.0254 1764 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:27:59.0294 1764 gpsvc - ok
19:27:59.0364 1764 GREGService (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:27:59.0369 1764 GREGService - ok
19:27:59.0429 1764 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:27:59.0434 1764 gupdate - ok
19:27:59.0449 1764 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:27:59.0449 1764 gupdatem - ok
19:27:59.0519 1764 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
19:27:59.0544 1764 hamachi - ok
19:27:59.0574 1764 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:27:59.0584 1764 hcw85cir - ok
19:27:59.0699 1764 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:27:59.0729 1764 HdAudAddService - ok
19:27:59.0759 1764 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:27:59.0769 1764 HDAudBus - ok
19:27:59.0774 1764 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:27:59.0779 1764 HidBatt - ok
19:27:59.0804 1764 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:27:59.0804 1764 HidBth - ok
19:27:59.0819 1764 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:27:59.0834 1764 HidIr - ok
19:27:59.0854 1764 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:27:59.0879 1764 hidserv - ok
19:27:59.0929 1764 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:27:59.0944 1764 HidUsb - ok
19:27:59.0974 1764 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:27:59.0989 1764 hkmsvc - ok
19:28:00.0024 1764 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:28:00.0034 1764 HomeGroupListener - ok
19:28:00.0069 1764 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:28:00.0084 1764 HomeGroupProvider - ok
19:28:00.0114 1764 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:28:00.0134 1764 HpSAMD - ok
19:28:00.0219 1764 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:28:00.0259 1764 HTTP - ok
19:28:00.0264 1764 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:28:00.0289 1764 hwpolicy - ok
19:28:00.0319 1764 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:28:00.0324 1764 i8042prt - ok
19:28:00.0389 1764 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
19:28:00.0389 1764 iaStor - ok
19:28:00.0469 1764 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:28:00.0474 1764 IAStorDataMgrSvc - ok
19:28:00.0544 1764 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:28:00.0569 1764 iaStorV - ok
19:28:00.0684 1764 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:28:00.0744 1764 idsvc - ok
19:28:00.0935 1764 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120504.001\IDSvia64.sys
19:28:00.0995 1764 IDSVia64 - ok
19:28:01.0975 1764 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:28:02.0340 1764 igfx - ok
19:28:03.0335 1764 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:28:03.0365 1764 iirsp - ok
19:28:03.0455 1764 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:28:03.0490 1764 IKEEXT - ok
19:28:03.0730 1764 IntcAzAudAddService (82890942a88a4e1390bf056c1d86dbc1) C:\Windows\system32\drivers\RTKVHD64.sys
19:28:03.0810 1764 IntcAzAudAddService - ok
19:28:03.0950 1764 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:28:03.0980 1764 IntcDAud - ok
19:28:04.0080 1764 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:28:04.0095 1764 intelide - ok
19:28:04.0125 1764 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:28:04.0130 1764 intelppm - ok
19:28:04.0155 1764 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:28:04.0170 1764 IPBusEnum - ok
19:28:04.0180 1764 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:04.0185 1764 IpFilterDriver - ok
19:28:04.0240 1764 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:28:04.0275 1764 iphlpsvc - ok
19:28:04.0305 1764 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:28:04.0305 1764 IPMIDRV - ok
19:28:04.0325 1764 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:28:04.0340 1764 IPNAT - ok
19:28:04.0475 1764 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
19:28:04.0535 1764 iPod Service - ok
19:28:04.0565 1764 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:28:04.0565 1764 IRENUM - ok
19:28:04.0580 1764 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:28:04.0585 1764 isapnp - ok
19:28:04.0615 1764 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:28:04.0655 1764 iScsiPrt - ok
19:28:04.0685 1764 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:28:04.0685 1764 kbdclass - ok
19:28:04.0705 1764 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:28:04.0725 1764 kbdhid - ok
19:28:04.0760 1764 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:04.0760 1764 KeyIso - ok
19:28:04.0811 1764 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:28:04.0816 1764 KSecDD - ok
19:28:04.0841 1764 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:28:04.0856 1764 KSecPkg - ok
19:28:04.0886 1764 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:28:04.0906 1764 ksthunk - ok
19:28:04.0961 1764 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:28:04.0981 1764 KtmRm - ok
19:28:05.0016 1764 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:28:05.0051 1764 L1C - ok
19:28:05.0106 1764 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:28:05.0126 1764 LanmanServer - ok
19:28:05.0161 1764 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:28:05.0166 1764 LanmanWorkstation - ok
19:28:05.0226 1764 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:28:05.0241 1764 Live Updater Service - ok
19:28:05.0276 1764 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:28:05.0281 1764 lltdio - ok
19:28:05.0331 1764 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:28:05.0366 1764 lltdsvc - ok
19:28:05.0376 1764 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:28:05.0381 1764 lmhosts - ok
19:28:05.0471 1764 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:28:05.0491 1764 LMS - ok
19:28:05.0531 1764 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:28:05.0536 1764 LSI_FC - ok
19:28:05.0551 1764 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:28:05.0556 1764 LSI_SAS - ok
19:28:05.0571 1764 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:28:05.0581 1764 LSI_SAS2 - ok
19:28:05.0596 1764 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:28:05.0601 1764 LSI_SCSI - ok
19:28:05.0636 1764 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:28:05.0636 1764 luafv - ok
19:28:05.0736 1764 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:28:05.0766 1764 MBAMProtector - ok
19:28:05.0851 1764 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:28:05.0891 1764 MBAMService - ok
19:28:05.0896 1764 McAfee SiteAdvisor Service - ok
19:28:05.0931 1764 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:28:05.0936 1764 Mcx2Svc - ok
19:28:05.0956 1764 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:28:05.0966 1764 megasas - ok
19:28:06.0006 1764 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:28:06.0041 1764 MegaSR - ok
19:28:06.0071 1764 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:28:06.0076 1764 MEIx64 - ok
19:28:06.0151 1764 Microsoft SharePoint Workspace Audit Service - ok
19:28:06.0191 1764 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:28:06.0196 1764 MMCSS - ok
19:28:06.0216 1764 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:28:06.0221 1764 Modem - ok
19:28:06.0251 1764 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:28:06.0251 1764 monitor - ok
19:28:06.0281 1764 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:28:06.0281 1764 mouclass - ok
19:28:06.0316 1764 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:28:06.0331 1764 mouhid - ok
19:28:06.0346 1764 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:28:06.0346 1764 mountmgr - ok
19:28:06.0376 1764 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:28:06.0381 1764 mpio - ok
19:28:06.0391 1764 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:28:06.0396 1764 mpsdrv - ok
19:28:06.0466 1764 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:28:06.0511 1764 MpsSvc - ok
19:28:06.0541 1764 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:28:06.0571 1764 MRxDAV - ok
19:28:06.0591 1764 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:06.0596 1764 mrxsmb - ok
19:28:06.0671 1764 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:06.0691 1764 mrxsmb10 - ok
19:28:06.0721 1764 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:06.0736 1764 mrxsmb20 - ok
19:28:06.0746 1764 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:28:06.0746 1764 msahci - ok
19:28:06.0776 1764 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:28:06.0816 1764 msdsm - ok
19:28:06.0851 1764 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:28:06.0866 1764 MSDTC - ok
19:28:06.0891 1764 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:28:06.0896 1764 Msfs - ok
19:28:06.0921 1764 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:28:06.0936 1764 mshidkmdf - ok
19:28:06.0941 1764 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:28:06.0946 1764 msisadrv - ok
19:28:06.0986 1764 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:28:06.0996 1764 MSiSCSI - ok
19:28:07.0001 1764 msiserver - ok
19:28:07.0041 1764 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:28:07.0046 1764 MSKSSRV - ok
19:28:07.0051 1764 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:07.0051 1764 MSPCLOCK - ok
19:28:07.0061 1764 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:28:07.0066 1764 MSPQM - ok
19:28:07.0101 1764 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:28:07.0121 1764 MsRPC - ok
19:28:07.0136 1764 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:28:07.0136 1764 mssmbios - ok
19:28:07.0151 1764 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:28:07.0156 1764 MSTEE - ok
19:28:07.0161 1764 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:28:07.0176 1764 MTConfig - ok
19:28:07.0186 1764 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:28:07.0191 1764 Mup - ok
19:28:07.0196 1764 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:28:07.0196 1764 mwlPSDFilter - ok
19:28:07.0201 1764 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:28:07.0206 1764 mwlPSDNServ - ok
19:28:07.0216 1764 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:28:07.0221 1764 mwlPSDVDisk - ok
19:28:07.0276 1764 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:28:07.0316 1764 napagent - ok
19:28:07.0376 1764 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:28:07.0396 1764 NativeWifiP - ok
19:28:07.0611 1764 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.005\ENG64.SYS
19:28:07.0636 1764 NAVENG - ok
19:28:07.0791 1764 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.005\EX64.SYS
19:28:07.0886 1764 NAVEX15 - ok
19:28:08.0091 1764 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:28:08.0121 1764 NDIS - ok
19:28:08.0141 1764 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:08.0141 1764 NdisCap - ok
19:28:08.0156 1764 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:08.0166 1764 NdisTapi - ok
19:28:08.0176 1764 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:08.0181 1764 Ndisuio - ok
19:28:08.0201 1764 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:08.0206 1764 NdisWan - ok
19:28:08.0216 1764 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:28:08.0221 1764 NDProxy - ok
19:28:08.0226 1764 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:28:08.0231 1764 NetBIOS - ok
19:28:08.0261 1764 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:28:08.0266 1764 NetBT - ok
19:28:08.0301 1764 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:08.0306 1764 Netlogon - ok
19:28:08.0346 1764 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:28:08.0366 1764 Netman - ok
19:28:08.0471 1764 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:28:08.0476 1764 NetMsmqActivator - ok
19:28:08.0491 1764 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:28:08.0496 1764 NetPipeActivator - ok
19:28:08.0546 1764 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:28:08.0571 1764 netprofm - ok
19:28:08.0576 1764 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:28:08.0576 1764 NetTcpActivator - ok
19:28:08.0581 1764 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:28:08.0586 1764 NetTcpPortSharing - ok
19:28:08.0651 1764 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:28:08.0661 1764 nfrd960 - ok
19:28:08.0846 1764 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
19:28:08.0856 1764 NIS - ok
19:28:08.0906 1764 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:28:08.0931 1764 NlaSvc - ok
19:28:09.0926 1764 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:28:10.0031 1764 NOBU - ok
19:28:10.0131 1764 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:28:10.0151 1764 Npfs - ok
19:28:10.0186 1764 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:28:10.0191 1764 nsi - ok
19:28:10.0201 1764 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:28:10.0206 1764 nsiproxy - ok
19:28:10.0366 1764 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:28:10.0416 1764 Ntfs - ok
19:28:10.0506 1764 NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:28:10.0526 1764 NTI IScheduleSvc - ok
19:28:10.0671 1764 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
19:28:10.0671 1764 NTIDrvr - ok
19:28:10.0696 1764 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:28:10.0711 1764 Null - ok
19:28:10.0751 1764 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:28:10.0751 1764 nvraid - ok
19:28:10.0771 1764 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:28:10.0776 1764 nvstor - ok
19:28:10.0801 1764 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:28:10.0801 1764 nv_agp - ok
19:28:10.0822 1764 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:28:10.0827 1764 ohci1394 - ok
19:28:10.0912 1764 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:28:10.0947 1764 ose - ok
19:28:11.0312 1764 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:28:11.0447 1764 osppsvc - ok
19:28:11.0662 1764 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:28:11.0682 1764 p2pimsvc - ok
19:28:11.0732 1764 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:28:11.0757 1764 p2psvc - ok
19:28:11.0822 1764 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:28:11.0827 1764 Parport - ok
19:28:11.0847 1764 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:28:11.0852 1764 partmgr - ok
19:28:11.0887 1764 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:28:11.0892 1764 PcaSvc - ok
19:28:11.0917 1764 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:28:11.0937 1764 pci - ok
19:28:11.0957 1764 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:28:11.0957 1764 pciide - ok
19:28:11.0982 1764 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:28:11.0997 1764 pcmcia - ok
19:28:12.0012 1764 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:28:12.0017 1764 pcw - ok
19:28:12.0332 1764 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:28:12.0367 1764 PEAUTH - ok
19:28:12.0442 1764 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:28:12.0447 1764 PerfHost - ok
19:28:12.0572 1764 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:28:12.0632 1764 pla - ok
19:28:12.0697 1764 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:28:12.0712 1764 PlugPlay - ok
19:28:12.0742 1764 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:28:12.0752 1764 PNRPAutoReg - ok
19:28:12.0792 1764 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:28:12.0802 1764 PNRPsvc - ok
19:28:12.0852 1764 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:28:12.0877 1764 PolicyAgent - ok
19:28:12.0912 1764 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:28:12.0922 1764 Power - ok
19:28:12.0992 1764 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:28:12.0997 1764 PptpMiniport - ok
19:28:13.0017 1764 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:28:13.0017 1764 Processor - ok
19:28:13.0062 1764 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:28:13.0077 1764 ProfSvc - ok
19:28:13.0102 1764 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:13.0102 1764 ProtectedStorage - ok
19:28:13.0132 1764 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:28:13.0137 1764 Psched - ok
19:28:13.0252 1764 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:28:13.0322 1764 ql2300 - ok
19:28:13.0467 1764 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:28:13.0472 1764 ql40xx - ok
19:28:13.0512 1764 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:28:13.0537 1764 QWAVE - ok
19:28:13.0557 1764 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:28:13.0562 1764 QWAVEdrv - ok
19:28:13.0567 1764 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:28:13.0567 1764 RasAcd - ok
19:28:13.0602 1764 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:13.0607 1764 RasAgileVpn - ok
19:28:13.0627 1764 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:28:13.0667 1764 RasAuto - ok
19:28:13.0702 1764 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:13.0707 1764 Rasl2tp - ok
19:28:13.0747 1764 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:28:13.0777 1764 RasMan - ok
19:28:13.0802 1764 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:13.0807 1764 RasPppoe - ok
19:28:13.0817 1764 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:28:13.0822 1764 RasSstp - ok
19:28:13.0862 1764 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:28:13.0867 1764 rdbss - ok
19:28:13.0897 1764 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:28:13.0902 1764 rdpbus - ok
19:28:13.0917 1764 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:13.0922 1764 RDPCDD - ok
19:28:13.0952 1764 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:28:13.0952 1764 RDPENCDD - ok
19:28:13.0967 1764 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:28:13.0967 1764 RDPREFMP - ok
19:28:14.0032 1764 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:28:14.0047 1764 RDPWD - ok
19:28:14.0092 1764 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:28:14.0107 1764 rdyboost - ok
19:28:14.0142 1764 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:28:14.0172 1764 RemoteAccess - ok
19:28:14.0212 1764 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:28:14.0247 1764 RemoteRegistry - ok
19:28:14.0287 1764 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:28:14.0292 1764 RpcEptMapper - ok
19:28:14.0317 1764 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:28:14.0332 1764 RpcLocator - ok
19:28:14.0382 1764 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:28:14.0392 1764 RpcSs - ok
19:28:14.0437 1764 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:28:14.0447 1764 rspndr - ok
19:28:14.0477 1764 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:14.0482 1764 SamSs - ok
19:28:14.0512 1764 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:28:14.0512 1764 sbp2port - ok
19:28:14.0552 1764 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:28:14.0567 1764 SCardSvr - ok
19:28:14.0582 1764 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:28:14.0587 1764 scfilter - ok
19:28:14.0667 1764 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:28:14.0702 1764 Schedule - ok
19:28:14.0737 1764 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:28:14.0737 1764 SCPolicySvc - ok
19:28:14.0757 1764 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:28:14.0777 1764 SDRSVC - ok
19:28:14.0847 1764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:28:14.0862 1764 secdrv - ok
19:28:14.0902 1764 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:28:14.0917 1764 seclogon - ok
19:28:14.0942 1764 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:28:14.0942 1764 SENS - ok
19:28:14.0977 1764 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:28:14.0982 1764 SensrSvc - ok
19:28:15.0017 1764 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:28:15.0037 1764 Serenum - ok
19:28:15.0052 1764 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:28:15.0067 1764 Serial - ok
19:28:15.0087 1764 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:28:15.0107 1764 sermouse - ok
19:28:15.0152 1764 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:28:15.0157 1764 SessionEnv - ok
19:28:15.0167 1764 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:28:15.0172 1764 sffdisk - ok
19:28:15.0182 1764 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:28:15.0182 1764 sffp_mmc - ok
19:28:15.0192 1764 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:28:15.0197 1764 sffp_sd - ok
19:28:15.0202 1764 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:28:15.0207 1764 sfloppy - ok
19:28:15.0287 1764 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:28:15.0322 1764 Sftfs - ok
19:28:15.0457 1764 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:28:15.0477 1764 sftlist - ok
19:28:15.0532 1764 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:28:15.0557 1764 Sftplay - ok
19:28:15.0607 1764 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:28:15.0617 1764 Sftredir - ok
19:28:15.0632 1764 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:28:15.0647 1764 Sftvol - ok
19:28:15.0697 1764 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:28:15.0707 1764 sftvsa - ok
19:28:15.0757 1764 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:28:15.0792 1764 SharedAccess - ok
19:28:15.0843 1764 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:28:15.0858 1764 ShellHWDetection - ok
19:28:15.0893 1764 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
19:28:15.0898 1764 simptcp - ok
19:28:15.0928 1764 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:28:15.0933 1764 SiSRaid2 - ok
19:28:15.0943 1764 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:28:15.0943 1764 SiSRaid4 - ok
19:28:16.0008 1764 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:28:16.0048 1764 SkypeUpdate - ok
19:28:16.0078 1764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:28:16.0093 1764 Smb - ok
19:28:16.0168 1764 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:28:16.0183 1764 SNMPTRAP - ok
19:28:16.0218 1764 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:28:16.0238 1764 spldr - ok
19:28:16.0323 1764 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:28:16.0348 1764 Spooler - ok
19:28:16.0568 1764 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:28:16.0658 1764 sppsvc - ok
19:28:16.0748 1764 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:28:16.0763 1764 sppuinotify - ok
19:28:16.0933 1764 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307000.009\SRTSP64.SYS
19:28:16.0963 1764 SRTSP - ok
19:28:16.0978 1764 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307000.009\SRTSPX64.SYS
19:28:17.0003 1764 SRTSPX - ok
19:28:17.0058 1764 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:28:17.0093 1764 srv - ok
19:28:17.0128 1764 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:28:17.0138 1764 srv2 - ok
19:28:17.0158 1764 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:28:17.0163 1764 srvnet - ok
19:28:17.0203 1764 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:28:17.0213 1764 SSDPSRV - ok
19:28:17.0223 1764 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:28:17.0228 1764 SstpSvc - ok
19:28:17.0293 1764 Steam Client Service - ok
19:28:17.0333 1764 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:28:17.0333 1764 stexstor - ok
19:28:17.0408 1764 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:28:17.0453 1764 stisvc - ok
19:28:17.0473 1764 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:28:17.0473 1764 swenum - ok
19:28:17.0533 1764 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:28:17.0558 1764 swprv - ok
19:28:17.0708 1764 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS
19:28:17.0748 1764 SymDS - ok
19:28:17.0868 1764 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS
19:28:17.0933 1764 SymEFA - ok
19:28:17.0973 1764 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:28:17.0988 1764 SymEvent - ok
19:28:18.0058 1764 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS
19:28:18.0068 1764 SymIRON - ok
19:28:18.0113 1764 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS
19:28:18.0128 1764 SymNetS - ok
19:28:18.0258 1764 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys
19:28:18.0313 1764 SynTP - ok
19:28:18.0523 1764 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:28:18.0563 1764 SysMain - ok
19:28:18.0628 1764 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:28:18.0638 1764 TabletInputService - ok
19:28:18.0683 1764 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:28:18.0713 1764 TapiSrv - ok
19:28:18.0733 1764 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:28:18.0738 1764 TBS - ok
19:28:18.0928 1764 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:28:19.0008 1764 Tcpip - ok
19:28:19.0223 1764 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:28:19.0248 1764 TCPIP6 - ok
19:28:19.0338 1764 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:28:19.0338 1764 tcpipreg - ok
19:28:19.0353 1764 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:28:19.0358 1764 TDPIPE - ok
19:28:19.0403 1764 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:28:19.0418 1764 TDTCP - ok
19:28:19.0453 1764 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:28:19.0453 1764 tdx - ok
19:28:19.0468 1764 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:28:19.0473 1764 TermDD - ok
19:28:19.0543 1764 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:28:19.0593 1764 TermService - ok
19:28:19.0613 1764 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:28:19.0623 1764 Themes - ok
19:28:19.0718 1764 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:28:19.0723 1764 THREADORDER - ok
19:28:19.0758 1764 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:28:19.0763 1764 TrkWks - ok
19:28:19.0808 1764 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:28:19.0833 1764 TrustedInstaller - ok
19:28:19.0853 1764 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:19.0863 1764 tssecsrv - ok
19:28:19.0903 1764 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:28:19.0903 1764 TsUsbFlt - ok
19:28:19.0918 1764 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:28:19.0918 1764 TsUsbGD - ok
19:28:19.0948 1764 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:28:19.0953 1764 tunnel - ok
19:28:19.0983 1764 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:28:20.0003 1764 uagp35 - ok
19:28:20.0008 1764 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
19:28:20.0013 1764 UBHelper - ok
19:28:20.0038 1764 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:28:20.0048 1764 udfs - ok
19:28:20.0078 1764 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:28:20.0093 1764 UI0Detect - ok
19:28:20.0128 1764 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:28:20.0143 1764 uliagpkx - ok
19:28:20.0178 1764 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:28:20.0183 1764 umbus - ok
19:28:20.0188 1764 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:28:20.0203 1764 UmPass - ok
19:28:20.0438 1764 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:28:20.0543 1764 UNS - ok
19:28:20.0658 1764 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:28:20.0678 1764 upnphost - ok
19:28:20.0763 1764 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:28:20.0778 1764 USBAAPL64 - ok
19:28:20.0813 1764 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:20.0818 1764 usbccgp - ok
19:28:20.0853 1764 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:28:20.0858 1764 usbcir - ok
19:28:20.0868 1764 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:28:20.0888 1764 usbehci - ok
19:28:20.0928 1764 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
19:28:20.0943 1764 usbhub - ok
19:28:20.0983 1764 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:28:20.0998 1764 usbohci - ok
19:28:21.0023 1764 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:28:21.0028 1764 usbprint - ok
19:28:21.0043 1764 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:21.0063 1764 USBSTOR - ok
19:28:21.0083 1764 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:28:21.0103 1764 usbuhci - ok
19:28:21.0148 1764 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:28:21.0158 1764 usbvideo - ok
19:28:21.0183 1764 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:28:21.0188 1764 UxSms - ok
19:28:21.0223 1764 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:28:21.0223 1764 VaultSvc - ok
19:28:21.0248 1764 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:28:21.0268 1764 vdrvroot - ok
19:28:21.0333 1764 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:28:21.0383 1764 vds - ok
19:28:21.0423 1764 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:21.0423 1764 vga - ok
19:28:21.0448 1764 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:28:21.0453 1764 VgaSave - ok
19:28:21.0483 1764 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:28:21.0528 1764 vhdmp - ok
19:28:21.0538 1764 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:28:21.0538 1764 viaide - ok
19:28:21.0573 1764 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:28:21.0593 1764 volmgr - ok
19:28:21.0638 1764 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:28:21.0648 1764 volmgrx - ok
19:28:21.0688 1764 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:28:21.0708 1764 volsnap - ok
19:28:21.0758 1764 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:28:21.0758 1764 vsmraid - ok
19:28:21.0883 1764 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:28:21.0938 1764 VSS - ok
19:28:22.0063 1764 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:28:22.0068 1764 vwifibus - ok
19:28:22.0088 1764 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:28:22.0093 1764 vwififlt - ok
19:28:22.0133 1764 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:28:22.0133 1764 vwifimp - ok
19:28:22.0193 1764 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:28:22.0228 1764 W32Time - ok
19:28:22.0248 1764 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:28:22.0253 1764 WacomPen - ok
19:28:22.0298 1764 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:22.0303 1764 WANARP - ok
19:28:22.0313 1764 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:22.0313 1764 Wanarpv6 - ok
19:28:22.0463 1764 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:28:22.0513 1764 WatAdminSvc - ok
19:28:22.0688 1764 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:28:22.0753 1764 wbengine - ok
19:28:22.0908 1764 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:28:22.0943 1764 WbioSrvc - ok
19:28:22.0988 1764 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:28:23.0003 1764 wcncsvc - ok
19:28:23.0018 1764 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:28:23.0033 1764 WcsPlugInService - ok
19:28:23.0088 1764 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:28:23.0093 1764 Wd - ok
19:28:23.0153 1764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:28:23.0193 1764 Wdf01000 - ok
19:28:23.0228 1764 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:28:23.0233 1764 WdiServiceHost - ok
19:28:23.0238 1764 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:28:23.0243 1764 WdiSystemHost - ok
19:28:23.0278 1764 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:28:23.0298 1764 WebClient - ok
19:28:23.0328 1764 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:28:23.0363 1764 Wecsvc - ok
19:28:23.0388 1764 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:28:23.0398 1764 wercplsupport - ok
19:28:23.0423 1764 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:28:23.0428 1764 WerSvc - ok
19:28:23.0498 1764 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:28:23.0513 1764 WfpLwf - ok
19:28:23.0533 1764 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:28:23.0538 1764 WIMMount - ok
19:28:23.0578 1764 WinDefend - ok
19:28:23.0588 1764 WinHttpAutoProxySvc - ok
19:28:23.0658 1764 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:28:23.0673 1764 Winmgmt - ok
19:28:23.0813 1764 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:28:23.0883 1764 WinRM - ok
19:28:24.0188 1764 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:28:24.0193 1764 WinUsb - ok
19:28:24.0293 1764 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:28:24.0338 1764 Wlansvc - ok
19:28:24.0548 1764 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:24.0653 1764 wlidsvc - ok
19:28:24.0793 1764 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:28:24.0823 1764 WmiAcpi - ok
19:28:24.0898 1764 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:28:24.0903 1764 wmiApSrv - ok
19:28:24.0953 1764 WMPNetworkSvc - ok
19:28:25.0008 1764 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:28:25.0058 1764 WPCSvc - ok
19:28:25.0268 1764 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:28:25.0273 1764 WPDBusEnum - ok
19:28:25.0318 1764 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:28:25.0333 1764 ws2ifsl - ok
19:28:25.0393 1764 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:28:25.0398 1764 wscsvc - ok
19:28:25.0408 1764 WSearch - ok
19:28:25.0688 1764 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:28:25.0778 1764 wuauserv - ok
19:28:25.0913 1764 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:28:25.0918 1764 WudfPf - ok
19:28:25.0958 1764 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:25.0973 1764 WUDFRd - ok
19:28:26.0003 1764 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:28:26.0013 1764 wudfsvc - ok
19:28:26.0043 1764 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:28:26.0078 1764 WwanSvc - ok
19:28:26.0203 1764 X6va007 - ok
19:28:26.0278 1764 X6va008 - ok
19:28:26.0323 1764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:28:26.0403 1764 \Device\Harddisk0\DR0 - ok
19:28:26.0413 1764 Boot (0x1200) (8009391992c29ffd4ae4c282ff9f9236) \Device\Harddisk0\DR0\Partition0
19:28:26.0418 1764 \Device\Harddisk0\DR0\Partition0 - ok
19:28:26.0428 1764 Boot (0x1200) (4eae414470678cbdf3e747c20867695b) \Device\Harddisk0\DR0\Partition1
19:28:26.0433 1764 \Device\Harddisk0\DR0\Partition1 - ok
19:28:26.0433 1764 ============================================================
19:28:26.0433 1764 Scan finished
19:28:26.0433 1764 ============================================================
19:28:26.0448 3320 Detected object count: 0
19:28:26.0448 3320 Actual detected object count: 0

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:10 AM

Posted 04 May 2012 - 08:30 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 the_awesome_waffle

the_awesome_waffle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 04 May 2012 - 10:28 PM

FixTDSS:

No infections were found.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:10 AM

Posted 04 May 2012 - 10:35 PM

Something is definitely there but some more advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users