Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware link redirection


  • This topic is locked This topic is locked
20 replies to this topic

#1 gironense

gironense

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 May 2012 - 04:33 PM

Hello,
I am a first time user. While visiting my in-laws, they asked me to help them with a computer problem. A few months ago, they opened a malware email attachment, somcething about 'problem with your UPS shipment' or the like, and since then links on google and other search engines are redirected to letmehelpu.com, ahomecareer1.info, or answero.net, etc. There may be others but these are what I have seen so far.

Their Win7 x64 machine was already running Microsoft Security Essentials, which apparently failed to find this malware, although as I type I am also running a full scan to see if MSE can fix this.

They never use Firefox, though installed on their machine. When I use firefox on their machine, it does not seem to be affected, at least as of yet.

Below is pasted into from DDS.txt.
Many thanks!
gironense

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bergmoosers at 17:01:58 on 2012-05-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.977 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\BrmfRsmg.exe
C:\Windows\system32\BrmfRsmg.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
c:\PROGRA~2\MICROS~2\wkcalrem.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173607102116p0455v195r45l1s452
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173607102116p0455v195r45l1s452
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WKocfFMPaI.exe] C:\ProgramData\WKocfFMPaI.exe
uRun: [Download] "C:\Users\Bergmoosers\AppData\Local\SupportSoft\ddoctorv2\Bergmoosers\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRunOnce: [EmdatInstaller]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: emdat.com
Trusted Zone: mytranscriptions.com
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer.custhelp.com/euf/assets/activex/snret.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A4AEABB0-9D60-4A17-BEB1-43477E9E9D58} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bergmoosers\AppData\Roaming\Mozilla\Firefox\Profiles\c5108jro.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login|http://www.jw.org/|http://www.jw-media.org/
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 brmfrsmg;Brother Resource manager service;C:\Windows\system32\BrmfRsmg.exe -service --> C:\Windows\system32\BrmfRsmg.exe -service [?]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 brfilt;Brother MFC Filter Driver;C:\Windows\system32\Drivers\Brfilt.sys --> C:\Windows\system32\Drivers\Brfilt.sys [?]
R3 BrUsbScn;Brother MFC USB Scanner driver;C:\Windows\system32\Drivers\BrUsbScn.sys --> C:\Windows\system32\Drivers\BrUsbScn.sys [?]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-10 20:28:28 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-10 20:26:52 -------- d-----w- C:\Windows\PCHEALTH
2012-05-10 20:17:29 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{1B5790B0-5D74-45BA-81A9-2B079504F80E}
2012-05-10 20:17:15 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{30FD8E2C-430A-4C44-B89F-8CE06C29E033}
2012-05-10 20:10:29 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-10 20:05:30 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-05-10 20:04:51 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\Microsoft Help
2012-05-10 19:23:58 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EF95C20-4EFD-4D6E-814F-11BCF6FBAF85}\offreg.dll
2012-05-10 18:53:12 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-10 18:43:12 -------- d-----w- C:\Program Files (x86)\Emdat
2012-05-10 18:42:38 -------- d-----w- C:\Program Files\Emdat
2012-05-10 18:06:06 -------- d-----w- C:\Users\Bergmoosers\AppData\Roaming\HpUpdate
2012-05-10 18:05:56 -------- d-----w- C:\Windows\Hewlett-Packard
2012-05-10 17:54:28 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-10 16:00:27 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EF95C20-4EFD-4D6E-814F-11BCF6FBAF85}\mpengine.dll
2012-05-10 13:51:37 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 13:50:22 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 13:50:21 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 13:50:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 13:50:11 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 13:50:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 13:50:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 13:49:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 13:49:48 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 13:49:47 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:49:46 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:49:46 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 13:49:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 13:42:32 -------- d-----w- C:\Program Files (x86)\EMIMS
2012-05-10 13:42:30 1425408 ----a-w- C:\Windows\SysWow64\WebPro3.ocx
2012-05-10 13:42:29 608448 ----a-w- C:\Windows\SysWow64\COMCTL32.OCX
2012-05-10 13:42:29 140288 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
2012-05-10 13:38:00 -------- d-----w- C:\Program Installation Files
2012-05-10 13:33:36 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-05-10 13:32:59 -------- d-----w- C:\Users\Bergmoosers\AppData\Roaming\uTorrent
2012-05-09 14:02:37 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-07 18:46:55 1153536 ----a-w- C:\Windows\SysWow64\WEBPR332.OCX
2012-05-07 18:46:54 89360 ----a-w- C:\Windows\SysWow64\VB5DB.DLL
2012-05-07 18:46:53 200496 ----a-w- C:\Windows\SysWow64\DBLIST32.OCX
2012-05-05 21:01:51 -------- d-----w- C:\Program Files\iPod
2012-05-05 21:01:50 -------- d-----w- C:\Program Files\iTunes
2012-05-05 21:01:50 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-02 07:01:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-18 23:29:57 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{462810BE-56DB-4F6C-B86C-46A1F6D027F9}
2012-04-18 23:29:46 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{57C64A2E-3CE2-486F-A79B-919220E6307C}
2012-04-16 22:33:42 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{390671BD-24DB-4C33-86AE-36ACF039EF7C}
2012-04-16 22:33:27 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{DB774EC7-0BC9-47B0-93D6-17C7D98F5720}
2012-04-16 22:01:11 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{A32F7846-D077-478E-975A-65E3992DE5A1}
2012-04-16 22:00:58 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{2356291D-4C00-41E2-8CBB-3183B0B54721}
2012-04-13 20:42:32 -------- d-----w- C:\Users\Bergmoosers\AppData\Local\{C82BD350-0941-4167-8AE2-79C7CB2FC415}
2012-04-12 07:00:58 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:00:58 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:00:58 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:00:55 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:00:55 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 07:00:54 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:00:54 5120 ----a-w- C:\Windows\System32\wmi.dll
.
==================== Find3M ====================
.
2012-05-10 18:54:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 17:15:42.11 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:13 PM

Posted 10 May 2012 - 08:01 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 gironense

gironense
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 11 May 2012 - 03:10 PM

Thank you!
Before I had read your reply, MSE's scan had found a malware item called "Exploit:JS/Blacole.DG" and quarantined it. I also told MSE to remove it. I hope that was okay.

The problem persists with redirects to ahomecareer.com, among others.

I downloaded and ran aswMBR.exe. The resulting log is pasted here. However, I am not seeing any file named MBR.dat, despite verifying my folder settings allowed me to see hidden and system files and running a complete search for that file name.
Again, many thanks.
Gironense

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 15:57:49
-----------------------------
15:57:49.144 OS Version: Windows x64 6.1.7601 Service Pack 1
15:57:49.144 Number of processors: 1 586 0x1601
15:57:49.144 ComputerName: BERGMOOSERS-PC UserName: Bergmoosers
15:57:51.014 Initialize success
15:58:26.777 AVAST engine defs: 12051100
15:59:05.514 The log file has been saved successfully to "C:\Users\Bergmoosers\Desktop\REDIRECT VIRUS PROBLEM\aswMBR.txt"

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:13 PM

Posted 11 May 2012 - 03:45 PM

I don't believe that aswMBR ran to completion

please re-run it and give it much longer to run (it takes a while to download the definition files and scan)

Edited by CatByte, 11 May 2012 - 03:46 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 gironense

gironense
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 12 May 2012 - 10:30 AM

Hello CatByte,
You were correct, of course, aswMBR had not completed a full scan. This time, I selected "C:" (the only hard drive installed) from the "AV scan" drop-down list and this time it took several hours to run. My trouble is that when I came back later to follow up on the results, the computer appeared to have re-booted and the aswMBR window was gone. This has happened twice so far. I doubt this is a normal function of aswMBR so I imagine it may be the power settings of the computer (which I will check) or another family member is coming in and closing the aswMBR window, which I doubt because they all know I am working on this problem.

An additional problem is that I am going on a trip for the next 12 days so it will be more difficult to continue working on this problem. I will try to work on it remotely because I really appreciate your guidance. I have changed the power settings of the computer to never go to sleep and I am starting another aswMBR scan b4 I go. If I can get the log files from that scan I will post them here ASAP.

Once again, thank you for your help.
Gironense

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:13 PM

Posted 12 May 2012 - 02:58 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:13 PM

Posted 25 May 2012 - 04:23 PM

do you still need help with your machine?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 gironense

gironense
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 26 May 2012 - 12:14 PM

Hello CatByte,
I am extremely sorry I could not reply sooner. Today I am back at my in-laws' and ready to pick up where we left off, if that is OK with you. I am running aswMBR again now and will follow through with the results ASAP.
Once again, many thanks for your help.
gironense

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:13 PM

Posted 26 May 2012 - 12:27 PM

no problem :thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 gironense

gironense
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 26 May 2012 - 03:51 PM

here is the log file from running aswMBR. MBR.bat is zipped and attached.
Many thanks,
Gironense

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 13:02:30
-----------------------------
13:02:30.937 OS Version: Windows x64 6.1.7601 Service Pack 1
13:02:30.937 Number of processors: 1 586 0x1601
13:02:30.939 ComputerName: BERGMOOSERS-PC UserName: Bergmoosers
13:02:36.089 Initialize success
13:03:51.801 AVAST engine defs: 12052600
13:06:54.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
13:06:54.306 Disk 0 Vendor: Hitachi_ ST3O Size: 476940MB BusType: 3
13:06:54.317 Disk 0 MBR read successfully
13:06:54.318 Disk 0 MBR scan
13:06:54.407 Disk 0 unknown MBR code
13:06:54.415 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
13:06:54.458 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
13:06:54.501 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
13:06:54.589 Disk 0 scanning C:\Windows\system32\drivers
13:07:23.043 Service scanning
13:08:19.604 Modules scanning
13:08:19.622 Disk 0 trace - called modules:
13:08:19.646 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80031f2254]<<storport.sys hal.dll nvstor64.sys
13:08:20.026 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031cb450]
13:08:20.041 3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> [0xfffffa8002f989b0]
13:08:20.053 5 ACPI.sys[fffff88000f387a1] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8002f98060]
13:08:20.070 \Driver\nvstor64[0xfffffa8002d5c6a0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80031f2254
13:08:22.276 AVAST engine scan C:\
15:49:23.305 Scan finished successfully
16:47:41.275 Disk 0 MBR has been saved successfully to "C:\Users\Bergmoosers\Desktop\REDIRECT VIRUS PROBLEM\MBR.dat"
16:47:41.499 The log file has been saved successfully to "C:\Users\Bergmoosers\Desktop\REDIRECT VIRUS PROBLEM\aswMBR2.txt"

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:13 PM

Posted 26 May 2012 - 03:59 PM

Hi,

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 gironense

gironense
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 26 May 2012 - 09:10 PM

Hi,
TDSS found and cured "Rootkit.boot.SST.a"

TDSS also found a "TDSS File System" classified as a suspicious object, medium risk. "Cure" was not an option so I did not do anything with it. Let me know if you want me to run TDSS again and do something with the TDSS File System.

Below is the log file. I will post again with the log from ComboFix.

21:33:33.0707 3340 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:33:34.0037 3340 ============================================================
21:33:34.0037 3340 Current date / time: 2012/05/26 21:33:34.0037
21:33:34.0037 3340 SystemInfo:
21:33:34.0037 3340
21:33:34.0037 3340 OS Version: 6.1.7601 ServicePack: 1.0
21:33:34.0037 3340 Product type: Workstation
21:33:34.0037 3340 ComputerName: BERGMOOSERS-PC
21:33:34.0037 3340 UserName: Bergmoosers
21:33:34.0038 3340 Windows directory: C:\Windows
21:33:34.0038 3340 System windows directory: C:\Windows
21:33:34.0038 3340 Running under WOW64
21:33:34.0038 3340 Processor architecture: Intel x64
21:33:34.0038 3340 Number of processors: 1
21:33:34.0038 3340 Page size: 0x1000
21:33:34.0038 3340 Boot type: Normal boot
21:33:34.0038 3340 ============================================================
21:33:35.0469 3340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:33:35.0661 3340 ============================================================
21:33:35.0661 3340 \Device\Harddisk0\DR0:
21:33:35.0664 3340 MBR partitions:
21:33:35.0664 3340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
21:33:35.0664 3340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
21:33:35.0664 3340 ============================================================
21:33:35.0691 3340 C: <-> \Device\Harddisk0\DR0\Partition1
21:33:35.0691 3340 ============================================================
21:33:35.0691 3340 Initialize success
21:33:35.0691 3340 ============================================================
21:33:46.0686 5756 ============================================================
21:33:46.0686 5756 Scan started
21:33:46.0686 5756 Mode: Manual; TDLFS;
21:33:46.0686 5756 ============================================================
21:33:47.0110 5756 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:33:47.0114 5756 1394ohci - ok
21:33:47.0161 5756 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:33:47.0166 5756 ACPI - ok
21:33:47.0200 5756 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:33:47.0201 5756 AcpiPmi - ok
21:33:47.0322 5756 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:33:47.0324 5756 AdobeARMservice - ok
21:33:47.0530 5756 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:47.0533 5756 AdobeFlashPlayerUpdateSvc - ok
21:33:47.0602 5756 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:33:47.0609 5756 adp94xx - ok
21:33:47.0663 5756 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:33:47.0669 5756 adpahci - ok
21:33:47.0702 5756 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:33:47.0712 5756 adpu320 - ok
21:33:47.0759 5756 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:33:47.0761 5756 AeLookupSvc - ok
21:33:47.0828 5756 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:33:47.0836 5756 AFD - ok
21:33:47.0883 5756 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:33:47.0885 5756 agp440 - ok
21:33:47.0917 5756 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:33:47.0920 5756 ALG - ok
21:33:47.0954 5756 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:33:47.0956 5756 aliide - ok
21:33:47.0986 5756 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:33:47.0992 5756 amdide - ok
21:33:48.0033 5756 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:33:48.0037 5756 AmdK8 - ok
21:33:48.0063 5756 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:33:48.0065 5756 AmdPPM - ok
21:33:48.0119 5756 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:33:48.0121 5756 amdsata - ok
21:33:48.0159 5756 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:33:48.0162 5756 amdsbs - ok
21:33:48.0190 5756 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:33:48.0192 5756 amdxata - ok
21:33:48.0253 5756 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:33:48.0254 5756 AppID - ok
21:33:48.0292 5756 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:33:48.0294 5756 AppIDSvc - ok
21:33:48.0334 5756 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:33:48.0336 5756 Appinfo - ok
21:33:48.0446 5756 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:33:48.0449 5756 Apple Mobile Device - ok
21:33:48.0496 5756 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:33:48.0499 5756 arc - ok
21:33:48.0525 5756 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:33:48.0528 5756 arcsas - ok
21:33:48.0561 5756 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:48.0563 5756 AsyncMac - ok
21:33:48.0607 5756 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:33:48.0609 5756 atapi - ok
21:33:48.0685 5756 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:33:48.0693 5756 AudioEndpointBuilder - ok
21:33:48.0713 5756 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:33:48.0719 5756 AudioSrv - ok
21:33:48.0780 5756 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:33:48.0786 5756 AxInstSV - ok
21:33:48.0843 5756 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:33:48.0853 5756 b06bdrv - ok
21:33:48.0890 5756 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:33:48.0894 5756 b57nd60a - ok
21:33:49.0046 5756 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:33:49.0049 5756 BBSvc - ok
21:33:49.0115 5756 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:33:49.0119 5756 BBUpdate - ok
21:33:49.0158 5756 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:33:49.0161 5756 BDESVC - ok
21:33:49.0198 5756 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:33:49.0199 5756 Beep - ok
21:33:49.0294 5756 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:33:49.0302 5756 BFE - ok
21:33:49.0365 5756 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:33:49.0376 5756 BITS - ok
21:33:49.0427 5756 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:49.0429 5756 blbdrive - ok
21:33:49.0544 5756 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:33:49.0551 5756 Bonjour Service - ok
21:33:49.0605 5756 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:33:49.0607 5756 bowser - ok
21:33:49.0640 5756 brfilt (198fd5f1f7b978f42e84ad0ffe07888d) C:\Windows\system32\Drivers\Brfilt.sys
21:33:49.0641 5756 brfilt - ok
21:33:49.0674 5756 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:33:49.0676 5756 BrFiltLo - ok
21:33:49.0694 5756 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:33:49.0695 5756 BrFiltUp - ok
21:33:49.0708 5756 brmfrsmg - ok
21:33:49.0755 5756 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:33:49.0757 5756 Browser - ok
21:33:49.0799 5756 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:33:49.0803 5756 Brserid - ok
21:33:49.0828 5756 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\Drivers\BrSerWdm.sys
21:33:49.0830 5756 BrSerWdm - ok
21:33:49.0857 5756 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\Drivers\BrUsbMdm.sys
21:33:49.0859 5756 BrUsbMdm - ok
21:33:49.0892 5756 BrUsbScn (2e179d13705142ec4f338607ad8a9eab) C:\Windows\system32\Drivers\BrUsbScn.sys
21:33:49.0894 5756 BrUsbScn - ok
21:33:49.0907 5756 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:49.0912 5756 BrUsbSer - ok
21:33:49.0938 5756 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:49.0943 5756 BTHMODEM - ok
21:33:49.0981 5756 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:33:49.0984 5756 bthserv - ok
21:33:50.0012 5756 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:33:50.0014 5756 cdfs - ok
21:33:50.0072 5756 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:33:50.0075 5756 cdrom - ok
21:33:50.0122 5756 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:33:50.0125 5756 CertPropSvc - ok
21:33:50.0164 5756 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:33:50.0166 5756 circlass - ok
21:33:50.0214 5756 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:33:50.0231 5756 CLFS - ok
21:33:50.0288 5756 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:50.0290 5756 clr_optimization_v2.0.50727_32 - ok
21:33:50.0321 5756 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:33:50.0326 5756 clr_optimization_v2.0.50727_64 - ok
21:33:50.0405 5756 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:50.0413 5756 clr_optimization_v4.0.30319_32 - ok
21:33:50.0447 5756 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:33:50.0450 5756 clr_optimization_v4.0.30319_64 - ok
21:33:50.0489 5756 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:50.0491 5756 CmBatt - ok
21:33:50.0542 5756 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:33:50.0543 5756 cmdide - ok
21:33:50.0612 5756 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:33:50.0619 5756 CNG - ok
21:33:50.0640 5756 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:33:50.0642 5756 Compbatt - ok
21:33:50.0699 5756 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:33:50.0700 5756 CompositeBus - ok
21:33:50.0727 5756 COMSysApp - ok
21:33:50.0745 5756 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:50.0747 5756 crcdisk - ok
21:33:50.0814 5756 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:33:50.0818 5756 CryptSvc - ok
21:33:50.0870 5756 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:33:50.0878 5756 DcomLaunch - ok
21:33:50.0924 5756 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:33:50.0928 5756 defragsvc - ok
21:33:50.0964 5756 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:33:50.0967 5756 DfsC - ok
21:33:51.0012 5756 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:33:51.0017 5756 Dhcp - ok
21:33:51.0074 5756 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:33:51.0075 5756 discache - ok
21:33:51.0119 5756 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:33:51.0121 5756 Disk - ok
21:33:51.0172 5756 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:33:51.0176 5756 Dnscache - ok
21:33:51.0229 5756 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:33:51.0234 5756 dot3svc - ok
21:33:51.0342 5756 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:33:51.0349 5756 Dot4 - ok
21:33:51.0392 5756 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:33:51.0394 5756 Dot4Print - ok
21:33:51.0423 5756 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:33:51.0432 5756 dot4usb - ok
21:33:51.0491 5756 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:33:51.0494 5756 DPS - ok
21:33:51.0536 5756 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:33:51.0538 5756 drmkaud - ok
21:33:51.0637 5756 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:33:51.0650 5756 DXGKrnl - ok
21:33:51.0695 5756 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:33:51.0698 5756 EapHost - ok
21:33:51.0905 5756 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:33:51.0950 5756 ebdrv - ok
21:33:52.0041 5756 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:33:52.0043 5756 EFS - ok
21:33:52.0162 5756 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:33:52.0171 5756 ehRecvr - ok
21:33:52.0218 5756 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:33:52.0221 5756 ehSched - ok
21:33:52.0295 5756 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:33:52.0302 5756 elxstor - ok
21:33:52.0342 5756 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:33:52.0344 5756 ErrDev - ok
21:33:52.0421 5756 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:33:52.0428 5756 EventSystem - ok
21:33:52.0461 5756 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:33:52.0465 5756 exfat - ok
21:33:52.0499 5756 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:33:52.0502 5756 fastfat - ok
21:33:52.0684 5756 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:33:52.0692 5756 Fax - ok
21:33:52.0712 5756 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:33:52.0713 5756 fdc - ok
21:33:52.0750 5756 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:33:52.0752 5756 fdPHost - ok
21:33:52.0780 5756 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:33:52.0782 5756 FDResPub - ok
21:33:52.0822 5756 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:33:52.0824 5756 FileInfo - ok
21:33:52.0846 5756 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:33:52.0848 5756 Filetrace - ok
21:33:52.0870 5756 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:52.0872 5756 flpydisk - ok
21:33:52.0929 5756 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:33:52.0937 5756 FltMgr - ok
21:33:53.0041 5756 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:33:53.0056 5756 FontCache - ok
21:33:53.0126 5756 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:33:53.0128 5756 FontCache3.0.0.0 - ok
21:33:53.0195 5756 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:33:53.0197 5756 FsDepends - ok
21:33:53.0271 5756 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
21:33:53.0273 5756 fssfltr - ok
21:33:53.0443 5756 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:33:53.0477 5756 fsssvc - ok
21:33:53.0575 5756 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:33:53.0577 5756 Fs_Rec - ok
21:33:53.0632 5756 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:33:53.0636 5756 fvevol - ok
21:33:53.0676 5756 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:33:53.0681 5756 gagp30kx - ok
21:33:53.0751 5756 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
21:33:53.0757 5756 GameConsoleService - ok
21:33:53.0806 5756 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:33:53.0808 5756 GEARAspiWDM - ok
21:33:53.0882 5756 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:33:53.0892 5756 gpsvc - ok
21:33:54.0010 5756 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
21:33:54.0028 5756 Greg_Service - ok
21:33:54.0165 5756 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:54.0172 5756 gupdate - ok
21:33:54.0192 5756 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:54.0193 5756 gupdatem - ok
21:33:54.0230 5756 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:33:54.0233 5756 gusvc - ok
21:33:54.0317 5756 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:33:54.0319 5756 hcw85cir - ok
21:33:54.0373 5756 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:33:54.0378 5756 HdAudAddService - ok
21:33:54.0422 5756 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:33:54.0424 5756 HDAudBus - ok
21:33:54.0442 5756 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:33:54.0444 5756 HidBatt - ok
21:33:54.0466 5756 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:33:54.0469 5756 HidBth - ok
21:33:54.0490 5756 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:33:54.0496 5756 HidIr - ok
21:33:54.0528 5756 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:33:54.0530 5756 hidserv - ok
21:33:54.0578 5756 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:33:54.0582 5756 HidUsb - ok
21:33:54.0655 5756 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:33:54.0657 5756 hkmsvc - ok
21:33:54.0708 5756 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:33:54.0712 5756 HomeGroupListener - ok
21:33:54.0761 5756 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:33:54.0766 5756 HomeGroupProvider - ok
21:33:54.0859 5756 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:33:54.0863 5756 hpqcxs08 - ok
21:33:54.0893 5756 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:33:54.0895 5756 hpqddsvc - ok
21:33:54.0952 5756 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:33:54.0954 5756 HpSAMD - ok
21:33:55.0075 5756 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:33:55.0087 5756 HPSLPSVC - ok
21:33:55.0187 5756 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:33:55.0246 5756 HTTP - ok
21:33:55.0286 5756 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:33:55.0287 5756 hwpolicy - ok
21:33:55.0415 5756 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:33:55.0419 5756 i8042prt - ok
21:33:55.0478 5756 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:33:55.0483 5756 iaStorV - ok
21:33:55.0577 5756 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:33:55.0600 5756 idsvc - ok
21:33:55.0640 5756 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:33:55.0642 5756 iirsp - ok
21:33:55.0739 5756 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:33:55.0751 5756 IKEEXT - ok
21:33:55.0904 5756 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
21:33:55.0927 5756 IntcAzAudAddService - ok
21:33:56.0028 5756 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:33:56.0029 5756 intelide - ok
21:33:56.0074 5756 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:33:56.0076 5756 intelppm - ok
21:33:56.0112 5756 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:33:56.0116 5756 IPBusEnum - ok
21:33:56.0157 5756 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:33:56.0159 5756 IpFilterDriver - ok
21:33:56.0207 5756 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:33:56.0248 5756 iphlpsvc - ok
21:33:56.0287 5756 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:33:56.0289 5756 IPMIDRV - ok
21:33:56.0323 5756 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:33:56.0326 5756 IPNAT - ok
21:33:56.0446 5756 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:33:56.0458 5756 iPod Service - ok
21:33:56.0496 5756 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:33:56.0497 5756 IRENUM - ok
21:33:56.0541 5756 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:33:56.0543 5756 isapnp - ok
21:33:56.0582 5756 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:33:56.0586 5756 iScsiPrt - ok
21:33:56.0620 5756 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:33:56.0622 5756 kbdclass - ok
21:33:56.0652 5756 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:33:56.0653 5756 kbdhid - ok
21:33:56.0689 5756 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:33:56.0691 5756 KeyIso - ok
21:33:56.0715 5756 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:33:56.0718 5756 KSecDD - ok
21:33:56.0745 5756 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:33:56.0748 5756 KSecPkg - ok
21:33:56.0778 5756 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:33:56.0780 5756 ksthunk - ok
21:33:56.0835 5756 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:33:56.0842 5756 KtmRm - ok
21:33:56.0910 5756 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:33:56.0915 5756 LanmanServer - ok
21:33:56.0965 5756 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:33:56.0969 5756 LanmanWorkstation - ok
21:33:57.0020 5756 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:33:57.0026 5756 lltdio - ok
21:33:57.0074 5756 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:33:57.0080 5756 lltdsvc - ok
21:33:57.0111 5756 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:33:57.0114 5756 lmhosts - ok
21:33:57.0179 5756 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:33:57.0181 5756 LSI_FC - ok
21:33:57.0200 5756 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:33:57.0203 5756 LSI_SAS - ok
21:33:57.0224 5756 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:33:57.0225 5756 LSI_SAS2 - ok
21:33:57.0262 5756 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:33:57.0265 5756 LSI_SCSI - ok
21:33:57.0294 5756 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:33:57.0296 5756 luafv - ok
21:33:57.0338 5756 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
21:33:57.0340 5756 lvpepf64 - ok
21:33:57.0394 5756 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
21:33:57.0408 5756 LVRS64 - ok
21:33:57.0435 5756 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
21:33:57.0437 5756 LVUSBS64 - ok
21:33:57.0484 5756 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:33:57.0487 5756 Mcx2Svc - ok
21:33:57.0517 5756 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:33:57.0519 5756 megasas - ok
21:33:57.0553 5756 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:33:57.0557 5756 MegaSR - ok
21:33:57.0595 5756 mf (8d0e52f36a153d099de7d5a1e233fac7) C:\Windows\system32\DRIVERS\mf.sys
21:33:57.0598 5756 mf - ok
21:33:57.0686 5756 Microsoft SharePoint Workspace Audit Service - ok
21:33:57.0726 5756 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:33:57.0728 5756 MMCSS - ok
21:33:57.0763 5756 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:33:57.0764 5756 Modem - ok
21:33:57.0791 5756 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:33:57.0793 5756 monitor - ok
21:33:57.0840 5756 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:33:57.0842 5756 mouclass - ok
21:33:57.0866 5756 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:33:57.0868 5756 mouhid - ok
21:33:57.0908 5756 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:33:57.0910 5756 mountmgr - ok
21:33:57.0970 5756 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:33:57.0972 5756 MozillaMaintenance - ok
21:33:58.0034 5756 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:33:58.0038 5756 MpFilter - ok
21:33:58.0077 5756 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:33:58.0080 5756 mpio - ok
21:33:58.0117 5756 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:33:58.0119 5756 mpsdrv - ok
21:33:58.0193 5756 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:33:58.0204 5756 MpsSvc - ok
21:33:58.0252 5756 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:33:58.0254 5756 MRxDAV - ok
21:33:58.0305 5756 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:33:58.0308 5756 mrxsmb - ok
21:33:58.0355 5756 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:33:58.0359 5756 mrxsmb10 - ok
21:33:58.0382 5756 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:33:58.0385 5756 mrxsmb20 - ok
21:33:58.0425 5756 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:33:58.0426 5756 msahci - ok
21:33:58.0468 5756 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:33:58.0471 5756 msdsm - ok
21:33:58.0506 5756 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:33:58.0510 5756 MSDTC - ok
21:33:58.0555 5756 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:33:58.0557 5756 Msfs - ok
21:33:58.0579 5756 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:33:58.0580 5756 mshidkmdf - ok
21:33:58.0606 5756 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:33:58.0608 5756 msisadrv - ok
21:33:58.0650 5756 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:33:58.0653 5756 MSiSCSI - ok
21:33:58.0667 5756 msiserver - ok
21:33:58.0695 5756 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:33:58.0696 5756 MSKSSRV - ok
21:33:58.0778 5756 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:33:58.0779 5756 MsMpSvc - ok
21:33:58.0798 5756 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:33:58.0800 5756 MSPCLOCK - ok
21:33:58.0819 5756 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:33:58.0821 5756 MSPQM - ok
21:33:58.0872 5756 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:33:58.0877 5756 MsRPC - ok
21:33:58.0919 5756 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:33:58.0920 5756 mssmbios - ok
21:33:58.0944 5756 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:33:58.0945 5756 MSTEE - ok
21:33:58.0965 5756 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:33:58.0966 5756 MTConfig - ok
21:33:59.0001 5756 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:33:59.0003 5756 Mup - ok
21:33:59.0061 5756 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:33:59.0070 5756 napagent - ok
21:33:59.0122 5756 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:33:59.0127 5756 NativeWifiP - ok
21:33:59.0214 5756 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:33:59.0225 5756 NDIS - ok
21:33:59.0249 5756 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:33:59.0251 5756 NdisCap - ok
21:33:59.0280 5756 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:33:59.0282 5756 NdisTapi - ok
21:33:59.0318 5756 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:33:59.0320 5756 Ndisuio - ok
21:33:59.0366 5756 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:33:59.0369 5756 NdisWan - ok
21:33:59.0392 5756 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:33:59.0394 5756 NDProxy - ok
21:33:59.0511 5756 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:33:59.0527 5756 Nero BackItUp Scheduler 4.0 - ok
21:33:59.0595 5756 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
21:33:59.0598 5756 Net Driver HPZ12 - ok
21:33:59.0665 5756 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:33:59.0667 5756 NetBIOS - ok
21:33:59.0717 5756 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:33:59.0721 5756 NetBT - ok
21:33:59.0764 5756 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:33:59.0766 5756 Netlogon - ok
21:33:59.0907 5756 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:33:59.0913 5756 Netman - ok
21:33:59.0952 5756 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:33:59.0962 5756 netprofm - ok
21:34:00.0015 5756 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:34:00.0018 5756 NetTcpPortSharing - ok
21:34:00.0073 5756 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:34:00.0075 5756 nfrd960 - ok
21:34:00.0124 5756 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:34:00.0126 5756 NisDrv - ok
21:34:00.0234 5756 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:34:00.0238 5756 NisSrv - ok
21:34:00.0289 5756 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:34:00.0295 5756 NlaSvc - ok
21:34:00.0317 5756 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:34:00.0319 5756 Npfs - ok
21:34:00.0347 5756 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:34:00.0349 5756 nsi - ok
21:34:00.0379 5756 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:34:00.0380 5756 nsiproxy - ok
21:34:00.0513 5756 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:34:00.0534 5756 Ntfs - ok
21:34:00.0620 5756 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:34:00.0621 5756 Null - ok
21:34:01.0648 5756 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:34:01.0879 5756 nvlddmkm - ok
21:34:02.0090 5756 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:34:02.0093 5756 nvraid - ok
21:34:02.0130 5756 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:34:02.0133 5756 nvstor - ok
21:34:02.0228 5756 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
21:34:02.0230 5756 nvstor64 - ok
21:34:02.0336 5756 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
21:34:02.0340 5756 nvsvc - ok
21:34:02.0383 5756 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:34:02.0386 5756 nv_agp - ok
21:34:02.0430 5756 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:34:02.0432 5756 ohci1394 - ok
21:34:02.0513 5756 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:34:02.0519 5756 ose - ok
21:34:03.0046 5756 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:34:03.0127 5756 osppsvc - ok
21:34:03.0300 5756 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:34:03.0306 5756 p2pimsvc - ok
21:34:03.0347 5756 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:34:03.0354 5756 p2psvc - ok
21:34:03.0394 5756 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:34:03.0396 5756 Parport - ok
21:34:03.0441 5756 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:34:03.0443 5756 partmgr - ok
21:34:03.0481 5756 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:34:03.0485 5756 PcaSvc - ok
21:34:03.0527 5756 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:34:03.0530 5756 pci - ok
21:34:03.0553 5756 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:34:03.0554 5756 pciide - ok
21:34:03.0590 5756 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:34:03.0593 5756 pcmcia - ok
21:34:03.0621 5756 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:34:03.0623 5756 pcw - ok
21:34:03.0690 5756 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:34:03.0747 5756 PEAUTH - ok
21:34:03.0827 5756 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:34:03.0830 5756 PerfHost - ok
21:34:04.0068 5756 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
21:34:04.0099 5756 PID_PEPI - ok
21:34:04.0293 5756 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:34:04.0311 5756 pla - ok
21:34:04.0367 5756 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:34:04.0374 5756 PlugPlay - ok
21:34:04.0435 5756 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
21:34:04.0437 5756 Pml Driver HPZ12 - ok
21:34:04.0465 5756 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:34:04.0468 5756 PNRPAutoReg - ok
21:34:04.0505 5756 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:34:04.0509 5756 PNRPsvc - ok
21:34:04.0636 5756 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:34:04.0659 5756 PolicyAgent - ok
21:34:04.0710 5756 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:34:04.0715 5756 Power - ok
21:34:04.0784 5756 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:34:04.0786 5756 PptpMiniport - ok
21:34:04.0822 5756 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:34:04.0827 5756 Processor - ok
21:34:04.0866 5756 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:34:04.0870 5756 ProfSvc - ok
21:34:04.0922 5756 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:34:04.0924 5756 ProtectedStorage - ok
21:34:04.0974 5756 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:34:04.0976 5756 Psched - ok
21:34:05.0072 5756 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:34:05.0135 5756 ql2300 - ok
21:34:05.0235 5756 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:34:05.0238 5756 ql40xx - ok
21:34:05.0285 5756 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:34:05.0291 5756 QWAVE - ok
21:34:05.0313 5756 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:34:05.0315 5756 QWAVEdrv - ok
21:34:05.0333 5756 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:34:05.0334 5756 RasAcd - ok
21:34:05.0367 5756 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:34:05.0369 5756 RasAgileVpn - ok
21:34:05.0396 5756 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:34:05.0399 5756 RasAuto - ok
21:34:05.0436 5756 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:34:05.0439 5756 Rasl2tp - ok
21:34:05.0493 5756 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:34:05.0500 5756 RasMan - ok
21:34:05.0530 5756 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:34:05.0533 5756 RasPppoe - ok
21:34:05.0561 5756 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:34:05.0563 5756 RasSstp - ok
21:34:05.0652 5756 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:34:05.0656 5756 rdbss - ok
21:34:05.0682 5756 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:34:05.0684 5756 rdpbus - ok
21:34:05.0713 5756 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:34:05.0714 5756 RDPCDD - ok
21:34:05.0742 5756 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:34:05.0743 5756 RDPENCDD - ok
21:34:05.0775 5756 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:34:05.0776 5756 RDPREFMP - ok
21:34:05.0826 5756 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:34:05.0829 5756 RDPWD - ok
21:34:05.0883 5756 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:34:05.0891 5756 rdyboost - ok
21:34:05.0927 5756 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:34:05.0931 5756 RemoteAccess - ok
21:34:05.0957 5756 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:34:05.0962 5756 RemoteRegistry - ok
21:34:05.0992 5756 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:34:05.0995 5756 RpcEptMapper - ok
21:34:06.0015 5756 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:34:06.0017 5756 RpcLocator - ok
21:34:06.0134 5756 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:34:06.0141 5756 RpcSs - ok
21:34:06.0185 5756 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:34:06.0188 5756 rspndr - ok
21:34:06.0228 5756 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:34:06.0232 5756 RTL8167 - ok
21:34:06.0271 5756 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:34:06.0273 5756 SamSs - ok
21:34:06.0328 5756 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:34:06.0331 5756 sbp2port - ok
21:34:06.0370 5756 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:34:06.0375 5756 SCardSvr - ok
21:34:06.0434 5756 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
21:34:06.0437 5756 SCDEmu - ok
21:34:06.0485 5756 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:34:06.0487 5756 scfilter - ok
21:34:06.0579 5756 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:34:06.0654 5756 Schedule - ok
21:34:06.0702 5756 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:34:06.0704 5756 SCPolicySvc - ok
21:34:06.0735 5756 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:34:06.0739 5756 SDRSVC - ok
21:34:06.0823 5756 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:34:06.0824 5756 secdrv - ok
21:34:06.0841 5756 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:34:06.0844 5756 seclogon - ok
21:34:06.0876 5756 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:34:06.0879 5756 SENS - ok
21:34:06.0918 5756 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:34:06.0921 5756 SensrSvc - ok
21:34:06.0949 5756 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:34:06.0951 5756 Serenum - ok
21:34:06.0972 5756 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:34:06.0974 5756 Serial - ok
21:34:07.0038 5756 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:34:07.0040 5756 sermouse - ok
21:34:07.0105 5756 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:34:07.0109 5756 SessionEnv - ok
21:34:07.0181 5756 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:34:07.0183 5756 sffdisk - ok
21:34:07.0212 5756 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:34:07.0213 5756 sffp_mmc - ok
21:34:07.0239 5756 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:34:07.0241 5756 sffp_sd - ok
21:34:07.0341 5756 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:07.0343 5756 sfloppy - ok
21:34:07.0406 5756 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:34:07.0412 5756 SharedAccess - ok
21:34:07.0460 5756 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:34:07.0466 5756 ShellHWDetection - ok
21:34:07.0492 5756 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:07.0494 5756 SiSRaid2 - ok
21:34:07.0528 5756 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:07.0530 5756 SiSRaid4 - ok
21:34:07.0610 5756 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:34:07.0613 5756 SkypeUpdate - ok
21:34:07.0656 5756 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:34:07.0658 5756 Smb - ok
21:34:07.0698 5756 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:34:07.0701 5756 SNMPTRAP - ok
21:34:07.0721 5756 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:34:07.0723 5756 spldr - ok
21:34:07.0802 5756 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:34:07.0909 5756 Spooler - ok
21:34:08.0137 5756 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:34:08.0179 5756 sppsvc - ok
21:34:08.0430 5756 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:34:08.0433 5756 sppuinotify - ok
21:34:08.0520 5756 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
21:34:08.0524 5756 sprtsvc_ddoctorv2 - ok
21:34:08.0608 5756 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:34:08.0615 5756 srv - ok
21:34:08.0658 5756 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:34:08.0665 5756 srv2 - ok
21:34:08.0690 5756 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:34:08.0697 5756 srvnet - ok
21:34:08.0745 5756 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:34:08.0749 5756 SSDPSRV - ok
21:34:08.0779 5756 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:34:08.0783 5756 SstpSvc - ok
21:34:08.0812 5756 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:34:08.0814 5756 stexstor - ok
21:34:08.0902 5756 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:34:08.0911 5756 stisvc - ok
21:34:08.0950 5756 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:34:08.0951 5756 swenum - ok
21:34:09.0009 5756 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:34:09.0018 5756 swprv - ok
21:34:09.0151 5756 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:34:09.0175 5756 SysMain - ok
21:34:09.0292 5756 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:34:09.0296 5756 TabletInputService - ok
21:34:09.0335 5756 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:34:09.0341 5756 TapiSrv - ok
21:34:09.0374 5756 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:34:09.0378 5756 TBS - ok
21:34:09.0534 5756 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:34:09.0557 5756 Tcpip - ok
21:34:09.0759 5756 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:34:09.0773 5756 TCPIP6 - ok
21:34:09.0850 5756 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:34:09.0853 5756 tcpipreg - ok
21:34:09.0898 5756 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:34:09.0900 5756 TDPIPE - ok
21:34:09.0947 5756 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:34:09.0961 5756 TDTCP - ok
21:34:10.0069 5756 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:34:10.0071 5756 tdx - ok
21:34:10.0112 5756 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:34:10.0113 5756 TermDD - ok
21:34:10.0208 5756 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:34:10.0219 5756 TermService - ok
21:34:10.0253 5756 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:34:10.0256 5756 Themes - ok
21:34:10.0290 5756 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:34:10.0293 5756 THREADORDER - ok
21:34:10.0321 5756 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:34:10.0325 5756 TrkWks - ok
21:34:10.0390 5756 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:34:10.0394 5756 TrustedInstaller - ok
21:34:10.0444 5756 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:34:10.0446 5756 tssecsrv - ok
21:34:10.0489 5756 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:34:10.0491 5756 TsUsbFlt - ok
21:34:10.0553 5756 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:34:10.0555 5756 tunnel - ok
21:34:10.0595 5756 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:34:10.0597 5756 uagp35 - ok
21:34:10.0646 5756 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:34:10.0651 5756 udfs - ok
21:34:10.0760 5756 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:34:10.0763 5756 UI0Detect - ok
21:34:10.0801 5756 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:34:10.0803 5756 uliagpkx - ok
21:34:10.0855 5756 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:34:10.0857 5756 umbus - ok
21:34:10.0887 5756 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:34:10.0888 5756 UmPass - ok
21:34:10.0949 5756 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
21:34:10.0953 5756 Updater Service - ok
21:34:10.0995 5756 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:34:11.0005 5756 upnphost - ok
21:34:11.0058 5756 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
21:34:11.0060 5756 USBAAPL64 - ok
21:34:11.0118 5756 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:34:11.0121 5756 usbaudio - ok
21:34:11.0154 5756 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:34:11.0156 5756 usbccgp - ok
21:34:11.0215 5756 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:34:11.0218 5756 usbcir - ok
21:34:11.0260 5756 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:34:11.0262 5756 usbehci - ok
21:34:11.0332 5756 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:34:11.0370 5756 usbhub - ok
21:34:11.0411 5756 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:34:11.0413 5756 usbohci - ok
21:34:11.0442 5756 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:34:11.0444 5756 usbprint - ok
21:34:11.0479 5756 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:34:11.0481 5756 usbscan - ok
21:34:11.0507 5756 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:34:11.0509 5756 USBSTOR - ok
21:34:11.0534 5756 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:34:11.0535 5756 usbuhci - ok
21:34:11.0566 5756 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:34:11.0569 5756 UxSms - ok
21:34:11.0617 5756 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:34:11.0623 5756 VaultSvc - ok
21:34:11.0676 5756 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:34:11.0678 5756 vdrvroot - ok
21:34:11.0744 5756 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:34:11.0753 5756 vds - ok
21:34:11.0792 5756 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:11.0794 5756 vga - ok
21:34:11.0824 5756 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:34:11.0826 5756 VgaSave - ok
21:34:11.0882 5756 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:34:11.0894 5756 vhdmp - ok
21:34:11.0958 5756 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:34:11.0960 5756 viaide - ok
21:34:12.0001 5756 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:34:12.0003 5756 volmgr - ok
21:34:12.0055 5756 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:34:12.0060 5756 volmgrx - ok
21:34:12.0103 5756 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:34:12.0107 5756 volsnap - ok
21:34:12.0153 5756 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:34:12.0156 5756 vsmraid - ok
21:34:12.0308 5756 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:34:12.0333 5756 VSS - ok
21:34:12.0471 5756 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:34:12.0472 5756 vwifibus - ok
21:34:12.0533 5756 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:34:12.0540 5756 W32Time - ok
21:34:12.0574 5756 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:34:12.0576 5756 WacomPen - ok
21:34:12.0627 5756 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:12.0629 5756 WANARP - ok
21:34:12.0642 5756 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:12.0644 5756 Wanarpv6 - ok
21:34:12.0748 5756 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:34:12.0764 5756 WatAdminSvc - ok
21:34:12.0933 5756 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:34:12.0957 5756 wbengine - ok
21:34:13.0058 5756 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:34:13.0067 5756 WbioSrvc - ok
21:34:13.0138 5756 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:34:13.0146 5756 wcncsvc - ok
21:34:13.0213 5756 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:34:13.0220 5756 WcsPlugInService - ok
21:34:13.0285 5756 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:34:13.0287 5756 Wd - ok
21:34:13.0363 5756 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:34:13.0373 5756 Wdf01000 - ok
21:34:13.0442 5756 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:34:13.0451 5756 WdiServiceHost - ok
21:34:13.0467 5756 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:34:13.0470 5756 WdiSystemHost - ok
21:34:13.0511 5756 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:34:13.0516 5756 WebClient - ok
21:34:13.0564 5756 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:34:13.0570 5756 Wecsvc - ok
21:34:13.0602 5756 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:34:13.0606 5756 wercplsupport - ok
21:34:13.0637 5756 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:34:13.0641 5756 WerSvc - ok
21:34:13.0697 5756 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:13.0698 5756 WfpLwf - ok
21:34:13.0733 5756 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:34:13.0735 5756 WIMMount - ok
21:34:13.0766 5756 WinDefend - ok
21:34:13.0801 5756 WinHttpAutoProxySvc - ok
21:34:13.0920 5756 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:34:13.0923 5756 Winmgmt - ok
21:34:14.0054 5756 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:34:14.0080 5756 WinRM - ok
21:34:14.0191 5756 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:34:14.0193 5756 WinUsb - ok
21:34:14.0276 5756 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:34:14.0289 5756 Wlansvc - ok
21:34:14.0353 5756 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:34:14.0356 5756 wlcrasvc - ok
21:34:14.0554 5756 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:34:14.0581 5756 wlidsvc - ok
21:34:14.0698 5756 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:34:14.0698 5756 WmiAcpi - ok
21:34:14.0766 5756 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:34:14.0773 5756 wmiApSrv - ok
21:34:14.0824 5756 WMPNetworkSvc - ok
21:34:14.0862 5756 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:34:14.0865 5756 WPCSvc - ok
21:34:14.0917 5756 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:34:14.0922 5756 WPDBusEnum - ok
21:34:14.0953 5756 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:34:14.0955 5756 ws2ifsl - ok
21:34:14.0983 5756 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:34:14.0988 5756 wscsvc - ok
21:34:15.0005 5756 WSearch - ok
21:34:15.0337 5756 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:34:15.0367 5756 wuauserv - ok
21:34:15.0477 5756 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:34:15.0479 5756 WudfPf - ok
21:34:15.0519 5756 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:15.0522 5756 WUDFRd - ok
21:34:15.0563 5756 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:34:15.0567 5756 wudfsvc - ok
21:34:15.0615 5756 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:34:15.0624 5756 WwanSvc - ok
21:34:15.0655 5756 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
21:34:15.0683 5756 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
21:34:15.0684 5756 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
21:34:15.0719 5756 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:34:15.0719 5756 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:34:15.0763 5756 Boot (0x1200) (5ec99f953836ad8469a755e21620eda4) \Device\Harddisk0\DR0\Partition0
21:34:15.0765 5756 \Device\Harddisk0\DR0\Partition0 - ok
21:34:15.0781 5756 Boot (0x1200) (ac8aad07f5dcf7c5e833b9e74e66cdf3) \Device\Harddisk0\DR0\Partition1
21:34:15.0783 5756 \Device\Harddisk0\DR0\Partition1 - ok
21:34:15.0788 5756 ============================================================
21:34:15.0788 5756 Scan finished
21:34:15.0788 5756 ============================================================
21:34:15.0813 0216 Detected object count: 2
21:34:15.0813 0216 Actual detected object count: 2
21:38:02.0744 0216 \Device\Harddisk0\DR0\# - copied to quarantine
21:38:02.0974 0216 \Device\Harddisk0\DR0 - copied to quarantine
21:38:03.0401 0216 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:38:03.0433 0216 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:38:03.0532 0216 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:38:03.0555 0216 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:38:03.0586 0216 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:38:04.0277 0216 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:38:04.0719 0216 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:38:04.0771 0216 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:38:04.0844 0216 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:38:05.0083 0216 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:38:05.0279 0216 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:38:05.0399 0216 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:38:05.0536 0216 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:38:05.0588 0216 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:38:05.0668 0216 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:38:05.0760 0216 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
21:38:05.0906 0216 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:38:05.0966 0216 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:38:07.0076 0216 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:38:07.0370 0216 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:38:08.0844 0216 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
21:38:09.0227 0216 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
21:38:09.0481 0216 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:38:09.0585 0216 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
21:38:09.0585 0216 \Device\Harddisk0\DR0 - ok
21:38:10.0199 0216 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
21:38:10.0204 0216 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:38:10.0204 0216 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:38:21.0609 5712 Deinitialize success

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:13 PM

Posted 26 May 2012 - 09:14 PM

Yes, Please run TDSSKiller again and choose "delete"

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 gironense

gironense
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 26 May 2012 - 09:56 PM

Before receiving your last post I had run ComboFix. Here is the log:

ComboFix 12-05-26.02 - Bergmoosers 05/26/2012 22:16:32.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1855 [GMT -4:00]
Running from: c:\users\Bergmoosers\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 02:25 . 2012-05-27 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 01:37 . 2012-05-27 01:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-26 16:14 . 2012-05-26 16:14 -------- d-----w- c:\program files (x86)\GPLGS
2012-05-26 16:13 . 2012-05-26 16:13 -------- d-----w- c:\program files (x86)\Acro Software
2012-05-26 16:13 . 2012-03-11 18:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
2012-05-26 16:07 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA4F9BB9-9B4E-449B-A1B4-E1E9148A4439}\mpengine.dll
2012-05-26 15:52 . 2012-05-26 15:52 -------- d-----w- c:\program files (x86)\PowerISO
2012-05-26 15:52 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-24 23:16 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-16 13:59 . 2012-05-16 13:59 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-05-16 13:57 . 2012-05-16 13:57 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-05-16 13:56 . 2012-05-16 13:56 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-05-16 13:55 . 2012-05-16 13:55 129144 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-16 13:53 . 2012-05-16 13:57 -------- d-----w- c:\program files (x86)\Real
2012-05-13 09:11 . 2012-05-13 09:11 17691 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{42A7FD37-8ED1-FC5E-7800-9E212F8222A9}-MALDefaultAd[1].js
2012-05-11 12:21 . 2012-05-11 12:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-10 22:18 . 2012-05-10 22:18 -------- d-----w- c:\programdata\RoboForm
2012-05-10 22:18 . 2012-05-10 22:18 -------- d-----w- c:\program files (x86)\Siber Systems
2012-05-10 22:17 . 2012-05-10 22:17 -------- d-----w- c:\programdata\OzTools
2012-05-10 22:17 . 2012-05-10 22:17 -------- d-----w- c:\program files (x86)\KDA Technical Solutions
2012-05-10 21:56 . 2012-05-10 21:56 -------- d-----w- c:\windows\en
2012-05-10 21:51 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-10 21:51 . 2012-05-25 04:14 -------- d-----w- c:\users\Katie
2012-05-10 21:47 . 2012-05-10 21:47 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7b11a9801cd2ef602\MeshBetaRemover.exe
2012-05-10 21:47 . 2012-05-10 21:47 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7a2ba6b01cd2ef601\DSETUP.dll
2012-05-10 21:47 . 2012-05-10 21:47 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7a2ba6b01cd2ef601\DXSETUP.exe
2012-05-10 21:47 . 2012-05-10 21:47 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7a2ba6b01cd2ef601\dsetup32.dll
2012-05-10 20:28 . 2012-05-10 20:28 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-05-10 20:26 . 2012-05-10 20:26 -------- d-----w- c:\windows\PCHEALTH
2012-05-10 20:26 . 2012-05-10 20:26 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-05-10 20:10 . 2012-05-10 20:10 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-05-10 20:05 . 2012-05-10 20:05 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-05-10 20:04 . 2012-05-10 20:04 -------- d-----w- c:\users\Bergmoosers\AppData\Local\Microsoft Help
2012-05-10 18:53 . 2012-05-10 18:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-10 18:52 . 2012-05-10 18:52 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 18:52 . 2012-05-10 18:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 18:43 . 2012-05-10 18:44 -------- d-----w- c:\program files (x86)\Emdat
2012-05-10 18:42 . 2012-05-10 18:43 -------- d-----w- c:\program files\Emdat
2012-05-10 18:08 . 2012-05-10 18:08 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-05-10 18:06 . 2012-05-17 18:38 -------- d-----w- c:\users\Bergmoosers\AppData\Roaming\HpUpdate
2012-05-10 18:05 . 2012-05-10 18:05 -------- d-----w- c:\windows\Hewlett-Packard
2012-05-10 17:54 . 2012-05-10 18:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 13:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 13:50 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 13:50 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 13:50 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 13:50 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 13:50 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 13:50 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 13:49 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 13:49 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 13:49 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:49 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 13:49 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:49 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 13:42 . 2012-05-10 13:59 -------- d-----w- c:\program files (x86)\EMIMS
2012-05-10 13:42 . 2002-12-07 20:54 1425408 ----a-w- c:\windows\SysWow64\WebPro3.ocx
2012-05-10 13:42 . 2001-03-13 18:49 140288 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-05-10 13:42 . 2000-05-22 04:00 608448 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2012-05-10 13:38 . 2012-05-26 16:17 -------- d-----w- C:\Program Installation Files
2012-05-10 13:33 . 2012-05-24 21:43 -------- d-----w- c:\program files (x86)\uTorrent
2012-05-10 13:32 . 2012-05-24 21:43 -------- d-----w- c:\users\Bergmoosers\AppData\Roaming\uTorrent
2012-05-07 18:46 . 2005-06-12 16:17 1153536 ----a-w- c:\windows\SysWow64\WEBPR332.OCX
2012-05-07 18:46 . 1998-06-18 00:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL
2012-05-07 18:46 . 1998-06-24 11:00 200496 ----a-w- c:\windows\SysWow64\DBLIST32.OCX
2012-05-05 21:01 . 2012-05-05 21:01 -------- d-----w- c:\program files\iPod
2012-05-05 21:01 . 2012-05-05 21:02 -------- d-----w- c:\program files\iTunes
2012-05-05 21:01 . 2012-05-05 21:02 -------- d-----w- c:\program files (x86)\iTunes
2012-05-02 07:01 . 2012-05-02 07:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 13:53 . 2009-05-21 22:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-16 13:53 . 2009-05-22 00:21 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-10 18:54 . 2011-06-17 12:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 00:44 . 2010-10-25 01:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 01:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:04 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:04 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:04 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:04 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:04 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:04 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"Download"="c:\users\Bergmoosers\AppData\Local\SupportSoft\ddoctorv2\Bergmoosers\SSGet.exe" [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-05-16 296056]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-10 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 brmfrsmg;Brother Resource manager service;c:\windows\system32\BrmfRsmg.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [x]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 18:54]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-15 07:33]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-15 07:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: emdat.com
Trusted Zone: mytranscriptions.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer.custhelp.com/euf/assets/activex/snret.cab
FF - ProfilePath - c:\users\Bergmoosers\AppData\Roaming\Mozilla\Firefox\Profiles\c5108jro.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login|http://www.jw.org/|http://www.jw-media.org/
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-WKocfFMPaI.exe - c:\programdata\WKocfFMPaI.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-26 22:33:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 02:33
.
Pre-Run: 419,882,635,264 bytes free
Post-Run: 421,787,504,640 bytes free
.
- - End Of File - - 497304A34C5C42CACCD1E6A7FCF346C6

#15 gironense

gironense
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 26 May 2012 - 10:03 PM

I have run TDSS Killer again and the same result; this time I chose 'delete'. The log file is zipped and attached. You will see the TDSS file system is the last line in the log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users