Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Sirefef.Y


  • This topic is locked This topic is locked
29 replies to this topic

#1 dcs8

dcs8

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 27 June 2012 - 08:39 AM

Infected with Trojan Sirefef.Y - MSE detects it and tries to delete it but can't do it in time as the computer reboots and I'm back to square one again!!
Any help will be much appreciated, thanks dcs8

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 27 June 2012 - 05:41 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 PM

Posted 02 July 2012 - 07:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I need to see the logs from these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 dcs8

dcs8
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 06 July 2012 - 09:12 AM

sorry for the late reply, I was out of the country, I am doing what you asked now and will post shortly, thank you.

#5 dcs8

dcs8
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 06 July 2012 - 09:54 AM

I've managed to do the first scan butI can't complete the second scan as the trojan reboots the computer before th scan is completed! What should I do?

#6 dcs8

dcs8
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 06 July 2012 - 10:43 AM

1st scan:

15:13:48.0775 4144 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
15:13:49.0227 4144 ============================================================
15:13:49.0227 4144 Current date / time: 2012/07/06 15:13:49.0227
15:13:49.0227 4144 SystemInfo:
15:13:49.0227 4144
15:13:49.0227 4144 OS Version: 6.1.7601 ServicePack: 1.0
15:13:49.0227 4144 Product type: Workstation
15:13:49.0227 4144 ComputerName: DAN-PC
15:13:49.0227 4144 UserName: Dan
15:13:49.0227 4144 Windows directory: C:\Windows
15:13:49.0227 4144 System windows directory: C:\Windows
15:13:49.0227 4144 Running under WOW64
15:13:49.0227 4144 Processor architecture: Intel x64
15:13:49.0227 4144 Number of processors: 4
15:13:49.0227 4144 Page size: 0x1000
15:13:49.0227 4144 Boot type: Normal boot
15:13:49.0227 4144 ============================================================
15:13:53.0190 4144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:53.0221 4144 ============================================================
15:13:53.0221 4144 \Device\Harddisk0\DR0:
15:13:53.0221 4144 MBR partitions:
15:13:53.0221 4144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:13:53.0221 4144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
15:13:53.0221 4144 ============================================================
15:13:53.0455 4144 C: <-> \Device\Harddisk0\DR0\Partition1
15:13:53.0455 4144 ============================================================
15:13:53.0455 4144 Initialize success
15:13:53.0455 4144 ============================================================
15:13:56.0185 1376 ============================================================
15:13:56.0185 1376 Scan started
15:13:56.0185 1376 Mode: Manual;
15:13:56.0185 1376 ============================================================
15:13:57.0464 1376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:13:58.0447 1376 1394ohci - ok
15:13:58.0665 1376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:13:58.0681 1376 ACPI - ok
15:13:59.0336 1376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:13:59.0445 1376 AcpiPmi - ok
15:13:59.0757 1376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:13:59.0804 1376 adp94xx - ok
15:13:59.0976 1376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:13:59.0991 1376 adpahci - ok
15:14:00.0319 1376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:14:00.0335 1376 adpu320 - ok
15:14:00.0459 1376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:14:00.0475 1376 AeLookupSvc - ok
15:14:00.0662 1376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:14:01.0037 1376 AFD - ok
15:14:01.0130 1376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:14:01.0146 1376 agp440 - ok
15:14:01.0255 1376 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:14:01.0364 1376 ALG - ok
15:14:01.0520 1376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:14:01.0536 1376 aliide - ok
15:14:01.0801 1376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:14:01.0817 1376 amdide - ok
15:14:02.0175 1376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:14:02.0253 1376 AmdK8 - ok
15:14:02.0300 1376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:14:02.0316 1376 AmdPPM - ok
15:14:02.0456 1376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:14:02.0487 1376 amdsata - ok
15:14:02.0597 1376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:14:02.0659 1376 amdsbs - ok
15:14:02.0940 1376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:14:03.0033 1376 amdxata - ok
15:14:03.0720 1376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:14:03.0860 1376 AppID - ok
15:14:03.0891 1376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:14:03.0923 1376 AppIDSvc - ok
15:14:04.0079 1376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:14:04.0079 1376 Appinfo - ok
15:14:04.0562 1376 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:14:04.0640 1376 Apple Mobile Device - ok
15:14:04.0827 1376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:14:04.0874 1376 arc - ok
15:14:04.0968 1376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:14:04.0983 1376 arcsas - ok
15:14:05.0093 1376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:14:05.0108 1376 AsyncMac - ok
15:14:05.0217 1376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:14:05.0217 1376 atapi - ok
15:14:05.0826 1376 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
15:14:05.0857 1376 athr - ok
15:14:08.0259 1376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:14:08.0384 1376 AudioEndpointBuilder - ok
15:14:08.0400 1376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:14:08.0400 1376 AudioSrv - ok
15:14:09.0133 1376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:14:09.0320 1376 AxInstSV - ok
15:14:10.0506 1376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:14:10.0568 1376 b06bdrv - ok
15:14:10.0802 1376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:14:10.0833 1376 b57nd60a - ok
15:14:11.0067 1376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:14:11.0114 1376 BDESVC - ok
15:14:11.0239 1376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:14:11.0270 1376 Beep - ok
15:14:11.0364 1376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:14:11.0395 1376 blbdrive - ok
15:14:11.0738 1376 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:14:11.0910 1376 Bonjour Service - ok
15:14:11.0941 1376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:14:12.0050 1376 bowser - ok
15:14:12.0175 1376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:14:12.0191 1376 BrFiltLo - ok
15:14:12.0191 1376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:14:12.0206 1376 BrFiltUp - ok
15:14:12.0347 1376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:14:12.0378 1376 Browser - ok
15:14:12.0503 1376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:14:12.0768 1376 Brserid - ok
15:14:13.0283 1376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:14:13.0439 1376 BrSerWdm - ok
15:14:13.0595 1376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:14:13.0657 1376 BrUsbMdm - ok
15:14:13.0829 1376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:14:13.0876 1376 BrUsbSer - ok
15:14:14.0422 1376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:14:14.0515 1376 BTHMODEM - ok
15:14:14.0656 1376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:14:14.0702 1376 bthserv - ok
15:14:14.0936 1376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:14:14.0999 1376 cdfs - ok
15:14:15.0186 1376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:14:15.0217 1376 cdrom - ok
15:14:15.0560 1376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:14:15.0638 1376 CertPropSvc - ok
15:14:15.0935 1376 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
15:14:15.0997 1376 cfwids - ok
15:14:16.0294 1376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:14:16.0434 1376 circlass - ok
15:14:16.0808 1376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:14:16.0918 1376 CLFS - ok
15:14:17.0417 1376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:14:17.0464 1376 clr_optimization_v2.0.50727_32 - ok
15:14:17.0807 1376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:14:17.0854 1376 clr_optimization_v2.0.50727_64 - ok
15:14:18.0103 1376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:14:18.0134 1376 clr_optimization_v4.0.30319_32 - ok
15:14:18.0290 1376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:14:18.0290 1376 clr_optimization_v4.0.30319_64 - ok
15:14:18.0353 1376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:14:18.0384 1376 CmBatt - ok
15:14:18.0540 1376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:14:18.0727 1376 cmdide - ok
15:14:18.0852 1376 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:14:18.0914 1376 CNG - ok
15:14:19.0008 1376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:14:19.0008 1376 Compbatt - ok
15:14:19.0070 1376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:14:19.0086 1376 CompositeBus - ok
15:14:19.0226 1376 COMSysApp - ok
15:14:19.0367 1376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:14:19.0398 1376 crcdisk - ok
15:14:20.0443 1376 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe
15:14:20.0506 1376 CronService - ok
15:14:20.0740 1376 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:14:20.0740 1376 CryptSvc - ok
15:14:21.0972 1376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:14:22.0034 1376 DcomLaunch - ok
15:14:22.0097 1376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:14:22.0253 1376 defragsvc - ok
15:14:22.0315 1376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:14:22.0331 1376 DfsC - ok
15:14:22.0752 1376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:14:22.0783 1376 Dhcp - ok
15:14:22.0830 1376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:14:22.0846 1376 discache - ok
15:14:23.0345 1376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:14:23.0360 1376 Disk - ok
15:14:23.0626 1376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:14:23.0688 1376 Dnscache - ok
15:14:23.0750 1376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:14:23.0813 1376 dot3svc - ok
15:14:23.0922 1376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:14:23.0922 1376 DPS - ok
15:14:24.0265 1376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:14:24.0265 1376 drmkaud - ok
15:14:24.0796 1376 DsiWMIService (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:14:24.0796 1376 DsiWMIService - ok
15:14:24.0952 1376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:14:24.0983 1376 DXGKrnl - ok
15:14:25.0295 1376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:14:25.0326 1376 EapHost - ok
15:14:26.0168 1376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:14:26.0371 1376 ebdrv - ok
15:14:26.0683 1376 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:14:26.0699 1376 EFS - ok
15:14:26.0902 1376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:14:27.0182 1376 ehRecvr - ok
15:14:27.0260 1376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:14:27.0338 1376 ehSched - ok
15:14:27.0526 1376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:14:27.0588 1376 elxstor - ok
15:14:27.0728 1376 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:14:27.0744 1376 ePowerSvc - ok
15:14:28.0040 1376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:14:28.0056 1376 ErrDev - ok
15:14:28.0118 1376 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
15:14:28.0150 1376 ETD - ok
15:14:28.0212 1376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:14:28.0212 1376 EventSystem - ok
15:14:28.0384 1376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:14:28.0399 1376 exfat - ok
15:14:28.0508 1376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:14:28.0540 1376 fastfat - ok
15:14:28.0649 1376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:14:28.0664 1376 Fax - ok
15:14:28.0742 1376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:14:28.0774 1376 fdc - ok
15:14:28.0883 1376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:14:28.0883 1376 fdPHost - ok
15:14:28.0898 1376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:14:28.0898 1376 FDResPub - ok
15:14:28.0992 1376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:14:28.0992 1376 FileInfo - ok
15:14:29.0054 1376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:14:29.0070 1376 Filetrace - ok
15:14:29.0304 1376 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:14:29.0522 1376 FLEXnet Licensing Service - ok
15:14:29.0632 1376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:14:29.0647 1376 flpydisk - ok
15:14:29.0756 1376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:14:29.0756 1376 FltMgr - ok
15:14:29.0959 1376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:14:29.0990 1376 FontCache - ok
15:14:30.0178 1376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:14:30.0209 1376 FontCache3.0.0.0 - ok
15:14:30.0256 1376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:14:30.0271 1376 FsDepends - ok
15:14:30.0786 1376 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:14:30.0848 1376 fssfltr - ok
15:14:37.0135 1376 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:14:37.0853 1376 fsssvc - ok
15:14:38.0040 1376 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:14:38.0040 1376 Fs_Rec - ok
15:14:38.0196 1376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:14:38.0196 1376 fvevol - ok
15:14:38.0274 1376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:14:38.0305 1376 gagp30kx - ok
15:14:38.0414 1376 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:14:38.0430 1376 GEARAspiWDM - ok
15:14:38.0586 1376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:14:38.0680 1376 gpsvc - ok
15:14:38.0804 1376 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:14:38.0804 1376 GREGService - ok
15:14:39.0163 1376 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:39.0179 1376 gupdate - ok
15:14:39.0366 1376 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:39.0366 1376 gupdatem - ok
15:14:39.0428 1376 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:14:39.0460 1376 gusvc - ok
15:14:39.0491 1376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:14:39.0506 1376 hcw85cir - ok
15:14:41.0020 1376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:14:41.0176 1376 HdAudAddService - ok
15:14:41.0254 1376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:14:41.0269 1376 HDAudBus - ok
15:14:41.0363 1376 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:14:41.0378 1376 HECIx64 - ok
15:14:41.0410 1376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:14:41.0425 1376 HidBatt - ok
15:14:41.0456 1376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:14:41.0472 1376 HidBth - ok
15:14:41.0488 1376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:14:41.0503 1376 HidIr - ok
15:14:41.0659 1376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:14:41.0690 1376 hidserv - ok
15:14:41.0971 1376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:14:42.0002 1376 HidUsb - ok
15:14:42.0034 1376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:14:42.0080 1376 hkmsvc - ok
15:14:42.0158 1376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:14:42.0174 1376 HomeGroupListener - ok
15:14:42.0236 1376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:14:42.0236 1376 HomeGroupProvider - ok
15:14:42.0314 1376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:14:42.0330 1376 HpSAMD - ok
15:14:42.0486 1376 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:14:42.0502 1376 HTCAND64 - ok
15:14:42.0658 1376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:14:42.0767 1376 HTTP - ok
15:14:42.0798 1376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:14:42.0798 1376 hwpolicy - ok
15:14:42.0845 1376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:14:42.0860 1376 i8042prt - ok
15:14:43.0001 1376 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:14:43.0001 1376 iaStor - ok
15:14:43.0266 1376 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:14:43.0266 1376 IAStorDataMgrSvc - ok
15:14:46.0090 1376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:14:46.0277 1376 iaStorV - ok
15:14:54.0794 1376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:14:55.0091 1376 idsvc - ok
15:14:57.0821 1376 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:14:58.0367 1376 igfx - ok
15:14:59.0006 1376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:14:59.0038 1376 iirsp - ok
15:14:59.0412 1376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:14:59.0568 1376 IKEEXT - ok
15:14:59.0786 1376 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:14:59.0802 1376 Impcd - ok
15:15:00.0348 1376 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
15:15:00.0379 1376 IntcAzAudAddService - ok
15:15:01.0097 1376 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:15:01.0144 1376 IntcDAud - ok
15:15:01.0222 1376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:15:01.0237 1376 intelide - ok
15:15:01.0331 1376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:15:01.0331 1376 intelppm - ok
15:15:01.0424 1376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:15:01.0424 1376 IPBusEnum - ok
15:15:01.0518 1376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:01.0534 1376 IpFilterDriver - ok
15:15:01.0658 1376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:15:01.0690 1376 IPMIDRV - ok
15:15:01.0768 1376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:15:01.0783 1376 IPNAT - ok
15:15:02.0080 1376 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:15:02.0095 1376 iPod Service - ok
15:15:02.0298 1376 iPodDrv - ok
15:15:02.0376 1376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:15:02.0392 1376 IRENUM - ok
15:15:02.0438 1376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:15:02.0454 1376 isapnp - ok
15:15:02.0688 1376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:15:02.0782 1376 iScsiPrt - ok
15:15:02.0922 1376 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:15:02.0953 1376 k57nd60a - ok
15:15:03.0047 1376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:15:03.0062 1376 kbdclass - ok
15:15:03.0343 1376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:15:03.0374 1376 kbdhid - ok
15:15:03.0421 1376 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:03.0421 1376 KeyIso - ok
15:15:03.0452 1376 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:15:03.0452 1376 KSecDD - ok
15:15:03.0484 1376 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:15:03.0484 1376 KSecPkg - ok
15:15:03.0655 1376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:15:03.0671 1376 ksthunk - ok
15:15:03.0764 1376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:15:03.0811 1376 KtmRm - ok
15:15:03.0905 1376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:15:03.0936 1376 LanmanServer - ok
15:15:04.0014 1376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:15:04.0045 1376 LanmanWorkstation - ok
15:15:04.0232 1376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:04.0264 1376 lltdio - ok
15:15:04.0357 1376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:15:04.0404 1376 lltdsvc - ok
15:15:04.0435 1376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:15:04.0466 1376 lmhosts - ok
15:15:04.0794 1376 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:15:04.0794 1376 LMS - ok
15:15:04.0903 1376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:15:04.0934 1376 LSI_FC - ok
15:15:05.0075 1376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:15:05.0122 1376 LSI_SAS - ok
15:15:05.0184 1376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:15:05.0200 1376 LSI_SAS2 - ok
15:15:05.0371 1376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:15:05.0434 1376 LSI_SCSI - ok
15:15:05.0465 1376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:15:05.0496 1376 luafv - ok
15:15:05.0902 1376 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:15:05.0902 1376 MBAMProtector - ok
15:15:08.0772 1376 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:15:08.0803 1376 MBAMService - ok
15:15:08.0959 1376 McAfee SiteAdvisor Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:08.0959 1376 McAfee SiteAdvisor Service - ok
15:15:09.0006 1376 McMPFSvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:09.0006 1376 McMPFSvc - ok
15:15:09.0022 1376 mcmscsvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:15:09.0022 1376 mcmscsvc - ok
15:15:09.0037 1376 McNaiAnn (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:15:09.0053 1376 McNaiAnn - ok
15:15:09.0068 1376 McNASvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:15:09.0068 1376 McNASvc - ok
15:15:09.0396 1376 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\mcafee\VirusScan\mcods.exe
15:15:09.0443 1376 McODS - ok
15:15:09.0458 1376 McOobeSv (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:15:09.0474 1376 McOobeSv - ok
15:15:09.0505 1376 McProxy (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:15:09.0505 1376 McProxy - ok
15:15:09.0692 1376 McShield (461eabb62f1827b965f508092160eddc) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:15:09.0692 1376 McShield - ok
15:15:10.0301 1376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:15:10.0379 1376 Mcx2Svc - ok
15:15:10.0457 1376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:15:10.0472 1376 megasas - ok
15:15:10.0550 1376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:15:10.0597 1376 MegaSR - ok
15:15:10.0691 1376 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
15:15:10.0691 1376 mfeapfk - ok
15:15:10.0862 1376 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
15:15:10.0862 1376 mfeavfk - ok
15:15:11.0096 1376 mfeavfk01 - ok
15:15:11.0174 1376 mfefire (dd92e94e265864306377f091b100d0d0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:15:11.0174 1376 mfefire - ok
15:15:11.0330 1376 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
15:15:11.0440 1376 mfefirek - ok
15:15:11.0689 1376 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
15:15:11.0705 1376 mfehidk - ok
15:15:11.0798 1376 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
15:15:11.0830 1376 mfenlfk - ok
15:15:12.0001 1376 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
15:15:12.0110 1376 mferkdet - ok
15:15:12.0220 1376 mfevtp (aecd0c9abdfdc61be31163b624c4170f) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
15:15:12.0220 1376 mfevtp - ok
15:15:12.0344 1376 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
15:15:12.0360 1376 mfewfpk - ok
15:15:12.0422 1376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:12.0454 1376 MMCSS - ok
15:15:12.0500 1376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:15:12.0516 1376 Modem - ok
15:15:12.0578 1376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:15:12.0578 1376 monitor - ok
15:15:12.0641 1376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:15:12.0656 1376 mouclass - ok
15:15:12.0890 1376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:15:12.0906 1376 mouhid - ok
15:15:12.0968 1376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:15:12.0968 1376 mountmgr - ok
15:15:13.0889 1376 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
15:15:13.0920 1376 MpFilter - ok
15:15:13.0967 1376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:15:13.0982 1376 mpio - ok
15:15:14.0060 1376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:15:14.0092 1376 mpsdrv - ok
15:15:14.0138 1376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:15:14.0185 1376 MRxDAV - ok
15:15:14.0232 1376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:14.0248 1376 mrxsmb - ok
15:15:14.0419 1376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:14.0450 1376 mrxsmb10 - ok
15:15:14.0544 1376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:14.0560 1376 mrxsmb20 - ok
15:15:14.0778 1376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:15:14.0825 1376 msahci - ok
15:15:14.0903 1376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:15:14.0934 1376 msdsm - ok
15:15:14.0981 1376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:15:15.0184 1376 MSDTC - ok
15:15:15.0386 1376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:15:15.0418 1376 Msfs - ok
15:15:15.0464 1376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:15:15.0480 1376 mshidkmdf - ok
15:15:15.0652 1376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:15:15.0652 1376 msisadrv - ok
15:15:15.0745 1376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:15:15.0776 1376 MSiSCSI - ok
15:15:15.0792 1376 msiserver - ok
15:15:15.0995 1376 MSK80Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:15.0995 1376 MSK80Service - ok
15:15:16.0073 1376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:15:16.0088 1376 MSKSSRV - ok
15:15:16.0198 1376 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:15:16.0198 1376 MsMpSvc - ok
15:15:16.0291 1376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:16.0291 1376 MSPCLOCK - ok
15:15:16.0354 1376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:15:16.0369 1376 MSPQM - ok
15:15:16.0432 1376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:15:16.0432 1376 MsRPC - ok
15:15:16.0666 1376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:15:16.0666 1376 mssmbios - ok
15:15:16.0759 1376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:15:16.0775 1376 MSTEE - ok
15:15:16.0775 1376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:15:16.0790 1376 MTConfig - ok
15:15:16.0837 1376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:15:16.0853 1376 Mup - ok
15:15:16.0946 1376 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:15:16.0962 1376 mwlPSDFilter - ok
15:15:16.0993 1376 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:15:17.0009 1376 mwlPSDNServ - ok
15:15:17.0024 1376 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:15:17.0056 1376 mwlPSDVDisk - ok
15:15:17.0165 1376 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
15:15:17.0274 1376 MWLService - ok
15:15:17.0383 1376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:15:17.0399 1376 napagent - ok
15:15:17.0617 1376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:15:17.0648 1376 NativeWifiP - ok
15:15:17.0773 1376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:15:17.0789 1376 NDIS - ok
15:15:17.0867 1376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:15:17.0882 1376 NdisCap - ok
15:15:17.0929 1376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:17.0945 1376 NdisTapi - ok
15:15:18.0007 1376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:18.0054 1376 Ndisuio - ok
15:15:18.0116 1376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:18.0132 1376 NdisWan - ok
15:15:18.0210 1376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:15:18.0226 1376 NDProxy - ok
15:15:18.0272 1376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:15:18.0288 1376 NetBIOS - ok
15:15:18.0366 1376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:15:18.0397 1376 NetBT - ok
15:15:18.0428 1376 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:18.0444 1376 Netlogon - ok
15:15:18.0616 1376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:15:18.0616 1376 Netman - ok
15:15:18.0678 1376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:15:18.0694 1376 netprofm - ok
15:15:18.0850 1376 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:15:18.0881 1376 NetTcpPortSharing - ok
15:15:19.0006 1376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:15:19.0021 1376 nfrd960 - ok
15:15:20.0098 1376 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:15:20.0238 1376 NisDrv - ok
15:15:21.0361 1376 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:15:21.0517 1376 NisSrv - ok
15:15:21.0689 1376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:15:21.0689 1376 NlaSvc - ok
15:15:22.0016 1376 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:15:22.0094 1376 NOBU - ok
15:15:22.0282 1376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:15:22.0297 1376 Npfs - ok
15:15:22.0344 1376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:15:22.0391 1376 nsi - ok
15:15:22.0484 1376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:15:22.0500 1376 nsiproxy - ok
15:15:22.0781 1376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:15:22.0828 1376 Ntfs - ok
15:15:23.0046 1376 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:15:23.0062 1376 NTI IScheduleSvc - ok
15:15:23.0296 1376 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
15:15:23.0311 1376 NTIDrvr - ok
15:15:23.0389 1376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:15:23.0498 1376 Null - ok
15:15:23.0982 1376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:15:24.0107 1376 nvraid - ok
15:15:24.0700 1376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:15:24.0762 1376 nvstor - ok
15:15:24.0887 1376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:15:24.0918 1376 nv_agp - ok
15:15:25.0355 1376 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:15:26.0057 1376 odserv - ok
15:15:26.0166 1376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:15:26.0182 1376 ohci1394 - ok
15:15:27.0476 1376 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:27.0726 1376 ose - ok
15:15:28.0163 1376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:28.0210 1376 p2pimsvc - ok
15:15:28.0459 1376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:15:28.0506 1376 p2psvc - ok
15:15:28.0584 1376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:15:28.0600 1376 Parport - ok
15:15:28.0646 1376 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:15:28.0646 1376 partmgr - ok
15:15:28.0678 1376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:15:28.0693 1376 PcaSvc - ok
15:15:28.0740 1376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:15:28.0740 1376 pci - ok
15:15:28.0802 1376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:15:28.0818 1376 pciide - ok
15:15:28.0943 1376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:15:28.0974 1376 pcmcia - ok
15:15:29.0005 1376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:15:29.0005 1376 pcw - ok
15:15:29.0068 1376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:15:29.0083 1376 PEAUTH - ok
15:15:29.0224 1376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:15:29.0270 1376 PerfHost - ok
15:15:29.0504 1376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:15:29.0676 1376 pla - ok
15:15:29.0785 1376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:15:29.0832 1376 PlugPlay - ok
15:15:30.0050 1376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:15:30.0097 1376 PNRPAutoReg - ok
15:15:30.0160 1376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:30.0160 1376 PNRPsvc - ok
15:15:30.0238 1376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:15:30.0284 1376 PolicyAgent - ok
15:15:30.0394 1376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:15:30.0440 1376 Power - ok
15:15:30.0596 1376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:15:30.0628 1376 PptpMiniport - ok
15:15:30.0643 1376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:15:30.0659 1376 Processor - ok
15:15:30.0752 1376 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:15:30.0784 1376 ProfSvc - ok
15:15:30.0846 1376 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:30.0846 1376 ProtectedStorage - ok
15:15:30.0971 1376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:15:31.0002 1376 Psched - ok
15:15:31.0782 1376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:15:31.0891 1376 ql2300 - ok
15:15:32.0921 1376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:15:33.0030 1376 ql40xx - ok
15:15:33.0124 1376 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:15:33.0186 1376 QWAVE - ok
15:15:33.0264 1376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:15:33.0280 1376 QWAVEdrv - ok
15:15:33.0295 1376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:33.0311 1376 RasAcd - ok
15:15:33.0389 1376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:15:33.0404 1376 RasAgileVpn - ok
15:15:33.0451 1376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:15:33.0498 1376 RasAuto - ok
15:15:33.0560 1376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:33.0623 1376 Rasl2tp - ok
15:15:33.0732 1376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:15:33.0763 1376 RasMan - ok
15:15:33.0826 1376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:33.0841 1376 RasPppoe - ok
15:15:33.0982 1376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:33.0997 1376 RasSstp - ok
15:15:34.0091 1376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:34.0169 1376 rdbss - ok
15:15:34.0216 1376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:15:34.0231 1376 rdpbus - ok
15:15:34.0247 1376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:34.0247 1376 RDPCDD - ok
15:15:34.0294 1376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:15:34.0294 1376 RDPENCDD - ok
15:15:34.0340 1376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:15:34.0356 1376 RDPREFMP - ok
15:15:34.0418 1376 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:15:34.0434 1376 RDPWD - ok
15:15:34.0574 1376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:15:34.0621 1376 rdyboost - ok
15:15:34.0699 1376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:15:34.0730 1376 RemoteAccess - ok
15:15:34.0824 1376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:15:34.0855 1376 RemoteRegistry - ok
15:15:34.0933 1376 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:15:34.0949 1376 RimUsb - ok
15:15:35.0011 1376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:15:35.0058 1376 RpcEptMapper - ok
15:15:35.0136 1376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:15:35.0152 1376 RpcLocator - ok
15:15:35.0308 1376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:15:35.0323 1376 RpcSs - ok
15:15:35.0417 1376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:35.0432 1376 rspndr - ok
15:15:35.0542 1376 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
15:15:35.0557 1376 RSUSBSTOR - ok
15:15:35.0635 1376 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:35.0682 1376 SamSs - ok
15:15:35.0869 1376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:15:35.0885 1376 sbp2port - ok
15:15:35.0963 1376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:15:36.0025 1376 SCardSvr - ok
15:15:36.0166 1376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:15:36.0166 1376 scfilter - ok
15:15:36.0322 1376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:15:36.0431 1376 Schedule - ok
15:15:36.0478 1376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:15:36.0478 1376 SCPolicySvc - ok
15:15:36.0540 1376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:15:36.0602 1376 SDRSVC - ok
15:15:36.0821 1376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:15:36.0821 1376 secdrv - ok
15:15:36.0899 1376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:15:36.0930 1376 seclogon - ok
15:15:36.0977 1376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:15:36.0977 1376 SENS - ok
15:15:37.0102 1376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:15:37.0148 1376 SensrSvc - ok
15:15:37.0195 1376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:15:37.0195 1376 Serenum - ok
15:15:37.0258 1376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:15:37.0273 1376 Serial - ok
15:15:37.0570 1376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:15:37.0632 1376 sermouse - ok
15:15:37.0757 1376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:15:37.0804 1376 SessionEnv - ok
15:15:38.0147 1376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:15:38.0178 1376 sffdisk - ok
15:15:38.0334 1376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:15:38.0381 1376 sffp_mmc - ok
15:15:38.0396 1376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:15:38.0428 1376 sffp_sd - ok
15:15:38.0490 1376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:15:38.0506 1376 sfloppy - ok
15:15:38.0615 1376 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:15:38.0708 1376 SharedAccess - ok
15:15:38.0896 1376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:15:38.0942 1376 ShellHWDetection - ok
15:15:39.0114 1376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:15:39.0145 1376 SiSRaid2 - ok
15:15:39.0161 1376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:15:39.0176 1376 SiSRaid4 - ok
15:15:39.0364 1376 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:15:39.0364 1376 SkypeUpdate - ok
15:15:39.0426 1376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:39.0504 1376 Smb - ok
15:15:39.0707 1376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:15:39.0738 1376 SNMPTRAP - ok
15:15:39.0769 1376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:39.0769 1376 spldr - ok
15:15:39.0832 1376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:15:39.0847 1376 Spooler - ok
15:15:40.0253 1376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:15:40.0393 1376 sppsvc - ok
15:15:40.0768 1376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:15:40.0814 1376 sppuinotify - ok
15:15:40.0939 1376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:15:41.0033 1376 srv - ok
15:15:41.0111 1376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:15:41.0204 1376 srv2 - ok
15:15:41.0251 1376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:41.0282 1376 srvnet - ok
15:15:41.0392 1376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:15:41.0392 1376 SSDPSRV - ok
15:15:41.0438 1376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:15:41.0501 1376 SstpSvc - ok
15:15:41.0548 1376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:15:41.0563 1376 stexstor - ok
15:15:41.0688 1376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:15:41.0688 1376 stisvc - ok
15:15:41.0782 1376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:15:41.0828 1376 swenum - ok
15:15:42.0156 1376 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:15:42.0172 1376 SwitchBoard - ok
15:15:42.0296 1376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:15:42.0359 1376 swprv - ok
15:15:42.0562 1376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:15:42.0593 1376 SysMain - ok
15:15:43.0357 1376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:15:43.0420 1376 TabletInputService - ok
15:15:43.0529 1376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:15:43.0732 1376 TapiSrv - ok
15:15:43.0778 1376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:15:43.0825 1376 TBS - ok
15:15:44.0122 1376 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:15:44.0480 1376 Tcpip - ok
15:15:45.0198 1376 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:45.0214 1376 TCPIP6 - ok
15:15:45.0682 1376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:15:45.0682 1376 tcpipreg - ok
15:15:45.0775 1376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:15:45.0791 1376 TDPIPE - ok
15:15:45.0900 1376 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:15:45.0916 1376 TDTCP - ok
15:15:45.0962 1376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:15:45.0978 1376 tdx - ok
15:15:46.0040 1376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:15:46.0072 1376 TermDD - ok
15:15:46.0243 1376 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:15:46.0321 1376 TermService - ok
15:15:46.0399 1376 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:15:46.0446 1376 Themes - ok
15:15:46.0508 1376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:46.0508 1376 THREADORDER - ok
15:15:46.0602 1376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:15:46.0602 1376 TrkWks - ok
15:15:46.0774 1376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:15:46.0852 1376 TrustedInstaller - ok
15:15:46.0914 1376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:46.0945 1376 tssecsrv - ok
15:15:47.0023 1376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:15:47.0039 1376 TsUsbFlt - ok
15:15:47.0117 1376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:47.0132 1376 tunnel - ok
15:15:47.0148 1376 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
15:15:47.0164 1376 TurboB - ok
15:15:47.0382 1376 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:15:47.0382 1376 TurboBoost - ok
15:15:47.0413 1376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:15:47.0429 1376 uagp35 - ok
15:15:47.0460 1376 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
15:15:47.0476 1376 UBHelper - ok
15:15:47.0694 1376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:15:47.0741 1376 udfs - ok
15:15:47.0850 1376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:15:47.0897 1376 UI0Detect - ok
15:15:48.0022 1376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:15:48.0037 1376 uliagpkx - ok
15:15:48.0100 1376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:15:48.0115 1376 umbus - ok
15:15:48.0224 1376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:15:48.0224 1376 UmPass - ok
15:15:48.0505 1376 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:15:48.0521 1376 UNS - ok
15:15:48.0677 1376 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:15:48.0708 1376 Updater Service - ok
15:15:49.0004 1376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:15:49.0004 1376 upnphost - ok
15:15:49.0114 1376 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:15:49.0145 1376 USBAAPL64 - ok
15:15:49.0160 1376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:49.0176 1376 usbccgp - ok
15:15:49.0207 1376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:15:49.0223 1376 usbcir - ok
15:15:49.0254 1376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:15:49.0270 1376 usbehci - ok
15:15:49.0332 1376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:49.0363 1376 usbhub - ok
15:15:49.0394 1376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:15:49.0410 1376 usbohci - ok
15:15:49.0488 1376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:15:49.0504 1376 usbprint - ok
15:15:49.0644 1376 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:15:49.0660 1376 usbscan - ok
15:15:49.0691 1376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:15:49.0706 1376 USBSTOR - ok
15:15:49.0940 1376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:15:50.0003 1376 usbuhci - ok
15:15:50.0081 1376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:15:50.0096 1376 usbvideo - ok
15:15:50.0159 1376 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
15:15:50.0159 1376 usb_rndisx - ok
15:15:50.0190 1376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:15:50.0206 1376 UxSms - ok
15:15:50.0315 1376 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:50.0315 1376 VaultSvc - ok
15:15:50.0455 1376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:15:50.0455 1376 vdrvroot - ok
15:15:50.0596 1376 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:15:50.0642 1376 vds - ok
15:15:50.0720 1376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:50.0720 1376 vga - ok
15:15:50.0736 1376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:50.0752 1376 VgaSave - ok
15:15:50.0798 1376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:15:50.0830 1376 vhdmp - ok
15:15:50.0845 1376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:15:50.0876 1376 viaide - ok
15:15:50.0908 1376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:15:50.0908 1376 volmgr - ok
15:15:50.0954 1376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:15:50.0954 1376 volmgrx - ok
15:15:51.0017 1376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:15:51.0017 1376 volsnap - ok
15:15:51.0095 1376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:15:51.0110 1376 vsmraid - ok
15:15:51.0344 1376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:15:51.0469 1376 VSS - ok
15:15:51.0797 1376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:15:51.0812 1376 vwifibus - ok
15:15:51.0922 1376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:15:51.0937 1376 vwififlt - ok
15:15:51.0968 1376 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:15:51.0968 1376 vwifimp - ok
15:15:52.0093 1376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:15:52.0124 1376 W32Time - ok
15:15:52.0187 1376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:15:52.0218 1376 WacomPen - ok
15:15:52.0296 1376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:52.0312 1376 WANARP - ok
15:15:52.0343 1376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:52.0343 1376 Wanarpv6 - ok
15:15:54.0402 1376 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:15:54.0964 1376 WatAdminSvc - ok
15:15:55.0144 1376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:15:55.0385 1376 wbengine - ok
15:15:55.0945 1376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:15:56.0005 1376 WbioSrvc - ok
15:15:56.0085 1376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:15:56.0095 1376 wcncsvc - ok
15:15:56.0125 1376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:15:56.0165 1376 WcsPlugInService - ok
15:15:56.0405 1376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:15:56.0425 1376 Wd - ok
15:15:56.0495 1376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:15:56.0535 1376 Wdf01000 - ok
15:15:56.0585 1376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:56.0585 1376 WdiServiceHost - ok
15:15:56.0595 1376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:56.0595 1376 WdiSystemHost - ok
15:15:56.0685 1376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:15:56.0835 1376 WebClient - ok
15:15:56.0945 1376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:15:57.0015 1376 Wecsvc - ok
15:15:57.0055 1376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:15:57.0105 1376 wercplsupport - ok
15:15:57.0155 1376 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:15:57.0165 1376 WerSvc - ok
15:15:57.0305 1376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:15:57.0315 1376 WfpLwf - ok
15:15:57.0335 1376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:15:57.0355 1376 WIMMount - ok
15:15:57.0365 1376 WinHttpAutoProxySvc - ok
15:15:57.0475 1376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:15:57.0475 1376 Winmgmt - ok
15:15:57.0915 1376 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:15:58.0125 1376 WinRM - ok
15:15:58.0426 1376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:15:58.0526 1376 WinUsb - ok
15:15:58.0786 1376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:15:58.0846 1376 Wlansvc - ok
15:15:59.0306 1376 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:59.0486 1376 wlidsvc - ok
15:15:59.0956 1376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:15:59.0966 1376 WmiAcpi - ok
15:16:00.0596 1376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:16:00.0666 1376 wmiApSrv - ok
15:16:00.0786 1376 WMPNetworkSvc - ok
15:16:00.0876 1376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:16:00.0916 1376 WPCSvc - ok
15:16:01.0016 1376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:16:01.0026 1376 WPDBusEnum - ok
15:16:01.0066 1376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:16:01.0086 1376 ws2ifsl - ok
15:16:01.0146 1376 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:16:01.0176 1376 WSDPrintDevice - ok
15:16:01.0186 1376 WSearch - ok
15:16:01.0256 1376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:16:01.0346 1376 WudfPf - ok
15:16:01.0466 1376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:01.0606 1376 WUDFRd - ok
15:16:01.0766 1376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:16:01.0806 1376 wudfsvc - ok
15:16:01.0856 1376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:16:01.0916 1376 WwanSvc - ok
15:16:01.0996 1376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:16:02.0376 1376 \Device\Harddisk0\DR0 - ok
15:16:02.0406 1376 Boot (0x1200) (ce797c68e267d45a990b78c20247e85d) \Device\Harddisk0\DR0\Partition0
15:16:02.0416 1376 \Device\Harddisk0\DR0\Partition0 - ok
15:16:02.0456 1376 Boot (0x1200) (f2398c1eaf1e5c1e7137a01f88f65da6) \Device\Harddisk0\DR0\Partition1
15:16:02.0456 1376 \Device\Harddisk0\DR0\Partition1 - ok
15:16:02.0456 1376 ============================================================
15:16:02.0456 1376 Scan finished
15:16:02.0456 1376 ============================================================
15:16:02.0476 4196 Detected object count: 0
15:16:02.0476 4196 Actual detected object count: 0

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 PM

Posted 06 July 2012 - 12:08 PM

See if you can run this tool and post the log.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

p.s.
Can you boot in safe mode with the internet connection option?

#8 dcs8

dcs8
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 06 July 2012 - 01:06 PM

I managed to get part of the second scan and the .dat file

part of 2nd scan before it reboots:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 18:49:37
-----------------------------
18:49:37.044 OS Version: Windows x64 6.1.7601 Service Pack 1
18:49:37.044 Number of processors: 4 586 0x2505
18:49:37.044 ComputerName: DAN-PC UserName: Dan
18:49:45.936 Initialize success
18:49:55.530 AVAST engine defs: 12070600
18:49:56.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:49:56.934 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:49:56.950 Disk 0 MBR read successfully
18:49:56.950 Disk 0 MBR scan
18:49:56.965 Disk 0 Windows 7 default MBR code
18:49:56.981 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
18:49:57.012 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
18:49:57.059 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
18:49:57.137 Disk 0 scanning C:\Windows\system32\drivers
18:50:23.205 Service scanning
18:51:33.841 Modules scanning
18:51:33.841 Disk 0 trace - called modules:
18:51:33.857 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:51:33.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007059060]
18:51:33.873 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005001050]
18:51:36.353 AVAST engine scan C:\Windows
18:54:29.527 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
18:54:29.527 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswmbr0.txt"

and yes i can enter safe mode with networking but it does not prevent a forced reboot.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 PM

Posted 07 July 2012 - 08:48 AM

Do this if you system is Vista or Windows 7. If not please let me know what your have as an operating system.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

p.s. do not run any cleaning tool until this infection is solved.

#10 dcs8

dcs8
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 08 July 2012 - 05:09 PM

Scan result of Farbar Recovery Scan Tool Version: 08-07-2012
Ran by SYSTEM at 08-07-2012 23:06:37
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-08-29] ()
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2012-01-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392984 2012-01-10] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417560 2012-01-10] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Dan\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-13] (Google Inc.)
HKU\Dan\...\Run: [Switcher] "C:\Users\Dan\Documents\Switcher\Switcher.exe" /quiet [425984 2007-10-28] (Bao_Nguyen)
HKU\Dan\...\Run: [Ditto] C:\Users\Dan\Documents\DittoPortable_3_17_0_17\Ditto\Ditto.exe [831488 2011-06-23] ()
HKU\Dan\...\Run: [Facebook Update] "C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-09-02] (Facebook Inc.)
HKU\Dan\...\Run: [colodiag] rundll32 "C:\Windows\calcperf.dll",CreateProcessNotify [x]
HKU\Dan\...\Run: [dvdugMgr] rundll32 "C:\Windows\system32\calcperf64.dll",CreateProcessNotify [62976 2012-06-10] (ESET)
HKU\Dan\...\Run: [hinsp] "C:\Windows\System32\rundll32.exe" "C:\Users\Dan\AppData\Roaming\hinsp.dll",SaveMeshToXW [345088 2012-06-10] (Andrea Electronics Corporation)
HKU\Dan\...\CurrentVersion\Windows: [Load] C:\Users\Dan\AppData\Local\Temp\{44097~1.EXE
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Dan\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104 2010-06-21] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-10-13] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)
2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [x]
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-08 23:06 - 2012-07-08 23:06 - 00000000 ____D C:\FRST
2012-07-06 11:12 - 2012-07-06 11:12 - 00262144 ____A C:\Windows\Minidump\070612-20904-01.dmp
2012-07-06 10:02 - 2012-07-06 10:03 - 00607260 ____R (Swearware) C:\Users\Dan\Desktop\dds.com
2012-07-06 09:54 - 2012-07-06 09:54 - 00001640 ____A C:\Users\Dan\Desktop\aswmbr0.txt
2012-07-06 08:03 - 2012-07-06 08:03 - 00001640 ____A C:\Users\Dan\Desktop\aswMBR2.txt
2012-07-06 07:55 - 2012-07-06 07:55 - 00001640 ____A C:\Users\Dan\Desktop\awsmbr2.txt
2012-07-06 07:48 - 2012-07-06 07:48 - 00001640 ____A C:\Users\Dan\Desktop\aswMBR1.txt
2012-07-06 06:54 - 2012-07-06 06:54 - 00262144 ____A C:\Windows\Minidump\070612-17862-01.dmp
2012-07-06 06:49 - 2012-07-06 06:49 - 00001694 ____A C:\Users\Dan\Desktop\aswMBR.txt
2012-07-06 06:37 - 2012-07-06 11:11 - 422173733 ____A C:\Windows\MEMORY.DMP
2012-07-06 06:37 - 2012-07-06 06:37 - 00262144 ____A C:\Windows\Minidump\070612-20716-01.dmp
2012-07-06 06:27 - 2012-07-06 06:27 - 04731392 ____A (AVAST Software) C:\Users\Dan\Desktop\aswMBR.exe
2012-07-06 06:25 - 2012-07-06 06:25 - 00000000 ____A C:\Users\Dan\Desktop\aswMBR.exe.wb21glj.partial
2012-07-06 06:16 - 2012-07-06 06:16 - 00066206 ____A C:\Users\Dan\Desktop\ktsdsd.txt
2012-07-06 06:10 - 2012-07-06 06:10 - 02116179 ____A C:\Users\Dan\Downloads\tdsskiller.zip
2012-07-06 06:10 - 2012-07-06 06:10 - 00000000 ____D C:\Users\Dan\Downloads\tdsskiller
2012-07-06 05:56 - 2012-07-06 05:56 - 00137096 ____A (ESET) C:\Users\Dan\Desktop\ESETSirefefRemover.exe
2012-07-05 04:58 - 2012-07-05 04:58 - 00000036 ____A C:\Users\Dan\AppData\Local\housecall.guid.cache
2012-07-05 04:57 - 2012-07-05 04:58 - 02406064 ____A (Trend Micro Inc.) C:\Users\Dan\Desktop\HousecallLauncher64.exe
2012-06-13 04:50 - 2012-07-08 13:58 - 00002856 ____A C:\Windows\setupact.log
2012-06-13 04:50 - 2012-06-13 04:50 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 04:32 - 2012-06-13 04:32 - 00000082 ____A C:\Users\Dan\Desktop\cc_20120613_133231.reg
2012-06-13 04:21 - 2012-06-13 04:21 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-13 04:21 - 2012-06-13 04:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-13 04:21 - 2012-04-04 06:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-10 10:21 - 2012-06-10 10:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 04:02 - 2012-06-10 04:02 - 00022660 ___RA C:\Users\Dan\Documents\Party Plan.docxENX
2012-06-10 04:00 - 2012-06-10 04:00 - 00002117 ____A C:\Users\Public\Desktop\PC Tools AntiVirus Free.lnk
2012-06-10 04:00 - 2012-05-11 02:14 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-06-10 04:00 - 2012-05-11 02:13 - 00014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-06-10 04:00 - 2012-05-11 02:09 - 00145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-06-10 04:00 - 2012-05-11 02:08 - 00341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-06-10 04:00 - 2012-02-28 02:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-06-10 04:00 - 2012-02-28 02:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-06-10 03:54 - 2012-04-23 03:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-06-10 03:51 - 2012-06-10 03:51 - 04183000 ____A (PC Tools) C:\Users\Dan\Downloads\pctoolsspywaredoctor.exe
2012-06-10 03:40 - 2012-06-10 03:40 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Malwarebytes
2012-06-10 03:40 - 2012-06-10 03:40 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 03:16 - 2012-05-08 09:21 - 02267064 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll0645.old
2012-06-10 03:16 - 2012-05-08 09:21 - 02267064 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-06-10 03:16 - 2012-05-08 09:21 - 01681336 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-06-10 03:16 - 2012-05-08 09:21 - 00767928 ____A C:\Windows\BDTSupport.dll0645.old
2012-06-10 03:16 - 2012-05-08 09:21 - 00767928 ____A C:\Windows\BDTSupport.dll
2012-06-10 03:16 - 2012-05-08 09:21 - 00149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll0645.old
2012-06-10 03:16 - 2012-05-08 09:21 - 00149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-06-10 03:16 - 2012-05-08 09:21 - 00085192 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-06-10 03:16 - 2012-05-08 08:47 - 00003488 ____A C:\Windows\UDB.zip
2012-06-10 03:16 - 2012-05-08 08:47 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-06-10 03:16 - 2012-05-08 08:47 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-06-10 03:16 - 2012-05-08 08:47 - 00000131 ____A C:\Windows\IDB.zip
2012-06-10 03:15 - 2012-06-10 03:54 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-06-10 03:14 - 2012-05-11 02:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-06-10 03:13 - 2012-06-13 04:21 - 00000000 ____D C:\Users\Dan\Documents\virus thing
2012-06-10 03:13 - 2012-06-10 04:00 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-10 03:13 - 2012-06-10 03:13 - 00000000 ____D C:\Users\Dan\AppData\Roaming\TestApp
2012-06-10 02:52 - 2012-06-10 02:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 02:49 - 2012-06-10 02:49 - 00345088 ____A (Andrea Electronics Corporation) C:\Users\Dan\AppData\Roaming\hinsp.dll
2012-06-10 02:49 - 2012-06-10 02:49 - 00062976 ___AH (ESET) C:\Windows\System32\calcperf64.dll
2012-06-10 02:48 - 2012-06-10 06:52 - 00000000 ____D C:\Users\All Users\B7E858860000239D0001205DB4EB2367

============ 3 Months Modified Files ========================

2012-07-08 13:58 - 2012-06-13 04:50 - 00002856 ____A C:\Windows\setupact.log
2012-07-08 13:58 - 2011-08-18 09:50 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
2012-07-08 13:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-06 11:20 - 2011-05-27 04:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-06 11:16 - 2011-05-27 04:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-06 11:12 - 2012-07-06 11:12 - 00262144 ____A C:\Windows\Minidump\070612-20904-01.dmp
2012-07-06 11:11 - 2012-07-06 06:37 - 422173733 ____A C:\Windows\MEMORY.DMP
2012-07-06 11:04 - 2009-07-13 21:13 - 00738798 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-06 10:03 - 2012-07-06 10:02 - 00607260 ____R (Swearware) C:\Users\Dan\Desktop\dds.com
2012-07-06 09:54 - 2012-07-06 09:54 - 00001640 ____A C:\Users\Dan\Desktop\aswmbr0.txt
2012-07-06 08:03 - 2012-07-06 08:03 - 00001640 ____A C:\Users\Dan\Desktop\aswMBR2.txt
2012-07-06 07:55 - 2012-07-06 07:55 - 00001640 ____A C:\Users\Dan\Desktop\awsmbr2.txt
2012-07-06 07:48 - 2012-07-06 07:48 - 00001640 ____A C:\Users\Dan\Desktop\aswMBR1.txt
2012-07-06 06:54 - 2012-07-06 06:54 - 00262144 ____A C:\Windows\Minidump\070612-17862-01.dmp
2012-07-06 06:49 - 2012-07-06 06:49 - 00001694 ____A C:\Users\Dan\Desktop\aswMBR.txt
2012-07-06 06:37 - 2012-07-06 06:37 - 00262144 ____A C:\Windows\Minidump\070612-20716-01.dmp
2012-07-06 06:27 - 2012-07-06 06:27 - 04731392 ____A (AVAST Software) C:\Users\Dan\Desktop\aswMBR.exe
2012-07-06 06:25 - 2012-07-06 06:25 - 00000000 ____A C:\Users\Dan\Desktop\aswMBR.exe.wb21glj.partial
2012-07-06 06:16 - 2012-07-06 06:16 - 00066206 ____A C:\Users\Dan\Desktop\ktsdsd.txt
2012-07-06 06:10 - 2012-07-06 06:10 - 02116179 ____A C:\Users\Dan\Downloads\tdsskiller.zip
2012-07-06 05:56 - 2012-07-06 05:56 - 00137096 ____A (ESET) C:\Users\Dan\Desktop\ESETSirefefRemover.exe
2012-07-06 05:55 - 2011-09-02 14:50 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1478088397-1558616173-1976592655-1001UA.job
2012-07-05 05:08 - 2010-08-29 09:10 - 01519280 ____A C:\Windows\WindowsUpdate.log
2012-07-05 04:58 - 2012-07-05 04:58 - 00000036 ____A C:\Users\Dan\AppData\Local\housecall.guid.cache
2012-07-05 04:58 - 2012-07-05 04:57 - 02406064 ____A (Trend Micro Inc.) C:\Users\Dan\Desktop\HousecallLauncher64.exe
2012-07-05 04:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 04:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-13 04:50 - 2012-06-13 04:50 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 04:32 - 2012-06-13 04:32 - 00000082 ____A C:\Users\Dan\Desktop\cc_20120613_133231.reg
2012-06-13 04:21 - 2012-06-13 04:21 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-12 08:36 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-10 10:22 - 2010-12-25 03:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-10 10:21 - 2010-12-25 03:43 - 00735726 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-10 04:02 - 2012-06-10 04:02 - 00022660 ___RA C:\Users\Dan\Documents\Party Plan.docxENX
2012-06-10 04:00 - 2012-06-10 04:00 - 00002117 ____A C:\Users\Public\Desktop\PC Tools AntiVirus Free.lnk
2012-06-10 03:51 - 2012-06-10 03:51 - 04183000 ____A (PC Tools) C:\Users\Dan\Downloads\pctoolsspywaredoctor.exe
2012-06-10 02:50 - 2012-04-02 03:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-10 02:50 - 2011-06-13 08:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-10 02:49 - 2012-06-10 02:49 - 00345088 ____A (Andrea Electronics Corporation) C:\Users\Dan\AppData\Roaming\hinsp.dll
2012-06-10 02:49 - 2012-06-10 02:49 - 00062976 ___AH (ESET) C:\Windows\System32\calcperf64.dll
2012-06-09 14:55 - 2011-09-02 14:50 - 00000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1478088397-1558616173-1976592655-1001Core.job
2012-06-07 16:17 - 2012-06-07 16:17 - 00000120 ____A C:\Windows\wininit.ini
2012-06-07 16:16 - 2012-04-16 12:36 - 00001013 ____A C:\Users\Dan\Desktop\Dropbox.lnk
2012-05-31 11:05 - 2012-05-31 11:05 - 00002018 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-05-14 15:06 - 2012-05-14 15:06 - 00001462 ____A C:\Users\Dan\Desktop\Windows Live Mail.lnk
2012-05-11 08:20 - 2009-07-13 20:45 - 04863560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 07:54 - 2010-12-25 02:51 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 02:14 - 2012-06-10 04:00 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-05-11 02:14 - 2012-06-10 03:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-05-11 02:13 - 2012-06-10 04:00 - 00014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-05-11 02:09 - 2012-06-10 04:00 - 00145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-05-11 02:08 - 2012-06-10 04:00 - 00341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-05-08 13:24 - 2011-08-03 08:33 - 00001247 ____A C:\Users\Dan\Desktop\DVDVideoSoft Free Studio.lnk
2012-05-08 09:21 - 2012-06-10 03:16 - 02267064 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll0645.old
2012-05-08 09:21 - 2012-06-10 03:16 - 02267064 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-05-08 09:21 - 2012-06-10 03:16 - 01681336 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-05-08 09:21 - 2012-06-10 03:16 - 00767928 ____A C:\Windows\BDTSupport.dll0645.old
2012-05-08 09:21 - 2012-06-10 03:16 - 00767928 ____A C:\Windows\BDTSupport.dll
2012-05-08 09:21 - 2012-06-10 03:16 - 00149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll0645.old
2012-05-08 09:21 - 2012-06-10 03:16 - 00149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-05-08 09:21 - 2012-06-10 03:16 - 00085192 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-05-08 08:47 - 2012-06-10 03:16 - 00003488 ____A C:\Windows\UDB.zip
2012-05-08 08:47 - 2012-06-10 03:16 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-05-08 08:47 - 2012-06-10 03:16 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-05-08 08:47 - 2012-06-10 03:16 - 00000131 ____A C:\Windows\IDB.zip
2012-04-29 13:20 - 2012-04-29 13:20 - 00001374 ____A C:\Windows\SysWOW64\bash.exe.stackdump
2012-04-23 03:36 - 2012-06-10 03:54 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-04-18 04:49 - 2012-05-08 13:24 - 00405176 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll


ZeroAccess:
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\@
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\L
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\00000001.@
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\80000000.$
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\80000000.@
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\800000cb.@

ZeroAccess:
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\@
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\L
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3766.71 MB
Available physical RAM: 3057.84 MB
Total Pagefile: 3764.86 MB
Available Pagefile: 3049.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:323.04 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.46 GB) NTFS
5 Drive h: (DAN SIMOU) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 489 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 452 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 452 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H DAN SIMOU FAT Removable 488 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-12 18:33

======================= End Of Log ==========================

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 PM

Posted 09 July 2012 - 09:18 AM

ZeroAccess infection located.

We need to know if you have a good copy of the services.exe file.

Boot to System Recovery Options and run FRST again.

Type the following in the edit box after "Search:".
services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

Please do not install any programs before we clean this infection.

#12 dcs8

dcs8
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 09 July 2012 - 09:31 AM

Farbar Recovery Scan Tool Version: 08-07-2012
Ran by SYSTEM at 2012-07-09 15:26:03
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 PM

Posted 09 July 2012 - 10:14 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\@
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\L
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\00000001.@
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\80000000.$
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\80000000.@
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\800000cb.@
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\@
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\L
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 Or FRST.exe if 32 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please let me know what problem persists.

#14 dcs8

dcs8
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 09 July 2012 - 10:38 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-07-2012
Ran by SYSTEM at 2012-07-09 16:24:41 Run:1
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de} moved successfully.
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\@ not found.
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\L not found.
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U not found.
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\00000001.@ not found.
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\80000000.$ not found.
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\80000000.@ not found.
C:\Windows\Installer\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U\800000cb.@ not found.
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de} moved successfully.
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\@ not found.
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\L not found.
C:\Users\Dan\AppData\Local\{08a08fd3-50d2-9b4f-403f-603a6455c6de}\U not found.

==== End of Fixlog ====

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 PM

Posted 09 July 2012 - 01:25 PM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please let me know of the remaining issues with this computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users