Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winrscmde and other annoyances


  • This topic is locked This topic is locked
5 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 07 August 2012 - 11:41 PM

Wow, both pcs (home and work) affected in one day! This one is at home pc and is the annoying Microsoft Windows "winrscmde has stopped working" popup, that I believe is a result of some sort of malware.

There has been other trouble such as random pc reboots, and slowness.

Here is the DDS log and I've attached ark.txt and attach.txt.

Thanks for the help!

~art_vandelay

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lindholm at 17:36:41 on 2012-08-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.1659 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\vVX3000.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\sj666\hpupdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\X3watch\x3watch.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\PROGRA~2\THEWEA~2\THEWEA~1\TWCApp.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wermgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
mRun: [hpppta] "C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe" /ICON
mRun: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Lindholm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://71.227.145.16/UltraMJCamX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.silvermt.com/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.avataritag.com/app/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EFA115CF-8A60-44F7-92CD-B3CF9D03067B} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
mRun-x64: [hpppta] "C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe" /ICON
mRun-x64: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-5-22 88576]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2011-6-10 2044688]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9fea6c2fe4600;Google Update Service (gupdate1c9fea6c2fe4600);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-6 133104]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-6 133104]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-07 21:49:44 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88447881-631A-4EE4-AC50-263F3561B9E9}\mpengine.dll
2012-08-07 03:15:12 -------- d-----w- C:\Backups
2012-08-06 21:48:04 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-04 19:05:16 20480 ----a-w- C:\Windows\svchost.exe
2012-07-22 02:03:37 -------- d-s---w- C:\ComboFix
2012-07-21 20:19:37 -------- d-----w- C:\$RECYCLE.BIN
2012-07-21 20:03:03 98816 ----a-w- C:\Windows\sed.exe
2012-07-21 20:03:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-21 20:03:03 256000 ----a-w- C:\Windows\PEV.exe
2012-07-21 20:03:03 208896 ----a-w- C:\Windows\MBR.exe
2012-07-21 11:22:09 -------- d-----w- C:\Users\Lindholm\DoctorWeb
2012-07-21 11:12:01 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-07-21 10:38:26 -------- d-----w- C:\Autoruns
2012-07-21 06:01:43 -------- d-----w- C:\Users\Lindholm\AppData\Roaming\SUPERAntiSpyware.com
2012-07-21 06:00:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-21 06:00:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-19 07:39:15 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A83EB3F-9208-4546-8F16-E8B6C88BF7D1}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-21 05:43:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 05:43:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 17:37:54.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 12 August 2012 - 11:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464340 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:54 PM

Posted 13 August 2012 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.
Please let me know of the issues with this computer.

#4 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 13 August 2012 - 05:05 PM

14:47:18.0535 8912 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:47:19.0001 8912 ============================================================
14:47:19.0001 8912 Current date / time: 2012/08/13 14:47:19.0001
14:47:19.0001 8912 SystemInfo:
14:47:19.0001 8912
14:47:19.0001 8912 OS Version: 6.0.6002 ServicePack: 2.0
14:47:19.0001 8912 Product type: Workstation
14:47:19.0001 8912 ComputerName: MARINERS
14:47:19.0001 8912 UserName: Lindholm
14:47:19.0001 8912 Windows directory: C:\Windows
14:47:19.0001 8912 System windows directory: C:\Windows
14:47:19.0001 8912 Running under WOW64
14:47:19.0001 8912 Processor architecture: Intel x64
14:47:19.0001 8912 Number of processors: 2
14:47:19.0001 8912 Page size: 0x1000
14:47:19.0001 8912 Boot type: Normal boot
14:47:19.0001 8912 ============================================================
14:47:20.0399 8912 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:47:20.0409 8912 Drive \Device\Harddisk1\DR3 - Size: 0xE7FC1000 (3.62 Gb), SectorSize: 0x1000, Cylinders: 0x3B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:47:20.0411 8912 ============================================================
14:47:20.0411 8912 \Device\Harddisk0\DR0:
14:47:20.0411 8912 MBR partitions:
14:47:20.0411 8912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
14:47:20.0411 8912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x3856A000
14:47:20.0411 8912 \Device\Harddisk1\DR3:
14:47:20.0412 8912 MBR partitions:
14:47:20.0412 8912 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xE7F81
14:47:20.0412 8912 ============================================================
14:47:20.0435 8912 C: <-> \Device\Harddisk0\DR0\Partition1
14:47:20.0515 8912 D: <-> \Device\Harddisk0\DR0\Partition0
14:47:20.0515 8912 ============================================================
14:47:20.0515 8912 Initialize success
14:47:20.0515 8912 ============================================================
14:47:25.0707 7276 ============================================================
14:47:25.0707 7276 Scan started
14:47:25.0707 7276 Mode: Manual;
14:47:25.0707 7276 ============================================================
14:47:26.0490 7276 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:47:26.0492 7276 !SASCORE - ok
14:47:26.0625 7276 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:47:26.0631 7276 ACPI - ok
14:47:26.0718 7276 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:47:26.0719 7276 AdobeARMservice - ok
14:47:26.0773 7276 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:47:26.0783 7276 adp94xx - ok
14:47:26.0826 7276 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:47:26.0839 7276 adpahci - ok
14:47:26.0885 7276 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:47:26.0889 7276 adpu160m - ok
14:47:26.0931 7276 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:47:26.0941 7276 adpu320 - ok
14:47:26.0977 7276 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
14:47:26.0979 7276 AeLookupSvc - ok
14:47:27.0037 7276 AERTFilters (7394641611ef3ab2d041f104f1e8c1b9) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:47:27.0039 7276 AERTFilters - ok
14:47:27.0101 7276 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
14:47:27.0122 7276 AFD - ok
14:47:27.0150 7276 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:47:27.0152 7276 agp440 - ok
14:47:27.0177 7276 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:47:27.0179 7276 aic78xx - ok
14:47:27.0196 7276 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
14:47:27.0198 7276 ALG - ok
14:47:27.0212 7276 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
14:47:27.0214 7276 aliide - ok
14:47:27.0224 7276 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:47:27.0225 7276 amdide - ok
14:47:27.0269 7276 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:47:27.0270 7276 AmdK8 - ok
14:47:27.0320 7276 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
14:47:27.0321 7276 Andbus - ok
14:47:27.0355 7276 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
14:47:27.0356 7276 AndDiag - ok
14:47:27.0381 7276 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
14:47:27.0382 7276 AndGps - ok
14:47:27.0416 7276 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
14:47:27.0417 7276 ANDModem - ok
14:47:27.0447 7276 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
14:47:27.0448 7276 Appinfo - ok
14:47:27.0587 7276 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:47:27.0589 7276 Apple Mobile Device - ok
14:47:27.0632 7276 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:47:27.0634 7276 arc - ok
14:47:27.0660 7276 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:47:27.0663 7276 arcsas - ok
14:47:27.0765 7276 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:47:27.0766 7276 aspnet_state - ok
14:47:27.0802 7276 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:47:27.0803 7276 AsyncMac - ok
14:47:27.0824 7276 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:47:27.0824 7276 atapi - ok
14:47:27.0890 7276 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:47:27.0944 7276 AudioEndpointBuilder - ok
14:47:27.0949 7276 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:47:27.0952 7276 AudioSrv - ok
14:47:27.0988 7276 bckd (795447bc205e6417fc516f2e39e5e9ab) C:\Windows\system32\drivers\bckd.sys
14:47:28.0007 7276 bckd - ok
14:47:28.0165 7276 bckwfs (8eaedc04e03db8d1265a29fa8d7d9872) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
14:47:28.0580 7276 bckwfs - ok
14:47:28.0709 7276 Beep - ok
14:47:28.0829 7276 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
14:47:28.0871 7276 BFE - ok
14:47:28.0975 7276 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
14:47:29.0009 7276 BITS - ok
14:47:29.0049 7276 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:47:29.0050 7276 blbdrive - ok
14:47:29.0149 7276 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:47:29.0161 7276 Bonjour Service - ok
14:47:29.0193 7276 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:47:29.0196 7276 bowser - ok
14:47:29.0212 7276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:47:29.0213 7276 BrFiltLo - ok
14:47:29.0221 7276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:47:29.0237 7276 BrFiltUp - ok
14:47:29.0283 7276 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
14:47:29.0287 7276 Browser - ok
14:47:29.0336 7276 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:47:29.0350 7276 Brserid - ok
14:47:29.0385 7276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:47:29.0387 7276 BrSerWdm - ok
14:47:29.0420 7276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:47:29.0421 7276 BrUsbMdm - ok
14:47:29.0453 7276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:47:29.0454 7276 BrUsbSer - ok
14:47:29.0485 7276 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:47:29.0487 7276 BTHMODEM - ok
14:47:29.0565 7276 catchme - ok
14:47:29.0573 7276 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:47:29.0575 7276 cdfs - ok
14:47:29.0624 7276 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:47:29.0641 7276 cdrom - ok
14:47:29.0682 7276 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:47:29.0684 7276 CertPropSvc - ok
14:47:29.0703 7276 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:47:29.0704 7276 circlass - ok
14:47:29.0744 7276 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:47:29.0759 7276 CLFS - ok
14:47:29.0853 7276 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:47:29.0855 7276 clr_optimization_v2.0.50727_32 - ok
14:47:29.0915 7276 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:47:29.0917 7276 clr_optimization_v2.0.50727_64 - ok
14:47:30.0015 7276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:47:30.0018 7276 clr_optimization_v4.0.30319_32 - ok
14:47:30.0086 7276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:47:30.0090 7276 clr_optimization_v4.0.30319_64 - ok
14:47:30.0117 7276 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:47:30.0118 7276 cmdide - ok
14:47:30.0130 7276 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
14:47:30.0131 7276 Compbatt - ok
14:47:30.0135 7276 COMSysApp - ok
14:47:30.0140 7276 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:47:30.0145 7276 crcdisk - ok
14:47:30.0210 7276 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
14:47:30.0213 7276 CryptSvc - ok
14:47:30.0364 7276 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:47:30.0377 7276 DcomLaunch - ok
14:47:30.0414 7276 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:47:30.0415 7276 DfsC - ok
14:47:30.0614 7276 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
14:47:30.0718 7276 DFSR - ok
14:47:30.0846 7276 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
14:47:30.0849 7276 Dhcp - ok
14:47:30.0889 7276 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:47:30.0890 7276 disk - ok
14:47:30.0946 7276 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
14:47:30.0957 7276 Dnscache - ok
14:47:31.0044 7276 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:47:31.0056 7276 DockLoginService - ok
14:47:31.0090 7276 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
14:47:31.0100 7276 dot3svc - ok
14:47:31.0169 7276 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
14:47:31.0173 7276 DPS - ok
14:47:31.0203 7276 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:47:31.0204 7276 drmkaud - ok
14:47:31.0276 7276 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:47:31.0289 7276 DXGKrnl - ok
14:47:31.0351 7276 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
14:47:31.0357 7276 e1express - ok
14:47:31.0393 7276 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:47:31.0396 7276 E1G60 - ok
14:47:31.0417 7276 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
14:47:31.0418 7276 EapHost - ok
14:47:31.0452 7276 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:47:31.0464 7276 Ecache - ok
14:47:31.0533 7276 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
14:47:31.0545 7276 ehRecvr - ok
14:47:31.0566 7276 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
14:47:31.0568 7276 ehSched - ok
14:47:31.0594 7276 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
14:47:31.0595 7276 ehstart - ok
14:47:31.0622 7276 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:47:31.0636 7276 elxstor - ok
14:47:31.0674 7276 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
14:47:31.0680 7276 EMDMgmt - ok
14:47:31.0764 7276 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
14:47:31.0831 7276 EPSON_PM_RPCV4_01 - ok
14:47:31.0859 7276 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
14:47:31.0860 7276 ErrDev - ok
14:47:31.0906 7276 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
14:47:31.0927 7276 EventSystem - ok
14:47:31.0976 7276 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:47:31.0986 7276 exfat - ok
14:47:32.0150 7276 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:47:32.0153 7276 fastfat - ok
14:47:32.0173 7276 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:47:32.0177 7276 fdc - ok
14:47:32.0203 7276 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
14:47:32.0204 7276 fdPHost - ok
14:47:32.0219 7276 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
14:47:32.0221 7276 FDResPub - ok
14:47:32.0238 7276 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:47:32.0240 7276 FileInfo - ok
14:47:32.0284 7276 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:47:32.0299 7276 Filetrace - ok
14:47:32.0313 7276 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:32.0314 7276 flpydisk - ok
14:47:32.0355 7276 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:47:32.0368 7276 FltMgr - ok
14:47:32.0479 7276 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
14:47:32.0502 7276 FontCache - ok
14:47:32.0566 7276 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:47:32.0567 7276 FontCache3.0.0.0 - ok
14:47:32.0614 7276 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
14:47:32.0617 7276 Fs_Rec - ok
14:47:32.0649 7276 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:47:32.0651 7276 gagp30kx - ok
14:47:32.0709 7276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:32.0710 7276 GEARAspiWDM - ok
14:47:32.0775 7276 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
14:47:32.0788 7276 gpsvc - ok
14:47:32.0901 7276 gupdate1c9fea6c2fe4600 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:32.0903 7276 gupdate1c9fea6c2fe4600 - ok
14:47:32.0910 7276 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:32.0911 7276 gupdatem - ok
14:47:32.0965 7276 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:47:32.0974 7276 gusvc - ok
14:47:33.0088 7276 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:47:33.0103 7276 HDAudBus - ok
14:47:33.0166 7276 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:47:33.0167 7276 HidBth - ok
14:47:33.0184 7276 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:47:33.0185 7276 HidIr - ok
14:47:33.0210 7276 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
14:47:33.0211 7276 hidserv - ok
14:47:33.0233 7276 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:47:33.0235 7276 HidUsb - ok
14:47:33.0267 7276 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
14:47:33.0269 7276 hkmsvc - ok
14:47:33.0376 7276 hnmsvc (26018afa49f03032ccd3c26eaa384a4c) c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
14:47:33.0393 7276 hnmsvc - ok
14:47:33.0505 7276 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:47:33.0506 7276 HpCISSs - ok
14:47:33.0576 7276 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:47:33.0590 7276 HTTP - ok
14:47:33.0611 7276 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:47:33.0612 7276 i2omp - ok
14:47:33.0646 7276 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:47:33.0648 7276 i8042prt - ok
14:47:33.0690 7276 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:47:33.0697 7276 iaStorV - ok
14:47:33.0809 7276 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:47:33.0827 7276 idsvc - ok
14:47:34.0579 7276 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:47:34.0746 7276 igfx - ok
14:47:34.0854 7276 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:47:34.0855 7276 iirsp - ok
14:47:34.0959 7276 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
14:47:34.0977 7276 IJPLMSVC - ok
14:47:35.0027 7276 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
14:47:35.0043 7276 IKEEXT - ok
14:47:35.0159 7276 IntcAzAudAddService (4b071aebbc13d60430ee0371b262f681) C:\Windows\system32\drivers\RTKVHD64.sys
14:47:35.0187 7276 IntcAzAudAddService - ok
14:47:35.0227 7276 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
14:47:35.0228 7276 intelide - ok
14:47:35.0247 7276 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:47:35.0248 7276 intelppm - ok
14:47:35.0279 7276 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
14:47:35.0282 7276 IPBusEnum - ok
14:47:35.0337 7276 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:47:35.0339 7276 IpFilterDriver - ok
14:47:35.0397 7276 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
14:47:35.0406 7276 iphlpsvc - ok
14:47:35.0409 7276 IpInIp - ok
14:47:35.0432 7276 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:47:35.0434 7276 IPMIDRV - ok
14:47:35.0472 7276 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:47:35.0474 7276 IPNAT - ok
14:47:35.0583 7276 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
14:47:35.0607 7276 iPod Service - ok
14:47:35.0620 7276 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:47:35.0621 7276 IRENUM - ok
14:47:35.0656 7276 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:47:35.0658 7276 isapnp - ok
14:47:35.0707 7276 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:47:35.0717 7276 iScsiPrt - ok
14:47:35.0734 7276 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:47:35.0735 7276 iteatapi - ok
14:47:35.0762 7276 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:47:35.0763 7276 iteraid - ok
14:47:35.0779 7276 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:47:35.0803 7276 kbdclass - ok
14:47:35.0847 7276 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:47:35.0848 7276 kbdhid - ok
14:47:35.0880 7276 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:47:35.0954 7276 KeyIso - ok
14:47:36.0031 7276 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
14:47:36.0042 7276 KSecDD - ok
14:47:36.0051 7276 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:47:36.0054 7276 ksthunk - ok
14:47:36.0094 7276 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
14:47:36.0117 7276 KtmRm - ok
14:47:36.0156 7276 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
14:47:36.0167 7276 LanmanServer - ok
14:47:36.0205 7276 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
14:47:36.0216 7276 LanmanWorkstation - ok
14:47:36.0592 7276 LeapFrog Connect Device Service (3daeb081420a871224fb6573ac5707f5) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
14:47:36.0774 7276 LeapFrog Connect Device Service - ok
14:47:36.0867 7276 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:47:36.0869 7276 lltdio - ok
14:47:36.0905 7276 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
14:47:36.0912 7276 lltdsvc - ok
14:47:36.0954 7276 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
14:47:36.0955 7276 lmhosts - ok
14:47:36.0978 7276 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:47:36.0988 7276 LSI_FC - ok
14:47:37.0068 7276 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:47:37.0070 7276 LSI_SAS - ok
14:47:37.0108 7276 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:47:37.0110 7276 LSI_SCSI - ok
14:47:37.0129 7276 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:47:37.0131 7276 luafv - ok
14:47:37.0193 7276 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
14:47:37.0240 7276 LVRS64 - ok
14:47:37.0500 7276 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
14:47:37.0567 7276 LVUVC64 - ok
14:47:37.0677 7276 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
14:47:37.0679 7276 Mcx2Svc - ok
14:47:37.0722 7276 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:47:37.0724 7276 megasas - ok
14:47:37.0760 7276 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:47:37.0772 7276 MegaSR - ok
14:47:37.0789 7276 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:47:37.0791 7276 MMCSS - ok
14:47:37.0809 7276 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:47:37.0811 7276 Modem - ok
14:47:37.0823 7276 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:47:37.0825 7276 monitor - ok
14:47:37.0837 7276 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:47:37.0839 7276 mouclass - ok
14:47:37.0865 7276 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:47:37.0866 7276 mouhid - ok
14:47:37.0876 7276 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:47:37.0878 7276 MountMgr - ok
14:47:37.0928 7276 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:47:37.0938 7276 MpFilter - ok
14:47:37.0997 7276 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:47:38.0002 7276 mpio - ok
14:47:38.0018 7276 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:47:38.0020 7276 mpsdrv - ok
14:47:38.0078 7276 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
14:47:38.0094 7276 MpsSvc - ok
14:47:38.0149 7276 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:47:38.0151 7276 Mraid35x - ok
14:47:38.0184 7276 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:47:38.0187 7276 MRxDAV - ok
14:47:38.0211 7276 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:47:38.0214 7276 mrxsmb - ok
14:47:38.0282 7276 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:47:38.0332 7276 mrxsmb10 - ok
14:47:38.0395 7276 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:47:38.0397 7276 mrxsmb20 - ok
14:47:38.0418 7276 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
14:47:38.0419 7276 msahci - ok
14:47:38.0523 7276 MSCamSvc (8bd300cbf6e8ec62f77387678fc171ae) C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe
14:47:38.0533 7276 MSCamSvc - ok
14:47:38.0553 7276 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:47:38.0562 7276 msdsm - ok
14:47:38.0611 7276 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
14:47:38.0633 7276 MSDTC - ok
14:47:38.0672 7276 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:47:38.0674 7276 Msfs - ok
14:47:38.0694 7276 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:47:38.0701 7276 msisadrv - ok
14:47:38.0748 7276 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
14:47:38.0760 7276 MSiSCSI - ok
14:47:38.0765 7276 msiserver - ok
14:47:38.0782 7276 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:47:38.0783 7276 MSKSSRV - ok
14:47:38.0854 7276 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:47:38.0859 7276 MsMpSvc - ok
14:47:38.0868 7276 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:47:38.0869 7276 MSPCLOCK - ok
14:47:38.0886 7276 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:47:38.0887 7276 MSPQM - ok
14:47:38.0924 7276 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:47:38.0931 7276 MsRPC - ok
14:47:38.0952 7276 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:47:38.0961 7276 mssmbios - ok
14:47:38.0990 7276 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:47:38.0991 7276 MSTEE - ok
14:47:38.0996 7276 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:47:38.0998 7276 Mup - ok
14:47:39.0040 7276 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
14:47:39.0063 7276 napagent - ok
14:47:39.0238 7276 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:47:39.0241 7276 NativeWifiP - ok
14:47:39.0667 7276 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:47:39.0679 7276 NDIS - ok
14:47:39.0698 7276 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:47:39.0699 7276 NdisTapi - ok
14:47:39.0727 7276 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:47:39.0728 7276 Ndisuio - ok
14:47:39.0759 7276 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:47:39.0770 7276 NdisWan - ok
14:47:39.0777 7276 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:47:39.0779 7276 NDProxy - ok
14:47:39.0793 7276 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:47:39.0795 7276 NetBIOS - ok
14:47:39.0832 7276 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:47:39.0841 7276 netbt - ok
14:47:39.0872 7276 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:47:39.0873 7276 Netlogon - ok
14:47:39.0918 7276 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
14:47:39.0964 7276 Netman - ok
14:47:40.0098 7276 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:40.0101 7276 NetMsmqActivator - ok
14:47:40.0106 7276 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:40.0108 7276 NetPipeActivator - ok
14:47:40.0140 7276 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
14:47:40.0147 7276 netprofm - ok
14:47:40.0150 7276 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:40.0152 7276 NetTcpActivator - ok
14:47:40.0157 7276 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:40.0158 7276 NetTcpPortSharing - ok
14:47:40.0177 7276 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:47:40.0179 7276 nfrd960 - ok
14:47:40.0208 7276 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:47:40.0210 7276 NisDrv - ok
14:47:40.0279 7276 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:47:40.0287 7276 NisSrv - ok
14:47:40.0312 7276 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
14:47:40.0323 7276 NlaSvc - ok
14:47:40.0344 7276 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:47:40.0345 7276 Npfs - ok
14:47:40.0363 7276 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
14:47:40.0365 7276 nsi - ok
14:47:40.0377 7276 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:47:40.0379 7276 nsiproxy - ok
14:47:40.0476 7276 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:47:40.0506 7276 Ntfs - ok
14:47:40.0578 7276 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:47:40.0583 7276 Null - ok
14:47:40.0625 7276 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:47:40.0627 7276 nvraid - ok
14:47:40.0663 7276 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:47:40.0664 7276 nvstor - ok
14:47:40.0701 7276 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:47:40.0704 7276 nv_agp - ok
14:47:40.0707 7276 NwlnkFlt - ok
14:47:40.0713 7276 NwlnkFwd - ok
14:47:40.0757 7276 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
14:47:40.0759 7276 ohci1394 - ok
14:47:40.0831 7276 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:47:40.0847 7276 p2pimsvc - ok
14:47:40.0858 7276 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:47:40.0866 7276 p2psvc - ok
14:47:40.0917 7276 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
14:47:40.0918 7276 Packet - ok
14:47:40.0940 7276 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:47:40.0942 7276 Parport - ok
14:47:40.0969 7276 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
14:47:40.0971 7276 partmgr - ok
14:47:41.0008 7276 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
14:47:41.0029 7276 PcaSvc - ok
14:47:41.0067 7276 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:47:41.0071 7276 pci - ok
14:47:41.0108 7276 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
14:47:41.0109 7276 pciide - ok
14:47:41.0131 7276 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:47:41.0134 7276 pcmcia - ok
14:47:41.0184 7276 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:47:41.0197 7276 PEAUTH - ok
14:47:41.0262 7276 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
14:47:41.0264 7276 PerfHost - ok
14:47:41.0359 7276 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
14:47:41.0385 7276 pla - ok
14:47:41.0425 7276 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
14:47:41.0433 7276 PlugPlay - ok
14:47:41.0504 7276 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:47:41.0510 7276 PNRPAutoReg - ok
14:47:41.0519 7276 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:47:41.0525 7276 PNRPsvc - ok
14:47:41.0576 7276 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
14:47:41.0592 7276 PolicyAgent - ok
14:47:41.0649 7276 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:47:41.0651 7276 PptpMiniport - ok
14:47:41.0688 7276 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:47:41.0690 7276 Processor - ok
14:47:41.0726 7276 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
14:47:41.0736 7276 ProfSvc - ok
14:47:41.0763 7276 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:47:41.0764 7276 ProtectedStorage - ok
14:47:41.0793 7276 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:47:41.0796 7276 PSched - ok
14:47:41.0833 7276 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
14:47:41.0834 7276 PxHlpa64 - ok
14:47:41.0930 7276 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:47:41.0952 7276 ql2300 - ok
14:47:42.0012 7276 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:47:42.0015 7276 ql40xx - ok
14:47:42.0144 7276 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
14:47:42.0151 7276 QWAVE - ok
14:47:42.0179 7276 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:47:42.0181 7276 QWAVEdrv - ok
14:47:42.0327 7276 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
14:47:42.0395 7276 R300 - ok
14:47:42.0489 7276 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:47:42.0490 7276 RasAcd - ok
14:47:42.0507 7276 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
14:47:42.0510 7276 RasAuto - ok
14:47:42.0554 7276 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:47:42.0556 7276 Rasl2tp - ok
14:47:42.0577 7276 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
14:47:42.0591 7276 RasMan - ok
14:47:42.0628 7276 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:47:42.0629 7276 RasPppoe - ok
14:47:42.0662 7276 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:47:42.0664 7276 RasSstp - ok
14:47:42.0701 7276 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:47:42.0710 7276 rdbss - ok
14:47:42.0720 7276 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:47:42.0721 7276 RDPCDD - ok
14:47:42.0751 7276 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:47:42.0759 7276 rdpdr - ok
14:47:42.0768 7276 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:47:42.0769 7276 RDPENCDD - ok
14:47:42.0820 7276 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
14:47:42.0830 7276 RDPWD - ok
14:47:42.0846 7276 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
14:47:42.0849 7276 RemoteAccess - ok
14:47:42.0910 7276 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
14:47:42.0916 7276 RemoteRegistry - ok
14:47:42.0940 7276 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
14:47:42.0941 7276 RpcLocator - ok
14:47:43.0014 7276 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:47:43.0018 7276 RpcSs - ok
14:47:43.0031 7276 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:47:43.0033 7276 rspndr - ok
14:47:43.0088 7276 RTL8169 (335352091acc9884b9c527edcdd643bb) C:\Windows\system32\DRIVERS\Rtlh64.sys
14:47:43.0091 7276 RTL8169 - ok
14:47:43.0134 7276 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:47:43.0135 7276 SamSs - ok
14:47:43.0217 7276 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:47:43.0218 7276 SASDIFSV - ok
14:47:43.0230 7276 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:47:43.0230 7276 SASKUTIL - ok
14:47:43.0251 7276 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:47:43.0253 7276 sbp2port - ok
14:47:43.0285 7276 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
14:47:43.0296 7276 SCardSvr - ok
14:47:43.0366 7276 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
14:47:43.0381 7276 Schedule - ok
14:47:43.0424 7276 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:47:43.0424 7276 SCPolicySvc - ok
14:47:43.0462 7276 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
14:47:43.0466 7276 SDRSVC - ok
14:47:43.0476 7276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:47:43.0478 7276 secdrv - ok
14:47:43.0483 7276 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
14:47:43.0485 7276 seclogon - ok
14:47:43.0496 7276 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
14:47:43.0498 7276 SENS - ok
14:47:43.0514 7276 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:47:43.0515 7276 Serenum - ok
14:47:43.0547 7276 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:47:43.0549 7276 Serial - ok
14:47:43.0581 7276 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:47:43.0582 7276 sermouse - ok
14:47:43.0613 7276 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
14:47:43.0615 7276 SessionEnv - ok
14:47:43.0629 7276 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:47:43.0630 7276 sffdisk - ok
14:47:43.0682 7276 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:47:43.0683 7276 sffp_mmc - ok
14:47:43.0691 7276 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:47:43.0692 7276 sffp_sd - ok
14:47:43.0708 7276 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:47:43.0710 7276 sfloppy - ok
14:47:43.0748 7276 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
14:47:43.0800 7276 SharedAccess - ok
14:47:43.0840 7276 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
14:47:43.0849 7276 ShellHWDetection - ok
14:47:43.0916 7276 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:47:43.0917 7276 SiSRaid2 - ok
14:47:43.0934 7276 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:47:43.0935 7276 SiSRaid4 - ok
14:47:44.0086 7276 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
14:47:44.0187 7276 slsvc - ok
14:47:44.0275 7276 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
14:47:44.0277 7276 SLUINotify - ok
14:47:44.0322 7276 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:47:44.0332 7276 Smb - ok
14:47:44.0363 7276 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
14:47:44.0365 7276 SNMPTRAP - ok
14:47:44.0394 7276 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:47:44.0395 7276 spldr - ok
14:47:44.0433 7276 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
14:47:44.0441 7276 Spooler - ok
14:47:44.0487 7276 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:47:44.0499 7276 srv - ok
14:47:44.0523 7276 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:47:44.0526 7276 srv2 - ok
14:47:44.0560 7276 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:47:44.0563 7276 srvnet - ok
14:47:44.0582 7276 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
14:47:44.0593 7276 SSDPSRV - ok
14:47:44.0799 7276 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
14:47:44.0802 7276 SstpSvc - ok
14:47:44.0851 7276 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
14:47:44.0903 7276 stisvc - ok
14:47:44.0964 7276 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:47:44.0987 7276 stllssvr - ok
14:47:45.0006 7276 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:47:45.0007 7276 swenum - ok
14:47:45.0056 7276 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
14:47:45.0068 7276 swprv - ok
14:47:45.0084 7276 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:47:45.0088 7276 Symc8xx - ok
14:47:45.0098 7276 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:47:45.0100 7276 Sym_hi - ok
14:47:45.0117 7276 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:47:45.0118 7276 Sym_u3 - ok
14:47:45.0216 7276 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
14:47:45.0233 7276 SysMain - ok
14:47:45.0272 7276 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
14:47:45.0274 7276 TabletInputService - ok
14:47:45.0323 7276 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
14:47:45.0337 7276 TapiSrv - ok
14:47:45.0519 7276 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
14:47:45.0522 7276 TBS - ok
14:47:45.0610 7276 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
14:47:45.0634 7276 Tcpip - ok
14:47:45.0649 7276 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
14:47:45.0657 7276 Tcpip6 - ok
14:47:45.0669 7276 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
14:47:45.0673 7276 tcpipreg - ok
14:47:45.0684 7276 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:47:45.0686 7276 TDPIPE - ok
14:47:45.0706 7276 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:47:45.0708 7276 TDTCP - ok
14:47:45.0734 7276 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:47:45.0736 7276 tdx - ok
14:47:45.0769 7276 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:47:45.0771 7276 TermDD - ok
14:47:45.0817 7276 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
14:47:45.0834 7276 TermService - ok
14:47:45.0879 7276 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
14:47:45.0881 7276 Themes - ok
14:47:45.0925 7276 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:47:45.0926 7276 THREADORDER - ok
14:47:45.0957 7276 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
14:47:45.0970 7276 TrkWks - ok
14:47:46.0011 7276 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
14:47:46.0012 7276 TrustedInstaller - ok
14:47:46.0034 7276 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:47:46.0041 7276 tssecsrv - ok
14:47:46.0091 7276 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:47:46.0092 7276 tunmp - ok
14:47:46.0120 7276 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:47:46.0122 7276 tunnel - ok
14:47:46.0157 7276 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:47:46.0159 7276 uagp35 - ok
14:47:46.0231 7276 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:47:46.0238 7276 udfs - ok
14:47:46.0281 7276 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
14:47:46.0284 7276 UI0Detect - ok
14:47:46.0299 7276 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:47:46.0302 7276 uliagpkx - ok
14:47:46.0353 7276 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:47:46.0360 7276 uliahci - ok
14:47:46.0398 7276 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:47:46.0410 7276 UlSata - ok
14:47:46.0441 7276 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:47:46.0451 7276 ulsata2 - ok
14:47:46.0473 7276 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:47:46.0474 7276 umbus - ok
14:47:46.0560 7276 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:47:46.0573 7276 UMVPFSrv - ok
14:47:46.0615 7276 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
14:47:46.0629 7276 upnphost - ok
14:47:46.0676 7276 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:47:46.0677 7276 USBAAPL64 - ok
14:47:46.0709 7276 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
14:47:46.0712 7276 usbaudio - ok
14:47:46.0746 7276 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:47:46.0748 7276 usbccgp - ok
14:47:46.0786 7276 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:47:46.0788 7276 usbcir - ok
14:47:46.0835 7276 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:47:46.0838 7276 usbehci - ok
14:47:46.0866 7276 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:47:46.0880 7276 usbhub - ok
14:47:46.0935 7276 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:47:46.0937 7276 usbohci - ok
14:47:46.0962 7276 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:47:46.0963 7276 usbprint - ok
14:47:46.0994 7276 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:47:46.0996 7276 usbscan - ok
14:47:47.0032 7276 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:47:47.0054 7276 USBSTOR - ok
14:47:47.0082 7276 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:47:47.0084 7276 usbuhci - ok
14:47:47.0124 7276 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:47:47.0146 7276 usbvideo - ok
14:47:47.0178 7276 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
14:47:47.0181 7276 UxSms - ok
14:47:47.0243 7276 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
14:47:47.0256 7276 vds - ok
14:47:47.0276 7276 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:47:47.0277 7276 vga - ok
14:47:47.0291 7276 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:47:47.0293 7276 VgaSave - ok
14:47:47.0304 7276 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:47:47.0305 7276 viaide - ok
14:47:47.0318 7276 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:47:47.0320 7276 volmgr - ok
14:47:47.0361 7276 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:47:47.0372 7276 volmgrx - ok
14:47:47.0409 7276 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:47:47.0413 7276 volsnap - ok
14:47:47.0436 7276 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:47:47.0447 7276 vsmraid - ok
14:47:47.0542 7276 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
14:47:47.0569 7276 VSS - ok
14:47:47.0733 7276 VX3000 (b19333c00b64edc5a53bd4a38f55fe95) C:\Windows\system32\DRIVERS\VX3000.sys
14:47:47.0761 7276 VX3000 - ok
14:47:47.0847 7276 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
14:47:47.0862 7276 W32Time - ok
14:47:47.0884 7276 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:47:47.0886 7276 WacomPen - ok
14:47:47.0925 7276 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:47:47.0927 7276 Wanarp - ok
14:47:47.0931 7276 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:47:47.0932 7276 Wanarpv6 - ok
14:47:47.0966 7276 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
14:47:47.0981 7276 wcncsvc - ok
14:47:48.0009 7276 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
14:47:48.0012 7276 WcsPlugInService - ok
14:47:48.0025 7276 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:47:48.0026 7276 Wd - ok
14:47:48.0087 7276 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:47:48.0104 7276 Wdf01000 - ok
14:47:48.0116 7276 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:47:48.0120 7276 WdiServiceHost - ok
14:47:48.0127 7276 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:47:48.0129 7276 WdiSystemHost - ok
14:47:48.0146 7276 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
14:47:48.0151 7276 WebClient - ok
14:47:48.0188 7276 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
14:47:48.0197 7276 Wecsvc - ok
14:47:48.0207 7276 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
14:47:48.0210 7276 wercplsupport - ok
14:47:48.0251 7276 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
14:47:48.0255 7276 WerSvc - ok
14:47:48.0279 7276 WinDefend - ok
14:47:48.0289 7276 WinHttpAutoProxySvc - ok
14:47:48.0338 7276 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
14:47:48.0345 7276 Winmgmt - ok
14:47:48.0463 7276 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
14:47:48.0497 7276 WinRM - ok
14:47:48.0608 7276 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
14:47:48.0624 7276 Wlansvc - ok
14:47:48.0656 7276 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
14:47:48.0658 7276 WmiAcpi - ok
14:47:48.0709 7276 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
14:47:48.0718 7276 wmiApSrv - ok
14:47:48.0737 7276 WMPNetworkSvc - ok
14:47:48.0776 7276 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
14:47:48.0786 7276 WPCSvc - ok
14:47:48.0817 7276 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
14:47:48.0830 7276 WPDBusEnum - ok
14:47:48.0863 7276 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:47:48.0864 7276 WpdUsb - ok
14:47:49.0014 7276 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:47:49.0032 7276 WPFFontCache_v0400 - ok
14:47:49.0059 7276 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:47:49.0060 7276 ws2ifsl - ok
14:47:49.0085 7276 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
14:47:49.0088 7276 wscsvc - ok
14:47:49.0094 7276 WSearch - ok
14:47:49.0275 7276 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:47:49.0352 7276 wuauserv - ok
14:47:49.0464 7276 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:47:49.0466 7276 WUDFRd - ok
14:47:49.0494 7276 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
14:47:49.0498 7276 wudfsvc - ok
14:47:49.0510 7276 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:47:49.0568 7276 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:47:49.0568 7276 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:47:49.0583 7276 MBR (0x1B8) (76f6867e4e28ed065e32dccec9b3e079) \Device\Harddisk1\DR3
14:48:08.0360 7276 \Device\Harddisk1\DR3 - ok
14:48:08.0388 7276 Boot (0x1200) (24fc5aa1d2616325014abd5b39d7fa05) \Device\Harddisk0\DR0\Partition0
14:48:08.0390 7276 \Device\Harddisk0\DR0\Partition0 - ok
14:48:08.0394 7276 Boot (0x1200) (9c6fb265fce016e83b9dd61655163dc4) \Device\Harddisk0\DR0\Partition1
14:48:08.0396 7276 \Device\Harddisk0\DR0\Partition1 - ok
14:48:08.0401 7276 Boot (0x1200) (bd71eaf089953ab58707e7abec0344b0) \Device\Harddisk1\DR3\Partition0
14:48:08.0403 7276 \Device\Harddisk1\DR3\Partition0 - ok
14:48:08.0404 7276 ============================================================
14:48:08.0404 7276 Scan finished
14:48:08.0404 7276 ============================================================
14:48:08.0423 8796 Detected object count: 1
14:48:08.0423 8796 Actual detected object count: 1
14:48:18.0761 8796 \Device\Harddisk0\DR0\# - copied to quarantine
14:48:18.0800 8796 \Device\Harddisk0\DR0 - copied to quarantine
14:48:18.0845 8796 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:48:18.0904 8796 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:48:19.0069 8796 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:48:19.0089 8796 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:48:19.0139 8796 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:48:20.0293 8796 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:48:20.0351 8796 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:48:20.0353 8796 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:48:20.0356 8796 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:48:20.0487 8796 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:48:20.0554 8796 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:48:20.0591 8796 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:48:20.0594 8796 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:48:20.0599 8796 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:48:20.0601 8796 \Device\Harddisk0\DR0 - ok
14:48:20.0721 8796 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:48:53.0936 7616 Deinitialize success





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 15:00:22
-----------------------------
15:00:22.568 OS Version: Windows x64 6.0.6002 Service Pack 2
15:00:22.568 Number of processors: 2 586 0x170A
15:00:22.568 ComputerName: MARINERS UserName: Lindholm
15:00:24.073 Initialize success
15:00:45.168 The log file has been saved successfully to "C:\Users\Lindholm\Desktop\aswMBR.txt"

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:54 PM

Posted 14 August 2012 - 06:55 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 15:00:22
-----------------------------
15:00:22.568 OS Version: Windows x64 6.0.6002 Service Pack 2
15:00:22.568 Number of processors: 2 586 0x170A
15:00:22.568 ComputerName: MARINERS UserName: Lindholm
15:00:24.073 Initialize success
15:00:45.168 The log file has been saved successfully to "C:\Users\Lindholm\Desktop\aswMBR.txt"


Was this all the aswMBR log?

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please let me know what problem persists on this computer.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:54 PM

Posted 20 August 2012 - 09:33 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users