Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess infection still there after reformat/reinstall


  • This topic is locked This topic is locked
47 replies to this topic

#1 PLane

PLane

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 20 September 2012 - 11:51 AM

I think I still have the zeroaccess infection. My computer has been acting really weird. My google chrome shortcut was renamed to people and now my Internet keeps going on and off and is slow. Your help is appreciated as I am using this computer for school.I did not create a GMER scan log because it says it is not for 64 bit systems.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kathleen at 11:30:10 on 2012-09-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1591 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Kathleen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathleen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathleen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathleen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxduPSWX.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit=userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
uRun: [Google Update] "C:\Users\Kathleen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{52377725-4E7F-49BE-A937-AFA2F483944E} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-14 250568]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-20 16:20:22 6830363 ----a-w- C:\ProgramData\SPL1074.tmp
2012-09-20 15:35:16 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0EEE91D-80CE-4668-B988-5B9C05C8F698}\mpengine.dll
2012-09-19 23:17:49 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-16 02:38:17 -------- d-----w- C:\ProgramData\CropBusters
2012-09-16 00:45:21 -------- d-----w- C:\ProgramData\RVLGames
2012-09-15 21:28:07 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\LegacyGames
2012-09-14 13:40:00 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 13:40:00 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-12 22:29:31 -------- d-----w- C:\ProgramData\TERMINAL Studio
2012-09-12 19:45:11 -------- d-----w- C:\ProgramData\CannyGames
2012-09-12 19:33:52 -------- d-----w- C:\ProgramData\Funny Bear Studio
2012-09-12 13:13:22 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 13:13:22 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 13:13:21 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 13:13:21 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 13:13:20 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 13:13:20 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 13:13:20 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 09:00:36 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\iMaxGen
2012-09-09 02:54:19 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\The Drama Queen Murder
2012-09-06 17:20:49 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-09-06 16:28:05 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Malwarebytes
2012-09-06 16:27:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-06 16:27:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-06 16:27:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-06 12:59:35 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-08-30 19:31:46 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\DragonsEye Studios
2012-08-30 19:31:46 -------- d-----w- C:\ProgramData\DragonsEye Studios
2012-08-29 18:31:59 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Windows Live Writer
2012-08-29 18:31:59 -------- d-----w- C:\Users\Kathleen\AppData\Local\Windows Live Writer
2012-08-29 02:02:25 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Amaranth Games
2012-08-27 17:16:42 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Floodlight Games
2012-08-27 17:16:42 -------- d-----w- C:\ProgramData\Floodlight Games
2012-08-27 15:18:09 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-08-27 15:17:32 -------- d-----w- C:\Users\Kathleen\AppData\Local\Microsoft Help
2012-08-27 13:43:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-27 13:43:25 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-27 13:33:28 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-26 21:29:36 -------- d-----w- C:\Users\Kathleen\Tracing
2012-08-26 21:28:28 -------- d-----w- C:\Windows\en
2012-08-26 21:27:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-08-26 21:27:02 57280 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-08-26 21:26:47 -------- d-----w- C:\Windows\PCHEALTH
2012-08-26 21:22:12 5563840 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c1b756af1cd83d005\skydrivesetup.exe
2012-08-26 21:22:12 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-08-26 21:22:12 -------- d-----r- C:\Users\Kathleen\SkyDrive
2012-08-26 21:21:50 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-08-26 21:21:28 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd55db2a1cd83d004\DSETUP.dll
2012-08-26 21:21:28 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd55db2a1cd83d004\DXSETUP.exe
2012-08-26 21:21:28 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd55db2a1cd83d004\dsetup32.dll
2012-08-26 21:21:20 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8518c381cd83d003\DSETUP.dll
2012-08-26 21:21:20 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8518c381cd83d003\DXSETUP.exe
2012-08-26 21:21:20 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8518c381cd83d003\dsetup32.dll
2012-08-26 21:21:00 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b04a42eb1cd83d001\DSETUP.dll
2012-08-26 21:21:00 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b04a42eb1cd83d001\DXSETUP.exe
2012-08-26 21:21:00 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b04a42eb1cd83d001\dsetup32.dll
2012-08-26 21:20:51 -------- d-----w- C:\Users\Kathleen\AppData\Local\Windows Live
2012-08-26 21:19:43 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-08-26 17:35:41 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Frogwares
2012-08-25 22:47:53 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\FBI
2012-08-25 22:47:53 -------- d-----w- C:\ProgramData\Particles
2012-08-25 17:13:35 -------- d-----w- C:\ProgramData\lx_Cats
2012-08-25 17:13:26 186880 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdudrpp.dll
2012-08-25 17:13:23 -------- d-----w- C:\Program Files\Lexmark 5600-6600 Series
2012-08-25 17:12:20 300032 ----a-w- C:\Windows\System32\lxdugrd.dll
2012-08-25 17:09:57 81920 ----a-w- C:\Windows\SysWow64\lxducaps.dll
2012-08-25 17:09:57 77906 ----a-w- C:\Windows\SysWow64\lxducfg.dll
2012-08-25 17:09:57 69632 ----a-w- C:\Windows\SysWow64\lxducnv4.dll
2012-08-25 17:09:57 65536 ----a-w- C:\Windows\System32\lxducfg64.dll
2012-08-25 17:09:57 54784 ----a-w- C:\Windows\System32\lxducnv464.dll
2012-08-25 17:09:57 25600 ----a-w- C:\Windows\System32\lxducaps64.dll
2012-08-25 17:09:57 1400320 ----a-w- C:\Windows\System32\lxdudrs64.dll
2012-08-25 17:09:57 1036288 ----a-w- C:\Windows\SysWow64\lxdudrs.dll
2012-08-24 16:14:34 -------- d-----w- C:\ProgramData\Playrix Entertainment
2012-08-23 19:58:07 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Atlantis
2012-08-23 19:55:59 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-08-22 19:35:03 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\rokapublish
2012-08-22 17:27:52 -------- d-----w- C:\ProgramData\GameHouse
2012-08-22 02:36:27 -------- d-----w- C:\Program Files (x86)\WildGames
2012-08-22 02:27:16 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\WildTangent
2012-08-22 02:27:15 -------- d-----w- C:\ProgramData\WildTangent
2012-08-22 02:27:15 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2012-08-21 21:00:45 -------- d-----w- C:\Users\Kathleen\AppData\Local\Google
2012-08-21 21:00:20 -------- d-----w- C:\Users\Kathleen\AppData\Local\Apps
2012-08-21 21:00:19 -------- d-----w- C:\Users\Kathleen\AppData\Local\Deployment
.
==================== Find3M ====================
.
2012-08-21 15:06:10 0 ----a-w- C:\Windows\ativpsrm.bin
2012-07-28 08:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 07:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-27 00:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-27 00:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-27 00:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-27 00:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-27 00:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 20:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 20:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 20:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 20:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 20:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 20:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 19:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 11:31:13.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:23 PM

Posted 21 September 2012 - 05:50 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 09:52 AM

I have some questions. Can you tell from my DDS scans if I am actually infected or not. I meant to put a question mark on my title. I don't know if I am or not. I have to go out and buy a USB. I have a Microsoft Office Suite installed. Will doing the repair roll it back and take it off? Thank you.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:23 PM

Posted 22 September 2012 - 10:09 AM

yes, there are signs of infection on your machine, but you don't need to buy a USB, there are other tools we can use

please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 05:20 PM

Wrong scan posted here. Erased.

Edited by PLane, 22 September 2012 - 05:57 PM.


#6 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 05:27 PM

17:24:15.0433 2068 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:24:15.0729 2068 ============================================================
17:24:15.0730 2068 Current date / time: 2012/09/22 17:24:15.0729
17:24:15.0730 2068 SystemInfo:
17:24:15.0730 2068
17:24:15.0730 2068 OS Version: 6.1.7601 ServicePack: 1.0
17:24:15.0730 2068 Product type: Workstation
17:24:15.0730 2068 ComputerName: KATHLEEN-PC
17:24:15.0731 2068 UserName: Kathleen
17:24:15.0731 2068 Windows directory: C:\Windows
17:24:15.0731 2068 System windows directory: C:\Windows
17:24:15.0731 2068 Running under WOW64
17:24:15.0731 2068 Processor architecture: Intel x64
17:24:15.0731 2068 Number of processors: 2
17:24:15.0731 2068 Page size: 0x1000
17:24:15.0731 2068 Boot type: Normal boot
17:24:15.0731 2068 ============================================================
17:24:17.0229 2068 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:17.0254 2068 ============================================================
17:24:17.0254 2068 \Device\Harddisk0\DR0:
17:24:17.0254 2068 MBR partitions:
17:24:17.0254 2068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:24:17.0254 2068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
17:24:17.0254 2068 ============================================================
17:24:17.0322 2068 C: <-> \Device\Harddisk0\DR0\Partition2
17:24:17.0322 2068 ============================================================
17:24:17.0322 2068 Initialize success
17:24:17.0322 2068 ============================================================
17:24:55.0880 1348 ============================================================
17:24:55.0880 1348 Scan started
17:24:55.0880 1348 Mode: Manual; TDLFS;
17:24:55.0880 1348 ============================================================
17:24:56.0208 1348 ================ Scan system memory ========================
17:24:56.0208 1348 System memory - ok
17:24:56.0209 1348 ================ Scan services =============================
17:24:56.0538 1348 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:24:56.0544 1348 1394ohci - ok
17:24:56.0595 1348 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:24:56.0602 1348 ACPI - ok
17:24:56.0618 1348 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:24:56.0621 1348 AcpiPmi - ok
17:24:56.0881 1348 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:24:56.0885 1348 AdobeFlashPlayerUpdateSvc - ok
17:24:56.0924 1348 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:24:56.0935 1348 adp94xx - ok
17:24:56.0949 1348 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:24:56.0954 1348 adpahci - ok
17:24:56.0972 1348 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:24:56.0975 1348 adpu320 - ok
17:24:57.0002 1348 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:24:57.0003 1348 AeLookupSvc - ok
17:24:57.0047 1348 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:24:57.0052 1348 AFD - ok
17:24:57.0081 1348 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:24:57.0082 1348 agp440 - ok
17:24:57.0098 1348 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:24:57.0099 1348 ALG - ok
17:24:57.0104 1348 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:24:57.0106 1348 aliide - ok
17:24:57.0148 1348 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:24:57.0152 1348 AMD External Events Utility - ok
17:24:57.0162 1348 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:24:57.0165 1348 amdide - ok
17:24:57.0176 1348 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:24:57.0180 1348 AmdK8 - ok
17:24:57.0200 1348 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:24:57.0201 1348 AmdPPM - ok
17:24:57.0229 1348 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:24:57.0231 1348 amdsata - ok
17:24:57.0253 1348 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:24:57.0259 1348 amdsbs - ok
17:24:57.0279 1348 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:24:57.0280 1348 amdxata - ok
17:24:57.0307 1348 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:24:57.0308 1348 AppID - ok
17:24:57.0319 1348 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:24:57.0321 1348 AppIDSvc - ok
17:24:57.0327 1348 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:24:57.0329 1348 Appinfo - ok
17:24:57.0337 1348 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:24:57.0340 1348 arc - ok
17:24:57.0355 1348 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:24:57.0357 1348 arcsas - ok
17:24:57.0370 1348 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:24:57.0371 1348 AsyncMac - ok
17:24:57.0378 1348 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:24:57.0379 1348 atapi - ok
17:24:57.0501 1348 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:24:57.0563 1348 atikmdag - ok
17:24:57.0597 1348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:24:57.0605 1348 AudioEndpointBuilder - ok
17:24:57.0616 1348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:24:57.0621 1348 AudioSrv - ok
17:24:57.0641 1348 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:24:57.0643 1348 AxInstSV - ok
17:24:57.0694 1348 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:24:57.0704 1348 b06bdrv - ok
17:24:57.0725 1348 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:24:57.0729 1348 b57nd60a - ok
17:24:57.0752 1348 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:24:57.0754 1348 BDESVC - ok
17:24:57.0763 1348 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:24:57.0765 1348 Beep - ok
17:24:57.0799 1348 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:24:57.0808 1348 BFE - ok
17:24:57.0841 1348 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:24:57.0853 1348 BITS - ok
17:24:57.0863 1348 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:24:57.0865 1348 blbdrive - ok
17:24:57.0898 1348 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:24:57.0899 1348 bowser - ok
17:24:57.0904 1348 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:24:57.0905 1348 BrFiltLo - ok
17:24:57.0911 1348 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:24:57.0912 1348 BrFiltUp - ok
17:24:57.0954 1348 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:24:57.0956 1348 Browser - ok
17:24:57.0982 1348 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:24:57.0990 1348 Brserid - ok
17:24:58.0003 1348 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:24:58.0005 1348 BrSerWdm - ok
17:24:58.0015 1348 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:24:58.0018 1348 BrUsbMdm - ok
17:24:58.0024 1348 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:24:58.0026 1348 BrUsbSer - ok
17:24:58.0032 1348 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:24:58.0034 1348 BTHMODEM - ok
17:24:58.0053 1348 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:24:58.0055 1348 bthserv - ok
17:24:58.0060 1348 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:24:58.0062 1348 cdfs - ok
17:24:58.0069 1348 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:24:58.0071 1348 cdrom - ok
17:24:58.0083 1348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:24:58.0085 1348 CertPropSvc - ok
17:24:58.0090 1348 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:24:58.0091 1348 circlass - ok
17:24:58.0110 1348 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:24:58.0114 1348 CLFS - ok
17:24:58.0236 1348 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:24:58.0242 1348 clr_optimization_v2.0.50727_32 - ok
17:24:58.0342 1348 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:24:58.0345 1348 clr_optimization_v2.0.50727_64 - ok
17:24:58.0494 1348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:24:58.0523 1348 clr_optimization_v4.0.30319_32 - ok
17:24:58.0675 1348 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:24:58.0679 1348 clr_optimization_v4.0.30319_64 - ok
17:24:58.0719 1348 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:24:58.0721 1348 CmBatt - ok
17:24:58.0730 1348 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:24:58.0733 1348 cmdide - ok
17:24:58.0779 1348 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:24:58.0788 1348 CNG - ok
17:24:58.0816 1348 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:24:58.0818 1348 Compbatt - ok
17:24:58.0835 1348 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:24:58.0836 1348 CompositeBus - ok
17:24:58.0846 1348 COMSysApp - ok
17:24:58.0855 1348 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:24:58.0857 1348 crcdisk - ok
17:24:58.0893 1348 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:24:58.0895 1348 CryptSvc - ok
17:24:58.0934 1348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:24:58.0942 1348 DcomLaunch - ok
17:24:58.0961 1348 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:24:58.0965 1348 defragsvc - ok
17:24:58.0982 1348 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:24:58.0984 1348 DfsC - ok
17:24:59.0008 1348 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:24:59.0012 1348 Dhcp - ok
17:24:59.0026 1348 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:24:59.0026 1348 discache - ok
17:24:59.0032 1348 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:24:59.0033 1348 Disk - ok
17:24:59.0060 1348 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:24:59.0063 1348 Dnscache - ok
17:24:59.0088 1348 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:24:59.0092 1348 dot3svc - ok
17:24:59.0104 1348 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:24:59.0107 1348 DPS - ok
17:24:59.0138 1348 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:24:59.0139 1348 drmkaud - ok
17:24:59.0161 1348 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:24:59.0167 1348 DXGKrnl - ok
17:24:59.0187 1348 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:24:59.0189 1348 EapHost - ok
17:24:59.0243 1348 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:24:59.0277 1348 ebdrv - ok
17:24:59.0309 1348 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:24:59.0311 1348 EFS - ok
17:24:59.0400 1348 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:24:59.0411 1348 ehRecvr - ok
17:24:59.0429 1348 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:24:59.0430 1348 ehSched - ok
17:24:59.0458 1348 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:24:59.0465 1348 elxstor - ok
17:24:59.0470 1348 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:24:59.0473 1348 ErrDev - ok
17:24:59.0503 1348 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:24:59.0508 1348 EventSystem - ok
17:24:59.0521 1348 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:24:59.0524 1348 exfat - ok
17:24:59.0531 1348 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:24:59.0534 1348 fastfat - ok
17:24:59.0559 1348 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:24:59.0567 1348 Fax - ok
17:24:59.0573 1348 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:24:59.0574 1348 fdc - ok
17:24:59.0587 1348 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:24:59.0588 1348 fdPHost - ok
17:24:59.0599 1348 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:24:59.0600 1348 FDResPub - ok
17:24:59.0614 1348 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:24:59.0615 1348 FileInfo - ok
17:24:59.0620 1348 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:24:59.0622 1348 Filetrace - ok
17:24:59.0627 1348 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:24:59.0629 1348 flpydisk - ok
17:24:59.0643 1348 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:24:59.0646 1348 FltMgr - ok
17:24:59.0678 1348 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:24:59.0690 1348 FontCache - ok
17:24:59.0720 1348 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:24:59.0721 1348 FontCache3.0.0.0 - ok
17:24:59.0726 1348 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:24:59.0728 1348 FsDepends - ok
17:24:59.0785 1348 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:24:59.0786 1348 fssfltr - ok
17:24:59.0919 1348 [ 4E2E6FEDFE4A3445DBD0C623A242362D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:24:59.0944 1348 fsssvc - ok
17:24:59.0973 1348 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:24:59.0974 1348 Fs_Rec - ok
17:25:00.0011 1348 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:25:00.0014 1348 fvevol - ok
17:25:00.0022 1348 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:25:00.0024 1348 gagp30kx - ok
17:25:00.0176 1348 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:25:00.0212 1348 GamesAppService - ok
17:25:00.0299 1348 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:25:00.0315 1348 gpsvc - ok
17:25:00.0335 1348 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:25:00.0336 1348 hcw85cir - ok
17:25:00.0366 1348 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:25:00.0371 1348 HdAudAddService - ok
17:25:00.0381 1348 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:25:00.0383 1348 HDAudBus - ok
17:25:00.0389 1348 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:25:00.0392 1348 HidBatt - ok
17:25:00.0405 1348 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:25:00.0408 1348 HidBth - ok
17:25:00.0415 1348 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:25:00.0417 1348 HidIr - ok
17:25:00.0427 1348 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:25:00.0428 1348 hidserv - ok
17:25:00.0445 1348 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:25:00.0446 1348 HidUsb - ok
17:25:00.0474 1348 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:25:00.0476 1348 hkmsvc - ok
17:25:00.0488 1348 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:25:00.0492 1348 HomeGroupListener - ok
17:25:00.0514 1348 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:25:00.0517 1348 HomeGroupProvider - ok
17:25:00.0532 1348 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:25:00.0534 1348 HpSAMD - ok
17:25:00.0564 1348 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:25:00.0571 1348 HTTP - ok
17:25:00.0577 1348 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:25:00.0577 1348 hwpolicy - ok
17:25:00.0602 1348 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:25:00.0605 1348 i8042prt - ok
17:25:00.0622 1348 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:25:00.0627 1348 iaStorV - ok
17:25:00.0667 1348 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:25:00.0676 1348 idsvc - ok
17:25:00.0692 1348 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:25:00.0694 1348 iirsp - ok
17:25:00.0720 1348 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:25:00.0730 1348 IKEEXT - ok
17:25:00.0738 1348 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:25:00.0739 1348 intelide - ok
17:25:00.0752 1348 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:25:00.0754 1348 intelppm - ok
17:25:00.0765 1348 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:25:00.0768 1348 IPBusEnum - ok
17:25:00.0773 1348 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:25:00.0776 1348 IpFilterDriver - ok
17:25:00.0793 1348 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:25:00.0800 1348 iphlpsvc - ok
17:25:00.0806 1348 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:25:00.0808 1348 IPMIDRV - ok
17:25:00.0819 1348 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:25:00.0821 1348 IPNAT - ok
17:25:00.0830 1348 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:25:00.0831 1348 IRENUM - ok
17:25:00.0836 1348 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:25:00.0837 1348 isapnp - ok
17:25:00.0856 1348 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:25:00.0861 1348 iScsiPrt - ok
17:25:00.0869 1348 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:25:00.0870 1348 kbdclass - ok
17:25:00.0875 1348 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:25:00.0877 1348 kbdhid - ok
17:25:00.0907 1348 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:25:00.0908 1348 KeyIso - ok
17:25:00.0946 1348 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:25:00.0947 1348 KSecDD - ok
17:25:00.0963 1348 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:25:00.0964 1348 KSecPkg - ok
17:25:00.0985 1348 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:25:00.0986 1348 ksthunk - ok
17:25:01.0010 1348 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:25:01.0016 1348 KtmRm - ok
17:25:01.0053 1348 [ 6E0698CEA0901FD1A2B9CE0859E2D8FE ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
17:25:01.0054 1348 L1C - ok
17:25:01.0080 1348 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:25:01.0084 1348 LanmanServer - ok
17:25:01.0106 1348 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:25:01.0109 1348 LanmanWorkstation - ok
17:25:01.0128 1348 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:25:01.0129 1348 lltdio - ok
17:25:01.0152 1348 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:25:01.0157 1348 lltdsvc - ok
17:25:01.0162 1348 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:25:01.0164 1348 lmhosts - ok
17:25:01.0182 1348 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:25:01.0184 1348 LSI_FC - ok
17:25:01.0196 1348 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:25:01.0198 1348 LSI_SAS - ok
17:25:01.0203 1348 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:25:01.0205 1348 LSI_SAS2 - ok
17:25:01.0211 1348 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:25:01.0213 1348 LSI_SCSI - ok
17:25:01.0224 1348 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:25:01.0226 1348 luafv - ok
17:25:01.0236 1348 lxdu_device - ok
17:25:01.0321 1348 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:25:01.0323 1348 MBAMProtector - ok
17:25:01.0395 1348 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:25:01.0403 1348 MBAMScheduler - ok
17:25:01.0461 1348 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:25:01.0472 1348 MBAMService - ok
17:25:01.0496 1348 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:25:01.0500 1348 Mcx2Svc - ok
17:25:01.0506 1348 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:25:01.0507 1348 megasas - ok
17:25:01.0535 1348 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:25:01.0540 1348 MegaSR - ok
17:25:01.0574 1348 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:25:01.0576 1348 MMCSS - ok
17:25:01.0584 1348 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:25:01.0585 1348 Modem - ok
17:25:01.0615 1348 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:25:01.0616 1348 monitor - ok
17:25:01.0629 1348 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:25:01.0630 1348 mouclass - ok
17:25:01.0643 1348 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:25:01.0644 1348 mouhid - ok
17:25:01.0662 1348 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:25:01.0663 1348 mountmgr - ok
17:25:01.0694 1348 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:25:01.0697 1348 MpFilter - ok
17:25:01.0704 1348 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:25:01.0706 1348 mpio - ok
17:25:01.0722 1348 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:25:01.0723 1348 mpsdrv - ok
17:25:01.0743 1348 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:25:01.0753 1348 MpsSvc - ok
17:25:01.0759 1348 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:25:01.0762 1348 MRxDAV - ok
17:25:01.0794 1348 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:25:01.0796 1348 mrxsmb - ok
17:25:01.0846 1348 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:25:01.0852 1348 mrxsmb10 - ok
17:25:01.0867 1348 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:25:01.0871 1348 mrxsmb20 - ok
17:25:01.0900 1348 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:25:01.0901 1348 msahci - ok
17:25:01.0909 1348 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:25:01.0912 1348 msdsm - ok
17:25:01.0926 1348 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:25:01.0931 1348 MSDTC - ok
17:25:01.0944 1348 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:25:01.0945 1348 Msfs - ok
17:25:01.0952 1348 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:25:01.0953 1348 mshidkmdf - ok
17:25:01.0958 1348 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:25:01.0958 1348 msisadrv - ok
17:25:01.0982 1348 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:25:01.0985 1348 MSiSCSI - ok
17:25:01.0990 1348 msiserver - ok
17:25:02.0006 1348 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:25:02.0007 1348 MSKSSRV - ok
17:25:02.0101 1348 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:25:02.0102 1348 MsMpSvc - ok
17:25:02.0111 1348 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:25:02.0114 1348 MSPCLOCK - ok
17:25:02.0123 1348 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:25:02.0126 1348 MSPQM - ok
17:25:02.0144 1348 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:25:02.0149 1348 MsRPC - ok
17:25:02.0157 1348 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:25:02.0157 1348 mssmbios - ok
17:25:02.0163 1348 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:25:02.0165 1348 MSTEE - ok
17:25:02.0171 1348 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:25:02.0172 1348 MTConfig - ok
17:25:02.0177 1348 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:25:02.0178 1348 Mup - ok
17:25:02.0205 1348 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:25:02.0211 1348 napagent - ok
17:25:02.0230 1348 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:25:02.0234 1348 NativeWifiP - ok
17:25:02.0306 1348 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:25:02.0324 1348 NDIS - ok
17:25:02.0355 1348 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:25:02.0357 1348 NdisCap - ok
17:25:02.0376 1348 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:25:02.0378 1348 NdisTapi - ok
17:25:02.0391 1348 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:25:02.0394 1348 Ndisuio - ok
17:25:02.0404 1348 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:25:02.0406 1348 NdisWan - ok
17:25:02.0424 1348 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:25:02.0425 1348 NDProxy - ok
17:25:02.0435 1348 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:25:02.0436 1348 NetBIOS - ok
17:25:02.0454 1348 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:25:02.0457 1348 NetBT - ok
17:25:02.0480 1348 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:25:02.0481 1348 Netlogon - ok
17:25:02.0528 1348 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:25:02.0538 1348 Netman - ok
17:25:02.0559 1348 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:25:02.0567 1348 netprofm - ok
17:25:02.0591 1348 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:25:02.0592 1348 NetTcpPortSharing - ok
17:25:02.0615 1348 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:25:02.0617 1348 nfrd960 - ok
17:25:02.0650 1348 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:25:02.0652 1348 NisDrv - ok
17:25:02.0680 1348 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:25:02.0682 1348 NisSrv - ok
17:25:02.0699 1348 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:25:02.0705 1348 NlaSvc - ok
17:25:02.0712 1348 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:25:02.0713 1348 Npfs - ok
17:25:02.0732 1348 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:25:02.0735 1348 nsi - ok
17:25:02.0740 1348 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:25:02.0741 1348 nsiproxy - ok
17:25:02.0818 1348 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:25:02.0838 1348 Ntfs - ok
17:25:02.0858 1348 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:25:02.0859 1348 Null - ok
17:25:02.0880 1348 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
17:25:02.0881 1348 nusb3hub - ok
17:25:02.0904 1348 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
17:25:02.0906 1348 nusb3xhc - ok
17:25:02.0936 1348 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:25:02.0939 1348 nvraid - ok
17:25:02.0959 1348 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:25:02.0964 1348 nvstor - ok
17:25:02.0981 1348 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:25:02.0986 1348 nv_agp - ok
17:25:02.0999 1348 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:25:03.0002 1348 ohci1394 - ok
17:25:03.0070 1348 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:25:03.0073 1348 ose - ok
17:25:03.0229 1348 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:25:03.0260 1348 osppsvc - ok
17:25:03.0295 1348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:25:03.0303 1348 p2pimsvc - ok
17:25:03.0327 1348 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:25:03.0336 1348 p2psvc - ok
17:25:03.0358 1348 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:25:03.0360 1348 Parport - ok
17:25:03.0390 1348 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:25:03.0392 1348 partmgr - ok
17:25:03.0400 1348 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:25:03.0404 1348 PcaSvc - ok
17:25:03.0428 1348 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:25:03.0431 1348 pci - ok
17:25:03.0438 1348 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:25:03.0443 1348 pciide - ok
17:25:03.0489 1348 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:25:03.0493 1348 pcmcia - ok
17:25:03.0499 1348 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:25:03.0500 1348 pcw - ok
17:25:03.0549 1348 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:25:03.0562 1348 PEAUTH - ok
17:25:03.0755 1348 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:25:03.0758 1348 PerfHost - ok
17:25:03.0814 1348 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:25:03.0833 1348 pla - ok
17:25:03.0864 1348 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:25:03.0870 1348 PlugPlay - ok
17:25:03.0887 1348 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:25:03.0890 1348 PNRPAutoReg - ok
17:25:03.0899 1348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:25:03.0903 1348 PNRPsvc - ok
17:25:03.0931 1348 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:25:03.0937 1348 PolicyAgent - ok
17:25:03.0956 1348 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:25:03.0960 1348 Power - ok
17:25:03.0990 1348 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:25:03.0991 1348 PptpMiniport - ok
17:25:03.0998 1348 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:25:03.0999 1348 Processor - ok
17:25:04.0040 1348 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:25:04.0044 1348 ProfSvc - ok
17:25:04.0061 1348 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:25:04.0062 1348 ProtectedStorage - ok
17:25:04.0095 1348 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:25:04.0098 1348 Psched - ok
17:25:04.0133 1348 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:25:04.0153 1348 ql2300 - ok
17:25:04.0161 1348 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:25:04.0163 1348 ql40xx - ok
17:25:04.0188 1348 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:25:04.0193 1348 QWAVE - ok
17:25:04.0198 1348 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:25:04.0199 1348 QWAVEdrv - ok
17:25:04.0204 1348 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:25:04.0206 1348 RasAcd - ok
17:25:04.0225 1348 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:25:04.0226 1348 RasAgileVpn - ok
17:25:04.0235 1348 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:25:04.0238 1348 RasAuto - ok
17:25:04.0246 1348 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:25:04.0271 1348 Rasl2tp - ok
17:25:04.0295 1348 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:25:04.0301 1348 RasMan - ok
17:25:04.0307 1348 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:25:04.0309 1348 RasPppoe - ok
17:25:04.0314 1348 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:25:04.0316 1348 RasSstp - ok
17:25:04.0325 1348 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:25:04.0328 1348 rdbss - ok
17:25:04.0334 1348 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:25:04.0335 1348 rdpbus - ok
17:25:04.0340 1348 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:25:04.0341 1348 RDPCDD - ok
17:25:04.0350 1348 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:25:04.0350 1348 RDPENCDD - ok
17:25:04.0359 1348 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:25:04.0360 1348 RDPREFMP - ok
17:25:04.0392 1348 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:25:04.0395 1348 RDPWD - ok
17:25:04.0421 1348 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:25:04.0423 1348 rdyboost - ok
17:25:04.0451 1348 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:25:04.0454 1348 RemoteAccess - ok
17:25:04.0464 1348 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:25:04.0467 1348 RemoteRegistry - ok
17:25:04.0490 1348 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:25:04.0493 1348 RpcEptMapper - ok
17:25:04.0505 1348 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:25:04.0507 1348 RpcLocator - ok
17:25:04.0522 1348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:25:04.0528 1348 RpcSs - ok
17:25:04.0537 1348 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:25:04.0539 1348 rspndr - ok
17:25:04.0566 1348 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:25:04.0567 1348 SamSs - ok
17:25:04.0573 1348 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:25:04.0575 1348 sbp2port - ok
17:25:04.0598 1348 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:25:04.0602 1348 SCardSvr - ok
17:25:04.0606 1348 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:25:04.0608 1348 scfilter - ok
17:25:04.0630 1348 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:25:04.0644 1348 Schedule - ok
17:25:04.0665 1348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:25:04.0666 1348 SCPolicySvc - ok
17:25:04.0684 1348 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:25:04.0687 1348 SDRSVC - ok
17:25:04.0714 1348 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:25:04.0715 1348 secdrv - ok
17:25:04.0737 1348 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:25:04.0739 1348 seclogon - ok
17:25:04.0746 1348 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:25:04.0749 1348 SENS - ok
17:25:04.0762 1348 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:25:04.0764 1348 SensrSvc - ok
17:25:04.0769 1348 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:25:04.0771 1348 Serenum - ok
17:25:04.0780 1348 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:25:04.0782 1348 Serial - ok
17:25:04.0787 1348 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:25:04.0790 1348 sermouse - ok
17:25:04.0811 1348 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:25:04.0814 1348 SessionEnv - ok
17:25:04.0819 1348 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:25:04.0821 1348 sffdisk - ok
17:25:04.0833 1348 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:25:04.0835 1348 sffp_mmc - ok
17:25:04.0839 1348 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:25:04.0841 1348 sffp_sd - ok
17:25:04.0847 1348 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:25:04.0848 1348 sfloppy - ok
17:25:04.0877 1348 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:25:04.0882 1348 SharedAccess - ok
17:25:04.0896 1348 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:25:04.0902 1348 ShellHWDetection - ok
17:25:04.0917 1348 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:25:04.0919 1348 SiSRaid2 - ok
17:25:04.0924 1348 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:25:04.0927 1348 SiSRaid4 - ok
17:25:04.0945 1348 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:25:04.0946 1348 Smb - ok
17:25:04.0978 1348 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:25:04.0980 1348 SNMPTRAP - ok
17:25:04.0985 1348 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:25:04.0985 1348 spldr - ok
17:25:05.0023 1348 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:25:05.0030 1348 Spooler - ok
17:25:05.0125 1348 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:25:05.0192 1348 sppsvc - ok
17:25:05.0198 1348 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:25:05.0201 1348 sppuinotify - ok
17:25:05.0237 1348 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:25:05.0243 1348 srv - ok
17:25:05.0252 1348 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:25:05.0257 1348 srv2 - ok
17:25:05.0268 1348 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:25:05.0271 1348 srvnet - ok
17:25:05.0311 1348 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:25:05.0315 1348 SSDPSRV - ok
17:25:05.0324 1348 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:25:05.0326 1348 SstpSvc - ok
17:25:05.0336 1348 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:25:05.0337 1348 stexstor - ok
17:25:05.0381 1348 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:25:05.0389 1348 stisvc - ok
17:25:05.0393 1348 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:25:05.0394 1348 swenum - ok
17:25:05.0419 1348 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:25:05.0427 1348 swprv - ok
17:25:05.0489 1348 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:25:05.0508 1348 SysMain - ok
17:25:05.0525 1348 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:25:05.0528 1348 TabletInputService - ok
17:25:05.0570 1348 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:25:05.0575 1348 TapiSrv - ok
17:25:05.0617 1348 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:25:05.0623 1348 TBS - ok
17:25:05.0713 1348 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:25:05.0740 1348 Tcpip - ok
17:25:05.0786 1348 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:25:05.0801 1348 TCPIP6 - ok
17:25:05.0825 1348 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:25:05.0826 1348 tcpipreg - ok
17:25:05.0835 1348 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:25:05.0836 1348 TDPIPE - ok
17:25:05.0854 1348 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:25:05.0855 1348 TDTCP - ok
17:25:05.0869 1348 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:25:05.0871 1348 tdx - ok
17:25:05.0886 1348 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:25:05.0886 1348 TermDD - ok
17:25:05.0919 1348 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:25:05.0928 1348 TermService - ok
17:25:05.0938 1348 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:25:05.0941 1348 Themes - ok
17:25:05.0953 1348 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:25:05.0955 1348 THREADORDER - ok
17:25:05.0967 1348 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:25:05.0970 1348 TrkWks - ok
17:25:06.0011 1348 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:25:06.0012 1348 TrustedInstaller - ok
17:25:06.0020 1348 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:25:06.0021 1348 tssecsrv - ok
17:25:06.0027 1348 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:25:06.0028 1348 TsUsbFlt - ok
17:25:06.0034 1348 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:25:06.0036 1348 TsUsbGD - ok
17:25:06.0051 1348 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:25:06.0053 1348 tunnel - ok
17:25:06.0070 1348 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:25:06.0072 1348 uagp35 - ok
17:25:06.0085 1348 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:25:06.0089 1348 udfs - ok
17:25:06.0107 1348 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:25:06.0109 1348 UI0Detect - ok
17:25:06.0116 1348 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:25:06.0117 1348 uliagpkx - ok
17:25:06.0132 1348 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:25:06.0134 1348 umbus - ok
17:25:06.0139 1348 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:25:06.0140 1348 UmPass - ok
17:25:06.0155 1348 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:25:06.0161 1348 upnphost - ok
17:25:06.0184 1348 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:25:06.0186 1348 usbccgp - ok
17:25:06.0211 1348 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:25:06.0214 1348 usbcir - ok
17:25:06.0230 1348 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:25:06.0232 1348 usbehci - ok
17:25:06.0261 1348 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:25:06.0266 1348 usbhub - ok
17:25:06.0282 1348 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:25:06.0283 1348 usbohci - ok
17:25:06.0305 1348 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:25:06.0306 1348 usbprint - ok
17:25:06.0347 1348 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:25:06.0349 1348 usbscan - ok
17:25:06.0378 1348 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:25:06.0380 1348 USBSTOR - ok
17:25:06.0396 1348 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:25:06.0398 1348 usbuhci - ok
17:25:06.0410 1348 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:25:06.0413 1348 UxSms - ok
17:25:06.0445 1348 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:25:06.0446 1348 VaultSvc - ok
17:25:06.0457 1348 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:25:06.0459 1348 vdrvroot - ok
17:25:06.0508 1348 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:25:06.0523 1348 vds - ok
17:25:06.0549 1348 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:25:06.0552 1348 vga - ok
17:25:06.0561 1348 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:25:06.0564 1348 VgaSave - ok
17:25:06.0574 1348 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:25:06.0577 1348 vhdmp - ok
17:25:06.0584 1348 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:25:06.0586 1348 viaide - ok
17:25:06.0591 1348 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:25:06.0592 1348 volmgr - ok
17:25:06.0610 1348 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:25:06.0614 1348 volmgrx - ok
17:25:06.0629 1348 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:25:06.0633 1348 volsnap - ok
17:25:06.0640 1348 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:25:06.0643 1348 vsmraid - ok
17:25:06.0673 1348 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:25:06.0692 1348 VSS - ok
17:25:06.0697 1348 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:25:06.0700 1348 vwifibus - ok
17:25:06.0709 1348 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:25:06.0714 1348 W32Time - ok
17:25:06.0723 1348 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:25:06.0724 1348 WacomPen - ok
17:25:06.0747 1348 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:25:06.0749 1348 WANARP - ok
17:25:06.0754 1348 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:25:06.0755 1348 Wanarpv6 - ok
17:25:06.0826 1348 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:25:06.0845 1348 WatAdminSvc - ok
17:25:06.0894 1348 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:25:06.0915 1348 wbengine - ok
17:25:06.0938 1348 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:25:06.0943 1348 WbioSrvc - ok
17:25:06.0954 1348 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:25:06.0960 1348 wcncsvc - ok
17:25:06.0980 1348 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:25:06.0983 1348 WcsPlugInService - ok
17:25:06.0989 1348 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:25:06.0990 1348 Wd - ok
17:25:07.0012 1348 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:25:07.0019 1348 Wdf01000 - ok
17:25:07.0029 1348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:25:07.0032 1348 WdiServiceHost - ok
17:25:07.0037 1348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:25:07.0039 1348 WdiSystemHost - ok
17:25:07.0055 1348 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:25:07.0060 1348 WebClient - ok
17:25:07.0073 1348 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:25:07.0078 1348 Wecsvc - ok
17:25:07.0086 1348 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:25:07.0089 1348 wercplsupport - ok
17:25:07.0115 1348 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:25:07.0118 1348 WerSvc - ok
17:25:07.0134 1348 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:25:07.0136 1348 WfpLwf - ok
17:25:07.0141 1348 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:25:07.0143 1348 WIMMount - ok
17:25:07.0155 1348 WinDefend - ok
17:25:07.0161 1348 WinHttpAutoProxySvc - ok
17:25:07.0239 1348 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:25:07.0244 1348 Winmgmt - ok
17:25:07.0311 1348 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:25:07.0338 1348 WinRM - ok
17:25:07.0387 1348 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:25:07.0409 1348 Wlansvc - ok
17:25:07.0542 1348 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:25:07.0568 1348 wlidsvc - ok
17:25:07.0589 1348 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:25:07.0590 1348 WmiAcpi - ok
17:25:07.0620 1348 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:25:07.0623 1348 wmiApSrv - ok
17:25:07.0650 1348 WMPNetworkSvc - ok
17:25:07.0668 1348 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:25:07.0671 1348 WPCSvc - ok
17:25:07.0676 1348 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:25:07.0680 1348 WPDBusEnum - ok
17:25:07.0691 1348 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:25:07.0692 1348 ws2ifsl - ok
17:25:07.0710 1348 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:25:07.0713 1348 wscsvc - ok
17:25:07.0717 1348 WSearch - ok
17:25:07.0798 1348 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:25:07.0825 1348 wuauserv - ok
17:25:07.0831 1348 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:25:07.0833 1348 WudfPf - ok
17:25:07.0841 1348 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:25:07.0843 1348 WUDFRd - ok
17:25:07.0869 1348 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:25:07.0872 1348 wudfsvc - ok
17:25:07.0884 1348 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:25:07.0889 1348 WwanSvc - ok
17:25:07.0904 1348 ================ Scan global ===============================
17:25:07.0926 1348 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:25:07.0952 1348 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:25:07.0962 1348 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:25:07.0998 1348 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:25:08.0021 1348 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:25:08.0026 1348 [Global] - ok
17:25:08.0026 1348 ================ Scan MBR ==================================
17:25:08.0039 1348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:25:08.0326 1348 \Device\Harddisk0\DR0 - ok
17:25:08.0327 1348 ================ Scan VBR ==================================
17:25:08.0333 1348 [ F40437A5BA7F3885CA7B955005F8538F ] \Device\Harddisk0\DR0\Partition1
17:25:08.0335 1348 \Device\Harddisk0\DR0\Partition1 - ok
17:25:08.0374 1348 [ 85D3397EE7FB8D5EB9080246E214696A ] \Device\Harddisk0\DR0\Partition2
17:25:08.0378 1348 \Device\Harddisk0\DR0\Partition2 - ok
17:25:08.0379 1348 ============================================================
17:25:08.0379 1348 Scan finished
17:25:08.0379 1348 ============================================================
17:25:08.0401 2108 Detected object count: 0
17:25:08.0401 2108 Actual detected object count: 0

#7 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 05:31 PM

Ok Silly me, that was not the scan log. Here it is.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-22 17:42:52
-----------------------------
17:42:52.845 OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:52.845 Number of processors: 2 586 0x603
17:42:52.846 ComputerName: KATHLEEN-PC UserName: Kathleen
17:42:53.399 Initialize success
17:44:42.152 AVAST engine defs: 12092201
17:44:50.685 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:44:50.689 Disk 0 Vendor: SAMSUNG_HD322GJ 1AR10001 Size: 305245MB BusType: 11
17:44:50.701 Disk 0 MBR read successfully
17:44:50.707 Disk 0 MBR scan
17:44:50.719 Disk 0 Windows 7 default MBR code
17:44:50.730 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:44:50.787 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
17:44:50.873 Disk 0 scanning C:\Windows\system32\drivers
17:45:02.171 Service scanning
17:45:29.939 Modules scanning
17:45:29.955 Disk 0 trace - called modules:
17:45:29.976 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:45:29.981 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003109060]
17:45:29.989 3 CLASSPNP.SYS[fffff8800180543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002fb4060]
17:45:30.658 AVAST engine scan C:\Windows
17:45:33.420 AVAST engine scan C:\Windows\system32
17:49:32.205 AVAST engine scan C:\Windows\system32\drivers
17:49:44.043 AVAST engine scan C:\Users\Kathleen
17:53:04.313 AVAST engine scan C:\ProgramData
17:53:59.224 Scan finished successfully
17:54:14.836 Disk 0 MBR has been saved successfully to "C:\Users\Kathleen\Desktop\MBR.dat"
17:54:14.912 The log file has been saved successfully to "C:\Users\Kathleen\Desktop\aswMBR.txt"

Edited by PLane, 22 September 2012 - 05:56 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:23 PM

Posted 22 September 2012 - 05:49 PM

I don't believe it ran to completion,

it takes quite a while to download the definitions,

please give it another try

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 05:59 PM

And the attached MBR.dat zipped file

Attached Files

  • Attached File  MBR.zip   559bytes   1 downloads


#10 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 06:07 PM

I don't believe it ran to completion,

it takes quite a while to download the definitions,

please give it another try

thanks

Hmmm, that log said it scanned successfully, but I will do it again. Do you need me to do the TDSS scan again also?

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:23 PM

Posted 22 September 2012 - 06:10 PM

no, I didn't see your previous post before I posted, I was just looking at the previous one that was posted,

please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 06:21 PM

Do I have to turn off my Windows firewall?

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:23 PM

Posted 22 September 2012 - 06:28 PM

if you can disable it, that would be best

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 PLane

PLane
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 September 2012 - 06:31 PM

Okay, I'm going to try. If it won't let me do I just proceed (after turning of MSE and Malwarebytes)?

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:23 PM

Posted 22 September 2012 - 06:55 PM

yes please

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users