Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Strange things going on - Need some help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Strange things going on - Need some help please

Unread postby iowabucks » May 26th, 2012, 3:49 pm

Hey everyone, i had posted a thread about 5 months back about a trojan/virus attack i had. We had eventually figured it was a rootkit but couldn't be seen for some reason. We got rid of most all the strange activity, but still had had a few strange things going on, nothing i couldn't deal with. Mainly just a popup box whenever i started my computer telling me a certain file couldn't be found and to make sure it still exists or delete it from the registry.

Just the other day it acted funny and i noticed my MSE had shut down and acted like it couldn't start because it was missing some service files. I tried to restart the service but it tells me it's not even there anymore. I would also get errors on host processes for windows service had stopped working. It would drop host processes about every 15 minutes.

In the meantime i did a scan with Malware Bytes and came up with a exploit,drop.cfg trojan.

I got on the MSE forums to try and get that back up again and deleted all my old AVG programs and files, deleted and reinstalled MSE again, which got that going again. It never came up with anything in new scans but as i was looking through the MSE history, i found about 150 instances of it finding a trojan Win64/siefef.w over the last couple days which it quarenteened. The trojan attacks have stopped and so have the dropped hosts, but i noticed that Windows Firewall will not start up due to an undisclosed problem. So there is still something going on.

It also had been freezing alot during the early stages but that seems to be gone now. Some of the other strange things seem to be if i move my desktop icons around, they will be put back to the default positions every time i reboot. Windows security center cannot be started. It says the service is turned off and will not start when i try to restart it. I had a severly old version of Java, which may have been the source of the attack, but have since updated it, but when i go back to their site to show me which version i have, it always tells me i'm running the old version. Do i need to delete the old version? Same goes for IE9. I downloaded it but it always wants to run IE8.

Sorry for such a long post, just wanted to tell everything about this. I do have a ghosted version of my HHD saved, so if all else fails, i can go back to it. Sounds like whatever this is wont let me start up much of my malware services. Malware Bytes has shown clean since the first exploit file was found. I have also seen many sites that claim to remove the Trojan Win64/siefef.w problem but of course most of them just want to get you to buy their inferior product. Is trojanremoval.org a reputable site?

Your forums and sites have been very helpful to me in the past and i want to thank everyone involed here for their help so far. :cheers:


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 10.4.1
Run by Jerry at 14:19:33 on 2012-05-26
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.archerytalk.com/vb/forumdisplay.php?f=1
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - C:\Windows\SysWOW64\dvmurl.dll
uWindows: Load=C:\Users\Jerry\AppData\Local\Temp\{57150~1.EXE
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Advanced System Protector]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: facebook.com\%20www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
TCP: Interfaces\{98E5A55E-A998-4205-9578-EB9E15529319} : DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [Advanced System Protector]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-26 17:37:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF940C14-A769-49F5-AC8E-6E66F883536F}\offreg.dll
2012-05-26 17:32:43 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF940C14-A769-49F5-AC8E-6E66F883536F}\mpengine.dll
2012-05-25 13:03:21 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 01:56:47 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78C7667C-5F86-483B-B891-0F54D567B0AB}\gapaengine.dll
2012-05-24 01:51:06 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-24 01:51:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-23 00:02:16 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-23 00:01:47 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-23 00:01:47 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-21 20:37:05 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-09 21:06:23 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 21:05:58 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 21:05:57 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 13:33:15 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-21 05:35:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-21 05:35:29 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-21 05:35:29 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-21 05:31:26 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-05 13:33:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 13:33:47 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 12:45:03 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:22:51 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-01 15:39:45 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-01 15:39:45 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-01 14:46:01 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-29 19:21:24 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-02-29 19:21:24 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-02-29 15:37:41 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-02-29 15:37:38 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-29 15:35:44 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-02-29 15:11:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-02-29 14:40:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-29 14:09:35 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-29 14:06:08 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-29 13:52:46 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-02-29 13:44:50 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 11:30:48 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 08:12:52 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-28 06:34:19 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:30:31 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 06:30:17 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:30:01 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-02-28 06:30:01 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-02-28 05:41:20 479232 ----a-w- C:\Windows\System32\html.iec
2012-02-28 05:00:09 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-02-28 04:58:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
.
============= FINISH: 14:20:16.58 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3DMark Vantage
3DMark05
3DVIA Shape for Maps
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
ADS Tech Master Installer V3.8
ADS Tech V3.8 DVD Xpress DX2 CapWiz
Advanced System Protector
AMD OverDrive
Auslogics Disk Defrag
AV Grabber
Beta 0.9.0
Browser Configuration Utility
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CDDRV_Installer
Creative Audio Control Panel
Creative Console Launcher
Creative Sound Blaster Properties x64 Edition
Creative System Information
Creative ZEN
Disk Space Fan 2.2.7.820
DMIView B7.0108.01
Drv
EasyTune5Pro
Emsisoft Anti-Malware
ERUNT 1.1j
EVEREST Ultimate Edition v5.50
EZ Grabber
Futuremark SystemInfo
GIMP 2.6.8
GoGear VIBE Device Manager
Google Earth
Google Update Helper
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
i-Cool
Indeo® software
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 7 Update 4
JavaFX 2.1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Media Converter for Philips
Microsoft DirectX SDK (June 2010)
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mp3tag v2.44
MSI Afterburner 1.6.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
PandoraRecovery (Remove Only)
PCMark Vantage
Phone F USB Driver
Photo-grapher 1
PIXresizer 2.0.4
PunkBuster Services
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
RepairSolutions
Rhapsody
Seagate DiscWizard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Shaft Selector Xpert
SmartSound Quicktracks Plugin
Sony DVD Architect Studio 4.5d
SpeedFan (remove only)
SpywareBlaster 4.6
Steam
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 3 Client
Terrain Navigator Pro
Ulead DVD DiskRecorder 2.1.1
Ulead Straight-to-Disc SDK
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vegas Movie Studio Platinum 9.0b
Vista Codec Package
Visual C++ 8.0 Runtime Setup Package (x64)
WinRAR archiver
Xfire (remove only)
Z Engine
.
==== End Of File ===========================
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am
Advertisement
Register to Remove

Re: Strange things going on - Need some help please

Unread postby Alander » May 29th, 2012, 12:54 am

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Strange things going on - Need some help please

Unread postby iowabucks » May 29th, 2012, 8:27 am

Thank you Alander, i'll be waiting to hear from you.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Strange things going on - Need some help please

Unread postby Alander » May 30th, 2012, 12:19 pm

Hi, is this machine used for any kind of business activities or connects to a corporate network? I need to know to give the appropriate instructions

Step 1
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Strange things going on - Need some help please

Unread postby iowabucks » May 30th, 2012, 3:42 pm

This machine is only used as a home computer.

14:39:01.0094 4008 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:39:01.0607 4008 ============================================================
14:39:01.0607 4008 Current date / time: 2012/05/30 14:39:01.0606
14:39:01.0607 4008 SystemInfo:
14:39:01.0607 4008
14:39:01.0607 4008 OS Version: 6.0.6002 ServicePack: 2.0
14:39:01.0607 4008 Product type: Workstation
14:39:01.0607 4008 ComputerName: JERRY-PC
14:39:01.0607 4008 UserName: Jerry
14:39:01.0607 4008 Windows directory: C:\Windows
14:39:01.0607 4008 System windows directory: C:\Windows
14:39:01.0607 4008 Running under WOW64
14:39:01.0607 4008 Processor architecture: Intel x64
14:39:01.0607 4008 Number of processors: 4
14:39:01.0607 4008 Page size: 0x1000
14:39:01.0607 4008 Boot type: Normal boot
14:39:01.0607 4008 ============================================================
14:39:01.0969 4008 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:39:02.0002 4008 ============================================================
14:39:02.0002 4008 \Device\Harddisk0\DR0:
14:39:02.0002 4008 MBR partitions:
14:39:02.0002 4008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2F9B8000
14:39:02.0002 4008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F9B8800, BlocksNum 0xA9CC000
14:39:02.0002 4008 ============================================================
14:39:02.0024 4008 C: <-> \Device\Harddisk0\DR0\Partition0
14:39:02.0080 4008 F: <-> \Device\Harddisk0\DR0\Partition1
14:39:02.0080 4008 ============================================================
14:39:02.0080 4008 Initialize success
14:39:02.0080 4008 ============================================================
14:39:05.0722 3216 ============================================================
14:39:05.0722 3216 Scan started
14:39:05.0722 3216 Mode: Manual;
14:39:05.0722 3216 ============================================================
14:39:05.0958 3216 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
14:39:05.0959 3216 61883 - ok
14:39:06.0013 3216 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
14:39:06.0014 3216 a2acc - ok
14:39:06.0124 3216 a2AntiMalware (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
14:39:06.0140 3216 a2AntiMalware - ok
14:39:06.0174 3216 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
14:39:06.0174 3216 A2DDA - ok
14:39:06.0191 3216 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
14:39:06.0191 3216 a2injectiondriver - ok
14:39:06.0210 3216 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
14:39:06.0210 3216 a2util - ok
14:39:06.0253 3216 ACDaemon (35f57598f0589feb3c3abc1621bf329f) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:39:06.0254 3216 ACDaemon - ok
14:39:06.0335 3216 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:39:06.0337 3216 ACPI - ok
14:39:06.0426 3216 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:39:06.0428 3216 AdobeFlashPlayerUpdateSvc - ok
14:39:06.0466 3216 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:39:06.0468 3216 adp94xx - ok
14:39:06.0486 3216 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:39:06.0488 3216 adpahci - ok
14:39:06.0497 3216 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:39:06.0498 3216 adpu160m - ok
14:39:06.0511 3216 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:39:06.0512 3216 adpu320 - ok
14:39:06.0531 3216 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
14:39:06.0532 3216 AeLookupSvc - ok
14:39:06.0574 3216 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
14:39:06.0577 3216 AFD - ok
14:39:06.0585 3216 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:39:06.0586 3216 agp440 - ok
14:39:06.0596 3216 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:39:06.0597 3216 aic78xx - ok
14:39:06.0608 3216 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
14:39:06.0609 3216 ALG - ok
14:39:06.0648 3216 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:39:06.0649 3216 aliide - ok
14:39:06.0689 3216 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
14:39:06.0690 3216 Alpham1 - ok
14:39:06.0694 3216 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
14:39:06.0695 3216 Alpham2 - ok
14:39:06.0702 3216 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:39:06.0702 3216 amdide - ok
14:39:06.0712 3216 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:39:06.0713 3216 AmdK8 - ok
14:39:06.0743 3216 androidusb (9c59bf508c5d408bb348254e0ba2ee30) C:\Windows\system32\Drivers\fxxandroidusb.sys
14:39:06.0743 3216 androidusb - ok
14:39:06.0817 3216 AODService (bf69de878c8bc82b254204ab7856ae89) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
14:39:06.0818 3216 AODService - ok
14:39:06.0832 3216 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
14:39:06.0832 3216 Appinfo - ok
14:39:06.0853 3216 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
14:39:06.0854 3216 AppMgmt - ok
14:39:06.0867 3216 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:39:06.0868 3216 arc - ok
14:39:06.0882 3216 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:39:06.0882 3216 arcsas - ok
14:39:06.0894 3216 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:39:06.0895 3216 AsyncMac - ok
14:39:06.0920 3216 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:39:06.0920 3216 atapi - ok
14:39:06.0969 3216 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:39:06.0971 3216 AudioEndpointBuilder - ok
14:39:06.0975 3216 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:39:06.0977 3216 AudioSrv - ok
14:39:06.0998 3216 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
14:39:06.0999 3216 Avc - ok
14:39:07.0023 3216 AVCSTRM (044320c8073293e02d000671e1e7a592) C:\Windows\system32\DRIVERS\avcstrm.sys
14:39:07.0023 3216 AVCSTRM - ok
14:39:07.0083 3216 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
14:39:07.0090 3216 BITS - ok
14:39:07.0102 3216 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:39:07.0102 3216 blbdrive - ok
14:39:07.0134 3216 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:39:07.0135 3216 bowser - ok
14:39:07.0146 3216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:39:07.0147 3216 BrFiltLo - ok
14:39:07.0151 3216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:39:07.0151 3216 BrFiltUp - ok
14:39:07.0162 3216 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
14:39:07.0163 3216 Browser - ok
14:39:07.0177 3216 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:39:07.0178 3216 Brserid - ok
14:39:07.0186 3216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:39:07.0187 3216 BrSerWdm - ok
14:39:07.0194 3216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:39:07.0195 3216 BrUsbMdm - ok
14:39:07.0201 3216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:39:07.0201 3216 BrUsbSer - ok
14:39:07.0212 3216 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:39:07.0213 3216 BTHMODEM - ok
14:39:07.0228 3216 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:39:07.0228 3216 cdfs - ok
14:39:07.0242 3216 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:39:07.0243 3216 cdrom - ok
14:39:07.0268 3216 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:39:07.0269 3216 CertPropSvc - ok
14:39:07.0280 3216 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:39:07.0281 3216 circlass - ok
14:39:07.0317 3216 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:39:07.0319 3216 CLFS - ok
14:39:07.0375 3216 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:39:07.0376 3216 clr_optimization_v2.0.50727_32 - ok
14:39:07.0423 3216 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:39:07.0424 3216 clr_optimization_v2.0.50727_64 - ok
14:39:07.0505 3216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:39:07.0506 3216 clr_optimization_v4.0.30319_32 - ok
14:39:07.0545 3216 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:39:07.0546 3216 clr_optimization_v4.0.30319_64 - ok
14:39:07.0551 3216 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:39:07.0551 3216 cmdide - ok
14:39:07.0559 3216 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
14:39:07.0559 3216 Compbatt - ok
14:39:07.0562 3216 COMSysApp - ok
14:39:07.0571 3216 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:39:07.0572 3216 crcdisk - ok
14:39:07.0619 3216 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:39:07.0619 3216 Creative Audio Engine Licensing Service - ok
14:39:07.0641 3216 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
14:39:07.0642 3216 CryptSvc - ok
14:39:07.0683 3216 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
14:39:07.0685 3216 CSC - ok
14:39:07.0712 3216 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
14:39:07.0715 3216 CscService - ok
14:39:07.0736 3216 CT20XUT (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\system32\drivers\CT20XUT.SYS
14:39:07.0737 3216 CT20XUT - ok
14:39:07.0740 3216 CT20XUT.SYS (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\System32\drivers\CT20XUT.SYS
14:39:07.0742 3216 CT20XUT.SYS - ok
14:39:07.0773 3216 ctac32k (3295516329ea2aecadde7a33872d3816) C:\Windows\system32\drivers\ctac32k.sys
14:39:07.0776 3216 ctac32k - ok
14:39:07.0805 3216 ctaud2k (a2dda894e68b746c83153428107ad8a7) C:\Windows\system32\drivers\ctaud2k.sys
14:39:07.0808 3216 ctaud2k - ok
14:39:07.0849 3216 CTAudSvcService (24b0b8d3cbb46ed5f16551974ae8d222) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:39:07.0851 3216 CTAudSvcService - ok
14:39:07.0908 3216 CTEXFIFX (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\system32\drivers\CTEXFIFX.SYS
14:39:07.0915 3216 CTEXFIFX - ok
14:39:08.0025 3216 CTEXFIFX.SYS (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\System32\drivers\CTEXFIFX.SYS
14:39:08.0033 3216 CTEXFIFX.SYS - ok
14:39:08.0104 3216 CTHWIUT (37f04666c5c325d1864d36b260a7248b) C:\Windows\system32\drivers\CTHWIUT.SYS
14:39:08.0105 3216 CTHWIUT - ok
14:39:08.0108 3216 CTHWIUT.SYS (37f04666c5c325d1864d36b260a7248b) C:\Windows\System32\drivers\CTHWIUT.SYS
14:39:08.0109 3216 CTHWIUT.SYS - ok
14:39:08.0121 3216 ctprxy2k (24d416647168617bb19dbd1a3624be4d) C:\Windows\system32\drivers\ctprxy2k.sys
14:39:08.0121 3216 ctprxy2k - ok
14:39:08.0140 3216 ctsfm2k (3e7177437bfa1ba61ca1a85bacf442a0) C:\Windows\system32\drivers\ctsfm2k.sys
14:39:08.0141 3216 ctsfm2k - ok
14:39:08.0198 3216 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:39:08.0203 3216 DcomLaunch - ok
14:39:08.0234 3216 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:39:08.0235 3216 DfsC - ok
14:39:08.0280 3216 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
14:39:08.0283 3216 Dhcp - ok
14:39:08.0312 3216 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:39:08.0313 3216 disk - ok
14:39:08.0353 3216 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
14:39:08.0354 3216 Dnscache - ok
14:39:08.0385 3216 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
14:39:08.0386 3216 dot3svc - ok
14:39:08.0408 3216 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
14:39:08.0410 3216 DPS - ok
14:39:08.0433 3216 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:39:08.0433 3216 drmkaud - ok
14:39:08.0858 3216 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:39:08.0862 3216 DXGKrnl - ok
14:39:08.0903 3216 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:39:08.0904 3216 E1G60 - ok
14:39:08.0921 3216 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
14:39:08.0922 3216 EapHost - ok
14:39:09.0026 3216 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:39:09.0027 3216 Ecache - ok
14:39:09.0091 3216 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
14:39:09.0093 3216 ehRecvr - ok
14:39:09.0103 3216 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
14:39:09.0104 3216 ehSched - ok
14:39:09.0111 3216 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
14:39:09.0112 3216 ehstart - ok
14:39:09.0131 3216 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:39:09.0133 3216 elxstor - ok
14:39:09.0185 3216 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
14:39:09.0187 3216 EMDMgmt - ok
14:39:09.0211 3216 emupia (660dedf9ae7c414b74480b484c7ba300) C:\Windows\system32\drivers\emupia2k.sys
14:39:09.0212 3216 emupia - ok
14:39:09.0220 3216 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:39:09.0221 3216 ErrDev - ok
14:39:09.0279 3216 ET5Drv (5dc0914e8c6168de7702b8e2dc140b80) C:\Windows\ET5Drv.sys
14:39:09.0279 3216 ET5Drv - ok
14:39:09.0335 3216 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
14:39:09.0337 3216 EventSystem - ok
14:39:09.0365 3216 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:39:09.0366 3216 exfat - ok
14:39:09.0465 3216 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:39:09.0466 3216 fastfat - ok
14:39:09.0485 3216 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:39:09.0486 3216 fdc - ok
14:39:09.0495 3216 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
14:39:09.0496 3216 fdPHost - ok
14:39:09.0510 3216 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
14:39:09.0511 3216 FDResPub - ok
14:39:09.0520 3216 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:39:09.0520 3216 FileInfo - ok
14:39:09.0534 3216 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:39:09.0535 3216 Filetrace - ok
14:39:09.0545 3216 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:39:09.0545 3216 flpydisk - ok
14:39:09.0561 3216 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:39:09.0563 3216 FltMgr - ok
14:39:09.0633 3216 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
14:39:09.0639 3216 FontCache - ok
14:39:09.0739 3216 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
14:39:09.0739 3216 Fs_Rec - ok
14:39:09.0760 3216 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
14:39:09.0762 3216 fvevol - ok
14:39:09.0775 3216 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:39:09.0776 3216 gagp30kx - ok
14:39:09.0789 3216 gdrv (5ea3b256225d79a4b07a2cac6276b23d) C:\Windows\gdrv.sys
14:39:09.0790 3216 gdrv - ok
14:39:09.0823 3216 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
14:39:09.0827 3216 gpsvc - ok
14:39:09.0914 3216 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:39:09.0915 3216 gupdate - ok
14:39:09.0931 3216 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:39:09.0932 3216 gupdatem - ok
14:39:09.0949 3216 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
14:39:09.0949 3216 GVTDrv64 - ok
14:39:10.0010 3216 ha20x2k (c8df6024abea766f2d735b35d109ee7e) C:\Windows\system32\drivers\ha20x2k.sys
14:39:10.0018 3216 ha20x2k - ok
14:39:10.0070 3216 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\drivers\hdaudbus.sys
14:39:10.0070 3216 HDAudBus - ok
14:39:10.0083 3216 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:39:10.0083 3216 HidBth - ok
14:39:10.0097 3216 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:39:10.0097 3216 HidIr - ok
14:39:10.0138 3216 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
14:39:10.0139 3216 hidserv - ok
14:39:10.0182 3216 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:39:10.0183 3216 HidUsb - ok
14:39:10.0204 3216 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
14:39:10.0205 3216 hkmsvc - ok
14:39:10.0216 3216 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:39:10.0216 3216 HpCISSs - ok
14:39:10.0267 3216 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:39:10.0270 3216 HTTP - ok
14:39:10.0287 3216 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:39:10.0288 3216 i2omp - ok
14:39:10.0304 3216 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:39:10.0305 3216 i8042prt - ok
14:39:10.0330 3216 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:39:10.0331 3216 iaStorV - ok
14:39:10.0344 3216 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:39:10.0345 3216 iirsp - ok
14:39:10.0380 3216 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
14:39:10.0382 3216 IKEEXT - ok
14:39:10.0393 3216 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:39:10.0393 3216 intelide - ok
14:39:10.0406 3216 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:39:10.0407 3216 intelppm - ok
14:39:10.0428 3216 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
14:39:10.0429 3216 IPBusEnum - ok
14:39:10.0447 3216 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:39:10.0448 3216 IpFilterDriver - ok
14:39:10.0450 3216 IpInIp - ok
14:39:10.0470 3216 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:39:10.0471 3216 IPMIDRV - ok
14:39:10.0483 3216 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:39:10.0484 3216 IPNAT - ok
14:39:10.0495 3216 ipruvqpu - ok
14:39:10.0500 3216 ipwjbzxt - ok
14:39:10.0512 3216 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:39:10.0513 3216 IRENUM - ok
14:39:10.0520 3216 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:39:10.0521 3216 isapnp - ok
14:39:10.0541 3216 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:39:10.0542 3216 iScsiPrt - ok
14:39:10.0554 3216 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:39:10.0555 3216 iteatapi - ok
14:39:10.0561 3216 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:39:10.0562 3216 iteraid - ok
14:39:10.0577 3216 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:39:10.0577 3216 kbdclass - ok
14:39:10.0603 3216 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:39:10.0604 3216 kbdhid - ok
14:39:10.0625 3216 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:39:10.0626 3216 KeyIso - ok
14:39:10.0663 3216 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
14:39:10.0666 3216 KSecDD - ok
14:39:10.0670 3216 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:39:10.0670 3216 ksthunk - ok
14:39:10.0699 3216 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
14:39:10.0702 3216 KtmRm - ok
14:39:10.0733 3216 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
14:39:10.0735 3216 LanmanServer - ok
14:39:10.0760 3216 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
14:39:10.0762 3216 LanmanWorkstation - ok
14:39:10.0788 3216 LHidFilt (97caaa9fd47af67e590552c34ce2d9b1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:39:10.0788 3216 LHidFilt - ok
14:39:10.0805 3216 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:39:10.0806 3216 lltdio - ok
14:39:10.0824 3216 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
14:39:10.0827 3216 lltdsvc - ok
14:39:10.0839 3216 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
14:39:10.0840 3216 lmhosts - ok
14:39:10.0857 3216 LMouFilt (1a3c49b3edba8f8faf49ad5679813321) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:39:10.0857 3216 LMouFilt - ok
14:39:10.0878 3216 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:39:10.0879 3216 LSI_FC - ok
14:39:10.0890 3216 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:39:10.0890 3216 LSI_SAS - ok
14:39:10.0906 3216 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:39:10.0907 3216 LSI_SCSI - ok
14:39:10.0919 3216 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:39:10.0920 3216 luafv - ok
14:39:10.0922 3216 MCSTRM - ok
14:39:10.0937 3216 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
14:39:10.0938 3216 Mcx2Svc - ok
14:39:10.0946 3216 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:39:10.0946 3216 megasas - ok
14:39:10.0975 3216 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:39:10.0978 3216 MegaSR - ok
14:39:10.0990 3216 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:39:10.0991 3216 MMCSS - ok
14:39:11.0008 3216 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:39:11.0008 3216 Modem - ok
14:39:11.0023 3216 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:39:11.0023 3216 monitor - ok
14:39:11.0034 3216 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:39:11.0035 3216 mouclass - ok
14:39:11.0039 3216 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:39:11.0039 3216 mouhid - ok
14:39:11.0046 3216 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:39:11.0047 3216 MountMgr - ok
14:39:11.0074 3216 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:39:11.0075 3216 MpFilter - ok
14:39:11.0090 3216 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:39:11.0091 3216 mpio - ok
14:39:11.0105 3216 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:39:11.0106 3216 mpsdrv - ok
14:39:11.0118 3216 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:39:11.0119 3216 Mraid35x - ok
14:39:11.0138 3216 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:39:11.0139 3216 MRxDAV - ok
14:39:11.0175 3216 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:39:11.0176 3216 mrxsmb - ok
14:39:11.0198 3216 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:39:11.0199 3216 mrxsmb10 - ok
14:39:11.0209 3216 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:39:11.0210 3216 mrxsmb20 - ok
14:39:11.0223 3216 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:39:11.0223 3216 msahci - ok
14:39:11.0234 3216 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:39:11.0235 3216 msdsm - ok
14:39:11.0250 3216 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
14:39:11.0252 3216 MSDTC - ok
14:39:11.0281 3216 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
14:39:11.0281 3216 MSDV - ok
14:39:11.0292 3216 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:39:11.0293 3216 Msfs - ok
14:39:11.0300 3216 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:39:11.0301 3216 msisadrv - ok
14:39:11.0318 3216 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
14:39:11.0319 3216 MSiSCSI - ok
14:39:11.0322 3216 msiserver - ok
14:39:11.0336 3216 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:39:11.0337 3216 MSKSSRV - ok
14:39:11.0401 3216 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:39:11.0401 3216 MsMpSvc - ok
14:39:11.0411 3216 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:39:11.0411 3216 MSPCLOCK - ok
14:39:11.0419 3216 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:39:11.0420 3216 MSPQM - ok
14:39:11.0453 3216 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:39:11.0455 3216 MsRPC - ok
14:39:11.0463 3216 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:39:11.0463 3216 mssmbios - ok
14:39:11.0489 3216 MSTAPE (7d1f9672aa6d98d896fe22314442c36f) C:\Windows\system32\DRIVERS\mstape.sys
14:39:11.0490 3216 MSTAPE - ok
14:39:11.0502 3216 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:39:11.0503 3216 MSTEE - ok
14:39:11.0517 3216 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:39:11.0518 3216 Mup - ok
14:39:11.0538 3216 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
14:39:11.0541 3216 napagent - ok
14:39:11.0570 3216 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:39:11.0572 3216 NativeWifiP - ok
14:39:11.0609 3216 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:39:11.0612 3216 NDIS - ok
14:39:11.0642 3216 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:39:11.0643 3216 NdisTapi - ok
14:39:11.0653 3216 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:39:11.0654 3216 Ndisuio - ok
14:39:11.0667 3216 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:39:11.0668 3216 NdisWan - ok
14:39:11.0680 3216 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:39:11.0681 3216 NDProxy - ok
14:39:11.0688 3216 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:39:11.0688 3216 NetBIOS - ok
14:39:11.0804 3216 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:39:11.0805 3216 netbt - ok
14:39:11.0975 3216 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:39:11.0976 3216 Netlogon - ok
14:39:12.0001 3216 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
14:39:12.0004 3216 Netman - ok
14:39:12.0022 3216 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
14:39:12.0024 3216 netprofm - ok
14:39:12.0042 3216 nfbqzilg - ok
14:39:12.0052 3216 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:39:12.0052 3216 nfrd960 - ok
14:39:12.0106 3216 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:39:12.0108 3216 NisDrv - ok
14:39:12.0186 3216 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:39:12.0190 3216 NisSrv - ok
14:39:12.0213 3216 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
14:39:12.0215 3216 NlaSvc - ok
14:39:12.0246 3216 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:39:12.0246 3216 Npfs - ok
14:39:12.0251 3216 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
14:39:12.0253 3216 nsi - ok
14:39:12.0258 3216 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:39:12.0258 3216 nsiproxy - ok
14:39:12.0333 3216 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:39:12.0340 3216 Ntfs - ok
14:39:12.0444 3216 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:39:12.0445 3216 Null - ok
14:39:12.0913 3216 nvlddmkm (2b9fd17492fbd799726369f2db3e4827) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:39:12.0971 3216 nvlddmkm - ok
14:39:13.0033 3216 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:39:13.0034 3216 nvraid - ok
14:39:13.0045 3216 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:39:13.0045 3216 nvstor - ok
14:39:13.0068 3216 nvsvc (9d20f4a43b0e0123b1633a05bd1d7113) C:\Windows\system32\nvvsvc.exe
14:39:13.0070 3216 nvsvc - ok
14:39:13.0085 3216 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:39:13.0086 3216 nv_agp - ok
14:39:13.0088 3216 NwlnkFlt - ok
14:39:13.0092 3216 NwlnkFwd - ok
14:39:13.0117 3216 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
14:39:13.0117 3216 ohci1394 - ok
14:39:13.0160 3216 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:39:13.0161 3216 ose - ok
14:39:13.0187 3216 ossrv (71e4ef433b137256c4810c6f8337680b) C:\Windows\system32\drivers\ctoss2k.sys
14:39:13.0189 3216 ossrv - ok
14:39:13.0251 3216 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:39:13.0257 3216 p2pimsvc - ok
14:39:13.0264 3216 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:39:13.0270 3216 p2psvc - ok
14:39:13.0310 3216 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:39:13.0311 3216 Parport - ok
14:39:13.0344 3216 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
14:39:13.0345 3216 partmgr - ok
14:39:13.0351 3216 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
14:39:13.0352 3216 PcaSvc - ok
14:39:13.0368 3216 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:39:13.0369 3216 pci - ok
14:39:13.0378 3216 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
14:39:13.0379 3216 pciide - ok
14:39:13.0396 3216 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:39:13.0397 3216 pcmcia - ok
14:39:13.0429 3216 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:39:13.0433 3216 PEAUTH - ok
14:39:13.0462 3216 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
14:39:13.0463 3216 PerfHost - ok
14:39:13.0524 3216 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
14:39:13.0531 3216 pla - ok
14:39:13.0568 3216 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
14:39:13.0570 3216 PlugPlay - ok
14:39:13.0584 3216 PnkBstrA - ok
14:39:13.0645 3216 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:39:13.0650 3216 PNRPAutoReg - ok
14:39:13.0657 3216 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:39:13.0661 3216 PNRPsvc - ok
14:39:13.0716 3216 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
14:39:13.0720 3216 PolicyAgent - ok
14:39:13.0767 3216 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:39:13.0768 3216 PptpMiniport - ok
14:39:13.0776 3216 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
14:39:13.0776 3216 Processor - ok
14:39:13.0853 3216 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
14:39:13.0855 3216 ProfSvc - ok
14:39:13.0886 3216 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:39:13.0887 3216 ProtectedStorage - ok
14:39:13.0910 3216 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:39:13.0911 3216 PSched - ok
14:39:13.0962 3216 qcusbser (58e25be1caa4f908c4cabeb1a27bc4dd) C:\Windows\system32\DRIVERS\FXX\qcusbser.sys
14:39:13.0964 3216 qcusbser - ok
14:39:14.0301 3216 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:39:14.0306 3216 ql2300 - ok
14:39:14.0371 3216 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:39:14.0372 3216 ql40xx - ok
14:39:14.0515 3216 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
14:39:14.0517 3216 QWAVE - ok
14:39:14.0561 3216 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:39:14.0562 3216 QWAVEdrv - ok
14:39:14.0605 3216 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:39:14.0606 3216 RasAcd - ok
14:39:14.0628 3216 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
14:39:14.0630 3216 RasAuto - ok
14:39:14.0668 3216 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:39:14.0669 3216 Rasl2tp - ok
14:39:14.0688 3216 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
14:39:14.0690 3216 RasMan - ok
14:39:14.0772 3216 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:39:14.0773 3216 RasPppoe - ok
14:39:14.0848 3216 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:39:14.0849 3216 RasSstp - ok
14:39:14.0881 3216 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:39:14.0882 3216 rdbss - ok
14:39:14.0886 3216 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:39:14.0886 3216 RDPCDD - ok
14:39:15.0072 3216 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
14:39:15.0074 3216 rdpdr - ok
14:39:15.0088 3216 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:39:15.0089 3216 RDPENCDD - ok
14:39:15.0208 3216 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
14:39:15.0209 3216 RDPWD - ok
14:39:15.0240 3216 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
14:39:15.0241 3216 RemoteAccess - ok
14:39:15.0412 3216 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
14:39:15.0414 3216 RemoteRegistry - ok
14:39:15.0448 3216 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
14:39:15.0449 3216 RpcLocator - ok
14:39:15.0494 3216 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:39:15.0498 3216 RpcSs - ok
14:39:15.0515 3216 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:39:15.0515 3216 rspndr - ok
14:39:15.0536 3216 RTL8169 (a2cbe070fba458357acef41c3f3906ca) C:\Windows\system32\DRIVERS\Rtlh64.sys
14:39:15.0537 3216 RTL8169 - ok
14:39:15.0540 3216 rxgzaxqa - ok
14:39:15.0588 3216 SABKUTIL - ok
14:39:15.0592 3216 SABProcEnum - ok
14:39:15.0645 3216 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:39:15.0646 3216 SamSs - ok
14:39:15.0649 3216 SANDRA - ok
14:39:15.0652 3216 SandraAgentSrv - ok
14:39:15.0716 3216 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:39:15.0717 3216 sbp2port - ok
14:39:15.0807 3216 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
14:39:15.0808 3216 SCardSvr - ok
14:39:15.0891 3216 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
14:39:15.0896 3216 Schedule - ok
14:39:15.0924 3216 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:39:15.0924 3216 SCPolicySvc - ok
14:39:16.0024 3216 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
14:39:16.0026 3216 SDRSVC - ok
14:39:16.0072 3216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:39:16.0073 3216 secdrv - ok
14:39:16.0101 3216 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
14:39:16.0103 3216 seclogon - ok
14:39:16.0185 3216 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
14:39:16.0186 3216 SENS - ok
14:39:16.0223 3216 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:39:16.0224 3216 Serenum - ok
14:39:16.0568 3216 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:39:16.0568 3216 Serial - ok
14:39:16.0671 3216 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:39:16.0672 3216 sermouse - ok
14:39:16.0813 3216 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
14:39:16.0814 3216 SessionEnv - ok
14:39:16.0842 3216 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:39:16.0842 3216 sffdisk - ok
14:39:16.0855 3216 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:39:16.0855 3216 sffp_mmc - ok
14:39:16.0864 3216 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:39:16.0865 3216 sffp_sd - ok
14:39:16.0868 3216 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:39:16.0868 3216 sfloppy - ok
14:39:17.0014 3216 SgtSch2Svc (43adbe70270dfd40ebda4dd0e492b5fb) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
14:39:17.0017 3216 SgtSch2Svc - ok
14:39:17.0081 3216 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
14:39:17.0084 3216 ShellHWDetection - ok
14:39:17.0097 3216 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:39:17.0098 3216 SiSRaid2 - ok
14:39:17.0108 3216 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:39:17.0109 3216 SiSRaid4 - ok
14:39:18.0225 3216 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
14:39:18.0238 3216 slsvc - ok
14:39:18.0328 3216 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
14:39:18.0330 3216 SLUINotify - ok
14:39:18.0418 3216 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:39:18.0419 3216 Smb - ok
14:39:18.0555 3216 snapman (8ac15211eb4bf019aab0022781cc8ad0) C:\Windows\system32\DRIVERS\snapman.sys
14:39:18.0556 3216 snapman - ok
14:39:18.0588 3216 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
14:39:18.0590 3216 SNMPTRAP - ok
14:39:18.0883 3216 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
14:39:18.0885 3216 speedfan - ok
14:39:18.0910 3216 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:39:18.0911 3216 spldr - ok
14:39:18.0952 3216 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
14:39:18.0954 3216 Spooler - ok
14:39:19.0332 3216 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:39:19.0334 3216 srv - ok
14:39:19.0557 3216 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:39:19.0559 3216 srv2 - ok
14:39:19.0614 3216 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:39:19.0615 3216 srvnet - ok
14:39:19.0642 3216 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
14:39:19.0645 3216 SSDPSRV - ok
14:39:19.0658 3216 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
14:39:19.0660 3216 SstpSvc - ok
14:39:19.0692 3216 Steam Client Service - ok
14:39:19.0851 3216 Stereo Service (bad795e567a323481813c88db8bc8fdf) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:39:19.0852 3216 Stereo Service - ok
14:39:19.0890 3216 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
14:39:19.0894 3216 stisvc - ok
14:39:19.0924 3216 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:39:19.0924 3216 swenum - ok
14:39:20.0464 3216 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
14:39:20.0467 3216 swprv - ok
14:39:20.0501 3216 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:39:20.0501 3216 Symc8xx - ok
14:39:20.0518 3216 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:39:20.0519 3216 Sym_hi - ok
14:39:20.0533 3216 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:39:20.0534 3216 Sym_u3 - ok
14:39:20.0863 3216 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
14:39:20.0868 3216 SysMain - ok
14:39:20.0899 3216 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
14:39:20.0900 3216 TabletInputService - ok
14:39:21.0273 3216 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
14:39:21.0276 3216 TapiSrv - ok
14:39:21.0299 3216 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
14:39:21.0301 3216 TBS - ok
14:39:21.0878 3216 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
14:39:21.0884 3216 Tcpip - ok
14:39:22.0926 3216 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
14:39:22.0933 3216 Tcpip6 - ok
14:39:23.0298 3216 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
14:39:23.0298 3216 tcpipreg - ok
14:39:23.0334 3216 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:39:23.0335 3216 TDPIPE - ok
14:39:23.0656 3216 tdrpman (ac1fc18d04b92bac16cbd85de2a08a0b) C:\Windows\system32\DRIVERS\tdrpman.sys
14:39:23.0659 3216 tdrpman - ok
14:39:23.0695 3216 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:39:23.0695 3216 TDTCP - ok
14:39:23.0798 3216 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:39:23.0798 3216 tdx - ok
14:39:23.0847 3216 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:39:23.0848 3216 TermDD - ok
14:39:23.0889 3216 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
14:39:23.0893 3216 TermService - ok
14:39:23.0943 3216 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
14:39:23.0946 3216 Themes - ok
14:39:24.0001 3216 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:39:24.0002 3216 THREADORDER - ok
14:39:24.0075 3216 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
14:39:24.0075 3216 tifsfilter - ok
14:39:24.0493 3216 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
14:39:24.0496 3216 timounter - ok
14:39:24.0573 3216 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
14:39:24.0575 3216 TrkWks - ok
14:39:24.0670 3216 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
14:39:24.0671 3216 TrustedInstaller - ok
14:39:24.0715 3216 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:39:24.0716 3216 tssecsrv - ok
14:39:24.0748 3216 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:39:24.0748 3216 tunmp - ok
14:39:24.0805 3216 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:39:24.0806 3216 tunnel - ok
14:39:24.0858 3216 U6000ALL (a30cff6b2b64ffe538e93b99e3b0cec2) C:\Windows\system32\DRIVERS\U6000ALL.sys
14:39:24.0860 3216 U6000ALL - ok
14:39:24.0876 3216 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:39:24.0876 3216 uagp35 - ok
14:39:24.0913 3216 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:39:24.0915 3216 udfs - ok
14:39:24.0927 3216 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
14:39:24.0928 3216 UI0Detect - ok
14:39:24.0937 3216 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:39:24.0938 3216 uliagpkx - ok
14:39:25.0093 3216 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:39:25.0095 3216 uliahci - ok
14:39:25.0180 3216 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:39:25.0181 3216 UlSata - ok
14:39:25.0487 3216 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:39:25.0489 3216 ulsata2 - ok
14:39:25.0509 3216 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:39:25.0510 3216 umbus - ok
14:39:25.0532 3216 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
14:39:25.0535 3216 UmRdpService - ok
14:39:25.0568 3216 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
14:39:25.0571 3216 upnphost - ok
14:39:25.0594 3216 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:39:25.0595 3216 usbccgp - ok
14:39:25.0604 3216 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:39:25.0604 3216 usbcir - ok
14:39:25.0639 3216 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:39:25.0639 3216 usbehci - ok
14:39:25.0692 3216 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:39:25.0694 3216 usbhub - ok
14:39:25.0717 3216 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
14:39:25.0717 3216 usbohci - ok
14:39:25.0769 3216 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:39:25.0770 3216 usbprint - ok
14:39:25.0794 3216 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:39:25.0794 3216 usbscan - ok
14:39:25.0812 3216 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:39:25.0813 3216 USBSTOR - ok
14:39:25.0831 3216 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:39:25.0831 3216 usbuhci - ok
14:39:25.0851 3216 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
14:39:25.0853 3216 UxSms - ok
14:39:25.0893 3216 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
14:39:25.0896 3216 vds - ok
14:39:25.0910 3216 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:39:25.0911 3216 vga - ok
14:39:25.0916 3216 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:39:25.0917 3216 VgaSave - ok
14:39:25.0929 3216 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:39:25.0930 3216 viaide - ok
14:39:25.0938 3216 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:39:25.0939 3216 volmgr - ok
14:39:25.0982 3216 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:39:25.0984 3216 volmgrx - ok
14:39:25.0996 3216 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:39:25.0997 3216 volsnap - ok
14:39:26.0012 3216 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:39:26.0013 3216 vsmraid - ok
14:39:26.0086 3216 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
14:39:26.0094 3216 VSS - ok
14:39:26.0188 3216 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
14:39:26.0191 3216 W32Time - ok
14:39:26.0207 3216 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:39:26.0208 3216 WacomPen - ok
14:39:26.0217 3216 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:39:26.0218 3216 Wanarp - ok
14:39:26.0221 3216 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:39:26.0222 3216 Wanarpv6 - ok
14:39:26.0280 3216 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
14:39:26.0287 3216 wbengine - ok
14:39:26.0323 3216 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
14:39:26.0327 3216 wcncsvc - ok
14:39:26.0346 3216 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
14:39:26.0347 3216 WcsPlugInService - ok
14:39:26.0362 3216 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:39:26.0363 3216 Wd - ok
14:39:26.0403 3216 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:39:26.0407 3216 Wdf01000 - ok
14:39:26.0425 3216 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:39:26.0427 3216 WdiServiceHost - ok
14:39:26.0429 3216 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:39:26.0431 3216 WdiSystemHost - ok
14:39:26.0462 3216 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
14:39:26.0465 3216 WebClient - ok
14:39:26.0491 3216 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
14:39:26.0493 3216 Wecsvc - ok
14:39:26.0506 3216 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
14:39:26.0508 3216 wercplsupport - ok
14:39:26.0517 3216 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
14:39:26.0519 3216 WerSvc - ok
14:39:26.0523 3216 WinHttpAutoProxySvc - ok
14:39:26.0579 3216 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
14:39:26.0580 3216 Winmgmt - ok
14:39:26.0683 3216 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
14:39:26.0694 3216 WinRM - ok
14:39:26.0794 3216 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
14:39:26.0799 3216 Wlansvc - ok
14:39:26.0825 3216 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:39:26.0825 3216 WmiAcpi - ok
14:39:26.0868 3216 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
14:39:26.0869 3216 wmiApSrv - ok
14:39:26.0898 3216 WMPNetworkSvc - ok
14:39:26.0919 3216 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
14:39:26.0922 3216 WPCSvc - ok
14:39:26.0955 3216 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
14:39:26.0957 3216 WPDBusEnum - ok
14:39:26.0983 3216 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:39:26.0984 3216 WpdUsb - ok
14:39:27.0136 3216 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:39:27.0141 3216 WPFFontCache_v0400 - ok
14:39:27.0159 3216 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:39:27.0159 3216 ws2ifsl - ok
14:39:27.0162 3216 WSearch - ok
14:39:27.0249 3216 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
14:39:27.0263 3216 wuauserv - ok
14:39:27.0344 3216 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:39:27.0345 3216 WUDFRd - ok
14:39:27.0358 3216 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
14:39:27.0360 3216 wudfsvc - ok
14:39:27.0373 3216 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:39:27.0501 3216 \Device\Harddisk0\DR0 - ok
14:39:27.0505 3216 Boot (0x1200) (130f05919ca90bc01e7bcd3208cff5bb) \Device\Harddisk0\DR0\Partition0
14:39:27.0508 3216 \Device\Harddisk0\DR0\Partition0 - ok
14:39:27.0533 3216 Boot (0x1200) (fb54e17c5918e27f5584eda59037d8f5) \Device\Harddisk0\DR0\Partition1
14:39:27.0534 3216 \Device\Harddisk0\DR0\Partition1 - ok
14:39:27.0535 3216 ============================================================
14:39:27.0535 3216 Scan finished
14:39:27.0535 3216 ============================================================
14:39:27.0544 3944 Detected object count: 0
14:39:27.0544 3944 Actual detected object count: 0
14:40:11.0139 3888 Deinitialize success
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Strange things going on - Need some help please

Unread postby Alander » May 30th, 2012, 10:31 pm

Hi :)

Step1
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Strange things going on - Need some help please

Unread postby iowabucks » May 31st, 2012, 9:23 am

Hmmm. I get an error every time i try to run OTL. A windows box pops up that says "OTL has stopped working. Windows is checking for a solution to the problem."

Then another windows box pops up that says "Exception EReadError in module OTL.exe at 00016A6B. Error reading DiskPartitionInfo1.Active:."

I tried it a second time, same thing. So i deleted it and tried downloading it again. I ran it once again with the same outcome.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Strange things going on - Need some help please

Unread postby Alander » June 1st, 2012, 6:09 am

Hi :)
Ok see if you can run OTL in safe mode.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Now try running OTL, if successful post the resulting logs.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Strange things going on - Need some help please

Unread postby iowabucks » June 1st, 2012, 10:06 pm

Does the very same thing in safe mode.

As i was looking around i came upon the system restore program. I gave it a try and it brought back my old resolution and put everything back where it was. Hey! I thought i had it whipped. But then IE8 would crash every time i opened it. I did tons of searches and couldn't get it figured out, so i restored it back to where it was yesterday. So i guess that didn't work.

I guess we'll just keep on trying.

If for some reason we can't get it figured out, it's no big deal. I have another copy of this drive ghosted. I'll just revert back to it. But i do like seeing the process we go through to try and get this figured out. Very informative. Let me know if you are swamped with help requests. I can bow out and swap drives, and you can go on to help someone that needs the help more than me.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Strange things going on - Need some help please

Unread postby Alander » June 2nd, 2012, 6:36 am

Hi,
Please do not do anything to your computer (uninstall / conduct any scans / restore your computer) without instructions as this will hinder the cleaning process

Lets see if this will work..

Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Strange things going on - Need some help please

Unread postby iowabucks » June 2nd, 2012, 9:50 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-02 08:04:20
-----------------------------
08:04:20.546 OS Version: Windows x64 6.0.6002 Service Pack 2
08:04:20.546 Number of processors: 4 586 0x203
08:04:20.546 ComputerName: JERRY-PC UserName: Jerry
08:04:23.483 Initialize success
08:06:59.175 AVAST engine defs: 12060200
08:28:54.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
08:28:54.083 Disk 0 Vendor: ST3500320AS SD1A Size: 476938MB BusType: 3
08:28:54.096 Disk 0 MBR read successfully
08:28:54.098 Disk 0 MBR scan
08:28:54.103 Disk 0 Windows VISTA default MBR code
08:28:54.112 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 390000 MB offset 2048
08:28:54.138 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 86936 MB offset 798722048
08:28:54.196 Disk 0 scanning C:\Windows\system32\drivers
08:29:05.359 Service scanning
08:29:30.652 Modules scanning
08:29:30.658 Disk 0 trace - called modules:
08:29:30.685 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:29:30.689 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064c56d0]
08:29:31.022 3 CLASSPNP.SYS[fffffa6000fa8c33] -> nt!IofCallDriver -> [0xfffffa8004c4b520]
08:29:31.028 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004c4c940]
08:29:35.212 AVAST engine scan C:\Windows
08:29:37.886 AVAST engine scan C:\Windows\system32
08:33:49.608 AVAST engine scan C:\Windows\system32\drivers
08:34:03.952 AVAST engine scan C:\Users\Jerry
08:43:50.324 AVAST engine scan C:\ProgramData
08:45:49.110 Scan finished successfully
08:48:03.282 Disk 0 MBR has been saved successfully to "C:\Users\Jerry\Desktop\MBR.dat"
08:48:03.292 The log file has been saved successfully to "C:\Users\Jerry\Desktop\aswMBR.txt"
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Strange things going on - Need some help please

Unread postby Alander » June 3rd, 2012, 12:23 pm

Hi,

Your logs does not show any signs of malware, I am afraid that the malware cannot be detected as outlined by askey in your previous topic, therefore I would recommend you to reformat and reinstall your operating system.

To help you understand more, please take some time to read the following articles:
When should do a reformat and reinstallation of my OS
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Strange things going on - Need some help please

Unread postby iowabucks » June 3rd, 2012, 4:15 pm

Thank you for your time Alander. You guys do a special service for those that need the help and should be commended for that.

I too had thought maybe it did get cleaned somewhere along the line but with the little quirks left behind i just wanted to make sure. I definately will do the reformat, it's about time anyway. Thanks again.

Jerry.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Strange things going on - Need some help please

Unread postby Cypher » June 4th, 2012, 11:18 am

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware