Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OLMARIK.TDL4 removal aftermath [Solved]


  • This topic is locked This topic is locked

#31
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

For the next step, you will need an USB stick. :thumbsup:

# Step 1 #
Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

Advertisements


#32
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Each instruction seemed to execute flawlessly. Here's the FRST log:

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 03-08-2012 18:56:07
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Harry\...\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [1243040 2012-01-03] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{DD420E92-4EA0-47DD-B718-C5AD7728ED95}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-17] (Akamai Technologies, Inc)
2 Diskeeper; "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" [2644816 2011-05-17] (Diskeeper Corporation)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
2 FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [331648 2011-03-09] (FileOpen Systems Inc.)
3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Player\\" -s ufad-p2v.xml [x]

========================== Drivers (Whitelisted) =============

3 DKRtWrt; C:\Windows\System32\Drivers\DKRtWrt.sys [44624 2011-02-13] (Diskeeper Corporation)
3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
2 VMparport; C:\Windows\System32\Drivers\VMparport.sys [30832 2010-11-11] (VMware, Inc.)
2 vstor2-ws60; \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
1 A2DDA; \??\C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56BW3TS4\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]
3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-31 07:31 - 2012-07-31 07:31 - 00022473 ____A C:\Users\Harry\Documents\Document2_95.htm
2012-07-31 07:31 - 2012-07-31 07:31 - 00000000 ____D C:\Users\Harry\Documents\Document2_95_files
2012-07-31 07:30 - 2012-07-31 07:30 - 00024806 ____A C:\Users\Harry\Documents\Document2_94.htm
2012-07-31 07:30 - 2012-07-31 07:30 - 00000000 ____D C:\Users\Harry\Documents\Document2_94_files
2012-07-31 07:28 - 2012-07-31 07:28 - 00024806 ____A C:\Users\Harry\Documents\Document1_27.htm
2012-07-31 07:28 - 2012-07-31 07:28 - 00000000 ____D C:\Users\Harry\Documents\Document1_27_files
2012-07-30 15:50 - 2012-07-30 15:50 - 00000924 ____A C:\Users\Harry\Desktop\NTREGOPT.lnk
2012-07-30 15:50 - 2012-07-30 15:50 - 00000905 ____A C:\Users\Harry\Desktop\ERUNT.lnk
2012-07-30 15:50 - 2012-07-30 15:50 - 00000000 ____D C:\Program Files (x86)\ERUNT
2012-07-30 15:47 - 2012-07-30 15:47 - 00000148 ____A C:\Users\Harry\Desktop\fix.bat
2012-07-30 15:46 - 2012-07-30 15:46 - 00791393 ____A (Lars Hederer ) C:\Users\Harry\Desktop\erunt_setup.exe
2012-07-29 14:07 - 2012-07-29 14:07 - 00000220 ____A C:\Users\Harry\Desktop\fix.txt
2012-07-26 17:29 - 2012-07-26 17:29 - 00072438 ____A C:\Users\Harry\Desktop\Extras.Txt
2012-07-26 17:28 - 2012-07-30 16:00 - 00076248 ____A C:\Users\Harry\Desktop\OTL.Txt
2012-07-26 17:20 - 2012-07-26 17:21 - 00597504 ____A (OldTimer Tools) C:\Users\Harry\Desktop\OTL.exe
2012-07-26 17:06 - 2012-07-26 17:06 - 00448512 ____A (OldTimer Tools) C:\Users\Harry\Desktop\TFC.exe
2012-07-25 09:04 - 2012-07-25 09:04 - 00000000 ____D C:\_OTL
2012-07-23 13:57 - 2012-07-23 13:57 - 00016643 ____A C:\ComboFix.txt
2012-07-23 13:25 - 2012-07-30 15:50 - 00000000 ____D C:\Windows\erdnt
2012-07-23 13:25 - 2012-07-23 13:58 - 00000000 ____D C:\Qoobox
2012-07-22 17:23 - 2012-07-22 17:23 - 00001625 ____A C:\Users\Harry\Desktop\aswMBR.txt
2012-07-22 17:23 - 2012-07-22 17:23 - 00000512 ____A C:\Users\Harry\Desktop\MBR.dat
2012-07-21 12:21 - 2012-07-21 12:21 - 00074958 ____A C:\Users\Harry\Downloads\Extras.Txt
2012-07-21 12:20 - 2012-07-21 12:20 - 00077112 ____A C:\Users\Harry\Downloads\OTL.Txt
2012-07-20 18:54 - 2012-07-20 18:54 - 00000000 ____D C:\Users\Harry\DoctorWeb
2012-07-20 08:23 - 2012-07-20 08:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-18 18:53 - 2012-07-18 18:53 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-18 18:53 - 2012-07-18 18:53 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-07-18 18:46 - 2012-07-18 18:46 - 00000000 ____D C:\Users\All Users\Symantec
2012-07-18 18:43 - 2012-07-18 18:43 - 00000000 ____D C:\Users\Harry\AppData\Local\Chromium
2012-07-18 18:42 - 2012-07-26 05:37 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
2012-07-18 18:42 - 2012-07-18 18:43 - 00000000 ____D C:\Users\All Users\Norton
2012-07-18 11:30 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-17 19:27 - 2012-07-18 16:20 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-17 19:26 - 2012-07-17 19:26 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-17 19:26 - 2012-07-17 19:26 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-17 19:26 - 2012-07-05 18:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-17 19:26 - 2012-07-05 18:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-17 19:10 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 19:07 - 2012-07-17 19:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-17 19:03 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-17 19:03 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-17 19:03 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-17 19:03 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-17 19:03 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-17 19:03 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-17 19:03 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-17 19:03 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-17 19:03 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-17 19:03 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-17 19:03 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-17 19:03 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-17 19:03 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-17 19:03 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-17 19:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-17 19:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-17 19:03 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-17 19:03 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-17 19:03 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-17 19:03 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-17 19:03 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-17 19:03 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-17 19:03 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-17 19:03 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-17 19:03 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-17 19:03 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-17 19:03 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-17 19:03 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-17 16:45 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-17 16:45 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-17 16:45 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-17 16:45 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-17 16:45 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-17 16:45 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-17 16:45 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-17 16:45 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-17 16:45 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-17 16:45 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-17 16:45 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-17 16:45 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-17 16:45 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-17 16:45 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-17 16:45 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-17 16:45 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-17 16:45 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-17 16:44 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-17 16:44 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-16 15:36 - 2012-07-17 16:38 - 00000000 ____D C:\Program Files\NetWorx
2012-07-16 15:36 - 2012-07-16 15:36 - 00000000 ____D C:\Users\All Users\SoftPerfect
2012-07-15 14:34 - 2012-07-15 14:34 - 00153251 ____A C:\Users\Harry\Downloads\search (9)
2012-07-09 15:17 - 2012-07-09 15:17 - 00040377 ____A C:\Users\Harry\Desktop\sfcdetails.txt
2012-07-09 07:53 - 2012-07-31 06:33 - 00000000 ____D C:\Users\Harry\AEP_Diesel_Fire_Pumps
2012-07-08 15:15 - 2012-07-08 15:59 - 00009528 ____A C:\Users\Harry\Documents\Departed_Souls.xlsx


============ 3 Months Modified Files ========================

2012-08-03 14:52 - 2011-01-31 16:08 - 01680105 ____A C:\Windows\WindowsUpdate.log
2012-08-03 14:48 - 2009-07-13 21:13 - 00783414 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 14:33 - 2012-06-02 07:32 - 00007448 ____A C:\Windows\setupact.log
2012-08-03 05:01 - 2011-01-07 10:44 - 00970752 ____A C:\Users\Harry\Documents\BDTracker.accdb
2012-08-02 17:49 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-02 17:49 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-02 17:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 07:31 - 2012-07-31 07:31 - 00022473 ____A C:\Users\Harry\Documents\Document2_95.htm
2012-07-31 07:30 - 2012-07-31 07:30 - 00024806 ____A C:\Users\Harry\Documents\Document2_94.htm
2012-07-31 07:28 - 2012-07-31 07:28 - 00024806 ____A C:\Users\Harry\Documents\Document1_27.htm
2012-07-30 16:00 - 2012-07-26 17:28 - 00076248 ____A C:\Users\Harry\Desktop\OTL.Txt
2012-07-30 15:50 - 2012-07-30 15:50 - 00000924 ____A C:\Users\Harry\Desktop\NTREGOPT.lnk
2012-07-30 15:50 - 2012-07-30 15:50 - 00000905 ____A C:\Users\Harry\Desktop\ERUNT.lnk
2012-07-30 15:47 - 2012-07-30 15:47 - 00000148 ____A C:\Users\Harry\Desktop\fix.bat
2012-07-30 15:46 - 2012-07-30 15:46 - 00791393 ____A (Lars Hederer ) C:\Users\Harry\Desktop\erunt_setup.exe
2012-07-29 14:07 - 2012-07-29 14:07 - 00000220 ____A C:\Users\Harry\Desktop\fix.txt
2012-07-26 17:29 - 2012-07-26 17:29 - 00072438 ____A C:\Users\Harry\Desktop\Extras.Txt
2012-07-26 17:21 - 2012-07-26 17:20 - 00597504 ____A (OldTimer Tools) C:\Users\Harry\Desktop\OTL.exe
2012-07-26 17:06 - 2012-07-26 17:06 - 00448512 ____A (OldTimer Tools) C:\Users\Harry\Desktop\TFC.exe
2012-07-26 08:53 - 2011-01-31 17:06 - 00141592 ____A C:\Users\Harry\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-23 13:57 - 2012-07-23 13:57 - 00016643 ____A C:\ComboFix.txt
2012-07-22 17:23 - 2012-07-22 17:23 - 00001625 ____A C:\Users\Harry\Desktop\aswMBR.txt
2012-07-22 17:23 - 2012-07-22 17:23 - 00000512 ____A C:\Users\Harry\Desktop\MBR.dat
2012-07-21 12:21 - 2012-07-21 12:21 - 00074958 ____A C:\Users\Harry\Downloads\Extras.Txt
2012-07-21 12:20 - 2012-07-21 12:20 - 00077112 ____A C:\Users\Harry\Downloads\OTL.Txt
2012-07-18 18:37 - 2012-05-15 15:42 - 00889372 ____A C:\Users\Harry\AppData\Local\census.cache
2012-07-18 18:37 - 2012-05-15 15:42 - 00107883 ____A C:\Users\Harry\AppData\Local\ars.cache
2012-07-18 11:04 - 2011-08-26 14:47 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 11:04 - 2011-08-26 14:47 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-17 19:26 - 2012-07-17 19:26 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-17 19:26 - 2012-07-17 19:26 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-17 19:13 - 2009-07-13 20:45 - 00569600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-17 19:09 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-07-17 19:07 - 2012-07-17 19:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-17 19:05 - 2011-02-01 11:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-15 14:34 - 2012-07-15 14:34 - 00153251 ____A C:\Users\Harry\Downloads\search (9)
2012-07-09 15:17 - 2012-07-09 15:17 - 00040377 ____A C:\Users\Harry\Desktop\sfcdetails.txt
2012-07-08 15:59 - 2012-07-08 15:15 - 00009528 ____A C:\Users\Harry\Documents\Departed_Souls.xlsx
2012-07-05 18:06 - 2012-07-17 19:26 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 18:06 - 2012-07-17 19:26 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-30 17:02 - 2012-04-13 04:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-30 17:02 - 2011-05-23 05:36 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-30 17:00 - 2012-06-08 16:09 - 00001586 ____A C:\Windows\PFRO.log
2012-06-22 10:04 - 2012-06-22 10:04 - 00001899 ____A C:\Users\Harry\Desktop\[email protected]
2012-06-22 10:04 - 2012-06-22 10:04 - 00001892 ____A C:\Users\Harry\Desktop\[email protected]
2012-06-22 10:03 - 2012-06-22 10:04 - 00720896 ____A (Indigo Rose Corporation) C:\Windows\iun6002.exe
2012-06-18 13:16 - 2012-06-18 13:16 - 00306180 ____A C:\Users\Harry\Desktop\LimitSwitch.tif
2012-06-17 18:17 - 2012-06-17 18:16 - 00049970 ____A C:\Users\Harry\Downloads\MC900122963.WMF
2012-06-17 18:16 - 2012-06-17 18:16 - 00043754 ____A C:\Users\Harry\Downloads\MC900122879.WMF
2012-06-17 18:15 - 2012-06-17 18:15 - 00064872 ____A C:\Users\Harry\Downloads\MC900122855.WMF
2012-06-17 18:15 - 2012-06-17 18:15 - 00031556 ____A C:\Users\Harry\Downloads\MC900123279.WMF
2012-06-17 18:15 - 2012-06-17 18:15 - 00031008 ____A C:\Users\Harry\Downloads\MC900331945.WMF
2012-06-17 18:15 - 2012-06-17 18:15 - 00014288 ____A C:\Users\Harry\Downloads\MC900123299.WMF
2012-06-17 18:14 - 2012-06-17 18:14 - 00013434 ____A C:\Users\Harry\Downloads\MC900437473.WMF
2012-06-17 18:14 - 2012-06-17 18:14 - 00010468 ____A C:\Users\Harry\Downloads\MC900437483.WMF
2012-06-17 18:14 - 2012-06-17 18:14 - 00009394 ____A C:\Users\Harry\Downloads\MC900437475.WMF
2012-06-17 18:13 - 2012-06-17 18:13 - 00007392 ____A C:\Users\Harry\Downloads\MC900437655.WMF
2012-06-17 18:13 - 2012-06-17 18:13 - 00005688 ____A C:\Users\Harry\Downloads\MC900437443.WMF
2012-06-17 18:12 - 2012-06-17 18:12 - 00009240 ____A C:\Users\Harry\Downloads\MC900384212 (1).WMF
2012-06-17 18:12 - 2012-06-17 18:12 - 00006272 ____A C:\Users\Harry\Downloads\MC900391216.WMF
2012-06-17 18:12 - 2012-06-17 18:12 - 00006268 ____A C:\Users\Harry\Downloads\MC900435075.WMF
2012-06-17 18:11 - 2012-06-17 18:11 - 00009240 ____A C:\Users\Harry\Downloads\MC900384212.WMF
2012-06-17 18:10 - 2012-06-17 18:10 - 00015030 ____A C:\Users\Harry\Downloads\MC900435576.WMF
2012-06-17 18:10 - 2012-06-17 18:10 - 00005384 ____A C:\Users\Harry\Downloads\MC900435574.WMF
2012-06-15 15:56 - 2012-06-15 15:55 - 00020010 ____A C:\Users\Harry\Desktop\HiJackFree.log
2012-06-15 15:48 - 2012-06-15 15:48 - 00000098 ____A C:\index.ini
2012-06-15 15:38 - 2012-06-15 15:38 - 00003024 ____A C:\Users\Harry\Desktop\a2scan_120615-174305.txt
2012-06-13 23:26 - 2011-11-28 12:13 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-736737125-3206749467-127025134-1001UA.job
2012-06-13 23:26 - 2011-11-28 12:13 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-736737125-3206749467-127025134-1001Core.job
2012-06-12 17:47 - 2012-06-12 17:47 - 00008710 ____A C:\Users\Harry\Documents\cc_20120612_214715.reg
2012-06-12 05:10 - 2011-11-28 12:14 - 00002396 ____A C:\Users\Harry\Desktop\Google Chrome.lnk
2012-06-11 19:08 - 2012-07-17 19:10 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-17 16:45 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-17 16:45 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-17 16:45 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-17 16:45 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-17 16:44 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-17 16:45 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-17 16:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-17 16:44 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-23 08:09 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 08:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 08:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 08:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 08:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 08:09 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 08:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 08:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-23 08:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:32 - 2012-06-02 07:32 - 00000000 ____A C:\Windows\setuperr.log
2012-06-02 04:49 - 2012-07-17 19:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-17 19:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-17 19:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-17 19:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-17 19:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-17 19:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-17 19:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-17 19:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-17 19:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-17 19:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-17 19:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-17 19:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-17 19:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-17 19:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-17 19:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-17 19:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-17 19:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-17 19:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-17 19:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-17 19:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-17 19:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-17 19:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-17 19:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-17 19:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-17 19:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-17 19:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-17 19:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-17 19:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-17 16:45 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-17 16:45 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-17 16:45 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-17 16:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-17 16:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-17 16:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-17 16:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-17 16:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-17 16:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 18:09 - 2012-04-22 15:54 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-01 18:03 - 2012-06-01 18:03 - 00013116 ____A C:\Users\Harry\Documents\cc_20120601_220349.reg
2012-05-26 11:29 - 2012-05-26 11:29 - 00152787 ____A C:\Users\Harry\Downloads\search (8)
2012-05-15 15:34 - 2012-05-15 15:34 - 00000036 ____A C:\Users\Harry\AppData\Local\housecall.guid.cache

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8190.49 MB
Available physical RAM: 7428.86 MB
Total Pagefile: 8188.64 MB
Available Pagefile: 7420.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:279.46 GB) (Free:126.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:40.76 GB) NTFS
4 Drive e: (GR0747_OM1) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
7 Drive h: (PATRIOT) (Removable) (Total:3.72 GB) (Free:1.84 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 279 GB 1024 KB
Disk 1 Online 232 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 3820 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 279 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 279 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D New Volume NTFS Partition 232 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB

==================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H PATRIOT FAT32 Removable 3816 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 09:30

======================= End Of Log ==========================
  • 0

#33
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the flashdrive as fixlist.txt
2012-07-18 11:30 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options and select Command prompt
Posted Image

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

# Step 2 #
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


  • 0

#34
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ran the FRST64.EXE per your instructions. Proceeded to restart the machine but a message popped up saying that Windows could not start and recommended a fix which I eagerly accepted. It appears that the fix was a system restore which I would assume negated whatever FRST did. Therefore,I did not run TDSSKILLER afterward. However, here's the log that FRST created:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-04 20:25:17 Run:1
Running from H:\

==============================================

C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====
  • 0

#35
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi silversurferWV,

Proceeded to restart the machine but a message popped up saying that Windows could not start

This still happen? If yes, when this message appears?
  • 0

#36
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
The message appeared only after the restart following running FRST64.EXE. Since the so-called repair that I authorized at that time restarting the computer has been normal. By the way MalwareBytes is still detecting C:\Windows|svchost.exe but that's probably because the repair undid what FRST did.
  • 0

#37
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

I will try the FRST fix again. If after you use FRST appear any alert saying that windows found a problem to start, please ignore (if possible).

# Step 1 #
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the flashdrive as fixlist.txt
2012-07-18 11:30 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options and select Command prompt
Posted Image

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

# Step 2 #
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Skip is selected. We only want the log.

    Posted Image
  • Note: Do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#38
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Had no problems this time restarting Windows after running FRST. Kaspersky found 4 suspicious objects but no malicious ones; therefore, I chose the "skip" option.

Here are the logs created, fixlog.txt and TDSSKiller...txt, respectively:
________________________

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-06 12:36:54 Run:2
Running from H:\

==============================================

C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====



12:45:20.0800 2328 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:45:21.0238 2328 ============================================================
12:45:21.0238 2328 Current date / time: 2012/08/06 12:45:21.0238
12:45:21.0238 2328 SystemInfo:
12:45:21.0238 2328
12:45:21.0238 2328 OS Version: 6.1.7601 ServicePack: 1.0
12:45:21.0238 2328 Product type: Workstation
12:45:21.0238 2328 ComputerName: DESKTOP
12:45:21.0238 2328 UserName: Harry
12:45:21.0238 2328 Windows directory: C:\Windows
12:45:21.0238 2328 System windows directory: C:\Windows
12:45:21.0238 2328 Running under WOW64
12:45:21.0238 2328 Processor architecture: Intel x64
12:45:21.0238 2328 Number of processors: 2
12:45:21.0238 2328 Page size: 0x1000
12:45:21.0238 2328 Boot type: Normal boot
12:45:21.0238 2328 ============================================================
12:45:21.0910 2328 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:21.0925 2328 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:21.0941 2328 Drive \Device\Harddisk3\DR3 - Size: 0xEEC00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:45:21.0941 2328 ============================================================
12:45:21.0941 2328 \Device\Harddisk0\DR0:
12:45:21.0941 2328 MBR partitions:
12:45:21.0941 2328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22EEA541
12:45:21.0941 2328 \Device\Harddisk1\DR1:
12:45:21.0941 2328 MBR partitions:
12:45:21.0941 2328 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
12:45:21.0941 2328 \Device\Harddisk3\DR3:
12:45:21.0941 2328 MBR partitions:
12:45:21.0941 2328 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x774080
12:45:21.0941 2328 ============================================================
12:45:21.0957 2328 C: <-> \Device\Harddisk0\DR0\Partition0
12:45:21.0988 2328 D: <-> \Device\Harddisk1\DR1\Partition0
12:45:21.0988 2328 ============================================================
12:45:21.0988 2328 Initialize success
12:45:21.0988 2328 ============================================================
12:45:35.0300 4784 ============================================================
12:45:35.0300 4784 Scan started
12:45:35.0300 4784 Mode: Manual; SigCheck; TDLFS;
12:45:35.0300 4784 ============================================================
12:45:36.0035 4784 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:45:36.0082 4784 1394ohci - ok
12:45:36.0160 4784 A2DDA - ok
12:45:36.0191 4784 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:45:36.0207 4784 ACPI - ok
12:45:36.0222 4784 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:45:36.0238 4784 AcpiPmi - ok
12:45:36.0300 4784 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:45:36.0300 4784 AdobeARMservice - ok
12:45:36.0347 4784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:36.0363 4784 adp94xx - ok
12:45:36.0378 4784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:36.0394 4784 adpahci - ok
12:45:36.0410 4784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:36.0425 4784 adpu320 - ok
12:45:36.0441 4784 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:45:36.0472 4784 AeLookupSvc - ok
12:45:36.0582 4784 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:45:36.0597 4784 AFD - ok
12:45:36.0613 4784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:45:36.0628 4784 agp440 - ok
12:45:36.0800 4784 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
12:45:36.0800 4784 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
12:45:36.0800 4784 Akamai ( HiddenFile.Multi.Generic ) - warning
12:45:36.0800 4784 Akamai - detected HiddenFile.Multi.Generic (1)
12:45:36.0878 4784 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:45:36.0878 4784 ALG - ok
12:45:36.0910 4784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:45:36.0925 4784 aliide - ok
12:45:36.0941 4784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:45:36.0957 4784 amdide - ok
12:45:36.0972 4784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:36.0988 4784 AmdK8 - ok
12:45:37.0003 4784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:37.0019 4784 AmdPPM - ok
12:45:37.0035 4784 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:45:37.0050 4784 amdsata - ok
12:45:37.0066 4784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:37.0082 4784 amdsbs - ok
12:45:37.0097 4784 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:45:37.0097 4784 amdxata - ok
12:45:37.0128 4784 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:45:37.0160 4784 AppID - ok
12:45:37.0175 4784 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:45:37.0207 4784 AppIDSvc - ok
12:45:37.0222 4784 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:45:37.0253 4784 Appinfo - ok
12:45:37.0285 4784 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:45:37.0300 4784 AppMgmt - ok
12:45:37.0316 4784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:45:37.0316 4784 arc - ok
12:45:37.0332 4784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:37.0347 4784 arcsas - ok
12:45:37.0425 4784 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:45:37.0441 4784 aspnet_state - ok
12:45:37.0441 4784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:37.0472 4784 AsyncMac - ok
12:45:37.0503 4784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:45:37.0519 4784 atapi - ok
12:45:37.0566 4784 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:37.0597 4784 AudioEndpointBuilder - ok
12:45:37.0613 4784 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:37.0644 4784 AudioSrv - ok
12:45:37.0660 4784 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:45:37.0675 4784 AxInstSV - ok
12:45:37.0707 4784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:45:37.0722 4784 b06bdrv - ok
12:45:37.0753 4784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:45:37.0769 4784 b57nd60a - ok
12:45:37.0785 4784 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:45:37.0800 4784 BDESVC - ok
12:45:37.0832 4784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:45:37.0863 4784 Beep - ok
12:45:37.0910 4784 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:45:37.0941 4784 BFE - ok
12:45:37.0988 4784 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:45:38.0019 4784 BITS - ok
12:45:38.0066 4784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:38.0066 4784 blbdrive - ok
12:45:38.0097 4784 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:45:38.0113 4784 bowser - ok
12:45:38.0113 4784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:38.0128 4784 BrFiltLo - ok
12:45:38.0128 4784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:38.0144 4784 BrFiltUp - ok
12:45:38.0160 4784 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:45:38.0191 4784 Browser - ok
12:45:38.0207 4784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:45:38.0222 4784 Brserid - ok
12:45:38.0238 4784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:38.0253 4784 BrSerWdm - ok
12:45:38.0253 4784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:38.0269 4784 BrUsbMdm - ok
12:45:38.0285 4784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:38.0285 4784 BrUsbSer - ok
12:45:38.0300 4784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:38.0316 4784 BTHMODEM - ok
12:45:38.0332 4784 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:45:38.0363 4784 bthserv - ok
12:45:38.0378 4784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:38.0410 4784 cdfs - ok
12:45:38.0441 4784 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:45:38.0441 4784 cdrom - ok
12:45:38.0472 4784 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:38.0503 4784 CertPropSvc - ok
12:45:38.0519 4784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:45:38.0535 4784 circlass - ok
12:45:38.0566 4784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:45:38.0582 4784 CLFS - ok
12:45:38.0628 4784 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:38.0644 4784 clr_optimization_v2.0.50727_32 - ok
12:45:38.0675 4784 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:45:38.0691 4784 clr_optimization_v2.0.50727_64 - ok
12:45:38.0738 4784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:38.0753 4784 clr_optimization_v4.0.30319_32 - ok
12:45:38.0769 4784 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:45:38.0785 4784 clr_optimization_v4.0.30319_64 - ok
12:45:38.0800 4784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:38.0816 4784 CmBatt - ok
12:45:38.0816 4784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:45:38.0832 4784 cmdide - ok
12:45:38.0847 4784 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:45:38.0878 4784 CNG - ok
12:45:38.0878 4784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:38.0894 4784 Compbatt - ok
12:45:38.0925 4784 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:45:38.0941 4784 CompositeBus - ok
12:45:38.0941 4784 COMSysApp - ok
12:45:38.0957 4784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:38.0972 4784 crcdisk - ok
12:45:39.0003 4784 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:45:39.0019 4784 CryptSvc - ok
12:45:39.0050 4784 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:45:39.0066 4784 CSC - ok
12:45:39.0097 4784 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:45:39.0113 4784 CscService - ok
12:45:39.0144 4784 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:39.0191 4784 DcomLaunch - ok
12:45:39.0222 4784 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:45:39.0269 4784 defragsvc - ok
12:45:39.0300 4784 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:45:39.0332 4784 DfsC - ok
12:45:39.0363 4784 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:45:39.0394 4784 Dhcp - ok
12:45:39.0410 4784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:45:39.0441 4784 discache - ok
12:45:39.0441 4784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:45:39.0457 4784 Disk - ok
12:45:39.0582 4784 Diskeeper (5a19d3c8e2d92becca80afc7dba4463d) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
12:45:39.0628 4784 Diskeeper - ok
12:45:39.0691 4784 DKRtWrt (20c394c80113d77406df8f1adc720b01) C:\Windows\system32\DRIVERS\DKRtWrt.sys
12:45:39.0707 4784 DKRtWrt - ok
12:45:39.0738 4784 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:45:39.0738 4784 Dnscache - ok
12:45:39.0816 4784 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:45:39.0863 4784 dot3svc - ok
12:45:39.0894 4784 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:45:39.0910 4784 Dot4 - ok
12:45:39.0925 4784 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:45:39.0941 4784 Dot4Print - ok
12:45:39.0957 4784 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:45:39.0972 4784 dot4usb - ok
12:45:39.0988 4784 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:45:40.0035 4784 DPS - ok
12:45:40.0050 4784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:45:40.0066 4784 drmkaud - ok
12:45:40.0113 4784 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:40.0144 4784 DXGKrnl - ok
12:45:40.0175 4784 E100B (a6db3a7828b456a574243066e2e77d8c) C:\Windows\system32\DRIVERS\efe5b32e.sys
12:45:40.0175 4784 E100B - ok
12:45:40.0222 4784 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys
12:45:40.0238 4784 eamonm - ok
12:45:40.0253 4784 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:45:40.0285 4784 EapHost - ok
12:45:40.0394 4784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:45:40.0441 4784 ebdrv - ok
12:45:40.0535 4784 efavdrv - ok
12:45:40.0550 4784 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:45:40.0550 4784 EFS - ok
12:45:40.0582 4784 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys
12:45:40.0597 4784 ehdrv - ok
12:45:40.0644 4784 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:45:40.0660 4784 ehRecvr - ok
12:45:40.0675 4784 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:45:40.0691 4784 ehSched - ok
12:45:40.0753 4784 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
12:45:40.0785 4784 ekrn - ok
12:45:40.0847 4784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:45:40.0863 4784 elxstor - ok
12:45:40.0894 4784 epfw (587f0f4145a1536a6e37efd769b7665f) C:\Windows\system32\DRIVERS\epfw.sys
12:45:40.0894 4784 epfw - ok
12:45:40.0925 4784 EpfwLWF (d2f812358ee8ee23cbb5c4daffb5b819) C:\Windows\system32\DRIVERS\EpfwLWF.sys
12:45:40.0941 4784 EpfwLWF - ok
12:45:40.0941 4784 epfwwfp (34bf55d69ab74d14c7e7a17259cb7df8) C:\Windows\system32\DRIVERS\epfwwfp.sys
12:45:40.0957 4784 epfwwfp - ok
12:45:40.0972 4784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:45:40.0988 4784 ErrDev - ok
12:45:41.0019 4784 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:45:41.0066 4784 EventSystem - ok
12:45:41.0082 4784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:45:41.0113 4784 exfat - ok
12:45:41.0113 4784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:45:41.0160 4784 fastfat - ok
12:45:41.0191 4784 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:45:41.0207 4784 Fax - ok
12:45:41.0222 4784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:45:41.0238 4784 fdc - ok
12:45:41.0238 4784 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:45:41.0269 4784 fdPHost - ok
12:45:41.0285 4784 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:45:41.0316 4784 FDResPub - ok
12:45:41.0316 4784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:45:41.0332 4784 FileInfo - ok
12:45:41.0394 4784 FileOpenManagerSvc (ad9d3401e1b0949dbc3e59871bc4422f) C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
12:45:41.0410 4784 FileOpenManagerSvc - ok
12:45:41.0410 4784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:45:41.0441 4784 Filetrace - ok
12:45:41.0457 4784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:45:41.0457 4784 flpydisk - ok
12:45:41.0488 4784 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:45:41.0503 4784 FltMgr - ok
12:45:41.0550 4784 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:45:41.0582 4784 FontCache - ok
12:45:41.0644 4784 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:45:41.0644 4784 FontCache3.0.0.0 - ok
12:45:41.0675 4784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:45:41.0691 4784 FsDepends - ok
12:45:41.0707 4784 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:41.0707 4784 Fs_Rec - ok
12:45:41.0753 4784 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:41.0769 4784 fvevol - ok
12:45:41.0785 4784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:41.0785 4784 gagp30kx - ok
12:45:41.0832 4784 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:45:41.0863 4784 gpsvc - ok
12:45:41.0925 4784 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:41.0941 4784 gupdate - ok
12:45:41.0957 4784 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:41.0972 4784 gupdatem - ok
12:45:41.0988 4784 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
12:45:42.0003 4784 hcmon - ok
12:45:42.0019 4784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:45:42.0019 4784 hcw85cir - ok
12:45:42.0066 4784 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:45:42.0082 4784 HdAudAddService - ok
12:45:42.0097 4784 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:45:42.0113 4784 HDAudBus - ok
12:45:42.0128 4784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:42.0144 4784 HidBatt - ok
12:45:42.0144 4784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:42.0160 4784 HidBth - ok
12:45:42.0175 4784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:45:42.0191 4784 HidIr - ok
12:45:42.0207 4784 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:45:42.0238 4784 hidserv - ok
12:45:42.0253 4784 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:45:42.0269 4784 HidUsb - ok
12:45:42.0300 4784 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:45:42.0332 4784 hkmsvc - ok
12:45:42.0363 4784 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:45:42.0363 4784 HomeGroupListener - ok
12:45:42.0394 4784 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:45:42.0410 4784 HomeGroupProvider - ok
12:45:42.0457 4784 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:45:42.0472 4784 hpqcxs08 - ok
12:45:42.0488 4784 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:45:42.0488 4784 hpqddsvc - ok
12:45:42.0503 4784 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:45:42.0519 4784 HpSAMD - ok
12:45:42.0582 4784 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:45:42.0597 4784 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
12:45:42.0597 4784 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
12:45:42.0644 4784 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:45:42.0675 4784 HTTP - ok
12:45:42.0691 4784 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:45:42.0707 4784 hwpolicy - ok
12:45:42.0738 4784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:45:42.0753 4784 i8042prt - ok
12:45:42.0769 4784 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:45:42.0785 4784 iaStorV - ok
12:45:42.0878 4784 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:45:42.0894 4784 idsvc - ok
12:45:42.0910 4784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:42.0925 4784 iirsp - ok
12:45:42.0957 4784 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:45:43.0003 4784 IKEEXT - ok
12:45:43.0019 4784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:45:43.0035 4784 intelide - ok
12:45:43.0050 4784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:43.0066 4784 intelppm - ok
12:45:43.0066 4784 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:45:43.0113 4784 IPBusEnum - ok
12:45:43.0128 4784 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:43.0160 4784 IpFilterDriver - ok
12:45:43.0191 4784 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:45:43.0222 4784 iphlpsvc - ok
12:45:43.0238 4784 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:43.0253 4784 IPMIDRV - ok
12:45:43.0269 4784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:45:43.0300 4784 IPNAT - ok
12:45:43.0316 4784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:45:43.0332 4784 IRENUM - ok
12:45:43.0332 4784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:45:43.0347 4784 isapnp - ok
12:45:43.0363 4784 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:45:43.0378 4784 iScsiPrt - ok
12:45:43.0410 4784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:45:43.0410 4784 kbdclass - ok
12:45:43.0441 4784 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:45:43.0457 4784 kbdhid - ok
12:45:43.0472 4784 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:43.0472 4784 KeyIso - ok
12:45:43.0488 4784 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:45:43.0503 4784 KSecDD - ok
12:45:43.0503 4784 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:43.0519 4784 KSecPkg - ok
12:45:43.0535 4784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:45:43.0566 4784 ksthunk - ok
12:45:43.0597 4784 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:45:43.0628 4784 KtmRm - ok
12:45:43.0644 4784 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:45:43.0691 4784 LanmanServer - ok
12:45:43.0707 4784 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:45:43.0738 4784 LanmanWorkstation - ok
12:45:43.0816 4784 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:45:43.0832 4784 LBTServ - ok
12:45:43.0863 4784 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:45:43.0863 4784 LHidFilt - ok
12:45:43.0878 4784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:43.0910 4784 lltdio - ok
12:45:43.0941 4784 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:45:43.0972 4784 lltdsvc - ok
12:45:43.0988 4784 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:45:44.0019 4784 lmhosts - ok
12:45:44.0035 4784 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:45:44.0035 4784 LMouFilt - ok
12:45:44.0050 4784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:44.0066 4784 LSI_FC - ok
12:45:44.0082 4784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:44.0097 4784 LSI_SAS - ok
12:45:44.0097 4784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:44.0113 4784 LSI_SAS2 - ok
12:45:44.0128 4784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:44.0144 4784 LSI_SCSI - ok
12:45:44.0160 4784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:45:44.0191 4784 luafv - ok
12:45:44.0207 4784 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
12:45:44.0222 4784 LUsbFilt - ok
12:45:44.0238 4784 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:45:44.0253 4784 Mcx2Svc - ok
12:45:44.0269 4784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:45:44.0285 4784 megasas - ok
12:45:44.0300 4784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:44.0316 4784 MegaSR - ok
12:45:44.0363 4784 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:45:44.0363 4784 Microsoft Office Groove Audit Service - ok
12:45:44.0378 4784 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:44.0410 4784 MMCSS - ok
12:45:44.0425 4784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:45:44.0457 4784 Modem - ok
12:45:44.0472 4784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:45:44.0488 4784 monitor - ok
12:45:44.0519 4784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:45:44.0535 4784 mouclass - ok
12:45:44.0535 4784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:44.0550 4784 mouhid - ok
12:45:44.0582 4784 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:45:44.0582 4784 mountmgr - ok
12:45:44.0597 4784 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:45:44.0613 4784 mpio - ok
12:45:44.0613 4784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:45:44.0644 4784 mpsdrv - ok
12:45:44.0691 4784 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:45:44.0722 4784 MpsSvc - ok
12:45:44.0753 4784 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:45:44.0769 4784 MRxDAV - ok
12:45:44.0785 4784 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:44.0800 4784 mrxsmb - ok
12:45:44.0832 4784 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:44.0847 4784 mrxsmb10 - ok
12:45:44.0863 4784 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:44.0878 4784 mrxsmb20 - ok
12:45:44.0878 4784 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
12:45:44.0894 4784 msahci - ok
12:45:44.0894 4784 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:45:44.0910 4784 msdsm - ok
12:45:44.0941 4784 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:45:44.0941 4784 MSDTC - ok
12:45:44.0972 4784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:45:45.0050 4784 Msfs - ok
12:45:45.0066 4784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:45.0097 4784 mshidkmdf - ok
12:45:45.0113 4784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:45:45.0128 4784 msisadrv - ok
12:45:45.0144 4784 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:45:45.0175 4784 MSiSCSI - ok
12:45:45.0191 4784 msiserver - ok
12:45:45.0207 4784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:45.0238 4784 MSKSSRV - ok
12:45:45.0238 4784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:45.0285 4784 MSPCLOCK - ok
12:45:45.0285 4784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:45:45.0316 4784 MSPQM - ok
12:45:45.0332 4784 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:45:45.0347 4784 MsRPC - ok
12:45:45.0363 4784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:45:45.0378 4784 mssmbios - ok
12:45:45.0378 4784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:45:45.0410 4784 MSTEE - ok
12:45:45.0425 4784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:45.0441 4784 MTConfig - ok
12:45:45.0457 4784 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
12:45:45.0472 4784 MTsensor - ok
12:45:45.0488 4784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:45:45.0488 4784 Mup - ok
12:45:45.0519 4784 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:45:45.0566 4784 napagent - ok
12:45:45.0582 4784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:45.0597 4784 NativeWifiP - ok
12:45:45.0644 4784 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:45:45.0675 4784 NDIS - ok
12:45:45.0691 4784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:45.0722 4784 NdisCap - ok
12:45:45.0722 4784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:45.0753 4784 NdisTapi - ok
12:45:45.0785 4784 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:45.0816 4784 Ndisuio - ok
12:45:45.0832 4784 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:45.0878 4784 NdisWan - ok
12:45:45.0894 4784 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:45:45.0925 4784 NDProxy - ok
12:45:45.0957 4784 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
12:45:45.0957 4784 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:45:45.0957 4784 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:45:45.0972 4784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:45:46.0019 4784 NetBIOS - ok
12:45:46.0035 4784 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:45:46.0082 4784 NetBT - ok
12:45:46.0097 4784 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:46.0097 4784 Netlogon - ok
12:45:46.0144 4784 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:45:46.0175 4784 Netman - ok
12:45:46.0269 4784 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:46.0269 4784 NetMsmqActivator - ok
12:45:46.0285 4784 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:46.0285 4784 NetPipeActivator - ok
12:45:46.0316 4784 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:45:46.0347 4784 netprofm - ok
12:45:46.0363 4784 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:46.0363 4784 NetTcpActivator - ok
12:45:46.0363 4784 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:46.0378 4784 NetTcpPortSharing - ok
12:45:46.0410 4784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:46.0425 4784 nfrd960 - ok
12:45:46.0441 4784 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:45:46.0488 4784 NlaSvc - ok
12:45:46.0488 4784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:45:46.0519 4784 Npfs - ok
12:45:46.0535 4784 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:45:46.0566 4784 nsi - ok
12:45:46.0566 4784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:45:46.0597 4784 nsiproxy - ok
12:45:46.0660 4784 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:45:46.0691 4784 Ntfs - ok
12:45:46.0769 4784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:45:46.0800 4784 Null - ok
12:45:46.0832 4784 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
12:45:46.0847 4784 NVENETFD - ok
12:45:47.0222 4784 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:45:47.0410 4784 nvlddmkm - ok
12:45:47.0441 4784 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:45:47.0457 4784 nvraid - ok
12:45:47.0472 4784 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:45:47.0488 4784 nvstor - ok
12:45:47.0535 4784 nvsvc (8a55543c379b0582f0c33db447d1c892) C:\Windows\system32\nvvsvc.exe
12:45:47.0550 4784 nvsvc - ok
12:45:47.0566 4784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:45:47.0582 4784 nv_agp - ok
12:45:47.0675 4784 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:45:47.0691 4784 odserv - ok
12:45:47.0707 4784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:45:47.0722 4784 ohci1394 - ok
12:45:47.0753 4784 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:47.0753 4784 ose - ok
12:45:47.0785 4784 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:47.0800 4784 p2pimsvc - ok
12:45:47.0832 4784 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:45:47.0847 4784 p2psvc - ok
12:45:47.0847 4784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:45:47.0863 4784 Parport - ok
12:45:47.0878 4784 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:45:47.0894 4784 partmgr - ok
12:45:47.0894 4784 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:45:47.0925 4784 PcaSvc - ok
12:45:47.0925 4784 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:45:47.0941 4784 pci - ok
12:45:47.0957 4784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:45:47.0957 4784 pciide - ok
12:45:47.0972 4784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:47.0988 4784 pcmcia - ok
12:45:47.0988 4784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:45:48.0003 4784 pcw - ok
12:45:48.0035 4784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:45:48.0066 4784 PEAUTH - ok
12:45:48.0128 4784 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:45:48.0160 4784 PeerDistSvc - ok
12:45:48.0191 4784 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:45:48.0207 4784 PerfHost - ok
12:45:48.0300 4784 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:45:48.0347 4784 pla - ok
12:45:48.0378 4784 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:45:48.0394 4784 PlugPlay - ok
12:45:48.0425 4784 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
12:45:48.0441 4784 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:45:48.0441 4784 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:45:48.0457 4784 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:45:48.0472 4784 PNRPAutoReg - ok
12:45:48.0488 4784 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:48.0503 4784 PNRPsvc - ok
12:45:48.0628 4784 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:45:48.0660 4784 PolicyAgent - ok
12:45:48.0675 4784 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:45:48.0722 4784 Power - ok
12:45:48.0753 4784 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:48.0785 4784 PptpMiniport - ok
12:45:48.0800 4784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:45:48.0816 4784 Processor - ok
12:45:48.0847 4784 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:45:48.0863 4784 ProfSvc - ok
12:45:48.0878 4784 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:48.0878 4784 ProtectedStorage - ok
12:45:48.0910 4784 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:45:48.0941 4784 Psched - ok
12:45:48.0988 4784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:49.0019 4784 ql2300 - ok
12:45:49.0082 4784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:49.0097 4784 ql40xx - ok
12:45:49.0113 4784 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:45:49.0128 4784 QWAVE - ok
12:45:49.0144 4784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:45:49.0160 4784 QWAVEdrv - ok
12:45:49.0175 4784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:49.0207 4784 RasAcd - ok
12:45:49.0222 4784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:49.0253 4784 RasAgileVpn - ok
12:45:49.0269 4784 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:45:49.0300 4784 RasAuto - ok
12:45:49.0332 4784 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:49.0363 4784 Rasl2tp - ok
12:45:49.0394 4784 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:45:49.0425 4784 RasMan - ok
12:45:49.0425 4784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:49.0457 4784 RasPppoe - ok
12:45:49.0472 4784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:49.0503 4784 RasSstp - ok
12:45:49.0535 4784 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:49.0566 4784 rdbss - ok
12:45:49.0566 4784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:49.0582 4784 rdpbus - ok
12:45:49.0597 4784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:49.0628 4784 RDPCDD - ok
12:45:49.0644 4784 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:45:49.0660 4784 RDPDR - ok
12:45:49.0675 4784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:45:49.0707 4784 RDPENCDD - ok
12:45:49.0722 4784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:45:49.0753 4784 RDPREFMP - ok
12:45:49.0800 4784 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:45:49.0816 4784 RdpVideoMiniport - ok
12:45:49.0832 4784 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:45:49.0847 4784 RDPWD - ok
12:45:49.0878 4784 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:45:49.0878 4784 rdyboost - ok
12:45:49.0910 4784 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:45:49.0941 4784 RemoteAccess - ok
12:45:49.0957 4784 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:45:49.0988 4784 RemoteRegistry - ok
12:45:50.0019 4784 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:45:50.0050 4784 RpcEptMapper - ok
12:45:50.0066 4784 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:45:50.0082 4784 RpcLocator - ok
12:45:50.0128 4784 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:50.0175 4784 RpcSs - ok
12:45:50.0191 4784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:50.0222 4784 rspndr - ok
12:45:50.0253 4784 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:45:50.0269 4784 RTL8167 - ok
12:45:50.0285 4784 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:45:50.0300 4784 s3cap - ok
12:45:50.0316 4784 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:50.0332 4784 SamSs - ok
12:45:50.0347 4784 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:45:50.0363 4784 sbp2port - ok
12:45:50.0363 4784 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:45:50.0410 4784 SCardSvr - ok
12:45:50.0425 4784 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:50.0457 4784 scfilter - ok
12:45:50.0503 4784 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:45:50.0550 4784 Schedule - ok
12:45:50.0566 4784 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:50.0597 4784 SCPolicySvc - ok
12:45:50.0628 4784 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:45:50.0644 4784 SDRSVC - ok
12:45:50.0675 4784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:50.0707 4784 secdrv - ok
12:45:50.0722 4784 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:45:50.0753 4784 seclogon - ok
12:45:50.0769 4784 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:45:50.0800 4784 SENS - ok
12:45:50.0816 4784 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:45:50.0832 4784 SensrSvc - ok
12:45:50.0847 4784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:45:50.0863 4784 Serenum - ok
12:45:50.0878 4784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:45:50.0878 4784 Serial - ok
12:45:50.0894 4784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:50.0910 4784 sermouse - ok
12:45:50.0925 4784 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:45:50.0972 4784 SessionEnv - ok
12:45:50.0988 4784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:45:51.0003 4784 sffdisk - ok
12:45:51.0003 4784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:51.0019 4784 sffp_mmc - ok
12:45:51.0035 4784 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:45:51.0050 4784 sffp_sd - ok
12:45:51.0050 4784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:51.0066 4784 sfloppy - ok
12:45:51.0097 4784 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:45:51.0128 4784 SharedAccess - ok
12:45:51.0160 4784 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:45:51.0191 4784 ShellHWDetection - ok
12:45:51.0207 4784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:51.0222 4784 SiSRaid2 - ok
12:45:51.0222 4784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:51.0238 4784 SiSRaid4 - ok
12:45:51.0253 4784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:45:51.0300 4784 Smb - ok
12:45:51.0316 4784 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:45:51.0332 4784 SNMPTRAP - ok
12:45:51.0332 4784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:45:51.0347 4784 spldr - ok
12:45:51.0363 4784 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:45:51.0410 4784 Spooler - ok
12:45:51.0519 4784 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:45:51.0582 4784 sppsvc - ok
12:45:51.0660 4784 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:45:51.0691 4784 sppuinotify - ok
12:45:51.0722 4784 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:45:51.0738 4784 srv - ok
12:45:51.0769 4784 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:45:51.0769 4784 srv2 - ok
12:45:51.0785 4784 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:51.0800 4784 srvnet - ok
12:45:51.0832 4784 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:45:51.0863 4784 SSDPSRV - ok
12:45:51.0863 4784 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:45:51.0910 4784 SstpSvc - ok
12:45:51.0925 4784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:51.0941 4784 stexstor - ok
12:45:51.0972 4784 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:45:52.0003 4784 stisvc - ok
12:45:52.0019 4784 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:45:52.0035 4784 storflt - ok
12:45:52.0050 4784 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:45:52.0050 4784 storvsc - ok
12:45:52.0066 4784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:45:52.0066 4784 swenum - ok
12:45:52.0097 4784 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:45:52.0128 4784 swprv - ok
12:45:52.0144 4784 Synth3dVsc - ok
12:45:52.0207 4784 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:45:52.0253 4784 SysMain - ok
12:45:52.0285 4784 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:45:52.0300 4784 TabletInputService - ok
12:45:52.0316 4784 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:45:52.0363 4784 TapiSrv - ok
12:45:52.0378 4784 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:45:52.0410 4784 TBS - ok
12:45:52.0503 4784 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:45:52.0535 4784 Tcpip - ok
12:45:52.0660 4784 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:52.0691 4784 TCPIP6 - ok
12:45:52.0722 4784 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:45:52.0753 4784 tcpipreg - ok
12:45:52.0785 4784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:45:52.0785 4784 TDPIPE - ok
12:45:52.0816 4784 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:45:52.0816 4784 TDTCP - ok
12:45:52.0847 4784 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:45:52.0878 4784 tdx - ok
12:45:52.0894 4784 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:45:52.0910 4784 TermDD - ok
12:45:52.0941 4784 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:45:52.0972 4784 TermService - ok
12:45:52.0988 4784 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:45:53.0003 4784 Themes - ok
12:45:53.0019 4784 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:53.0050 4784 THREADORDER - ok
12:45:53.0082 4784 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:45:53.0113 4784 TrkWks - ok
12:45:53.0160 4784 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:45:53.0191 4784 TrustedInstaller - ok
12:45:53.0222 4784 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:53.0253 4784 tssecsrv - ok
12:45:53.0269 4784 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:45:53.0269 4784 TsUsbFlt - ok
12:45:53.0285 4784 tsusbhub - ok
12:45:53.0316 4784 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:53.0347 4784 tunnel - ok
12:45:53.0363 4784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:45:53.0363 4784 uagp35 - ok
12:45:53.0394 4784 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:45:53.0425 4784 udfs - ok
12:45:53.0488 4784 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
12:45:53.0503 4784 ufad-ws60 - ok
12:45:53.0519 4784 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:45:53.0535 4784 UI0Detect - ok
12:45:53.0550 4784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:45:53.0566 4784 uliagpkx - ok
12:45:53.0582 4784 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:45:53.0597 4784 umbus - ok
12:45:53.0613 4784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:45:53.0628 4784 UmPass - ok
12:45:53.0644 4784 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:45:53.0660 4784 UmRdpService - ok
12:45:53.0675 4784 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:45:53.0707 4784 upnphost - ok
12:45:53.0738 4784 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:45:53.0753 4784 usbaudio - ok
12:45:53.0785 4784 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:53.0785 4784 usbccgp - ok
12:45:53.0816 4784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:45:53.0832 4784 usbcir - ok
12:45:53.0847 4784 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:45:53.0863 4784 usbehci - ok
12:45:53.0878 4784 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:53.0894 4784 usbhub - ok
12:45:53.0925 4784 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:45:53.0925 4784 usbohci - ok
12:45:53.0941 4784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:53.0957 4784 usbprint - ok
12:45:53.0957 4784 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:45:53.0972 4784 usbscan - ok
12:45:53.0988 4784 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:54.0003 4784 USBSTOR - ok
12:45:54.0019 4784 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:45:54.0019 4784 usbuhci - ok
12:45:54.0035 4784 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:45:54.0066 4784 UxSms - ok
12:45:54.0097 4784 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:54.0097 4784 VaultSvc - ok
12:45:54.0113 4784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:45:54.0128 4784 vdrvroot - ok
12:45:54.0160 4784 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:45:54.0207 4784 vds - ok
12:45:54.0222 4784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:54.0222 4784 vga - ok
12:45:54.0238 4784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:45:54.0269 4784 VgaSave - ok
12:45:54.0269 4784 VGPU - ok
12:45:54.0300 4784 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:45:54.0316 4784 vhdmp - ok
12:45:54.0332 4784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:45:54.0332 4784 viaide - ok
12:45:54.0394 4784 VMAuthdService (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
12:45:54.0410 4784 VMAuthdService - ok
12:45:54.0425 4784 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:45:54.0441 4784 vmbus - ok
12:45:54.0457 4784 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:45:54.0472 4784 VMBusHID - ok
12:45:54.0488 4784 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
12:45:54.0503 4784 vmci - ok
12:45:54.0519 4784 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
12:45:54.0535 4784 vmkbd - ok
12:45:54.0535 4784 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
12:45:54.0550 4784 VMnetAdapter - ok
12:45:54.0566 4784 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
12:45:54.0566 4784 VMnetBridge - ok
12:45:54.0582 4784 VMnetDHCP - ok
12:45:54.0582 4784 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
12:45:54.0597 4784 VMnetuserif - ok
12:45:54.0613 4784 VMparport (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys
12:45:54.0613 4784 VMparport - ok
12:45:54.0675 4784 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
12:45:54.0691 4784 VMUSBArbService - ok
12:45:54.0691 4784 VMware NAT Service - ok
12:45:54.0722 4784 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
12:45:54.0722 4784 vmx86 - ok
12:45:54.0738 4784 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:45:54.0753 4784 volmgr - ok
12:45:54.0769 4784 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:45:54.0785 4784 volmgrx - ok
12:45:54.0816 4784 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:45:54.0832 4784 volsnap - ok
12:45:54.0847 4784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:54.0863 4784 vsmraid - ok
12:45:54.0925 4784 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:45:54.0972 4784 VSS - ok
12:45:55.0035 4784 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
12:45:55.0050 4784 vstor2-ws60 - ok
12:45:55.0097 4784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:45:55.0113 4784 vwifibus - ok
12:45:55.0144 4784 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:45:55.0175 4784 W32Time - ok
12:45:55.0191 4784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:45:55.0207 4784 WacomPen - ok
12:45:55.0222 4784 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:55.0300 4784 WANARP - ok
12:45:55.0316 4784 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:55.0347 4784 Wanarpv6 - ok
12:45:55.0410 4784 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:45:55.0425 4784 WatAdminSvc - ok
12:45:55.0488 4784 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:45:55.0519 4784 wbengine - ok
12:45:55.0550 4784 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:45:55.0566 4784 WbioSrvc - ok
12:45:55.0597 4784 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:45:55.0613 4784 wcncsvc - ok
12:45:55.0628 4784 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:45:55.0644 4784 WcsPlugInService - ok
12:45:55.0660 4784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:45:55.0675 4784 Wd - ok
12:45:55.0707 4784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:45:55.0722 4784 Wdf01000 - ok
12:45:55.0722 4784 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:55.0738 4784 WdiServiceHost - ok
12:45:55.0753 4784 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:55.0769 4784 WdiSystemHost - ok
12:45:55.0800 4784 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:45:55.0816 4784 WebClient - ok
12:45:55.0832 4784 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:45:55.0863 4784 Wecsvc - ok
12:45:55.0863 4784 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:45:55.0910 4784 wercplsupport - ok
12:45:55.0910 4784 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:45:55.0957 4784 WerSvc - ok
12:45:55.0972 4784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:56.0003 4784 WfpLwf - ok
12:45:56.0019 4784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:45:56.0019 4784 WIMMount - ok
12:45:56.0035 4784 WinDefend - ok
12:45:56.0050 4784 WinHttpAutoProxySvc - ok
12:45:56.0082 4784 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:45:56.0128 4784 Winmgmt - ok
12:45:56.0191 4784 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:45:56.0253 4784 WinRM - ok
12:45:56.0347 4784 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:45:56.0378 4784 Wlansvc - ok
12:45:56.0394 4784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:45:56.0410 4784 WmiAcpi - ok
12:45:56.0425 4784 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:56.0441 4784 wmiApSrv - ok
12:45:56.0457 4784 WMPNetworkSvc - ok
12:45:56.0472 4784 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:45:56.0488 4784 WPCSvc - ok
12:45:56.0503 4784 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:45:56.0519 4784 WPDBusEnum - ok
12:45:56.0535 4784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:56.0582 4784 ws2ifsl - ok
12:45:56.0582 4784 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:45:56.0597 4784 wscsvc - ok
12:45:56.0597 4784 WSearch - ok
12:45:56.0691 4784 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:45:56.0738 4784 wuauserv - ok
12:45:56.0769 4784 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:45:56.0800 4784 WudfPf - ok
12:45:56.0816 4784 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:56.0847 4784 WUDFRd - ok
12:45:56.0878 4784 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:45:56.0910 4784 wudfsvc - ok
12:45:56.0925 4784 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:45:56.0957 4784 WwanSvc - ok
12:45:56.0988 4784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:45:57.0128 4784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:45:57.0128 4784 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:45:57.0128 4784 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
12:45:57.0175 4784 \Device\Harddisk1\DR1 - ok
12:45:57.0175 4784 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk3\DR3
12:45:57.0785 4784 \Device\Harddisk3\DR3 - ok
12:45:57.0785 4784 Boot (0x1200) (5ba42f870ae7fac0b7a8d9231d17d57c) \Device\Harddisk0\DR0\Partition0
12:45:57.0785 4784 \Device\Harddisk0\DR0\Partition0 - ok
12:45:57.0785 4784 Boot (0x1200) (ade9bfc775cce10ead25bcb7f4976ea6) \Device\Harddisk1\DR1\Partition0
12:45:57.0785 4784 \Device\Harddisk1\DR1\Partition0 - ok
12:45:57.0800 4784 Boot (0x1200) (692411d13160b3220d195b787f84b8b9) \Device\Harddisk3\DR3\Partition0
12:45:57.0800 4784 \Device\Harddisk3\DR3\Partition0 - ok
12:45:57.0800 4784 ============================================================
12:45:57.0800 4784 Scan finished
12:45:57.0800 4784 ============================================================
12:45:57.0816 4816 Detected object count: 5
12:45:57.0816 4816 Actual detected object count: 5
12:49:09.0753 4816 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:49:09.0753 4816 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
12:49:09.0753 4816 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:09.0753 4816 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:09.0753 4816 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:09.0753 4816 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:09.0769 4816 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:09.0769 4816 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:09.0769 4816 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:49:09.0769 4816 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#39
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
By the way MalwareBytes is now detecting zero threats. That's back to more like normal before this fiasco all started. My ESET Smart Security scan also turned up zero threats.
  • 0

#40
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Re-run TDSSKiller with the same parameters
Then when you get this showing select delete:

\Device\Harddisk0\DR0 ( TDSS File System )
  • 0

Advertisements


#41
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Carried out your instructions. Here's an interesting excerpt from the log that was created. All those quarantines were a bit surprising.

13:56:10.0791 7508 Scan finished
13:56:10.0791 7508 ============================================================
13:56:10.0791 5460 Detected object count: 5
13:56:10.0791 5460 Actual detected object count: 5
13:57:08.0776 5460 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:57:08.0776 5460 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
13:57:08.0776 5460 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:08.0776 5460 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:57:08.0776 5460 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:08.0776 5460 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:57:08.0776 5460 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:08.0791 5460 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:57:08.0823 5460 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:57:09.0870 5460 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:57:10.0260 5460 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:57:10.0651 5460 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:57:11.0026 5460 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:57:11.0401 5460 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:57:11.0791 5460 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:57:11.0791 5460 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:57:11.0807 5460 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:57:11.0823 5460 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:57:12.0213 5460 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:57:12.0588 5460 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:57:12.0588 5460 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:57:12.0604 5460 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:57:12.0682 5460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:57:13.0041 5460 \Device\Harddisk0\DR0\TDLFS - deleted
13:57:13.0041 5460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
13:57:39.0166 8116 Deinitialize success
  • 0

#42
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.


  • 0

#43
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Trying to run Combofix /Uninstall

Windows says it can't find the program and to make sure I typed the name correctly, etc. Tried several times to no avail. Combofix is on my desktop.
  • 0

#44
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
This is strange. ComboFix does not show up on my Desktop either as an icon or in Windows Explorer in the list of Desktop files. However, If I search for ComboFix in Windows Explorer it shows it as residing on the Desktop but with 0 bytes as its size. What do you make of that?
  • 0

#45
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Ok, no problem.

Go to the next steps. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP