Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 Chexmix

Chexmix

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 04 September 2012 - 10:40 PM

Hey I cleaned out my computer but malwarebytes keeps "blocking" something and MSE says to download windows defender offline I want to make sure my laptop is cleaned as I use it for work

I have the scvhost.exe virus I can not get rid of its in my C:\windows folder

Edited by Chexmix, 05 September 2012 - 01:06 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 19,076 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 AM

Posted 07 September 2012 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please follow the preparation Guide and post the logs for my review.
http://www.bleepingcomputer.com/forums/topic34773.html

#3 Chexmix

Chexmix
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 07 September 2012 - 11:28 PM

ok so i had a trouble running gmer the stuff to click is greyed out i uploaded a pic (hope thats ok) but heres the dds and attach.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Travis Lap II at 23:06:30 on 2012-09-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2500 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Travis Lap II\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A60F5992BB7C4E11638C335042FD926C&tbp=homepage
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
uRun: [Facebook Update] "C:\Users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\Users\TRAVIS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Travis Lap II\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EE94923-DE62-4B6B-9177-F708A91A8214} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EE94923-DE62-4B6B-9177-F708A91A8214}\2375942554836333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EE94923-DE62-4B6B-9177-F708A91A8214}\84F6C6C69777F6F64602649647E6563737 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{7EE94923-DE62-4B6B-9177-F708A91A8214}\E4544574541425 : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A60F5992BB7C4E11638C335042FD926C&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Travis Lap II\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-1 654408]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TotRec7;Total Recorder WDM audio driver;C:\Windows\system32\drivers\TotRec7.sys --> C:\Windows\system32\drivers\TotRec7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250568]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-3-4 245760]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-08 03:17:43 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBA2FA91-FABE-4608-8CC2-648E29B25E3C}\mpengine.dll
2012-09-05 06:01:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-05 05:48:39 20480 ----a-w- C:\Windows\svchost.exe
2012-09-05 03:13:22 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 06:34:01 -------- d-----w- C:\Program Files (x86)\FAST Defrag
2012-09-02 06:33:11 -------- d-----w- C:\ProgramData\blekko toolbars
2012-09-02 06:32:51 -------- d-----w- C:\Users\Travis Lap II\AppData\Local\blekkotb_031
2012-09-02 06:32:49 -------- d-----w- C:\Program Files (x86)\blekkotb_031
2012-09-02 06:32:47 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-09-02 05:07:42 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F1BA2D5-B9BB-4AC8-9414-6AECBBFD9FD0}\gapaengine.dll
2012-09-02 05:04:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-02 05:04:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-02 04:52:50 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-09-02 03:22:11 -------- d-----w- C:\Users\Travis Lap II\AppData\Roaming\PC Cleaners
2012-09-02 03:21:55 -------- d-----w- C:\Users\Travis Lap II\AppData\Roaming\PCPro
2012-09-02 03:21:55 -------- d-----w- C:\ProgramData\PC1Data
2012-09-02 03:15:03 -------- d-----w- C:\ca7b1d88239292987ccbd4
2012-09-02 03:12:26 -------- d-----w- C:\d8a5e4024e45e484f8
.
==================== Find3M ====================
.
2012-09-01 03:45:18 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 03:45:18 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-20 14:42:44 3678720 ----a-w- C:\Windows\System32\drivers\athrx.sys
.
============= FINISH: 23:07:12.13 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 19,076 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 AM

Posted 08 September 2012 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
Remove the AdWare, PUP (Potentially Unwanted Program) found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review.

GMER is not ready for your 64 bit operating system.
I do not need a read of your Master Boot Record at the moment.

#5 Chexmix

Chexmix
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 September 2012 - 10:05 PM

svchost.exe keeps coming back here are my logs

ComboFix 12-09-08.02 - Travis Lap II 09/08/2012 21:30:09.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2591 [GMT -5:00]
Running from: c:\users\Travis Lap II\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 02:38 . 2012-09-09 02:38 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA2FA91-FABE-4608-8CC2-648E29B25E3C}\offreg.dll
2012-09-09 02:38 . 2012-09-09 02:38 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA2FA91-FABE-4608-8CC2-648E29B25E3C}\MpKsl1d5a1fab.sys
2012-09-09 02:36 . 2012-09-09 02:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-09 02:36 . 2012-09-09 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 03:17 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA2FA91-FABE-4608-8CC2-648E29B25E3C}\mpengine.dll
2012-09-05 03:13 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 06:34 . 2012-09-02 06:34 -------- d-----w- c:\program files (x86)\FAST Defrag
2012-09-02 06:33 . 2012-09-02 06:33 -------- d-----w- c:\programdata\blekko toolbars
2012-09-02 06:32 . 2012-09-05 03:05 -------- d-----w- c:\users\Travis Lap II\AppData\Local\blekkotb_031
2012-09-02 06:32 . 2012-09-02 06:47 -------- d-----w- c:\program files (x86)\blekkotb_031
2012-09-02 06:32 . 2012-09-02 06:32 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-09-02 05:07 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F1BA2D5-B9BB-4AC8-9414-6AECBBFD9FD0}\gapaengine.dll
2012-09-02 05:04 . 2012-09-02 05:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-02 05:04 . 2012-09-02 05:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-02 04:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-02 04:51 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-09-02 04:40 . 2012-09-02 04:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-02 03:22 . 2012-09-02 03:22 -------- d-----w- c:\users\Travis Lap II\AppData\Roaming\PC Cleaners
2012-09-02 03:21 . 2012-09-02 03:22 -------- d-----w- c:\users\Travis Lap II\AppData\Roaming\PCPro
2012-09-02 03:21 . 2012-09-02 03:21 -------- d-----w- c:\programdata\PC1Data
2012-09-02 03:15 . 2012-09-02 03:16 -------- d-----w- C:\ca7b1d88239292987ccbd4
2012-09-02 03:12 . 2012-09-02 03:12 -------- d-----w- C:\d8a5e4024e45e484f8
2012-08-11 02:57 . 2012-08-11 02:57 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 03:45 . 2012-04-04 02:45 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-01 03:45 . 2012-02-15 21:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 09:27 . 2012-02-15 19:51 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 14:42 . 2012-06-20 14:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-02_06.49.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-01 02:56 . 2012-09-09 02:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-09-01 02:56 . 2012-09-02 06:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-09-02 05:24 . 2012-09-05 06:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-09-02 05:24 . 2012-09-02 05:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-05-31 05:51 . 2012-09-09 02:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-15 20:23 . 2012-09-09 02:40 41902 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-09 02:40 35718 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-15 19:17 . 2012-09-09 02:40 13660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1994266729-924235344-239344739-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-09-09 02:11 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-09 02:37 . 2012-09-09 02:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-02 06:48 . 2012-09-02 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-09 02:37 . 2012-09-09 02:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-02 06:48 . 2012-09-02 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-09-09 02:38 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-02 06:49 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-09-08 04:46 626484 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-08 04:46 107728 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-09-09 02:36 335864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-02 06:48 335864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-09-09 02:38 3145728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-15 21:13 . 2012-09-02 06:26 1130496 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-15 21:13 . 2012-09-05 03:29 1130496 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-15 21:13 . 2012-09-05 03:29 7798784 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-15 21:13 . 2012-09-02 06:26 7798784 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-15 21:05 . 2012-09-05 04:50 2472280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-4096.dat
+ 2009-07-14 04:54 . 2012-09-09 02:38 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 03:29 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-02 06:26 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-15 21:05 . 2012-09-02 06:34 12378008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-8192.dat
+ 2012-02-15 21:05 . 2012-09-09 02:37 12378008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-8192.dat
+ 2012-05-30 06:40 . 2012-09-09 02:36 14980112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
.
c:\users\Travis Lap II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 250568]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-08-05 6038016]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 MpKsl1d5a1fab;MpKsl1d5a1fab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA2FA91-FABE-4608-8CC2-648E29B25E3C}\MpKsl1d5a1fab.sys [2012-09-09 35664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-30 32880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-28 178696]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1D5A1FAB
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:45]
.
2012-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000Core.job
- c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-21 03:57]
.
2012-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000UA.job
- c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-21 03:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A60F5992BB7C4E11638C335042FD926C&tbp=homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A60F5992BB7C4E11638C335042FD926C&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ea,c9,d1,6a,f1,3e,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-09-08 21:45:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 02:45
ComboFix2.txt 2012-09-05 05:58
ComboFix3.txt 2012-09-02 06:57
ComboFix4.txt 2012-09-01 05:42
ComboFix5.txt 2012-09-09 02:28
.
Pre-Run: 224,416,169,984 bytes free
Post-Run: 224,144,277,504 bytes free
.
- - End Of File - - 5F0D732E2504C38D20C13D21C137A9BD


Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````


# AdwCleaner v1.801 - Logfile created 09/08/2012 at 21:59:33
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Travis Lap II - TRAVISLAPII-PC
# Boot Mode : Normal
# Running from : C:\Users\Travis Lap II\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Travis Lap II\AppData\Local\Conduit
Folder Deleted : C:\Users\Travis Lap II\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Travis Lap II\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\ConduitCommon
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
File Deleted : C:\Users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\searchplugins\Conduit.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\uTorrentControl2
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BF8CDD6-BFBA-4EFF-B384-6B846140F5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E1B5791-639A-493A-B4E7-C1477BA0136D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A60F5992BB7C4E11638C335042FD926C&tbp=homepage --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\prefs.js

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129572937280362976", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "1-9-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Aug 31 2012 21:59:24 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "16-2-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstalledDate", "Wed Feb 15 2012 15:37:15 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Fri Aug 31 2012 21:59:21 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.7", "Tue Apr 24 2012 21:58:05 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Fri Jun 01 2012 21:48:38 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 21:56:50 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Fri Aug 31 2012 21:59:21 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.9.0.3", "Wed Feb 15 2012 15:37:16 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Fri Aug 31 2012 21:59:17 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Fri Aug 31 2012 21:59:19 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Fri Aug 31 2012 21:59:17 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1346235632");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Feb 15 2012 15:37:13 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN39706592837892496");
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "5765642046656220313520323031322031353A33373A31362[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Feb 15 2012 15:37:15 GMT-0600 (Central [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Fri Aug 31 2012 21:59:21 GMT-0500 (Central D[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Wed Feb 15 2012 15:37:16 GMT-0600 (Central S[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dfe[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Travis Lap II\\AppData\\Roaming\\Mo[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "80237ea7-c7fa-404b-9dfe-6f16462e8a88");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Feb 15 2012 15:37:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Feb 15 2012 15:37:24 GMT-060[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Feb 15 2012 15:37:15 GMT-0600 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ddb4a353-9c7a-48cb-b03d-08985ebf7aac");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultenginename", "Blekko");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("browser.search.selectedEngine", "Blekko");
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A6[...]

*************************

AdwCleaner[S1].txt - [15205 octets] - [08/09/2012 21:59:33]

########## EOF - C:\AdwCleaner[S1].txt - [15334 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 19,076 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 AM

Posted 09 September 2012 - 07:33 AM

Lets check further.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 Chexmix

Chexmix
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 11 September 2012 - 11:06 PM

Sorry for the late response I worked crazy hours this week, TDDkiller gave me 2 logs so here they are

22:38:15.0132 4212 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:38:15.0462 4212 ============================================================
22:38:15.0462 4212 Current date / time: 2012/09/11 22:38:15.0462
22:38:15.0462 4212 SystemInfo:
22:38:15.0462 4212
22:38:15.0462 4212 OS Version: 6.1.7601 ServicePack: 1.0
22:38:15.0462 4212 Product type: Workstation
22:38:15.0462 4212 ComputerName: TRAVISLAPII-PC
22:38:15.0462 4212 UserName: Travis Lap II
22:38:15.0462 4212 Windows directory: C:\Windows
22:38:15.0462 4212 System windows directory: C:\Windows
22:38:15.0462 4212 Running under WOW64
22:38:15.0462 4212 Processor architecture: Intel x64
22:38:15.0462 4212 Number of processors: 2
22:38:15.0462 4212 Page size: 0x1000
22:38:15.0462 4212 Boot type: Normal boot
22:38:15.0462 4212 ============================================================
22:38:18.0832 4212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:18.0832 4212 ============================================================
22:38:18.0832 4212 \Device\Harddisk0\DR0:
22:38:18.0832 4212 MBR partitions:
22:38:18.0832 4212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:38:18.0832 4212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:38:18.0832 4212 ============================================================
22:38:18.0872 4212 C: <-> \Device\Harddisk0\DR0\Partition2
22:38:18.0872 4212 ============================================================
22:38:18.0872 4212 Initialize success
22:38:18.0872 4212 ============================================================
22:38:27.0775 1796 ============================================================
22:38:27.0775 1796 Scan started
22:38:27.0775 1796 Mode: Manual;
22:38:27.0775 1796 ============================================================
22:38:34.0975 1796 ================ Scan system memory ========================
22:38:34.0975 1796 System memory - ok
22:38:34.0975 1796 ================ Scan services =============================
22:38:35.0996 1796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:38:35.0996 1796 1394ohci - ok
22:38:36.0046 1796 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
22:38:36.0056 1796 Accelerometer - ok
22:38:36.0106 1796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:38:36.0106 1796 ACPI - ok
22:38:36.0156 1796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:38:36.0156 1796 AcpiPmi - ok
22:38:36.0476 1796 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:38:36.0476 1796 AdobeARMservice - ok
22:38:36.0756 1796 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:38:36.0756 1796 AdobeFlashPlayerUpdateSvc - ok
22:38:36.0836 1796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:38:36.0836 1796 adp94xx - ok
22:38:36.0876 1796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:38:36.0876 1796 adpahci - ok
22:38:36.0906 1796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:38:36.0916 1796 adpu320 - ok
22:38:36.0946 1796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:38:36.0946 1796 AeLookupSvc - ok
22:38:37.0607 1796 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
22:38:37.0607 1796 AESTFilters - ok
22:38:37.0667 1796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:38:37.0667 1796 AFD - ok
22:38:37.0717 1796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:38:37.0717 1796 agp440 - ok
22:38:37.0767 1796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:38:37.0767 1796 ALG - ok
22:38:37.0797 1796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:38:37.0797 1796 aliide - ok
22:38:37.0857 1796 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:38:37.0857 1796 AMD External Events Utility - ok
22:38:38.0167 1796 AMD FUEL Service - ok
22:38:38.0247 1796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:38:38.0247 1796 amdide - ok
22:38:38.0277 1796 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
22:38:38.0287 1796 amdiox64 - ok
22:38:38.0337 1796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:38:38.0337 1796 AmdK8 - ok
22:38:38.0477 1796 [ A29087680A1C3B049E3C05438E8FF2B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:38:38.0647 1796 amdkmdag - ok
22:38:38.0687 1796 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:38:38.0697 1796 amdkmdap - ok
22:38:38.0727 1796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:38:38.0727 1796 AmdPPM - ok
22:38:38.0767 1796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:38:38.0767 1796 amdsata - ok
22:38:38.0787 1796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:38:38.0797 1796 amdsbs - ok
22:38:38.0797 1796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:38:38.0807 1796 amdxata - ok
22:38:38.0837 1796 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
22:38:38.0847 1796 androidusb - ok
22:38:38.0877 1796 [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:38:38.0887 1796 AODDriver4.01 - ok
22:38:38.0947 1796 [ 05F1A0A81A98CF27E3F028213FB6C36A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:38:38.0947 1796 ApfiltrService - ok
22:38:39.0007 1796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:38:39.0007 1796 AppID - ok
22:38:39.0037 1796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:38:39.0037 1796 AppIDSvc - ok
22:38:39.0077 1796 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:38:39.0077 1796 Appinfo - ok
22:38:39.0157 1796 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:38:39.0167 1796 Apple Mobile Device - ok
22:38:39.0197 1796 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:38:39.0197 1796 AppMgmt - ok
22:38:39.0247 1796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:38:39.0247 1796 arc - ok
22:38:39.0287 1796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:38:39.0287 1796 arcsas - ok
22:38:39.0307 1796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:39.0307 1796 AsyncMac - ok
22:38:39.0357 1796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:38:39.0367 1796 atapi - ok
22:38:39.0537 1796 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:38:39.0597 1796 athr - ok
22:38:39.0717 1796 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:38:39.0717 1796 AtiHDAudioService - ok
22:38:39.0747 1796 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:38:39.0757 1796 AtiHdmiService - ok
22:38:40.0827 1796 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:38:40.0857 1796 atikmdag - ok
22:38:40.0897 1796 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:38:40.0897 1796 AtiPcie - ok
22:38:40.0957 1796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:38:40.0957 1796 AudioEndpointBuilder - ok
22:38:40.0967 1796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:38:40.0977 1796 AudioSrv - ok
22:38:41.0017 1796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:38:41.0017 1796 AxInstSV - ok
22:38:41.0067 1796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:38:41.0067 1796 b06bdrv - ok
22:38:41.0107 1796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:38:41.0107 1796 b57nd60a - ok
22:38:41.0143 1796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:38:41.0143 1796 BDESVC - ok
22:38:41.0158 1796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:38:41.0174 1796 Beep - ok
22:38:41.0221 1796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:38:41.0236 1796 BFE - ok
22:38:41.0283 1796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:38:41.0299 1796 BITS - ok
22:38:41.0314 1796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:38:41.0330 1796 blbdrive - ok
22:38:41.0377 1796 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:38:41.0377 1796 Bonjour Service - ok
22:38:41.0408 1796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:38:41.0408 1796 bowser - ok
22:38:41.0423 1796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:38:41.0423 1796 BrFiltLo - ok
22:38:41.0423 1796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:38:41.0439 1796 BrFiltUp - ok
22:38:41.0470 1796 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:38:41.0470 1796 BridgeMP - ok
22:38:41.0517 1796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:38:41.0517 1796 Browser - ok
22:38:41.0564 1796 [ 6DF544E72FF139E8FBBBA6D0E569BEA5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
22:38:41.0564 1796 BrSerIb - ok
22:38:41.0595 1796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:38:41.0595 1796 Brserid - ok
22:38:41.0595 1796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:38:41.0595 1796 BrSerWdm - ok
22:38:41.0611 1796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:38:41.0626 1796 BrUsbMdm - ok
22:38:41.0642 1796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:38:41.0642 1796 BrUsbSer - ok
22:38:41.0677 1796 [ 80082AD46578F0D3270D2E56D6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
22:38:41.0677 1796 BrUsbSIb - ok
22:38:41.0717 1796 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
22:38:41.0727 1796 BrYNSvc - ok
22:38:41.0727 1796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:38:41.0727 1796 BTHMODEM - ok
22:38:41.0757 1796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:38:41.0757 1796 bthserv - ok
22:38:41.0797 1796 catchme - ok
22:38:41.0827 1796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:38:41.0837 1796 cdfs - ok
22:38:41.0887 1796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:38:41.0887 1796 cdrom - ok
22:38:41.0937 1796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:38:41.0937 1796 CertPropSvc - ok
22:38:41.0947 1796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:38:41.0947 1796 circlass - ok
22:38:41.0967 1796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:38:41.0977 1796 CLFS - ok
22:38:42.0277 1796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:38:42.0287 1796 clr_optimization_v2.0.50727_32 - ok
22:38:42.0347 1796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:38:42.0357 1796 clr_optimization_v2.0.50727_64 - ok
22:38:42.0437 1796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:38:42.0437 1796 clr_optimization_v4.0.30319_32 - ok
22:38:42.0507 1796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:38:42.0507 1796 clr_optimization_v4.0.30319_64 - ok
22:38:42.0557 1796 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
22:38:42.0557 1796 clwvd - ok
22:38:42.0587 1796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:38:42.0587 1796 CmBatt - ok
22:38:42.0627 1796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:38:42.0627 1796 cmdide - ok
22:38:42.0677 1796 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:38:42.0677 1796 CNG - ok
22:38:42.0707 1796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:38:42.0707 1796 Compbatt - ok
22:38:42.0767 1796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:38:42.0767 1796 CompositeBus - ok
22:38:42.0787 1796 COMSysApp - ok
22:38:42.0797 1796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:38:42.0797 1796 crcdisk - ok
22:38:42.0837 1796 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:38:42.0837 1796 CryptSvc - ok
22:38:42.0977 1796 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:38:42.0987 1796 CSC - ok
22:38:43.0167 1796 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:38:43.0187 1796 CscService - ok
22:38:43.0227 1796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:38:43.0227 1796 DcomLaunch - ok
22:38:43.0277 1796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:38:43.0287 1796 defragsvc - ok
22:38:43.0307 1796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:38:43.0307 1796 DfsC - ok
22:38:43.0337 1796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:38:43.0347 1796 Dhcp - ok
22:38:43.0377 1796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:38:43.0377 1796 discache - ok
22:38:43.0447 1796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:38:43.0447 1796 Disk - ok
22:38:43.0507 1796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:38:43.0507 1796 Dnscache - ok
22:38:43.0537 1796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:38:43.0537 1796 dot3svc - ok
22:38:43.0597 1796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:38:43.0607 1796 DPS - ok
22:38:43.0647 1796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:38:43.0647 1796 drmkaud - ok
22:38:43.0717 1796 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:38:43.0737 1796 DXGKrnl - ok
22:38:43.0787 1796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:38:43.0797 1796 EapHost - ok
22:38:44.0528 1796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:38:44.0588 1796 ebdrv - ok
22:38:44.0628 1796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:38:44.0628 1796 EFS - ok
22:38:44.0668 1796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:38:44.0678 1796 ehRecvr - ok
22:38:44.0698 1796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:38:44.0698 1796 ehSched - ok
22:38:44.0738 1796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:38:44.0748 1796 elxstor - ok
22:38:44.0788 1796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:38:44.0788 1796 ErrDev - ok
22:38:44.0828 1796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:38:44.0838 1796 EventSystem - ok
22:38:44.0878 1796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:38:44.0878 1796 exfat - ok
22:38:44.0888 1796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:38:44.0888 1796 fastfat - ok
22:38:44.0938 1796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:38:44.0968 1796 Fax - ok
22:38:45.0018 1796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:38:45.0018 1796 fdc - ok
22:38:45.0068 1796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:38:45.0068 1796 fdPHost - ok
22:38:45.0098 1796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:38:45.0098 1796 FDResPub - ok
22:38:45.0118 1796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:38:45.0128 1796 FileInfo - ok
22:38:45.0138 1796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:38:45.0148 1796 Filetrace - ok
22:38:45.0258 1796 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:38:45.0298 1796 FLEXnet Licensing Service - ok
22:38:45.0348 1796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:38:45.0358 1796 flpydisk - ok
22:38:45.0388 1796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:38:45.0388 1796 FltMgr - ok
22:38:45.0418 1796 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:38:45.0438 1796 FontCache - ok
22:38:45.0518 1796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:38:45.0518 1796 FontCache3.0.0.0 - ok
22:38:45.0568 1796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:38:46.0128 1796 FsDepends - ok
22:38:46.0288 1796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:38:46.0358 1796 Fs_Rec - ok
22:38:46.0518 1796 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:38:46.0528 1796 fvevol - ok
22:38:46.0548 1796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:38:46.0548 1796 gagp30kx - ok
22:38:46.0598 1796 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:38:46.0598 1796 GEARAspiWDM - ok
22:38:46.0638 1796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:38:46.0648 1796 gpsvc - ok
22:38:46.0648 1796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:38:46.0648 1796 hcw85cir - ok
22:38:46.0748 1796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:38:46.0748 1796 HdAudAddService - ok
22:38:46.0808 1796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:38:46.0808 1796 HDAudBus - ok
22:38:46.0828 1796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:38:46.0828 1796 HidBatt - ok
22:38:46.0848 1796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:38:46.0848 1796 HidBth - ok
22:38:46.0848 1796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:38:46.0848 1796 HidIr - ok
22:38:46.0878 1796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:38:46.0878 1796 hidserv - ok
22:38:46.0908 1796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:38:46.0918 1796 HidUsb - ok
22:38:46.0968 1796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:38:46.0968 1796 hkmsvc - ok
22:38:46.0988 1796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:38:46.0998 1796 HomeGroupListener - ok
22:38:47.0018 1796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:38:47.0018 1796 HomeGroupProvider - ok
22:38:47.0058 1796 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
22:38:47.0058 1796 hpdskflt - ok
22:38:47.0098 1796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:38:47.0098 1796 HpSAMD - ok
22:38:47.0108 1796 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
22:38:47.0118 1796 hpsrv - ok
22:38:47.0198 1796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:38:47.0218 1796 HTTP - ok
22:38:47.0228 1796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:38:47.0228 1796 hwpolicy - ok
22:38:47.0268 1796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:38:47.0278 1796 i8042prt - ok
22:38:47.0318 1796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:38:47.0328 1796 iaStorV - ok
22:38:47.0388 1796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:38:47.0398 1796 idsvc - ok
22:38:47.0438 1796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:38:47.0438 1796 iirsp - ok
22:38:47.0478 1796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:38:47.0498 1796 IKEEXT - ok
22:38:47.0508 1796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:38:47.0518 1796 intelide - ok
22:38:47.0528 1796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:38:47.0528 1796 intelppm - ok
22:38:47.0568 1796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:38:47.0578 1796 IPBusEnum - ok
22:38:47.0608 1796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:38:47.0608 1796 IpFilterDriver - ok
22:38:47.0708 1796 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:38:47.0708 1796 iphlpsvc - ok
22:38:47.0758 1796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:38:47.0768 1796 IPMIDRV - ok
22:38:47.0808 1796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:38:47.0808 1796 IPNAT - ok
22:38:47.0908 1796 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:38:47.0918 1796 iPod Service - ok
22:38:47.0938 1796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:38:47.0938 1796 IRENUM - ok
22:38:47.0978 1796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:38:47.0988 1796 isapnp - ok
22:38:48.0108 1796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:38:48.0108 1796 iScsiPrt - ok
22:38:48.0148 1796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:38:48.0148 1796 kbdclass - ok
22:38:48.0208 1796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:38:48.0208 1796 kbdhid - ok
22:38:48.0248 1796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:38:48.0248 1796 KeyIso - ok
22:38:48.0308 1796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:38:48.0308 1796 KSecDD - ok
22:38:48.0348 1796 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:38:48.0348 1796 KSecPkg - ok
22:38:48.0358 1796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:38:48.0358 1796 ksthunk - ok
22:38:48.0398 1796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:38:48.0408 1796 KtmRm - ok
22:38:48.0448 1796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:38:48.0458 1796 LanmanServer - ok
22:38:48.0478 1796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:38:48.0488 1796 LanmanWorkstation - ok
22:38:48.0538 1796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:38:48.0538 1796 lltdio - ok
22:38:48.0598 1796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:38:48.0598 1796 lltdsvc - ok
22:38:48.0628 1796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:38:48.0628 1796 lmhosts - ok
22:38:48.0668 1796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:38:48.0678 1796 LSI_FC - ok
22:38:48.0678 1796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:38:48.0678 1796 LSI_SAS - ok
22:38:48.0688 1796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:38:48.0688 1796 LSI_SAS2 - ok
22:38:48.0688 1796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:38:48.0708 1796 LSI_SCSI - ok
22:38:48.0718 1796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:38:48.0718 1796 luafv - ok
22:38:48.0748 1796 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:38:48.0748 1796 MBAMProtector - ok
22:38:48.0898 1796 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:38:48.0908 1796 MBAMService - ok
22:38:48.0988 1796 Mcx2Svc - ok
22:38:49.0038 1796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:38:49.0038 1796 megasas - ok
22:38:49.0058 1796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:38:49.0058 1796 MegaSR - ok
22:38:49.0098 1796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:38:49.0098 1796 MMCSS - ok
22:38:49.0098 1796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:38:49.0098 1796 Modem - ok
22:38:49.0128 1796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:38:49.0128 1796 monitor - ok
22:38:49.0158 1796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:38:49.0158 1796 mouclass - ok
22:38:49.0168 1796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:38:49.0168 1796 mouhid - ok
22:38:49.0188 1796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:38:49.0188 1796 mountmgr - ok
22:38:49.0338 1796 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:38:49.0338 1796 MozillaMaintenance - ok
22:38:49.0418 1796 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:38:49.0428 1796 MpFilter - ok
22:38:49.0448 1796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:38:49.0448 1796 mpio - ok
22:38:49.0478 1796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:38:49.0478 1796 mpsdrv - ok
22:38:49.0618 1796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:38:49.0638 1796 MpsSvc - ok
22:38:49.0728 1796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:38:49.0738 1796 MRxDAV - ok
22:38:49.0788 1796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:38:49.0798 1796 mrxsmb - ok
22:38:49.0808 1796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:38:49.0808 1796 mrxsmb10 - ok
22:38:49.0848 1796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:38:49.0848 1796 mrxsmb20 - ok
22:38:49.0878 1796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:38:49.0878 1796 msahci - ok
22:38:49.0908 1796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:38:49.0918 1796 msdsm - ok
22:38:49.0928 1796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:38:49.0928 1796 MSDTC - ok
22:38:49.0978 1796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:38:49.0978 1796 Msfs - ok
22:38:49.0988 1796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:38:49.0988 1796 mshidkmdf - ok
22:38:50.0008 1796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:38:50.0008 1796 msisadrv - ok
22:38:50.0078 1796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:38:50.0078 1796 MSiSCSI - ok
22:38:50.0088 1796 msiserver - ok
22:38:50.0128 1796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:38:50.0128 1796 MSKSSRV - ok
22:38:50.0249 1796 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:38:50.0249 1796 MsMpSvc - ok
22:38:50.0269 1796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:38:50.0269 1796 MSPCLOCK - ok
22:38:50.0279 1796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:38:50.0279 1796 MSPQM - ok
22:38:50.0329 1796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:38:50.0339 1796 MsRPC - ok
22:38:50.0369 1796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:38:50.0379 1796 mssmbios - ok
22:38:50.0389 1796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:38:50.0399 1796 MSTEE - ok
22:38:50.0399 1796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:38:50.0399 1796 MTConfig - ok
22:38:50.0429 1796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:38:50.0429 1796 Mup - ok
22:38:50.0509 1796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:38:50.0519 1796 napagent - ok
22:38:50.0559 1796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:38:50.0569 1796 NativeWifiP - ok
22:38:50.0619 1796 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:38:50.0629 1796 NDIS - ok
22:38:50.0659 1796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:38:50.0659 1796 NdisCap - ok
22:38:50.0689 1796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:38:50.0689 1796 NdisTapi - ok
22:38:50.0719 1796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:38:50.0719 1796 Ndisuio - ok
22:38:50.0749 1796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:38:50.0749 1796 NdisWan - ok
22:38:50.0779 1796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:38:50.0779 1796 NDProxy - ok
22:38:50.0829 1796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:38:50.0829 1796 NetBIOS - ok
22:38:50.0849 1796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:38:50.0859 1796 NetBT - ok
22:38:50.0869 1796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:38:50.0869 1796 Netlogon - ok
22:38:50.0919 1796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:38:50.0929 1796 Netman - ok
22:38:50.0959 1796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:38:50.0969 1796 netprofm - ok
22:38:51.0009 1796 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:38:51.0009 1796 NetTcpPortSharing - ok
22:38:51.0059 1796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:38:51.0059 1796 nfrd960 - ok
22:38:51.0129 1796 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:38:51.0139 1796 NisDrv - ok
22:38:51.0269 1796 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:38:51.0279 1796 NisSrv - ok
22:38:51.0319 1796 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:38:51.0329 1796 NlaSvc - ok
22:38:51.0339 1796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:38:51.0349 1796 Npfs - ok
22:38:51.0379 1796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:38:51.0379 1796 nsi - ok
22:38:51.0399 1796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:38:51.0399 1796 nsiproxy - ok
22:38:52.0289 1796 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:38:52.0420 1796 Ntfs - ok
22:38:52.0590 1796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:38:52.0750 1796 Null - ok
22:38:52.0790 1796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:38:52.0790 1796 nvraid - ok
22:38:52.0830 1796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:38:52.0830 1796 nvstor - ok
22:38:52.0840 1796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:38:52.0840 1796 nv_agp - ok
22:38:52.0880 1796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:38:52.0880 1796 ohci1394 - ok
22:38:52.0920 1796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:38:52.0930 1796 p2pimsvc - ok
22:38:52.0950 1796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:38:52.0960 1796 p2psvc - ok
22:38:53.0010 1796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:38:53.0010 1796 Parport - ok
22:38:53.0040 1796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:38:53.0040 1796 partmgr - ok
22:38:53.0060 1796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:38:53.0060 1796 PcaSvc - ok
22:38:53.0080 1796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:38:53.0090 1796 pci - ok
22:38:53.0100 1796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:38:53.0100 1796 pciide - ok
22:38:53.0120 1796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:38:53.0120 1796 pcmcia - ok
22:38:53.0140 1796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:38:53.0140 1796 pcw - ok
22:38:53.0160 1796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:38:53.0170 1796 PEAUTH - ok
22:38:53.0490 1796 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:38:53.0500 1796 PeerDistSvc - ok
22:38:53.0570 1796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:38:53.0570 1796 PerfHost - ok
22:38:53.0620 1796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:38:53.0660 1796 pla - ok
22:38:53.0720 1796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:38:53.0730 1796 PlugPlay - ok
22:38:53.0760 1796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:38:53.0760 1796 PNRPAutoReg - ok
22:38:53.0780 1796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:38:53.0780 1796 PNRPsvc - ok
22:38:53.0900 1796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:38:53.0910 1796 PolicyAgent - ok
22:38:53.0970 1796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:38:53.0970 1796 Power - ok
22:38:54.0030 1796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:38:54.0030 1796 PptpMiniport - ok
22:38:54.0050 1796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:38:54.0050 1796 Processor - ok
22:38:54.0090 1796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:38:54.0090 1796 ProfSvc - ok
22:38:54.0110 1796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:38:54.0110 1796 ProtectedStorage - ok
22:38:54.0160 1796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:38:54.0160 1796 Psched - ok
22:38:54.0230 1796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:38:54.0270 1796 ql2300 - ok
22:38:54.0270 1796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:38:54.0280 1796 ql40xx - ok
22:38:54.0350 1796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:38:54.0350 1796 QWAVE - ok
22:38:54.0400 1796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:38:54.0400 1796 QWAVEdrv - ok
22:38:54.0400 1796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:38:54.0400 1796 RasAcd - ok
22:38:54.0440 1796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:38:54.0450 1796 RasAgileVpn - ok
22:38:54.0460 1796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:38:54.0460 1796 RasAuto - ok
22:38:54.0490 1796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:38:54.0490 1796 Rasl2tp - ok
22:38:54.0520 1796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:38:54.0530 1796 RasMan - ok
22:38:54.0560 1796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:38:54.0570 1796 RasPppoe - ok
22:38:54.0590 1796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:38:54.0600 1796 RasSstp - ok
22:38:54.0630 1796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:38:54.0640 1796 rdbss - ok
22:38:54.0640 1796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:38:54.0640 1796 rdpbus - ok
22:38:54.0680 1796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:38:54.0680 1796 RDPCDD - ok
22:38:54.0720 1796 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:38:54.0720 1796 RDPDR - ok
22:38:54.0750 1796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:38:54.0750 1796 RDPENCDD - ok
22:38:54.0770 1796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:38:54.0770 1796 RDPREFMP - ok
22:38:54.0840 1796 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:38:54.0840 1796 RdpVideoMiniport - ok
22:38:54.0870 1796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:38:54.0880 1796 RDPWD - ok
22:38:54.0920 1796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:38:54.0930 1796 rdyboost - ok
22:38:54.0980 1796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:38:54.0990 1796 RemoteAccess - ok
22:38:55.0040 1796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:38:55.0050 1796 RemoteRegistry - ok
22:38:55.0060 1796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:38:55.0060 1796 RpcEptMapper - ok
22:38:55.0120 1796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:38:55.0120 1796 RpcLocator - ok
22:38:55.0140 1796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:38:55.0150 1796 RpcSs - ok
22:38:55.0200 1796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:38:55.0200 1796 rspndr - ok
22:38:55.0220 1796 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:38:55.0220 1796 RTL8167 - ok
22:38:55.0250 1796 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:38:55.0250 1796 s3cap - ok
22:38:55.0270 1796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:38:55.0270 1796 SamSs - ok
22:38:55.0300 1796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:38:55.0310 1796 sbp2port - ok
22:38:55.0440 1796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:38:55.0450 1796 SCardSvr - ok
22:38:55.0460 1796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:38:55.0470 1796 scfilter - ok
22:38:55.0510 1796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:38:55.0530 1796 Schedule - ok
22:38:55.0590 1796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:38:55.0590 1796 SCPolicySvc - ok
22:38:55.0690 1796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:38:55.0700 1796 SDRSVC - ok
22:38:55.0760 1796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:38:55.0760 1796 secdrv - ok
22:38:55.0790 1796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:38:55.0800 1796 seclogon - ok
22:38:55.0820 1796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:38:55.0830 1796 SENS - ok
22:38:55.0860 1796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:38:55.0860 1796 SensrSvc - ok
22:38:55.0900 1796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:38:55.0900 1796 Serenum - ok
22:38:55.0900 1796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:38:55.0910 1796 Serial - ok
22:38:55.0950 1796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:38:55.0950 1796 sermouse - ok
22:38:55.0990 1796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:38:55.0990 1796 SessionEnv - ok
22:38:56.0050 1796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:38:56.0050 1796 sffdisk - ok
22:38:56.0100 1796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:38:56.0100 1796 sffp_mmc - ok
22:38:56.0100 1796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:38:56.0110 1796 sffp_sd - ok
22:38:56.0130 1796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:38:56.0130 1796 sfloppy - ok
22:38:56.0210 1796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:38:56.0210 1796 SharedAccess - ok
22:38:56.0250 1796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:38:56.0260 1796 ShellHWDetection - ok
22:38:56.0310 1796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:38:56.0310 1796 SiSRaid2 - ok
22:38:56.0320 1796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:38:56.0320 1796 SiSRaid4 - ok
22:38:56.0340 1796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:38:56.0340 1796 Smb - ok
22:38:56.0390 1796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:38:56.0390 1796 SNMPTRAP - ok
22:38:56.0420 1796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:38:56.0420 1796 spldr - ok
22:38:56.0450 1796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:38:56.0460 1796 Spooler - ok
22:38:56.0880 1796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:38:56.0950 1796 sppsvc - ok
22:38:56.0980 1796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:38:56.0980 1796 sppuinotify - ok
22:38:57.0070 1796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:38:57.0070 1796 srv - ok
22:38:57.0120 1796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:38:57.0130 1796 srv2 - ok
22:38:57.0170 1796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:38:57.0180 1796 srvnet - ok
22:38:57.0240 1796 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
22:38:57.0240 1796 ssadbus - ok
22:38:57.0270 1796 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:38:57.0270 1796 ssadmdfl - ok
22:38:57.0290 1796 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
22:38:57.0300 1796 ssadmdm - ok
22:38:57.0350 1796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:38:57.0350 1796 SSDPSRV - ok
22:38:57.0370 1796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:38:57.0370 1796 SstpSvc - ok
22:38:58.0340 1796 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
22:38:58.0340 1796 STacSV - ok
22:38:58.0400 1796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:38:58.0410 1796 stexstor - ok
22:38:58.0460 1796 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:38:58.0460 1796 STHDA - ok
22:38:58.0510 1796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:38:58.0520 1796 stisvc - ok
22:38:58.0540 1796 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:38:58.0540 1796 storflt - ok
22:38:58.0550 1796 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:38:58.0550 1796 storvsc - ok
22:38:58.0570 1796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:38:58.0570 1796 swenum - ok
22:38:58.0610 1796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:38:58.0620 1796 swprv - ok
22:38:58.0650 1796 Synth3dVsc - ok
22:38:58.0700 1796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:38:58.0740 1796 SysMain - ok
22:38:58.0770 1796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:38:58.0770 1796 TabletInputService - ok
22:38:58.0790 1796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:38:58.0800 1796 TapiSrv - ok
22:38:58.0810 1796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:38:58.0820 1796 TBS - ok
22:38:58.0870 1796 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:38:58.0920 1796 Tcpip - ok
22:38:58.0950 1796 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:38:58.0970 1796 TCPIP6 - ok
22:38:58.0990 1796 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:38:58.0990 1796 tcpipreg - ok
22:38:59.0020 1796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:38:59.0020 1796 TDPIPE - ok
22:38:59.0050 1796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:38:59.0050 1796 TDTCP - ok
22:38:59.0070 1796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:38:59.0070 1796 tdx - ok
22:38:59.0100 1796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:38:59.0100 1796 TermDD - ok
22:38:59.0130 1796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:38:59.0140 1796 TermService - ok
22:38:59.0150 1796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:38:59.0150 1796 Themes - ok
22:38:59.0180 1796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:38:59.0190 1796 THREADORDER - ok
22:38:59.0220 1796 [ AA70BED94D7994B9C00E7B4EC0543C2B ] TotRec7 C:\Windows\system32\drivers\TotRec7.sys
22:38:59.0220 1796 TotRec7 - ok
22:38:59.0230 1796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:38:59.0230 1796 TrkWks - ok
22:38:59.0350 1796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:38:59.0360 1796 TrustedInstaller - ok
22:38:59.0430 1796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:38:59.0430 1796 tssecsrv - ok
22:38:59.0460 1796 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:38:59.0460 1796 TsUsbFlt - ok
22:38:59.0490 1796 tsusbhub - ok
22:38:59.0530 1796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:38:59.0530 1796 tunnel - ok
22:38:59.0580 1796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:38:59.0580 1796 uagp35 - ok
22:38:59.0730 1796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:38:59.0730 1796 udfs - ok
22:38:59.0790 1796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:38:59.0790 1796 UI0Detect - ok
22:38:59.0820 1796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:38:59.0820 1796 uliagpkx - ok
22:38:59.0860 1796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:38:59.0860 1796 umbus - ok
22:38:59.0890 1796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:38:59.0890 1796 UmPass - ok
22:38:59.0920 1796 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:38:59.0920 1796 UmRdpService - ok
22:38:59.0960 1796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:38:59.0960 1796 upnphost - ok
22:39:00.0040 1796 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:39:00.0040 1796 USBAAPL64 - ok
22:39:00.0070 1796 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:00.0080 1796 usbccgp - ok
22:39:00.0140 1796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:39:00.0140 1796 usbcir - ok
22:39:00.0150 1796 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:39:00.0160 1796 usbehci - ok
22:39:00.0180 1796 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:39:00.0180 1796 usbfilter - ok
22:39:00.0220 1796 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:39:00.0230 1796 usbhub - ok
22:39:00.0260 1796 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:39:00.0260 1796 usbohci - ok
22:39:00.0300 1796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:39:00.0300 1796 usbprint - ok
22:39:00.0330 1796 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:39:00.0330 1796 usbscan - ok
22:39:00.0350 1796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:00.0350 1796 USBSTOR - ok
22:39:00.0380 1796 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:39:00.0380 1796 usbuhci - ok
22:39:00.0440 1796 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:39:00.0450 1796 usbvideo - ok
22:39:00.0460 1796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:39:00.0470 1796 UxSms - ok
22:39:00.0480 1796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:39:00.0480 1796 VaultSvc - ok
22:39:00.0540 1796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:39:00.0540 1796 vdrvroot - ok
22:39:00.0570 1796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:39:00.0570 1796 vds - ok
22:39:00.0620 1796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:00.0620 1796 vga - ok
22:39:00.0660 1796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:39:00.0660 1796 VgaSave - ok
22:39:00.0720 1796 VGPU - ok
22:39:00.0810 1796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:39:00.0810 1796 vhdmp - ok
22:39:00.0860 1796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:39:00.0860 1796 viaide - ok
22:39:00.0880 1796 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:39:00.0880 1796 vmbus - ok
22:39:00.0890 1796 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:39:00.0900 1796 VMBusHID - ok
22:39:00.0920 1796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:39:00.0920 1796 volmgr - ok
22:39:00.0950 1796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:39:00.0950 1796 volmgrx - ok
22:39:01.0100 1796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:39:01.0100 1796 volsnap - ok
22:39:01.0210 1796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:39:01.0210 1796 vsmraid - ok
22:39:01.0290 1796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:39:01.0330 1796 VSS - ok
22:39:01.0400 1796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:39:01.0400 1796 vwifibus - ok
22:39:01.0410 1796 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:39:01.0410 1796 vwififlt - ok
22:39:01.0460 1796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:39:01.0470 1796 W32Time - ok
22:39:01.0500 1796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:39:01.0500 1796 WacomPen - ok
22:39:01.0590 1796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:39:01.0600 1796 WANARP - ok
22:39:01.0660 1796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:39:01.0660 1796 Wanarpv6 - ok
22:39:02.0140 1796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:39:02.0190 1796 wbengine - ok
22:39:02.0260 1796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:39:02.0280 1796 WbioSrvc - ok
22:39:02.0310 1796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:39:02.0320 1796 wcncsvc - ok
22:39:02.0340 1796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:39:02.0350 1796 WcsPlugInService - ok
22:39:02.0370 1796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:39:02.0370 1796 Wd - ok
22:39:02.0420 1796 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:39:02.0430 1796 WDC_SAM - ok
22:39:02.0610 1796 [ 7DEDECC376B29A973A0F3384D135F2DA ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
22:39:02.0620 1796 WDDMService - ok
22:39:02.0720 1796 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:39:02.0740 1796 Wdf01000 - ok
22:39:02.0850 1796 [ 8E798F577A684A5F1E464D954C6C7F1E ] WDFMEService C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
22:39:02.0870 1796 WDFMEService - ok
22:39:03.0140 1796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:39:03.0140 1796 WdiServiceHost - ok
22:39:03.0150 1796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:39:03.0150 1796 WdiSystemHost - ok
22:39:03.0210 1796 [ 65D571576E366067C22F22B3E919EF8C ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
22:39:03.0240 1796 WDRulesService - ok
22:39:03.0870 1796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:39:03.0930 1796 WebClient - ok
22:39:04.0140 1796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:39:04.0150 1796 Wecsvc - ok
22:39:04.0190 1796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:39:04.0200 1796 wercplsupport - ok
22:39:04.0230 1796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:39:04.0240 1796 WerSvc - ok
22:39:04.0280 1796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:39:04.0280 1796 WfpLwf - ok
22:39:04.0300 1796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:39:04.0310 1796 WIMMount - ok
22:39:04.0360 1796 WinDefend - ok
22:39:04.0370 1796 WinHttpAutoProxySvc - ok
22:39:04.0560 1796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:39:04.0560 1796 Winmgmt - ok
22:39:04.0970 1796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:39:04.0990 1796 WinRM - ok
22:39:05.0060 1796 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:39:05.0060 1796 WinUsb - ok
22:39:05.0110 1796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:39:05.0140 1796 Wlansvc - ok
22:39:05.0190 1796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:39:05.0190 1796 WmiAcpi - ok
22:39:05.0260 1796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:39:05.0270 1796 wmiApSrv - ok
22:39:05.0310 1796 WMPNetworkSvc - ok
22:39:05.0330 1796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:39:05.0330 1796 WPCSvc - ok
22:39:05.0360 1796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:39:05.0360 1796 WPDBusEnum - ok
22:39:05.0390 1796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:39:05.0390 1796 ws2ifsl - ok
22:39:05.0450 1796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:39:05.0460 1796 wscsvc - ok
22:39:05.0510 1796 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:39:05.0510 1796 WSDPrintDevice - ok
22:39:05.0510 1796 WSearch - ok
22:39:05.0690 1796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:39:05.0760 1796 wuauserv - ok
22:39:05.0790 1796 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:39:05.0790 1796 WudfPf - ok
22:39:05.0810 1796 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:05.0820 1796 WUDFRd - ok
22:39:05.0850 1796 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:39:05.0850 1796 wudfsvc - ok
22:39:05.0890 1796 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:39:05.0890 1796 WwanSvc - ok
22:39:05.0920 1796 ================ Scan global ===============================
22:39:05.0950 1796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:39:06.0030 1796 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:39:06.0040 1796 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:39:06.0080 1796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:39:06.0120 1796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:39:06.0120 1796 [Global] - ok
22:39:06.0120 1796 ================ Scan MBR ==================================
22:39:06.0140 1796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:39:06.0140 1796 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:39:06.0210 1796 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:39:06.0210 1796 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:39:06.0210 1796 ================ Scan VBR ==================================
22:39:06.0210 1796 [ F5BFFB821E45C737BAB138AB8B53EC0E ] \Device\Harddisk0\DR0\Partition1
22:39:06.0210 1796 \Device\Harddisk0\DR0\Partition1 - ok
22:39:06.0270 1796 [ E3179A354FBFFDECC45D21D6495F1B0C ] \Device\Harddisk0\DR0\Partition2
22:39:06.0270 1796 \Device\Harddisk0\DR0\Partition2 - ok
22:39:06.0270 1796 ============================================================
22:39:06.0270 1796 Scan finished
22:39:06.0270 1796 ============================================================
22:39:06.0270 4604 Detected object count: 1
22:39:06.0270 4604 Actual detected object count: 1
22:39:11.0641 4604 \Device\Harddisk0\DR0\# - copied to quarantine
22:39:11.0641 4604 \Device\Harddisk0\DR0 - copied to quarantine
22:39:11.0791 4604 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:39:11.0791 4604 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:39:11.0801 4604 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:39:11.0811 4604 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:39:11.0831 4604 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:39:11.0841 4604 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:39:11.0851 4604 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:39:11.0851 4604 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:39:11.0851 4604 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:39:11.0851 4604 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:39:11.0861 4604 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:39:11.0861 4604 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:39:11.0861 4604 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:39:11.0861 4604 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:39:12.0223 4604 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:39:12.0483 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:39:12.0483 4604 \Device\Harddisk0\DR0 - ok
22:39:12.0493 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:40:42.0290 1692 Deinitialize success


22:42:36.0301 3040 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:42:37.0114 3040 ============================================================
22:42:37.0114 3040 Current date / time: 2012/09/11 22:42:37.0114
22:42:37.0114 3040 SystemInfo:
22:42:37.0114 3040
22:42:37.0114 3040 OS Version: 6.1.7601 ServicePack: 1.0
22:42:37.0114 3040 Product type: Workstation
22:42:37.0114 3040 ComputerName: TRAVISLAPII-PC
22:42:37.0114 3040 UserName: Travis Lap II
22:42:37.0114 3040 Windows directory: C:\Windows
22:42:37.0114 3040 System windows directory: C:\Windows
22:42:37.0114 3040 Running under WOW64
22:42:37.0114 3040 Processor architecture: Intel x64
22:42:37.0114 3040 Number of processors: 2
22:42:37.0114 3040 Page size: 0x1000
22:42:37.0114 3040 Boot type: Normal boot
22:42:37.0114 3040 ============================================================
22:42:39.0906 3040 BG loaded
22:42:44.0414 3040 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:42:44.0430 3040 ============================================================
22:42:44.0430 3040 \Device\Harddisk0\DR0:
22:42:44.0430 3040 MBR partitions:
22:42:44.0430 3040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:42:44.0430 3040 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:42:44.0430 3040 ============================================================
22:42:44.0508 3040 C: <-> \Device\Harddisk0\DR0\Partition2
22:42:44.0508 3040 ============================================================
22:42:44.0508 3040 Initialize success
22:42:44.0508 3040 ============================================================
22:43:10.0461 2056 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 22:44:39
-----------------------------
22:44:39.331 OS Version: Windows x64 6.1.7601 Service Pack 1
22:44:39.331 Number of processors: 2 586 0x602
22:44:39.331 ComputerName: TRAVISLAPII-PC UserName: Travis Lap II
22:44:43.418 Initialize success
22:47:19.257 AVAST engine defs: 12091101
22:47:22.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:47:22.658 Disk 0 Vendor: WDC_WD3200BPVT-00HXZT3 01.01A01 Size: 305245MB BusType: 11
22:47:22.673 Disk 0 MBR read successfully
22:47:22.689 Disk 0 MBR scan
22:47:22.689 Disk 0 Windows 7 default MBR code
22:47:22.705 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:47:22.720 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:47:22.767 Disk 0 scanning C:\Windows\system32\drivers
22:47:35.200 Service scanning
22:47:49.053 Service Mcx2Svc C:\Windows\SysWOW64\Mcx2Svc.dll **INFECTED** Win32:Sirefef-YG [Trj]
22:48:06.587 Modules scanning
22:48:06.587 Disk 0 trace - called modules:
22:48:06.603 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:48:06.619 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004327060]
22:48:06.619 3 CLASSPNP.SYS[fffff88001bd043f] -> nt!IofCallDriver -> [0xfffffa80043265f0]
22:48:06.619 5 hpdskflt.sys[fffff88001b77189] -> nt!IofCallDriver -> [0xfffffa8003dad740]
22:48:06.634 7 ACPI.sys[fffff88000f7a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042a4060]
22:48:09.770 AVAST engine scan C:\Windows
22:48:16.774 AVAST engine scan C:\Windows\system32
22:53:06.438 AVAST engine scan C:\Windows\system32\drivers
22:53:19.932 AVAST engine scan C:\Users\Travis Lap II
23:03:26.526 AVAST engine scan C:\ProgramData
23:03:58.164 Scan finished successfully
23:04:32.968 Disk 0 MBR has been saved successfully to "C:\Users\Travis Lap II\Desktop\MBR.dat"
23:04:32.968 The log file has been saved successfully to "C:\Users\Travis Lap II\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   595bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 19,076 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 AM

Posted 12 September 2012 - 07:42 AM

Please run ComboFix one more time and post the log.


If this file Mcx2Svc.dll is not replaced by ComboFix we will have to deal with it.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 7 Update 4


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Edited by nasdaq, 12 September 2012 - 07:42 AM.


#9 Chexmix

Chexmix
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 14 September 2012 - 10:33 PM

K updated everything

ComboFix 12-09-14.03 - Travis Lap II 09/14/2012 22:16:39.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2645 [GMT -5:00]
Running from: c:\users\Travis Lap II\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 03:24 . 2012-09-15 03:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE60251B-AFC7-4F11-93C1-5B2D86D84F2C}\offreg.dll
2012-09-15 03:22 . 2012-09-15 03:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-15 03:22 . 2012-09-15 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 03:12 . 2012-09-15 03:12 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-15 02:44 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE60251B-AFC7-4F11-93C1-5B2D86D84F2C}\mpengine.dll
2012-09-12 03:42 . 2012-09-12 03:42 208216 ----a-w- c:\windows\system32\drivers\03953780.sys
2012-09-12 03:39 . 2012-09-12 03:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-12 03:36 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-09 03:12 . 2012-09-09 03:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-09 03:10 . 2012-09-09 03:10 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 03:10 . 2012-09-09 03:10 -------- d-----w- c:\program files (x86)\Java
2012-09-09 03:08 . 2012-09-09 03:08 -------- d-----w- c:\programdata\McAfee
2012-09-02 06:34 . 2012-09-02 06:34 -------- d-----w- c:\program files (x86)\FAST Defrag
2012-09-02 06:32 . 2012-09-05 03:05 -------- d-----w- c:\users\Travis Lap II\AppData\Local\blekkotb_031
2012-09-02 06:32 . 2012-09-02 06:47 -------- d-----w- c:\program files (x86)\blekkotb_031
2012-09-02 05:07 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F1BA2D5-B9BB-4AC8-9414-6AECBBFD9FD0}\gapaengine.dll
2012-09-02 05:04 . 2012-09-02 05:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-02 05:04 . 2012-09-02 05:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-02 04:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-02 04:51 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-09-02 04:40 . 2012-09-02 04:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-02 03:22 . 2012-09-02 03:22 -------- d-----w- c:\users\Travis Lap II\AppData\Roaming\PC Cleaners
2012-09-02 03:21 . 2012-09-02 03:22 -------- d-----w- c:\users\Travis Lap II\AppData\Roaming\PCPro
2012-09-02 03:21 . 2012-09-02 03:21 -------- d-----w- c:\programdata\PC1Data
2012-09-02 03:15 . 2012-09-02 03:16 -------- d-----w- C:\ca7b1d88239292987ccbd4
2012-09-02 03:12 . 2012-09-02 03:12 -------- d-----w- C:\d8a5e4024e45e484f8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 03:10 . 2012-05-08 08:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 03:10 . 2012-05-08 08:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-09 03:09 . 2012-04-04 02:45 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-09 03:09 . 2012-02-15 21:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 09:27 . 2012-02-15 19:51 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 14:42 . 2012-06-20 14:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-02_06.49.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-01 02:56 . 2012-09-12 03:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-09-01 02:56 . 2012-09-02 06:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-09-02 05:24 . 2012-09-12 03:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-09-02 05:24 . 2012-09-02 05:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-05-31 05:51 . 2012-09-12 03:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-15 20:23 . 2012-09-15 03:25 42068 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-15 03:25 36596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-15 19:17 . 2012-09-15 03:25 13874 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1994266729-924235344-239344739-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-09-09 02:11 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-15 03:23 . 2012-09-15 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-02 06:48 . 2012-09-02 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-15 03:23 . 2012-09-15 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-02 06:48 . 2012-09-02 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-09 03:09 . 2012-09-09 03:09 690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
- 2012-04-04 02:45 . 2012-09-01 03:45 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-04 02:45 . 2012-09-09 03:09 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-09-09 03:11 . 2012-09-09 03:10 246760 c:\windows\SysWOW64\javaws.exe
+ 2012-09-09 03:10 . 2012-09-09 03:10 174056 c:\windows\SysWOW64\javaw.exe
+ 2012-09-09 03:10 . 2012-09-09 03:10 174056 c:\windows\SysWOW64\java.exe
+ 2009-07-14 04:54 . 2012-09-12 03:25 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-02 06:49 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-09-09 05:00 626484 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-09 05:00 107728 c:\windows\system32\perfc009.dat
+ 2012-09-09 03:09 . 2012-09-09 03:09 420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_Plugin.exe
+ 2009-07-14 05:01 . 2012-09-15 03:22 335864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-02 06:48 335864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-09 03:12 . 2012-09-09 03:12 179200 c:\windows\Installer\7ea39.msi
+ 2011-06-06 18:55 . 2011-06-06 18:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2012-01-03 11:10 . 2012-01-03 11:10 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearmhelper.exe
+ 2012-09-09 03:09 . 2012-09-09 03:09 9813704 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-09-09 03:09 . 2012-09-09 03:09 1807560 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
+ 2009-07-14 04:54 . 2012-09-12 03:25 3276800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-15 21:13 . 2012-09-05 03:29 1130496 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-15 21:13 . 2012-09-02 06:26 1130496 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-15 21:13 . 2012-09-05 03:29 7798784 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-15 21:13 . 2012-09-02 06:26 7798784 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-15 21:05 . 2012-09-05 04:50 2472280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-4096.dat
- 2012-02-15 23:53 . 2012-09-02 06:34 5802198 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-12288.dat
+ 2012-02-15 23:53 . 2012-09-09 05:11 5802198 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-12288.dat
+ 2011-06-06 18:55 . 2011-06-06 18:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2009-07-14 04:54 . 2012-09-12 03:25 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-09 03:09 . 2012-09-09 03:09 12812488 c:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
+ 2009-07-14 04:54 . 2012-09-05 03:29 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-02 06:26 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-15 21:05 . 2012-09-15 03:22 12378008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-8192.dat
- 2012-02-15 21:05 . 2012-09-02 06:34 12378008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-8192.dat
+ 2012-05-30 06:40 . 2012-09-12 03:41 14984324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-09-09 03:08 . 2012-09-09 03:08 27549696 c:\windows\Installer\7ea2b.msi
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\338584.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Travis Lap II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 250568]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-08-05 6038016]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-30 32880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-28 178696]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:09]
.
2012-09-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000Core.job
- c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-21 03:57]
.
2012-09-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000UA.job
- c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-21 03:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-86648594.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ea,c9,d1,6a,f1,3e,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-09-14 22:29:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 03:29
ComboFix2.txt 2012-09-09 02:45
ComboFix3.txt 2012-09-05 05:58
ComboFix4.txt 2012-09-02 06:57
ComboFix5.txt 2012-09-15 03:14
.
Pre-Run: 227,580,956,672 bytes free
Post-Run: 227,370,520,576 bytes free
.
- - End Of File - - B6AB5D3F1E1A3FA308C93D643EAD63CF

#10 nasdaq

nasdaq

  • Malware Response Team
  • 19,076 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 AM

Posted 15 September 2012 - 07:47 AM

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    Mcx2Svc.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Please post the logs for my review.

#11 Chexmix

Chexmix
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 16 September 2012 - 04:03 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03
Ran by SYSTEM at 16-09-2012 03:53:22
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Travis Lap II\...\Run: [Facebook Update] "C:\Users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.92.29.130 97.81.22.195 68.113.206.10
Startup: C:\Users\Travis Lap II\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [1849856 2012-03-14] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe" [319384 2011-12-15] (WDC)
2 WDFMEService; "C:\Program Files\Western Digital\WD SmartWare\WDFME.exe" [1977224 2011-12-15] (Western Digital )
2 WDRulesService; "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe" [1338264 2011-12-15] (Western Digital )

==================== Drivers (Whitelisted) =====================

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 TotRec7; C:\Windows\System32\Drivers\TotRec7.sys [178696 2008-10-27] (High Criteria inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ()

==================== One Month Created Files and Folders ========

2012-09-16 00:46 - 2012-09-16 00:46 - 01454171 ____A (Farbar) C:\Users\Travis Lap II\Desktop\FRST64.exe
2012-09-15 22:19 - 2012-09-15 22:20 - 00000000 ____D C:\Users\Travis Lap II\Desktop\Wii 4 PC RESIDENT EVIL 1 REMAKE perfect emulator isos by globe@
2012-09-15 19:48 - 2012-09-15 19:49 - 00000000 ____D C:\Users\Travis Lap II\Desktop\Resident Evi Retribution
2012-09-14 19:29 - 2012-09-14 19:29 - 00027213 ____A C:\ComboFix.txt
2012-09-11 19:42 - 2012-09-11 19:42 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\03953780.sys
2012-09-11 19:39 - 2012-09-11 19:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-08 19:11 - 2012-09-08 19:10 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-08 19:10 - 2012-09-08 19:10 - 00000000 ____D C:\Program Files (x86)\Java
2012-09-08 19:08 - 2012-09-08 19:08 - 00000000 ____D C:\Users\All Users\McAfee
2012-09-08 18:59 - 2012-09-08 18:59 - 00015336 ____A C:\AdwCleaner[S1].txt
2012-09-01 22:34 - 2012-09-01 22:34 - 00000939 ____A C:\Users\Travis Lap II\Desktop\FAST Defrag.lnk
2012-09-01 22:34 - 2012-09-01 22:34 - 00000000 ____D C:\Program Files (x86)\FAST Defrag
2012-09-01 22:33 - 2012-09-01 22:33 - 01029973 ____A (AMS ( network ) ) C:\Users\Travis Lap II\Downloads\FastDefragPro.exe
2012-09-01 22:32 - 2012-09-04 19:05 - 00000000 ____D C:\Users\Travis Lap II\AppData\Local\blekkotb_031
2012-09-01 22:32 - 2012-09-01 22:47 - 00000000 ____D C:\Program Files (x86)\blekkotb_031
2012-09-01 22:27 - 2012-09-14 19:23 - 00005402 ____A C:\Windows\PFRO.log
2012-09-01 21:04 - 2012-09-01 21:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-01 21:04 - 2012-09-01 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-01 20:56 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-01 20:56 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-01 20:56 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-01 20:56 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-01 20:56 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-01 20:56 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-01 20:56 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-01 20:56 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-01 20:56 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-01 20:56 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-01 20:56 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-01 20:56 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-01 20:56 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-01 20:56 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-01 20:56 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-01 20:56 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-01 20:56 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-01 20:56 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-01 20:56 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-01 20:56 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-01 20:56 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-01 20:56 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-01 20:56 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-01 20:56 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-01 20:56 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-01 20:56 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-01 20:56 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-01 20:56 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-01 20:52 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-09-01 20:52 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-09-01 20:52 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-09-01 20:52 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-09-01 20:52 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-09-01 20:52 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-09-01 20:52 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-09-01 20:52 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-09-01 20:52 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-09-01 20:52 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-09-01 20:52 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-09-01 20:52 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-09-01 20:52 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-09-01 20:52 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-09-01 20:52 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-09-01 20:52 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-09-01 20:52 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-09-01 20:52 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-09-01 20:52 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-09-01 20:52 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-09-01 20:52 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-09-01 20:51 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-01 20:51 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-09-01 20:51 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-09-01 20:51 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-09-01 20:51 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-09-01 20:51 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-09-01 20:51 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-09-01 20:51 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-09-01 20:51 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-09-01 20:51 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-09-01 20:51 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-09-01 20:40 - 2012-09-01 20:40 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-01 20:37 - 2012-09-01 20:37 - 00270152 ____A C:\Windows\Minidump\090112-21996-01.dmp
2012-09-01 20:37 - 2012-09-01 20:37 - 00000000 ____D C:\Windows\Minidump
2012-09-01 20:36 - 2012-09-01 20:36 - 162438988 ____A C:\Windows\MEMORY.DMP
2012-09-01 19:22 - 2012-09-01 19:22 - 00000000 ____D C:\Users\Travis Lap II\AppData\Roaming\PC Cleaners
2012-09-01 19:21 - 2012-09-01 19:22 - 00000000 ____D C:\Users\Travis Lap II\AppData\Roaming\PCPro
2012-09-01 19:21 - 2012-09-01 19:21 - 00000000 ____D C:\Users\All Users\PC1Data
2012-09-01 19:15 - 2012-09-01 19:16 - 00000000 ____D C:\ca7b1d88239292987ccbd4
2012-09-01 19:12 - 2012-09-01 19:12 - 00000000 ____D C:\d8a5e4024e45e484f8
2012-08-31 18:57 - 2012-08-25 18:47 - 62638257 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer 2.mp4
2012-08-17 18:44 - 2012-08-15 04:55 - 405391872 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer.avi


==================== 3 Months Modified Files ==================

2012-09-16 00:47 - 2012-02-15 13:10 - 01832178 ____A C:\Windows\WindowsUpdate.log
2012-09-16 00:46 - 2012-09-16 00:46 - 01454171 ____A (Farbar) C:\Users\Travis Lap II\Desktop\FRST64.exe
2012-09-16 00:39 - 2009-07-13 21:13 - 00729748 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-16 00:33 - 2012-04-20 19:52 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000UA.job
2012-09-16 00:33 - 2012-04-03 18:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-15 22:48 - 2009-07-13 20:45 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-15 22:48 - 2009-07-13 20:45 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-15 22:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 22:42 - 2012-06-20 17:46 - 00005700 ____A C:\Windows\setupact.log
2012-09-15 20:02 - 2012-04-20 19:52 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000Core.job
2012-09-14 19:35 - 2012-04-03 18:45 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-14 19:35 - 2012-02-15 13:35 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-14 19:29 - 2012-09-14 19:29 - 00027213 ____A C:\ComboFix.txt
2012-09-14 19:24 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-14 19:23 - 2012-09-01 22:27 - 00005402 ____A C:\Windows\PFRO.log
2012-09-14 19:13 - 2012-06-19 19:58 - 04752472 ____R (Swearware) C:\Users\Travis Lap II\Desktop\ComboFix.exe
2012-09-12 23:10 - 2012-03-02 15:20 - 00001410 ____A C:\Windows\compuhost.ini
2012-09-11 19:42 - 2012-09-11 19:42 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\03953780.sys
2012-09-08 19:10 - 2012-09-08 19:11 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-08 19:10 - 2012-05-08 00:57 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-08 19:10 - 2012-05-08 00:57 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-08 18:59 - 2012-09-08 18:59 - 00015336 ____A C:\AdwCleaner[S1].txt
2012-09-01 22:34 - 2012-09-01 22:34 - 00000939 ____A C:\Users\Travis Lap II\Desktop\FAST Defrag.lnk
2012-09-01 22:33 - 2012-09-01 22:33 - 01029973 ____A (AMS ( network ) ) C:\Users\Travis Lap II\Downloads\FastDefragPro.exe
2012-09-01 21:06 - 2012-02-16 04:41 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-01 21:04 - 2012-02-16 04:41 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-01 21:02 - 2009-07-13 20:45 - 02233192 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-01 20:40 - 2012-09-01 20:40 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-01 20:37 - 2012-09-01 20:37 - 00270152 ____A C:\Windows\Minidump\090112-21996-01.dmp
2012-09-01 20:36 - 2012-09-01 20:36 - 162438988 ____A C:\Windows\MEMORY.DMP
2012-08-25 18:47 - 2012-08-31 18:57 - 62638257 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer 2.mp4
2012-08-15 04:55 - 2012-08-17 18:44 - 405391872 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer.avi
2012-08-09 19:54 - 2012-08-10 20:27 - 233320960 ____A C:\Users\Travis Lap II\Desktop\ol school commercial.avi
2012-08-07 20:36 - 2012-08-07 20:36 - 00000009 ____A C:\END
2012-08-03 01:27 - 2012-02-15 11:51 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-18 10:15 - 2012-09-01 20:51 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 20:08 - 2012-07-17 20:08 - 00002231 ____A C:\Users\Public\Desktop\EmuMovies Download Service Utility.lnk
2012-07-04 14:16 - 2012-09-01 20:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-09-01 20:51 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-09-01 20:51 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-09-01 20:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-09-01 20:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-09-01 20:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-09-01 20:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-09-01 20:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-09-01 20:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-09-01 20:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-09-01 20:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-09-01 20:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-09-01 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-09-01 20:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-09-01 20:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-09-01 20:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-09-01 20:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-09-01 20:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-09-01 20:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-09-01 20:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-09-01 20:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-09-01 20:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-09-01 20:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-09-01 20:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-09-01 20:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-09-01 20:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-09-01 20:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-09-01 20:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-09-01 20:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-09-01 20:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-09-01 20:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-09-01 20:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-09-01 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-20 17:46 - 2012-06-20 17:46 - 00000000 ____A C:\Windows\setuperr.log
2012-06-20 06:42 - 2012-06-20 06:42 - 03678720 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys


ZeroAccess:
C:\Windows\Installer\{a45db2e0-6769-5498-140b-8026e3b61e9c}
C:\Windows\Installer\{a45db2e0-6769-5498-140b-8026e3b61e9c}\L
C:\Windows\Installer\{a45db2e0-6769-5498-140b-8026e3b61e9c}\U

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\@
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\L
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\U

ZeroAccess:
C:\Users\Travis Lap II\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}
C:\Users\Travis Lap II\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\L
C:\Users\Travis Lap II\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-31 21:20:11
Restore point made on: 2012-09-01 19:45:16
Restore point made on: 2012-09-01 20:53:18
Restore point made on: 2012-09-01 21:37:56
Restore point made on: 2012-09-04 21:37:41
Restore point made on: 2012-09-07 19:17:16
Restore point made on: 2012-09-08 19:09:52
Restore point made on: 2012-09-11 19:36:08
Restore point made on: 2012-09-14 19:14:42
Restore point made on: 2012-09-15 19:07:40

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3836.2 MB
Available physical RAM: 3248.7 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 3242.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:209.63 GB) NTFS
4 Drive g: () (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 297 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1953 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-09-14 21:22

==================== End Of Log =============================



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03
Ran by SYSTEM at 16-09-2012 03:53:22
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Travis Lap II\...\Run: [Facebook Update] "C:\Users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.92.29.130 97.81.22.195 68.113.206.10
Startup: C:\Users\Travis Lap II\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [1849856 2012-03-14] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe" [319384 2011-12-15] (WDC)
2 WDFMEService; "C:\Program Files\Western Digital\WD SmartWare\WDFME.exe" [1977224 2011-12-15] (Western Digital )
2 WDRulesService; "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe" [1338264 2011-12-15] (Western Digital )

==================== Drivers (Whitelisted) =====================

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 TotRec7; C:\Windows\System32\Drivers\TotRec7.sys [178696 2008-10-27] (High Criteria inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ()

==================== One Month Created Files and Folders ========

2012-09-16 00:46 - 2012-09-16 00:46 - 01454171 ____A (Farbar) C:\Users\Travis Lap II\Desktop\FRST64.exe
2012-09-15 22:19 - 2012-09-15 22:20 - 00000000 ____D C:\Users\Travis Lap II\Desktop\Wii 4 PC RESIDENT EVIL 1 REMAKE perfect emulator isos by globe@
2012-09-15 19:48 - 2012-09-15 19:49 - 00000000 ____D C:\Users\Travis Lap II\Desktop\Resident Evi Retribution
2012-09-14 19:29 - 2012-09-14 19:29 - 00027213 ____A C:\ComboFix.txt
2012-09-11 19:42 - 2012-09-11 19:42 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\03953780.sys
2012-09-11 19:39 - 2012-09-11 19:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-08 19:11 - 2012-09-08 19:10 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-08 19:10 - 2012-09-08 19:10 - 00000000 ____D C:\Program Files (x86)\Java
2012-09-08 19:08 - 2012-09-08 19:08 - 00000000 ____D C:\Users\All Users\McAfee
2012-09-08 18:59 - 2012-09-08 18:59 - 00015336 ____A C:\AdwCleaner[S1].txt
2012-09-01 22:34 - 2012-09-01 22:34 - 00000939 ____A C:\Users\Travis Lap II\Desktop\FAST Defrag.lnk
2012-09-01 22:34 - 2012-09-01 22:34 - 00000000 ____D C:\Program Files (x86)\FAST Defrag
2012-09-01 22:33 - 2012-09-01 22:33 - 01029973 ____A (AMS ( network ) ) C:\Users\Travis Lap II\Downloads\FastDefragPro.exe
2012-09-01 22:32 - 2012-09-04 19:05 - 00000000 ____D C:\Users\Travis Lap II\AppData\Local\blekkotb_031
2012-09-01 22:32 - 2012-09-01 22:47 - 00000000 ____D C:\Program Files (x86)\blekkotb_031
2012-09-01 22:27 - 2012-09-14 19:23 - 00005402 ____A C:\Windows\PFRO.log
2012-09-01 21:04 - 2012-09-01 21:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-01 21:04 - 2012-09-01 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-01 20:56 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-01 20:56 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-01 20:56 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-01 20:56 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-01 20:56 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-01 20:56 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-01 20:56 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-01 20:56 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-01 20:56 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-01 20:56 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-01 20:56 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-01 20:56 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-01 20:56 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-01 20:56 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-01 20:56 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-01 20:56 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-01 20:56 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-01 20:56 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-01 20:56 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-01 20:56 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-01 20:56 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-01 20:56 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-01 20:56 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-01 20:56 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-01 20:56 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-01 20:56 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-01 20:56 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-01 20:56 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-01 20:52 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-09-01 20:52 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-09-01 20:52 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-09-01 20:52 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-09-01 20:52 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-09-01 20:52 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-09-01 20:52 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-09-01 20:52 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-09-01 20:52 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-09-01 20:52 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-09-01 20:52 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-09-01 20:52 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-09-01 20:52 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-09-01 20:52 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-09-01 20:52 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-09-01 20:52 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-09-01 20:52 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-09-01 20:52 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-09-01 20:52 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-09-01 20:52 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-09-01 20:52 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-09-01 20:51 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-01 20:51 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-09-01 20:51 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-09-01 20:51 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-09-01 20:51 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-09-01 20:51 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-09-01 20:51 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-09-01 20:51 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-09-01 20:51 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-09-01 20:51 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-09-01 20:51 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-09-01 20:40 - 2012-09-01 20:40 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-01 20:37 - 2012-09-01 20:37 - 00270152 ____A C:\Windows\Minidump\090112-21996-01.dmp
2012-09-01 20:37 - 2012-09-01 20:37 - 00000000 ____D C:\Windows\Minidump
2012-09-01 20:36 - 2012-09-01 20:36 - 162438988 ____A C:\Windows\MEMORY.DMP
2012-09-01 19:22 - 2012-09-01 19:22 - 00000000 ____D C:\Users\Travis Lap II\AppData\Roaming\PC Cleaners
2012-09-01 19:21 - 2012-09-01 19:22 - 00000000 ____D C:\Users\Travis Lap II\AppData\Roaming\PCPro
2012-09-01 19:21 - 2012-09-01 19:21 - 00000000 ____D C:\Users\All Users\PC1Data
2012-09-01 19:15 - 2012-09-01 19:16 - 00000000 ____D C:\ca7b1d88239292987ccbd4
2012-09-01 19:12 - 2012-09-01 19:12 - 00000000 ____D C:\d8a5e4024e45e484f8
2012-08-31 18:57 - 2012-08-25 18:47 - 62638257 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer 2.mp4
2012-08-17 18:44 - 2012-08-15 04:55 - 405391872 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer.avi


==================== 3 Months Modified Files ==================

2012-09-16 00:47 - 2012-02-15 13:10 - 01832178 ____A C:\Windows\WindowsUpdate.log
2012-09-16 00:46 - 2012-09-16 00:46 - 01454171 ____A (Farbar) C:\Users\Travis Lap II\Desktop\FRST64.exe
2012-09-16 00:39 - 2009-07-13 21:13 - 00729748 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-16 00:33 - 2012-04-20 19:52 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000UA.job
2012-09-16 00:33 - 2012-04-03 18:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-15 22:48 - 2009-07-13 20:45 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-15 22:48 - 2009-07-13 20:45 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-15 22:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 22:42 - 2012-06-20 17:46 - 00005700 ____A C:\Windows\setupact.log
2012-09-15 20:02 - 2012-04-20 19:52 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000Core.job
2012-09-14 19:35 - 2012-04-03 18:45 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-14 19:35 - 2012-02-15 13:35 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-14 19:29 - 2012-09-14 19:29 - 00027213 ____A C:\ComboFix.txt
2012-09-14 19:24 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-14 19:23 - 2012-09-01 22:27 - 00005402 ____A C:\Windows\PFRO.log
2012-09-14 19:13 - 2012-06-19 19:58 - 04752472 ____R (Swearware) C:\Users\Travis Lap II\Desktop\ComboFix.exe
2012-09-12 23:10 - 2012-03-02 15:20 - 00001410 ____A C:\Windows\compuhost.ini
2012-09-11 19:42 - 2012-09-11 19:42 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\03953780.sys
2012-09-08 19:10 - 2012-09-08 19:11 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-08 19:10 - 2012-09-08 19:10 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-08 19:10 - 2012-05-08 00:57 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-08 19:10 - 2012-05-08 00:57 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-08 18:59 - 2012-09-08 18:59 - 00015336 ____A C:\AdwCleaner[S1].txt
2012-09-01 22:34 - 2012-09-01 22:34 - 00000939 ____A C:\Users\Travis Lap II\Desktop\FAST Defrag.lnk
2012-09-01 22:33 - 2012-09-01 22:33 - 01029973 ____A (AMS ( network ) ) C:\Users\Travis Lap II\Downloads\FastDefragPro.exe
2012-09-01 21:06 - 2012-02-16 04:41 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-01 21:04 - 2012-02-16 04:41 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-01 21:02 - 2009-07-13 20:45 - 02233192 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-01 20:40 - 2012-09-01 20:40 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-01 20:37 - 2012-09-01 20:37 - 00270152 ____A C:\Windows\Minidump\090112-21996-01.dmp
2012-09-01 20:36 - 2012-09-01 20:36 - 162438988 ____A C:\Windows\MEMORY.DMP
2012-08-25 18:47 - 2012-08-31 18:57 - 62638257 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer 2.mp4
2012-08-15 04:55 - 2012-08-17 18:44 - 405391872 ____A C:\Users\Travis Lap II\Desktop\Justin's Trailer.avi
2012-08-09 19:54 - 2012-08-10 20:27 - 233320960 ____A C:\Users\Travis Lap II\Desktop\ol school commercial.avi
2012-08-07 20:36 - 2012-08-07 20:36 - 00000009 ____A C:\END
2012-08-03 01:27 - 2012-02-15 11:51 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-18 10:15 - 2012-09-01 20:51 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 20:08 - 2012-07-17 20:08 - 00002231 ____A C:\Users\Public\Desktop\EmuMovies Download Service Utility.lnk
2012-07-04 14:16 - 2012-09-01 20:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-09-01 20:51 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-09-01 20:51 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-09-01 20:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-09-01 20:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-09-01 20:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-09-01 20:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-09-01 20:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-09-01 20:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-09-01 20:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-09-01 20:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-09-01 20:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-09-01 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-09-01 20:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-09-01 20:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-09-01 20:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-09-01 20:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-09-01 20:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-09-01 20:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-09-01 20:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-09-01 20:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-09-01 20:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-09-01 20:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-09-01 20:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-09-01 20:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-09-01 20:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-09-01 20:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-09-01 20:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-09-01 20:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-09-01 20:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-09-01 20:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-09-01 20:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-09-01 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-20 17:46 - 2012-06-20 17:46 - 00000000 ____A C:\Windows\setuperr.log
2012-06-20 06:42 - 2012-06-20 06:42 - 03678720 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys


ZeroAccess:
C:\Windows\Installer\{a45db2e0-6769-5498-140b-8026e3b61e9c}
C:\Windows\Installer\{a45db2e0-6769-5498-140b-8026e3b61e9c}\L
C:\Windows\Installer\{a45db2e0-6769-5498-140b-8026e3b61e9c}\U

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\@
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\L
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\U

ZeroAccess:
C:\Users\Travis Lap II\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}
C:\Users\Travis Lap II\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\L
C:\Users\Travis Lap II\AppData\Local\{a45db2e0-6769-5498-140b-8026e3b61e9c}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-31 21:20:11
Restore point made on: 2012-09-01 19:45:16
Restore point made on: 2012-09-01 20:53:18
Restore point made on: 2012-09-01 21:37:56
Restore point made on: 2012-09-04 21:37:41
Restore point made on: 2012-09-07 19:17:16
Restore point made on: 2012-09-08 19:09:52
Restore point made on: 2012-09-11 19:36:08
Restore point made on: 2012-09-14 19:14:42
Restore point made on: 2012-09-15 19:07:40

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3836.2 MB
Available physical RAM: 3248.7 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 3242.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:209.63 GB) NTFS
4 Drive g: () (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 297 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1953 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-09-14 21:22

==================== End Of Log =============================

#12 nasdaq

nasdaq

  • Malware Response Team
  • 19,076 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 AM

Posted 16 September 2012 - 08:54 AM

You still have the ZeroAccess infiction.

We both missed this step in post no. 10.
The file is really infected and must be replaced.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    Mcx2Svc.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#13 Chexmix

Chexmix
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 16 September 2012 - 10:43 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 10:40 on 16/09/2012 by Travis Lap II
Administrator - Elevation successful

========== filefind ==========

Searching for "Mcx2Svc.dll"
C:\Windows\System32\Mcx2Svc.dll --a---- 84992 bytes [12:26 16/02/2012] [13:26 20/11/2010] 0BE09CD858ABF9DF6ED259D57A1A1663
C:\Windows\SysWOW64\Mcx2Svc.dll --a---- 1849856 bytes [22:41 14/03/2012] [22:41 14/03/2012] C4F4C1FFC7DF3A3047E8A82042C1244D
C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2svc_31bf3856ad364e35_6.1.7600.16385_none_be95096697fdd2dc\Mcx2Svc.dll --a---- 84480 bytes [00:24 14/07/2009] [01:41 14/07/2009] F84C8F1000BC11E3B7B23CBD3BAFF111
C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2svc_31bf3856ad364e35_6.1.7601.17514_none_c0c61d2e94ec5676\Mcx2Svc.dll --a---- 84992 bytes [12:26 16/02/2012] [13:26 20/11/2010] 0BE09CD858ABF9DF6ED259D57A1A1663

-= EOF =-

#14 nasdaq

nasdaq

  • Malware Response Team
  • 19,076 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 AM

Posted 16 September 2012 - 01:01 PM

Open notepad and copy/paste the text in the quote box below into it:

FCopy::
C:\Windows\System32\Mcx2Svc.dll | C:\Windows\SysWOW64\Mcx2Svc.dll


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Restart the computer normally.

Then post the resultant log.

Include a fresh copy of the TDSSKiller and aswMBR logs for my review.

Let me know what problem persists.

#15 Chexmix

Chexmix
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 16 September 2012 - 05:24 PM

ComboFix 12-09-15.02 - Travis Lap II 09/16/2012 16:14:35.7.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2624 [GMT -5:00]
Running from: c:\users\Travis Lap II\Desktop\ComboFix.exe
Command switches used :: c:\users\Travis Lap II\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\System32\Mcx2Svc.dll --> c:\windows\SysWOW64\Mcx2Svc.dll
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 21:21 . 2012-09-16 21:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{748ADD29-46D7-4B9C-87C5-9E4F19689D9E}\offreg.dll
2012-09-16 21:20 . 2012-09-16 21:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-16 21:20 . 2012-09-16 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 11:53 . 2012-09-16 11:53 -------- d-----w- C:\FRST
2012-09-16 03:07 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{748ADD29-46D7-4B9C-87C5-9E4F19689D9E}\mpengine.dll
2012-09-15 03:12 . 2012-09-15 03:12 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-15 02:44 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-12 03:42 . 2012-09-12 03:42 208216 ----a-w- c:\windows\system32\drivers\03953780.sys
2012-09-12 03:39 . 2012-09-12 03:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-09 03:12 . 2012-09-09 03:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-09 03:10 . 2012-09-09 03:10 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 03:10 . 2012-09-09 03:10 -------- d-----w- c:\program files (x86)\Java
2012-09-09 03:08 . 2012-09-09 03:08 -------- d-----w- c:\programdata\McAfee
2012-09-02 06:34 . 2012-09-02 06:34 -------- d-----w- c:\program files (x86)\FAST Defrag
2012-09-02 06:32 . 2012-09-05 03:05 -------- d-----w- c:\users\Travis Lap II\AppData\Local\blekkotb_031
2012-09-02 06:32 . 2012-09-02 06:47 -------- d-----w- c:\program files (x86)\blekkotb_031
2012-09-02 05:07 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F1BA2D5-B9BB-4AC8-9414-6AECBBFD9FD0}\gapaengine.dll
2012-09-02 05:04 . 2012-09-02 05:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-02 05:04 . 2012-09-02 05:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-02 04:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-02 04:51 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-09-02 04:40 . 2012-09-02 04:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-02 03:22 . 2012-09-02 03:22 -------- d-----w- c:\users\Travis Lap II\AppData\Roaming\PC Cleaners
2012-09-02 03:21 . 2012-09-02 03:22 -------- d-----w- c:\users\Travis Lap II\AppData\Roaming\PCPro
2012-09-02 03:21 . 2012-09-02 03:21 -------- d-----w- c:\programdata\PC1Data
2012-09-02 03:15 . 2012-09-02 03:16 -------- d-----w- C:\ca7b1d88239292987ccbd4
2012-09-02 03:12 . 2012-09-02 03:12 -------- d-----w- C:\d8a5e4024e45e484f8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 03:35 . 2012-04-04 02:45 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-15 03:35 . 2012-02-15 21:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-09 03:10 . 2012-05-08 08:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 03:10 . 2012-05-08 08:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-03 09:27 . 2012-02-15 19:51 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 14:42 . 2012-06-20 14:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-02_06.49.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-01 02:56 . 2012-09-12 03:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-09-01 02:56 . 2012-09-02 06:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-09-02 05:24 . 2012-09-02 05:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-09-02 05:24 . 2012-09-12 03:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-05-31 05:51 . 2012-09-12 03:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-15 20:23 . 2012-09-16 21:23 42234 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-16 21:23 38196 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-15 19:17 . 2012-09-16 21:23 13874 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1994266729-924235344-239344739-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-09-09 02:11 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-17 00:53 . 2012-09-16 06:41 3216 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-17 00:53 . 2012-08-09 08:43 3216 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-09-02 06:48 . 2012-09-02 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 21:21 . 2012-09-16 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 21:21 . 2012-09-16 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-02 06:48 . 2012-09-02 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-09 03:09 . 2012-09-15 03:35 690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-04-04 02:45 . 2012-09-15 03:35 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-04 02:45 . 2012-09-01 03:45 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-09-09 03:11 . 2012-09-09 03:10 246760 c:\windows\SysWOW64\javaws.exe
+ 2012-09-09 03:10 . 2012-09-09 03:10 174056 c:\windows\SysWOW64\javaw.exe
+ 2012-09-09 03:10 . 2012-09-09 03:10 174056 c:\windows\SysWOW64\java.exe
- 2009-07-14 04:54 . 2012-09-02 06:49 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-12 03:25 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-20 01:05 . 2012-09-16 08:33 243448 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-09-16 08:39 626484 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-16 08:39 107728 c:\windows\system32\perfc009.dat
+ 2012-09-09 03:09 . 2012-09-15 03:35 420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_Plugin.exe
+ 2009-07-14 05:01 . 2012-09-16 21:20 335864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-02 06:48 335864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-09 03:12 . 2012-09-09 03:12 179200 c:\windows\Installer\7ea39.msi
+ 2011-06-06 18:55 . 2011-06-06 18:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2012-01-03 11:10 . 2012-01-03 11:10 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearmhelper.exe
+ 2012-09-09 03:09 . 2012-09-15 03:35 9813704 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-09-09 03:09 . 2012-09-15 03:35 1807560 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
+ 2009-07-14 04:54 . 2012-09-12 03:25 3276800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-15 21:13 . 2012-09-15 05:25 1130496 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-15 21:13 . 2012-09-02 06:26 1130496 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-15 21:13 . 2012-09-15 05:25 7798784 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-15 21:13 . 2012-09-02 06:26 7798784 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-15 21:05 . 2012-09-16 09:58 2472280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-4096.dat
+ 2012-02-15 23:53 . 2012-09-15 06:03 6098172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-12288.dat
+ 2011-06-06 18:55 . 2011-06-06 18:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2009-07-14 04:54 . 2012-09-12 03:25 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-09 03:09 . 2012-09-15 03:35 12812488 c:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
+ 2009-07-14 04:54 . 2012-09-15 05:25 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-02 06:26 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-15 21:05 . 2012-09-02 06:34 12378008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-8192.dat
+ 2012-02-15 21:05 . 2012-09-16 21:20 12378008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1994266729-924235344-239344739-1000-8192.dat
+ 2012-05-30 06:40 . 2012-09-12 03:41 14984324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-09-09 03:08 . 2012-09-09 03:08 27549696 c:\windows\Installer\7ea2b.msi
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\338584.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Travis Lap II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 250568]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-08-05 6038016]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-30 32880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-28 178696]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:35]
.
2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000Core.job
- c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-21 03:57]
.
2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1994266729-924235344-239344739-1000UA.job
- c:\users\Travis Lap II\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-21 03:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Travis Lap II\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 71.92.29.130 97.81.22.195 68.113.206.10
FF - ProfilePath - c:\users\Travis Lap II\AppData\Roaming\Mozilla\Firefox\Profiles\s4st6yx6.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ea,c9,d1,6a,f1,3e,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-09-16 16:26:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-16 21:26
ComboFix2.txt 2012-09-15 03:29
ComboFix3.txt 2012-09-09 02:45
ComboFix4.txt 2012-09-05 05:58
ComboFix5.txt 2012-09-16 21:13
.
Pre-Run: 224,491,380,736 bytes free
Post-Run: 224,466,505,728 bytes free
.
- - End Of File - - BA6D7593569160CFEACE2BA6633669C9


16:30:23.0931 0952 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:30:25.0959 0952 ============================================================
16:30:25.0959 0952 Current date / time: 2012/09/16 16:30:25.0959
16:30:25.0959 0952 SystemInfo:
16:30:25.0959 0952
16:30:25.0959 0952 OS Version: 6.1.7601 ServicePack: 1.0
16:30:25.0959 0952 Product type: Workstation
16:30:25.0959 0952 ComputerName: TRAVISLAPII-PC
16:30:25.0959 0952 UserName: Travis Lap II
16:30:25.0959 0952 Windows directory: C:\Windows
16:30:25.0959 0952 System windows directory: C:\Windows
16:30:25.0959 0952 Running under WOW64
16:30:25.0959 0952 Processor architecture: Intel x64
16:30:25.0959 0952 Number of processors: 2
16:30:25.0959 0952 Page size: 0x1000
16:30:25.0959 0952 Boot type: Normal boot
16:30:25.0959 0952 ============================================================
16:30:28.0470 0952 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:30:28.0486 0952 Drive \Device\Harddisk1\DR1 - Size: 0x7A1D2200 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:30:28.0486 0952 ============================================================
16:30:28.0486 0952 \Device\Harddisk0\DR0:
16:30:28.0486 0952 MBR partitions:
16:30:28.0486 0952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:30:28.0486 0952 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
16:30:28.0486 0952 \Device\Harddisk1\DR1:
16:30:28.0486 0952 MBR partitions:
16:30:28.0486 0952 ============================================================
16:30:28.0564 0952 C: <-> \Device\Harddisk0\DR0\Partition2
16:30:28.0564 0952 ============================================================
16:30:28.0564 0952 Initialize success
16:30:28.0564 0952 ============================================================
16:30:32.0590 2764 ============================================================
16:30:32.0590 2764 Scan started
16:30:32.0590 2764 Mode: Manual;
16:30:32.0590 2764 ============================================================
16:30:36.0427 2764 ================ Scan system memory ========================
16:30:36.0427 2764 System memory - ok
16:30:36.0427 2764 ================ Scan services =============================
16:30:36.0849 2764 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:30:36.0849 2764 1394ohci - ok
16:30:36.0911 2764 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
16:30:36.0911 2764 Accelerometer - ok
16:30:36.0973 2764 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:30:36.0973 2764 ACPI - ok
16:30:37.0020 2764 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:30:37.0020 2764 AcpiPmi - ok
16:30:37.0176 2764 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:30:37.0176 2764 AdobeARMservice - ok
16:30:37.0395 2764 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:30:37.0410 2764 AdobeFlashPlayerUpdateSvc - ok
16:30:37.0473 2764 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:30:37.0488 2764 adp94xx - ok
16:30:37.0551 2764 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:30:37.0551 2764 adpahci - ok
16:30:37.0566 2764 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:30:37.0582 2764 adpu320 - ok
16:30:37.0613 2764 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:30:37.0613 2764 AeLookupSvc - ok
16:30:38.0003 2764 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
16:30:38.0003 2764 AESTFilters - ok
16:30:38.0065 2764 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:30:38.0081 2764 AFD - ok
16:30:38.0112 2764 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:30:38.0112 2764 agp440 - ok
16:30:38.0175 2764 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:30:38.0175 2764 ALG - ok
16:30:38.0237 2764 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:30:38.0237 2764 aliide - ok
16:30:38.0346 2764 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:30:38.0346 2764 AMD External Events Utility - ok
16:30:38.0471 2764 AMD FUEL Service - ok
16:30:38.0487 2764 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:30:38.0487 2764 amdide - ok
16:30:38.0518 2764 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:30:38.0518 2764 amdiox64 - ok
16:30:38.0565 2764 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:30:38.0565 2764 AmdK8 - ok
16:30:38.0814 2764 [ A29087680A1C3B049E3C05438E8FF2B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:30:38.0892 2764 amdkmdag - ok
16:30:38.0939 2764 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:30:38.0939 2764 amdkmdap - ok
16:30:38.0970 2764 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:30:38.0970 2764 AmdPPM - ok
16:30:39.0017 2764 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:30:39.0017 2764 amdsata - ok
16:30:39.0048 2764 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:30:39.0048 2764 amdsbs - ok
16:30:39.0079 2764 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:30:39.0079 2764 amdxata - ok
16:30:39.0111 2764 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:30:39.0111 2764 androidusb - ok
16:30:39.0157 2764 [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:30:39.0157 2764 AODDriver4.01 - ok
16:30:39.0220 2764 [ 05F1A0A81A98CF27E3F028213FB6C36A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:30:39.0220 2764 ApfiltrService - ok
16:30:39.0267 2764 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:30:39.0267 2764 AppID - ok
16:30:39.0298 2764 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:30:39.0298 2764 AppIDSvc - ok
16:30:39.0329 2764 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:30:39.0329 2764 Appinfo - ok
16:30:39.0407 2764 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:30:39.0423 2764 Apple Mobile Device - ok
16:30:39.0469 2764 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:30:39.0469 2764 AppMgmt - ok
16:30:39.0516 2764 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:30:39.0516 2764 arc - ok
16:30:39.0532 2764 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:30:39.0532 2764 arcsas - ok
16:30:39.0547 2764 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:30:39.0547 2764 AsyncMac - ok
16:30:39.0579 2764 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:30:39.0579 2764 atapi - ok
16:30:40.0717 2764 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:30:40.0827 2764 athr - ok
16:30:40.0905 2764 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:30:40.0905 2764 AtiHDAudioService - ok
16:30:40.0951 2764 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:30:40.0951 2764 AtiHdmiService - ok
16:30:41.0731 2764 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:30:41.0763 2764 atikmdag - ok
16:30:41.0809 2764 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
16:30:41.0809 2764 AtiPcie - ok
16:30:41.0856 2764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:30:41.0872 2764 AudioEndpointBuilder - ok
16:30:41.0872 2764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:30:41.0887 2764 AudioSrv - ok
16:30:41.0919 2764 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:30:41.0934 2764 AxInstSV - ok
16:30:42.0012 2764 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:30:42.0028 2764 b06bdrv - ok
16:30:42.0075 2764 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:30:42.0075 2764 b57nd60a - ok
16:30:42.0106 2764 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:30:42.0106 2764 BDESVC - ok
16:30:42.0137 2764 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:30:42.0137 2764 Beep - ok
16:30:42.0215 2764 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:30:42.0231 2764 BFE - ok
16:30:42.0309 2764 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:30:42.0340 2764 BITS - ok
16:30:42.0387 2764 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:30:42.0387 2764 blbdrive - ok
16:30:42.0433 2764 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:30:42.0449 2764 Bonjour Service - ok
16:30:42.0496 2764 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:30:42.0496 2764 bowser - ok
16:30:42.0511 2764 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:30:42.0511 2764 BrFiltLo - ok
16:30:42.0527 2764 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:30:42.0527 2764 BrFiltUp - ok
16:30:42.0574 2764 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:30:42.0574 2764 BridgeMP - ok
16:30:42.0605 2764 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:30:42.0605 2764 Browser - ok
16:30:42.0652 2764 [ 6DF544E72FF139E8FBBBA6D0E569BEA5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
16:30:42.0652 2764 BrSerIb - ok
16:30:42.0667 2764 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:30:42.0683 2764 Brserid - ok
16:30:42.0683 2764 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:30:42.0683 2764 BrSerWdm - ok
16:30:42.0699 2764 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:30:42.0699 2764 BrUsbMdm - ok
16:30:42.0699 2764 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:30:42.0699 2764 BrUsbSer - ok
16:30:42.0730 2764 [ 80082AD46578F0D3270D2E56D6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
16:30:42.0730 2764 BrUsbSIb - ok
16:30:42.0777 2764 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
16:30:42.0792 2764 BrYNSvc - ok
16:30:42.0792 2764 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:30:42.0792 2764 BTHMODEM - ok
16:30:42.0839 2764 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:30:42.0839 2764 bthserv - ok
16:30:42.0886 2764 catchme - ok
16:30:42.0933 2764 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:30:42.0933 2764 cdfs - ok
16:30:42.0979 2764 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:30:42.0979 2764 cdrom - ok
16:30:43.0042 2764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:30:43.0042 2764 CertPropSvc - ok
16:30:43.0057 2764 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:30:43.0057 2764 circlass - ok
16:30:43.0089 2764 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:30:43.0089 2764 CLFS - ok
16:30:43.0198 2764 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:43.0213 2764 clr_optimization_v2.0.50727_32 - ok
16:30:43.0260 2764 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:30:43.0276 2764 clr_optimization_v2.0.50727_64 - ok
16:30:43.0369 2764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:30:43.0385 2764 clr_optimization_v4.0.30319_32 - ok
16:30:43.0463 2764 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:30:43.0479 2764 clr_optimization_v4.0.30319_64 - ok
16:30:43.0525 2764 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:30:43.0525 2764 clwvd - ok
16:30:43.0573 2764 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:30:43.0573 2764 CmBatt - ok
16:30:43.0620 2764 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:30:43.0620 2764 cmdide - ok
16:30:43.0667 2764 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:30:43.0682 2764 CNG - ok
16:30:43.0698 2764 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:30:43.0698 2764 Compbatt - ok
16:30:43.0729 2764 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:30:43.0729 2764 CompositeBus - ok
16:30:43.0745 2764 COMSysApp - ok
16:30:43.0776 2764 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:30:43.0776 2764 crcdisk - ok
16:30:43.0823 2764 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:30:43.0823 2764 CryptSvc - ok
16:30:43.0870 2764 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:30:43.0885 2764 CSC - ok
16:30:43.0932 2764 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:30:43.0932 2764 CscService - ok
16:30:43.0979 2764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:30:43.0979 2764 DcomLaunch - ok
16:30:44.0010 2764 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:30:44.0010 2764 defragsvc - ok
16:30:44.0041 2764 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:30:44.0041 2764 DfsC - ok
16:30:44.0072 2764 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:30:44.0088 2764 Dhcp - ok
16:30:44.0104 2764 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:30:44.0119 2764 discache - ok
16:30:44.0182 2764 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:30:44.0182 2764 Disk - ok
16:30:44.0213 2764 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:30:44.0228 2764 Dnscache - ok
16:30:44.0260 2764 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:30:44.0260 2764 dot3svc - ok
16:30:44.0291 2764 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:30:44.0306 2764 DPS - ok
16:30:44.0338 2764 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:30:44.0338 2764 drmkaud - ok
16:30:44.0384 2764 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:30:44.0384 2764 DXGKrnl - ok
16:30:44.0431 2764 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:30:44.0431 2764 EapHost - ok
16:30:44.0728 2764 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:30:44.0837 2764 ebdrv - ok
16:30:44.0868 2764 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:30:44.0884 2764 EFS - ok
16:30:44.0946 2764 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:30:44.0977 2764 ehRecvr - ok
16:30:45.0008 2764 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:30:45.0008 2764 ehSched - ok
16:30:45.0086 2764 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:30:45.0086 2764 elxstor - ok
16:30:45.0118 2764 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:30:45.0118 2764 ErrDev - ok
16:30:45.0211 2764 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:30:45.0227 2764 EventSystem - ok
16:30:45.0258 2764 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:30:45.0258 2764 exfat - ok
16:30:45.0258 2764 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:30:45.0274 2764 fastfat - ok
16:30:45.0305 2764 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:30:45.0320 2764 Fax - ok
16:30:45.0320 2764 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:30:45.0320 2764 fdc - ok
16:30:45.0336 2764 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:30:45.0336 2764 fdPHost - ok
16:30:45.0367 2764 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:30:45.0367 2764 FDResPub - ok
16:30:45.0383 2764 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:30:45.0383 2764 FileInfo - ok
16:30:45.0414 2764 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:30:45.0414 2764 Filetrace - ok
16:30:45.0554 2764 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:30:45.0570 2764 FLEXnet Licensing Service - ok
16:30:45.0570 2764 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:30:45.0570 2764 flpydisk - ok
16:30:45.0601 2764 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:30:45.0601 2764 FltMgr - ok
16:30:45.0679 2764 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:30:45.0710 2764 FontCache - ok
16:30:45.0773 2764 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:30:45.0773 2764 FontCache3.0.0.0 - ok
16:30:45.0804 2764 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:30:45.0804 2764 FsDepends - ok
16:30:45.0835 2764 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:30:45.0835 2764 Fs_Rec - ok
16:30:45.0898 2764 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:30:45.0898 2764 fvevol - ok
16:30:45.0929 2764 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:30:45.0929 2764 gagp30kx - ok
16:30:45.0976 2764 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:30:45.0976 2764 GEARAspiWDM - ok
16:30:46.0085 2764 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:30:46.0085 2764 gpsvc - ok
16:30:46.0100 2764 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:30:46.0100 2764 hcw85cir - ok
16:30:46.0147 2764 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:30:46.0163 2764 HdAudAddService - ok
16:30:46.0194 2764 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:30:46.0194 2764 HDAudBus - ok
16:30:46.0210 2764 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:30:46.0210 2764 HidBatt - ok
16:30:46.0225 2764 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:30:46.0225 2764 HidBth - ok
16:30:46.0241 2764 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:30:46.0241 2764 HidIr - ok
16:30:46.0272 2764 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:30:46.0272 2764 hidserv - ok
16:30:46.0303 2764 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:30:46.0303 2764 HidUsb - ok
16:30:46.0350 2764 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:30:46.0350 2764 hkmsvc - ok
16:30:46.0397 2764 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:30:46.0397 2764 HomeGroupListener - ok
16:30:46.0428 2764 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:30:46.0444 2764 HomeGroupProvider - ok
16:30:46.0475 2764 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
16:30:46.0475 2764 hpdskflt - ok
16:30:46.0490 2764 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:30:46.0490 2764 HpSAMD - ok
16:30:46.0522 2764 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
16:30:46.0522 2764 hpsrv - ok
16:30:46.0615 2764 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:30:46.0615 2764 HTTP - ok
16:30:46.0631 2764 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:30:46.0631 2764 hwpolicy - ok
16:30:46.0693 2764 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:30:46.0693 2764 i8042prt - ok
16:30:46.0724 2764 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:30:46.0740 2764 iaStorV - ok
16:30:46.0834 2764 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:30:46.0865 2764 idsvc - ok
16:30:46.0896 2764 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:30:46.0896 2764 iirsp - ok
16:30:46.0974 2764 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:30:47.0005 2764 IKEEXT - ok
16:30:47.0021 2764 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:30:47.0021 2764 intelide - ok
16:30:47.0052 2764 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:30:47.0052 2764 intelppm - ok
16:30:47.0099 2764 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:30:47.0099 2764 IPBusEnum - ok
16:30:47.0146 2764 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:30:47.0146 2764 IpFilterDriver - ok
16:30:47.0286 2764 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:30:47.0302 2764 iphlpsvc - ok
16:30:47.0333 2764 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:30:47.0333 2764 IPMIDRV - ok
16:30:47.0380 2764 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:30:47.0380 2764 IPNAT - ok
16:30:47.0442 2764 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:30:47.0458 2764 iPod Service - ok
16:30:47.0489 2764 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:30:47.0489 2764 IRENUM - ok
16:30:47.0504 2764 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:30:47.0520 2764 isapnp - ok
16:30:47.0567 2764 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:30:47.0567 2764 iScsiPrt - ok
16:30:47.0645 2764 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:30:47.0660 2764 kbdclass - ok
16:30:47.0707 2764 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:30:47.0723 2764 kbdhid - ok
16:30:47.0738 2764 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:30:47.0738 2764 KeyIso - ok
16:30:47.0785 2764 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:30:47.0785 2764 KSecDD - ok
16:30:47.0816 2764 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:30:47.0832 2764 KSecPkg - ok
16:30:47.0848 2764 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:30:47.0848 2764 ksthunk - ok
16:30:47.0894 2764 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:30:47.0894 2764 KtmRm - ok
16:30:47.0941 2764 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:30:47.0941 2764 LanmanServer - ok
16:30:47.0972 2764 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:30:47.0972 2764 LanmanWorkstation - ok
16:30:48.0019 2764 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:30:48.0019 2764 lltdio - ok
16:30:48.0066 2764 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:30:48.0066 2764 lltdsvc - ok
16:30:48.0082 2764 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:30:48.0097 2764 lmhosts - ok
16:30:48.0128 2764 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:30:48.0128 2764 LSI_FC - ok
16:30:48.0128 2764 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:30:48.0144 2764 LSI_SAS - ok
16:30:48.0144 2764 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:30:48.0144 2764 LSI_SAS2 - ok
16:30:48.0160 2764 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:30:48.0160 2764 LSI_SCSI - ok
16:30:48.0175 2764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:30:48.0175 2764 luafv - ok
16:30:48.0191 2764 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:30:48.0191 2764 MBAMProtector - ok
16:30:48.0284 2764 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:30:48.0300 2764 MBAMService - ok
16:30:48.0409 2764 Mcx2Svc - ok
16:30:48.0472 2764 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:30:48.0472 2764 megasas - ok
16:30:48.0534 2764 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:30:48.0534 2764 MegaSR - ok
16:30:48.0565 2764 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:30:48.0565 2764 MMCSS - ok
16:30:48.0581 2764 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:30:48.0581 2764 Modem - ok
16:30:48.0596 2764 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:30:48.0612 2764 monitor - ok
16:30:48.0628 2764 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:30:48.0628 2764 mouclass - ok
16:30:48.0643 2764 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:30:48.0643 2764 mouhid - ok
16:30:48.0659 2764 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:30:48.0659 2764 mountmgr - ok
16:30:48.0768 2764 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:30:48.0768 2764 MozillaMaintenance - ok
16:30:48.0862 2764 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:30:48.0877 2764 MpFilter - ok
16:30:48.0924 2764 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:30:48.0924 2764 mpio - ok
16:30:48.0955 2764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:30:48.0955 2764 mpsdrv - ok
16:30:49.0033 2764 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:30:49.0049 2764 MpsSvc - ok
16:30:49.0189 2764 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:30:49.0189 2764 MRxDAV - ok
16:30:49.0236 2764 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:30:49.0236 2764 mrxsmb - ok
16:30:49.0252 2764 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:30:49.0252 2764 mrxsmb10 - ok
16:30:49.0283 2764 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:30:49.0283 2764 mrxsmb20 - ok
16:30:49.0314 2764 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:30:49.0314 2764 msahci - ok
16:30:49.0361 2764 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:30:49.0361 2764 msdsm - ok
16:30:49.0392 2764 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:30:49.0392 2764 MSDTC - ok
16:30:49.0439 2764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:30:49.0439 2764 Msfs - ok
16:30:49.0454 2764 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:30:49.0454 2764 mshidkmdf - ok
16:30:49.0486 2764 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:30:49.0486 2764 msisadrv - ok
16:30:49.0517 2764 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:30:49.0517 2764 MSiSCSI - ok
16:30:49.0532 2764 msiserver - ok
16:30:49.0564 2764 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:30:49.0564 2764 MSKSSRV - ok
16:30:49.0673 2764 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:30:49.0673 2764 MsMpSvc - ok
16:30:49.0704 2764 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:30:49.0704 2764 MSPCLOCK - ok
16:30:49.0704 2764 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:30:49.0704 2764 MSPQM - ok
16:30:49.0735 2764 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:30:49.0751 2764 MsRPC - ok
16:30:49.0751 2764 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:30:49.0766 2764 mssmbios - ok
16:30:49.0782 2764 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:30:49.0782 2764 MSTEE - ok
16:30:49.0782 2764 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:30:49.0782 2764 MTConfig - ok
16:30:49.0813 2764 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:30:49.0813 2764 Mup - ok
16:30:49.0938 2764 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:30:49.0954 2764 napagent - ok
16:30:50.0000 2764 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:30:50.0000 2764 NativeWifiP - ok
16:30:50.0063 2764 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:30:50.0078 2764 NDIS - ok
16:30:50.0110 2764 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:30:50.0110 2764 NdisCap - ok
16:30:50.0125 2764 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:30:50.0125 2764 NdisTapi - ok
16:30:50.0156 2764 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:30:50.0156 2764 Ndisuio - ok
16:30:50.0188 2764 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:30:50.0188 2764 NdisWan - ok
16:30:50.0219 2764 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:30:50.0219 2764 NDProxy - ok
16:30:50.0219 2764 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:30:50.0219 2764 NetBIOS - ok
16:30:50.0266 2764 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:30:50.0266 2764 NetBT - ok
16:30:50.0281 2764 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:30:50.0281 2764 Netlogon - ok
16:30:50.0344 2764 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:30:50.0344 2764 Netman - ok
16:30:50.0359 2764 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:30:50.0375 2764 netprofm - ok
16:30:50.0406 2764 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:30:50.0406 2764 NetTcpPortSharing - ok
16:30:50.0437 2764 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:30:50.0453 2764 nfrd960 - ok
16:30:50.0500 2764 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:30:50.0515 2764 NisDrv - ok
16:30:50.0578 2764 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:30:50.0578 2764 NisSrv - ok
16:30:50.0609 2764 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:30:50.0624 2764 NlaSvc - ok
16:30:50.0640 2764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:30:50.0640 2764 Npfs - ok
16:30:50.0656 2764 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:30:50.0656 2764 nsi - ok
16:30:50.0656 2764 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:30:50.0671 2764 nsiproxy - ok
16:30:51.0061 2764 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:30:51.0092 2764 Ntfs - ok
16:30:51.0124 2764 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:30:51.0124 2764 Null - ok
16:30:51.0170 2764 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:30:51.0170 2764 nvraid - ok
16:30:51.0217 2764 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:30:51.0217 2764 nvstor - ok
16:30:51.0233 2764 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:30:51.0248 2764 nv_agp - ok
16:30:51.0280 2764 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:30:51.0295 2764 ohci1394 - ok
16:30:51.0326 2764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:30:51.0342 2764 p2pimsvc - ok
16:30:51.0404 2764 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:30:51.0404 2764 p2psvc - ok
16:30:51.0420 2764 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:30:51.0420 2764 Parport - ok
16:30:51.0451 2764 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:30:51.0451 2764 partmgr - ok
16:30:51.0467 2764 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:30:51.0482 2764 PcaSvc - ok
16:30:51.0498 2764 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:30:51.0498 2764 pci - ok
16:30:51.0514 2764 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:30:51.0514 2764 pciide - ok
16:30:51.0529 2764 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:30:51.0545 2764 pcmcia - ok
16:30:51.0560 2764 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:30:51.0560 2764 pcw - ok
16:30:51.0576 2764 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:30:51.0592 2764 PEAUTH - ok
16:30:51.0638 2764 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:30:51.0670 2764 PeerDistSvc - ok
16:30:51.0701 2764 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:30:51.0701 2764 PerfHost - ok
16:30:51.0779 2764 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:30:51.0841 2764 pla - ok
16:30:51.0888 2764 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:30:51.0904 2764 PlugPlay - ok
16:30:51.0919 2764 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:30:51.0935 2764 PNRPAutoReg - ok
16:30:51.0935 2764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:30:51.0950 2764 PNRPsvc - ok
16:30:51.0982 2764 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:30:51.0997 2764 PolicyAgent - ok
16:30:52.0013 2764 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:30:52.0028 2764 Power - ok
16:30:52.0060 2764 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:30:52.0060 2764 PptpMiniport - ok
16:30:52.0075 2764 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:30:52.0075 2764 Processor - ok
16:30:52.0122 2764 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:30:52.0138 2764 ProfSvc - ok
16:30:52.0153 2764 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:30:52.0153 2764 ProtectedStorage - ok
16:30:52.0200 2764 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:30:52.0200 2764 Psched - ok
16:30:52.0231 2764 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:30:52.0278 2764 ql2300 - ok
16:30:52.0294 2764 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:30:52.0294 2764 ql40xx - ok
16:30:52.0325 2764 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:30:52.0325 2764 QWAVE - ok
16:30:52.0340 2764 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:30:52.0356 2764 QWAVEdrv - ok
16:30:52.0356 2764 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:30:52.0356 2764 RasAcd - ok
16:30:52.0403 2764 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:30:52.0403 2764 RasAgileVpn - ok
16:30:52.0418 2764 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:30:52.0434 2764 RasAuto - ok
16:30:52.0465 2764 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:30:52.0465 2764 Rasl2tp - ok
16:30:52.0496 2764 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:30:52.0496 2764 RasMan - ok
16:30:52.0528 2764 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:30:52.0528 2764 RasPppoe - ok
16:30:52.0559 2764 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:30:52.0559 2764 RasSstp - ok
16:30:52.0590 2764 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:30:52.0590 2764 rdbss - ok
16:30:52.0590 2764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:30:52.0590 2764 rdpbus - ok
16:30:52.0621 2764 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:30:52.0621 2764 RDPCDD - ok
16:30:52.0652 2764 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:30:52.0652 2764 RDPDR - ok
16:30:52.0668 2764 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:30:52.0668 2764 RDPENCDD - ok
16:30:52.0699 2764 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:30:52.0699 2764 RDPREFMP - ok
16:30:52.0808 2764 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:30:52.0808 2764 RdpVideoMiniport - ok
16:30:52.0840 2764 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:30:52.0840 2764 RDPWD - ok
16:30:52.0886 2764 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:30:52.0886 2764 rdyboost - ok
16:30:52.0964 2764 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:30:52.0964 2764 RemoteAccess - ok
16:30:52.0996 2764 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:30:52.0996 2764 RemoteRegistry - ok
16:30:53.0027 2764 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:30:53.0027 2764 RpcEptMapper - ok
16:30:53.0058 2764 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:30:53.0058 2764 RpcLocator - ok
16:30:53.0074 2764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:30:53.0074 2764 RpcSs - ok
16:30:53.0120 2764 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:30:53.0120 2764 rspndr - ok
16:30:53.0183 2764 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:30:53.0183 2764 RTL8167 - ok
16:30:53.0214 2764 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:30:53.0214 2764 s3cap - ok
16:30:53.0230 2764 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:30:53.0230 2764 SamSs - ok
16:30:53.0261 2764 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:30:53.0261 2764 sbp2port - ok
16:30:53.0276 2764 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:30:53.0292 2764 SCardSvr - ok
16:30:53.0323 2764 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:30:53.0323 2764 scfilter - ok
16:30:53.0370 2764 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:30:53.0386 2764 Schedule - ok
16:30:53.0464 2764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:30:53.0464 2764 SCPolicySvc - ok
16:30:53.0495 2764 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:30:53.0510 2764 SDRSVC - ok
16:30:53.0557 2764 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:30:53.0557 2764 secdrv - ok
16:30:53.0573 2764 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:30:53.0573 2764 seclogon - ok
16:30:53.0604 2764 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:30:53.0604 2764 SENS - ok
16:30:53.0635 2764 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:30:53.0635 2764 SensrSvc - ok
16:30:53.0651 2764 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:30:53.0651 2764 Serenum - ok
16:30:53.0651 2764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:30:53.0651 2764 Serial - ok
16:30:53.0682 2764 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:30:53.0682 2764 sermouse - ok
16:30:53.0760 2764 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:30:53.0760 2764 SessionEnv - ok
16:30:53.0791 2764 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:30:53.0791 2764 sffdisk - ok
16:30:53.0807 2764 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:30:53.0822 2764 sffp_mmc - ok
16:30:53.0838 2764 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:30:53.0838 2764 sffp_sd - ok
16:30:53.0838 2764 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:30:53.0838 2764 sfloppy - ok
16:30:53.0978 2764 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:30:53.0978 2764 SharedAccess - ok
16:30:54.0025 2764 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:30:54.0041 2764 ShellHWDetection - ok
16:30:54.0056 2764 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:30:54.0056 2764 SiSRaid2 - ok
16:30:54.0056 2764 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:30:54.0072 2764 SiSRaid4 - ok
16:30:54.0088 2764 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:30:54.0088 2764 Smb - ok
16:30:54.0134 2764 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:30:54.0134 2764 SNMPTRAP - ok
16:30:54.0150 2764 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:30:54.0150 2764 spldr - ok
16:30:54.0228 2764 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:30:54.0244 2764 Spooler - ok
16:30:54.0712 2764 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:30:54.0805 2764 sppsvc - ok
16:30:54.0899 2764 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:30:54.0899 2764 sppuinotify - ok
16:30:54.0961 2764 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:30:54.0977 2764 srv - ok
16:30:55.0024 2764 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:30:55.0039 2764 srv2 - ok
16:30:55.0055 2764 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:30:55.0055 2764 srvnet - ok
16:30:55.0102 2764 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
16:30:55.0102 2764 ssadbus - ok
16:30:55.0133 2764 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:30:55.0133 2764 ssadmdfl - ok
16:30:55.0148 2764 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
16:30:55.0164 2764 ssadmdm - ok
16:30:55.0195 2764 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:30:55.0195 2764 SSDPSRV - ok
16:30:55.0211 2764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:30:55.0226 2764 SstpSvc - ok
16:30:55.0476 2764 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
16:30:55.0492 2764 STacSV - ok
16:30:55.0523 2764 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:30:55.0523 2764 stexstor - ok
16:30:55.0570 2764 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
16:30:55.0585 2764 STHDA - ok
16:30:55.0632 2764 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:30:55.0632 2764 stisvc - ok
16:30:55.0663 2764 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:30:55.0679 2764 storflt - ok
16:30:55.0694 2764 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:30:55.0694 2764 storvsc - ok
16:30:55.0726 2764 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:30:55.0726 2764 swenum - ok
16:30:55.0757 2764 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:30:55.0772 2764 swprv - ok
16:30:55.0804 2764 Synth3dVsc - ok
16:30:55.0975 2764 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:30:56.0006 2764 SysMain - ok
16:30:56.0038 2764 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:30:56.0038 2764 TabletInputService - ok
16:30:56.0100 2764 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:30:56.0116 2764 TapiSrv - ok
16:30:56.0147 2764 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:30:56.0147 2764 TBS - ok
16:30:56.0209 2764 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:30:56.0256 2764 Tcpip - ok
16:30:56.0303 2764 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:30:56.0318 2764 TCPIP6 - ok
16:30:56.0381 2764 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:30:56.0381 2764 tcpipreg - ok
16:30:56.0428 2764 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:30:56.0428 2764 TDPIPE - ok
16:30:56.0459 2764 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:30:56.0474 2764 TDTCP - ok
16:30:56.0490 2764 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:30:56.0506 2764 tdx - ok
16:30:56.0521 2764 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:30:56.0521 2764 TermDD - ok
16:30:56.0568 2764 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:30:56.0584 2764 TermService - ok
16:30:56.0599 2764 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:30:56.0599 2764 Themes - ok
16:30:56.0630 2764 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:30:56.0630 2764 THREADORDER - ok
16:30:56.0662 2764 [ AA70BED94D7994B9C00E7B4EC0543C2B ] TotRec7 C:\Windows\system32\drivers\TotRec7.sys
16:30:56.0677 2764 TotRec7 - ok
16:30:56.0677 2764 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:30:56.0677 2764 TrkWks - ok
16:30:56.0786 2764 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:30:56.0786 2764 TrustedInstaller - ok
16:30:56.0833 2764 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:30:56.0833 2764 tssecsrv - ok
16:30:56.0849 2764 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:30:56.0849 2764 TsUsbFlt - ok
16:30:56.0864 2764 tsusbhub - ok
16:30:56.0911 2764 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:30:56.0911 2764 tunnel - ok
16:30:56.0942 2764 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:30:56.0942 2764 uagp35 - ok
16:30:57.0020 2764 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:30:57.0036 2764 udfs - ok
16:30:57.0098 2764 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:30:57.0098 2764 UI0Detect - ok
16:30:57.0145 2764 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:30:57.0145 2764 uliagpkx - ok
16:30:57.0192 2764 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:30:57.0192 2764 umbus - ok
16:30:57.0208 2764 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:30:57.0208 2764 UmPass - ok
16:30:57.0239 2764 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:30:57.0239 2764 UmRdpService - ok
16:30:57.0301 2764 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:30:57.0301 2764 upnphost - ok
16:30:57.0348 2764 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:30:57.0348 2764 USBAAPL64 - ok
16:30:57.0364 2764 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:30:57.0379 2764 usbccgp - ok
16:30:57.0410 2764 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:30:57.0410 2764 usbcir - ok
16:30:57.0442 2764 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:30:57.0442 2764 usbehci - ok
16:30:57.0488 2764 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:30:57.0488 2764 usbfilter - ok
16:30:57.0551 2764 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:30:57.0551 2764 usbhub - ok
16:30:57.0582 2764 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:30:57.0582 2764 usbohci - ok
16:30:57.0785 2764 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:30:57.0785 2764 usbprint - ok
16:30:57.0847 2764 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:30:57.0847 2764 usbscan - ok
16:30:57.0910 2764 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:30:57.0910 2764 USBSTOR - ok
16:30:57.0956 2764 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:30:57.0956 2764 usbuhci - ok
16:30:58.0112 2764 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:30:58.0112 2764 usbvideo - ok
16:30:58.0144 2764 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:30:58.0144 2764 UxSms - ok
16:30:58.0159 2764 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:30:58.0159 2764 VaultSvc - ok
16:30:58.0190 2764 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:30:58.0190 2764 vdrvroot - ok
16:30:58.0222 2764 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:30:58.0237 2764 vds - ok
16:30:58.0300 2764 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:30:58.0300 2764 vga - ok
16:30:58.0315 2764 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:30:58.0315 2764 VgaSave - ok
16:30:58.0424 2764 VGPU - ok
16:30:58.0456 2764 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:30:58.0456 2764 vhdmp - ok
16:30:58.0502 2764 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:30:58.0502 2764 viaide - ok
16:30:58.0534 2764 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:30:58.0534 2764 vmbus - ok
16:30:58.0549 2764 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:30:58.0565 2764 VMBusHID - ok
16:30:58.0596 2764 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:30:58.0596 2764 volmgr - ok
16:30:58.0627 2764 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:30:58.0643 2764 volmgrx - ok
16:30:58.0752 2764 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:30:58.0752 2764 volsnap - ok
16:30:58.0861 2764 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:30:58.0861 2764 vsmraid - ok
16:30:58.0955 2764 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:30:59.0017 2764 VSS - ok
16:30:59.0033 2764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:30:59.0095 2764 vwifibus - ok
16:30:59.0173 2764 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:30:59.0251 2764 vwififlt - ok
16:30:59.0532 2764 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:30:59.0532 2764 W32Time - ok
16:30:59.0563 2764 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:30:59.0563 2764 WacomPen - ok
16:30:59.0672 2764 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:30:59.0672 2764 WANARP - ok
16:30:59.0688 2764 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:30:59.0688 2764 Wanarpv6 - ok
16:30:59.0875 2764 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:30:59.0906 2764 wbengine - ok
16:31:00.0078 2764 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:31:00.0109 2764 WbioSrvc - ok
16:31:00.0328 2764 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:31:00.0343 2764 wcncsvc - ok
16:31:00.0390 2764 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:31:00.0406 2764 WcsPlugInService - ok
16:31:00.0452 2764 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:31:00.0452 2764 Wd - ok
16:31:00.0499 2764 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:31:00.0499 2764 WDC_SAM - ok
16:31:00.0733 2764 [ 7DEDECC376B29A973A0F3384D135F2DA ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
16:31:00.0733 2764 WDDMService - ok
16:31:00.0811 2764 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:31:00.0811 2764 Wdf01000 - ok
16:31:01.0014 2764 [ 8E798F577A684A5F1E464D954C6C7F1E ] WDFMEService C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
16:31:01.0061 2764 WDFMEService - ok
16:31:01.0092 2764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:31:01.0092 2764 WdiServiceHost - ok
16:31:01.0108 2764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:31:01.0108 2764 WdiSystemHost - ok
16:31:01.0154 2764 [ 65D571576E366067C22F22B3E919EF8C ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
16:31:01.0186 2764 WDRulesService - ok
16:31:01.0217 2764 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:31:01.0217 2764 WebClient - ok
16:31:01.0264 2764 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:31:01.0264 2764 Wecsvc - ok
16:31:01.0279 2764 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:31:01.0279 2764 wercplsupport - ok
16:31:01.0326 2764 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:31:01.0326 2764 WerSvc - ok
16:31:01.0357 2764 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:31:01.0357 2764 WfpLwf - ok
16:31:01.0388 2764 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:31:01.0388 2764 WIMMount - ok
16:31:01.0451 2764 WinDefend - ok
16:31:01.0451 2764 WinHttpAutoProxySvc - ok
16:31:01.0685 2764 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:31:01.0685 2764 Winmgmt - ok
16:31:01.0778 2764 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:31:01.0825 2764 WinRM - ok
16:31:01.0903 2764 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:31:01.0903 2764 WinUsb - ok
16:31:02.0012 2764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:31:02.0012 2764 Wlansvc - ok
16:31:02.0059 2764 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:31:02.0059 2764 WmiAcpi - ok
16:31:02.0137 2764 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:31:02.0137 2764 wmiApSrv - ok
16:31:02.0184 2764 WMPNetworkSvc - ok
16:31:02.0215 2764 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:31:02.0215 2764 WPCSvc - ok
16:31:02.0278 2764 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:31:02.0278 2764 WPDBusEnum - ok
16:31:02.0309 2764 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:31:02.0309 2764 ws2ifsl - ok
16:31:02.0356 2764 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:31:02.0356 2764 wscsvc - ok
16:31:02.0402 2764 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:31:02.0402 2764 WSDPrintDevice - ok
16:31:02.0418 2764 WSearch - ok
16:31:02.0636 2764 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:31:02.0808 2764 wuauserv - ok
16:31:02.0855 2764 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:31:02.0855 2764 WudfPf - ok
16:31:02.0980 2764 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:31:02.0995 2764 WUDFRd - ok
16:31:03.0073 2764 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:31:03.0073 2764 wudfsvc - ok
16:31:03.0120 2764 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:31:03.0120 2764 WwanSvc - ok
16:31:03.0167 2764 ================ Scan global ===============================
16:31:03.0214 2764 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:31:03.0245 2764 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:31:03.0260 2764 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:31:03.0292 2764 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:31:03.0370 2764 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:31:03.0370 2764 [Global] - ok
16:31:03.0370 2764 ================ Scan MBR ==================================
16:31:03.0401 2764 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:31:03.0728 2764 \Device\Harddisk0\DR0 - ok
16:31:03.0744 2764 [ 9C032F5010FDD4E49E2318FA454ABCEC ] \Device\Harddisk1\DR1
16:31:10.0624 2764 \Device\Harddisk1\DR1 - ok
16:31:10.0624 2764 ================ Scan VBR ==================================
16:31:10.0655 2764 [ F5BFFB821E45C737BAB138AB8B53EC0E ] \Device\Harddisk0\DR0\Partition1
16:31:10.0655 2764 \Device\Harddisk0\DR0\Partition1 - ok
16:31:10.0670 2764 [ E3179A354FBFFDECC45D21D6495F1B0C ] \Device\Harddisk0\DR0\Partition2
16:31:10.0670 2764 \Device\Harddisk0\DR0\Partition2 - ok
16:31:10.0686 2764 ============================================================
16:31:10.0686 2764 Scan finished
16:31:10.0686 2764 ============================================================
16:31:10.0686 3272 Detected object count: 0
16:31:10.0686 3272 Actual detected object count: 0
16:31:29.0281 3900 ============================================================
16:31:29.0281 3900 Scan started
16:31:29.0281 3900 Mode: Manual;
16:31:29.0281 3900 ============================================================
16:31:30.0982 3900 ================ Scan system memory ========================
16:31:30.0982 3900 System memory - ok
16:31:30.0982 3900 ================ Scan services =============================
16:31:31.0184 3900 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:31:31.0200 3900 1394ohci - ok
16:31:31.0247 3900 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
16:31:31.0247 3900 Accelerometer - ok
16:31:31.0278 3900 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:31:31.0278 3900 ACPI - ok
16:31:31.0309 3900 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:31:31.0309 3900 AcpiPmi - ok
16:31:31.0418 3900 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:31:31.0418 3900 AdobeARMservice - ok
16:31:31.0559 3900 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:31:31.0559 3900 AdobeFlashPlayerUpdateSvc - ok
16:31:31.0621 3900 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:31:31.0637 3900 adp94xx - ok
16:31:31.0652 3900 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:31:31.0652 3900 adpahci - ok
16:31:31.0652 3900 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:31:31.0668 3900 adpu320 - ok
16:31:31.0699 3900 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:31:31.0699 3900 AeLookupSvc - ok
16:31:31.0824 3900 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
16:31:31.0824 3900 AESTFilters - ok
16:31:31.0871 3900 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:31:31.0886 3900 AFD - ok
16:31:31.0918 3900 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:31:31.0918 3900 agp440 - ok
16:31:31.0949 3900 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:31:31.0949 3900 ALG - ok
16:31:31.0964 3900 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:31:31.0980 3900 aliide - ok
16:31:32.0011 3900 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:31:32.0011 3900 AMD External Events Utility - ok
16:31:32.0074 3900 AMD FUEL Service - ok
16:31:32.0089 3900 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:31:32.0089 3900 amdide - ok
16:31:32.0120 3900 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:31:32.0120 3900 amdiox64 - ok
16:31:32.0136 3900 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:31:32.0136 3900 AmdK8 - ok
16:31:32.0292 3900 [ A29087680A1C3B049E3C05438E8FF2B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:31:32.0323 3900 amdkmdag - ok
16:31:32.0354 3900 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:31:32.0370 3900 amdkmdap - ok
16:31:32.0386 3900 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:31:32.0386 3900 AmdPPM - ok
16:31:32.0401 3900 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:31:32.0401 3900 amdsata - ok
16:31:32.0417 3900 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:31:32.0417 3900 amdsbs - ok
16:31:32.0432 3900 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:31:32.0432 3900 amdxata - ok
16:31:32.0464 3900 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:31:32.0464 3900 androidusb - ok
16:31:32.0479 3900 [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:31:32.0495 3900 AODDriver4.01 - ok
16:31:32.0526 3900 [ 05F1A0A81A98CF27E3F028213FB6C36A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:31:32.0526 3900 ApfiltrService - ok
16:31:32.0557 3900 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:31:32.0557 3900 AppID - ok
16:31:32.0604 3900 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:31:32.0604 3900 AppIDSvc - ok
16:31:32.0635 3900 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:31:32.0635 3900 Appinfo - ok
16:31:32.0729 3900 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:32.0729 3900 Apple Mobile Device - ok
16:31:32.0760 3900 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:31:32.0776 3900 AppMgmt - ok
16:31:32.0807 3900 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:31:32.0807 3900 arc - ok
16:31:32.0822 3900 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:31:32.0822 3900 arcsas - ok
16:31:32.0838 3900 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:32.0838 3900 AsyncMac - ok
16:31:32.0900 3900 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:31:32.0900 3900 atapi - ok
16:31:33.0025 3900 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:31:33.0041 3900 athr - ok
16:31:33.0088 3900 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:31:33.0088 3900 AtiHDAudioService - ok
16:31:33.0119 3900 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:31:33.0119 3900 AtiHdmiService - ok
16:31:33.0275 3900 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:31:33.0306 3900 atikmdag - ok
16:31:33.0337 3900 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
16:31:33.0337 3900 AtiPcie - ok
16:31:33.0368 3900 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:31:33.0368 3900 AudioEndpointBuilder - ok
16:31:33.0400 3900 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:31:33.0400 3900 AudioSrv - ok
16:31:33.0431 3900 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:31:33.0431 3900 AxInstSV - ok
16:31:33.0478 3900 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:31:33.0478 3900 b06bdrv - ok
16:31:33.0524 3900 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:31:33.0524 3900 b57nd60a - ok
16:31:33.0587 3900 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:31:33.0587 3900 BDESVC - ok
16:31:33.0618 3900 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:31:33.0618 3900 Beep - ok
16:31:33.0665 3900 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:31:33.0680 3900 BFE - ok
16:31:33.0712 3900 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:31:33.0727 3900 BITS - ok
16:31:33.0743 3900 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:33.0743 3900 blbdrive - ok
16:31:33.0790 3900 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:31:33.0790 3900 Bonjour Service - ok
16:31:33.0805 3900 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:31:33.0805 3900 bowser - ok
16:31:33.0836 3900 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:31:33.0836 3900 BrFiltLo - ok
16:31:33.0836 3900 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:31:33.0836 3900 BrFiltUp - ok
16:31:33.0852 3900 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:31:33.0852 3900 BridgeMP - ok
16:31:33.0883 3900 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:31:33.0883 3900 Browser - ok
16:31:33.0930 3900 [ 6DF544E72FF139E8FBBBA6D0E569BEA5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
16:31:33.0930 3900 BrSerIb - ok
16:31:33.0946 3900 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:31:33.0946 3900 Brserid - ok
16:31:33.0961 3900 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:33.0961 3900 BrSerWdm - ok
16:31:33.0961 3900 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:33.0961 3900 BrUsbMdm - ok
16:31:33.0977 3900 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:33.0977 3900 BrUsbSer - ok
16:31:33.0992 3900 [ 80082AD46578F0D3270D2E56D6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
16:31:33.0992 3900 BrUsbSIb - ok
16:31:34.0039 3900 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
16:31:34.0039 3900 BrYNSvc - ok
16:31:34.0055 3900 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:31:34.0055 3900 BTHMODEM - ok
16:31:34.0102 3900 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:31:34.0102 3900 bthserv - ok
16:31:34.0102 3900 catchme - ok
16:31:34.0133 3900 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:31:34.0133 3900 cdfs - ok
16:31:34.0164 3900 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:31:34.0180 3900 cdrom - ok
16:31:34.0195 3900 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:31:34.0211 3900 CertPropSvc - ok
16:31:34.0211 3900 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:31:34.0211 3900 circlass - ok
16:31:34.0242 3900 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:31:34.0242 3900 CLFS - ok
16:31:34.0320 3900 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:34.0320 3900 clr_optimization_v2.0.50727_32 - ok
16:31:34.0367 3900 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:31:34.0382 3900 clr_optimization_v2.0.50727_64 - ok
16:31:34.0445 3900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:34.0445 3900 clr_optimization_v4.0.30319_32 - ok
16:31:34.0492 3900 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:31:34.0492 3900 clr_optimization_v4.0.30319_64 - ok
16:31:34.0523 3900 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:31:34.0523 3900 clwvd - ok
16:31:34.0570 3900 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:31:34.0570 3900 CmBatt - ok
16:31:34.0601 3900 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:31:34.0601 3900 cmdide - ok
16:31:34.0663 3900 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:31:34.0663 3900 CNG - ok
16:31:34.0679 3900 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:31:34.0679 3900 Compbatt - ok
16:31:34.0710 3900 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:31:34.0726 3900 CompositeBus - ok
16:31:34.0726 3900 COMSysApp - ok
16:31:34.0741 3900 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:31:34.0741 3900 crcdisk - ok
16:31:34.0788 3900 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:31:34.0788 3900 CryptSvc - ok
16:31:34.0835 3900 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:31:34.0835 3900 CSC - ok
16:31:34.0882 3900 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:31:34.0897 3900 CscService - ok
16:31:34.0928 3900 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:31:34.0928 3900 DcomLaunch - ok
16:31:34.0960 3900 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:31:34.0960 3900 defragsvc - ok
16:31:34.0991 3900 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:31:34.0991 3900 DfsC - ok
16:31:35.0006 3900 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:31:35.0022 3900 Dhcp - ok
16:31:35.0038 3900 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:31:35.0038 3900 discache - ok
16:31:35.0084 3900 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:31:35.0084 3900 Disk - ok
16:31:35.0116 3900 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:31:35.0116 3900 Dnscache - ok
16:31:35.0147 3900 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:31:35.0147 3900 dot3svc - ok
16:31:35.0178 3900 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:31:35.0194 3900 DPS - ok
16:31:35.0225 3900 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:31:35.0225 3900 drmkaud - ok
16:31:35.0273 3900 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:31:35.0288 3900 DXGKrnl - ok
16:31:35.0319 3900 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:31:35.0319 3900 EapHost - ok
16:31:35.0429 3900 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:31:35.0444 3900 ebdrv - ok
16:31:35.0475 3900 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:31:35.0475 3900 EFS - ok
16:31:35.0538 3900 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:31:35.0553 3900 ehRecvr - ok
16:31:35.0585 3900 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:31:35.0585 3900 ehSched - ok
16:31:35.0616 3900 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:31:35.0631 3900 elxstor - ok
16:31:35.0663 3900 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:31:35.0663 3900 ErrDev - ok
16:31:35.0709 3900 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:31:35.0709 3900 EventSystem - ok
16:31:35.0725 3900 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:31:35.0725 3900 exfat - ok
16:31:35.0741 3900 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:31:35.0741 3900 fastfat - ok
16:31:35.0772 3900 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:31:35.0772 3900 Fax - ok
16:31:35.0787 3900 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:31:35.0787 3900 fdc - ok
16:31:35.0803 3900 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:31:35.0803 3900 fdPHost - ok
16:31:35.0819 3900 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:31:35.0819 3900 FDResPub - ok
16:31:35.0834 3900 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:31:35.0834 3900 FileInfo - ok
16:31:35.0850 3900 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:31:35.0850 3900 Filetrace - ok
16:31:35.0897 3900 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:31:35.0897 3900 FLEXnet Licensing Service - ok
16:31:35.0897 3900 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:31:35.0912 3900 flpydisk - ok
16:31:35.0928 3900 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:31:35.0928 3900 FltMgr - ok
16:31:35.0959 3900 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:31:35.0975 3900 FontCache - ok
16:31:36.0021 3900 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:31:36.0021 3900 FontCache3.0.0.0 - ok
16:31:36.0053 3900 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:31:36.0053 3900 FsDepends - ok
16:31:36.0068 3900 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:31:36.0084 3900 Fs_Rec - ok
16:31:36.0115 3900 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:31:36.0115 3900 fvevol - ok
16:31:36.0131 3900 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:31:36.0131 3900 gagp30kx - ok
16:31:36.0162 3900 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:31:36.0162 3900 GEARAspiWDM - ok
16:31:36.0224 3900 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:31:36.0224 3900 gpsvc - ok
16:31:36.0240 3900 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:31:36.0240 3900 hcw85cir - ok
16:31:36.0271 3900 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:31:36.0271 3900 HdAudAddService - ok
16:31:36.0302 3900 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:31:36.0302 3900 HDAudBus - ok
16:31:36.0302 3900 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:31:36.0302 3900 HidBatt - ok
16:31:36.0318 3900 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:31:36.0318 3900 HidBth - ok
16:31:36.0318 3900 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:31:36.0318 3900 HidIr - ok
16:31:36.0349 3900 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:31:36.0349 3900 hidserv - ok
16:31:36.0365 3900 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:31:36.0365 3900 HidUsb - ok
16:31:36.0380 3900 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:31:36.0380 3900 hkmsvc - ok
16:31:36.0411 3900 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:31:36.0411 3900 HomeGroupListener - ok
16:31:36.0443 3900 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:31:36.0458 3900 HomeGroupProvider - ok
16:31:36.0489 3900 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
16:31:36.0489 3900 hpdskflt - ok
16:31:36.0521 3900 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:31:36.0521 3900 HpSAMD - ok
16:31:36.0536 3900 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
16:31:36.0536 3900 hpsrv - ok
16:31:36.0583 3900 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:31:36.0599 3900 HTTP - ok
16:31:36.0630 3900 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:31:36.0630 3900 hwpolicy - ok
16:31:36.0645 3900 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:31:36.0645 3900 i8042prt - ok
16:31:36.0677 3900 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:31:36.0692 3900 iaStorV - ok
16:31:36.0770 3900 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:31:36.0786 3900 idsvc - ok
16:31:36.0848 3900 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:31:36.0848 3900 iirsp - ok
16:31:36.0879 3900 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:31:36.0895 3900 IKEEXT - ok
16:31:36.0926 3900 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:31:36.0926 3900 intelide - ok
16:31:36.0942 3900 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:31:36.0942 3900 intelppm - ok
16:31:36.0973 3900 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:31:36.0989 3900 IPBusEnum - ok
16:31:37.0035 3900 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:31:37.0035 3900 IpFilterDriver - ok
16:31:37.0098 3900 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:31:37.0098 3900 iphlpsvc - ok
16:31:37.0145 3900 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:31:37.0145 3900 IPMIDRV - ok
16:31:37.0160 3900 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:31:37.0160 3900 IPNAT - ok
16:31:37.0238 3900 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:31:37.0254 3900 iPod Service - ok
16:31:37.0269 3900 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:31:37.0269 3900 IRENUM - ok
16:31:37.0301 3900 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:31:37.0301 3900 isapnp - ok
16:31:37.0316 3900 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:31:37.0332 3900 iScsiPrt - ok
16:31:37.0347 3900 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:31:37.0347 3900 kbdclass - ok
16:31:37.0379 3900 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:31:37.0379 3900 kbdhid - ok
16:31:37.0410 3900 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:31:37.0410 3900 KeyIso - ok
16:31:37.0441 3900 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:31:37.0441 3900 KSecDD - ok
16:31:37.0488 3900 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:31:37.0488 3900 KSecPkg - ok
16:31:37.0519 3900 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:31:37.0535 3900 ksthunk - ok
16:31:37.0581 3900 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:31:37.0581 3900 KtmRm - ok
16:31:37.0613 3900 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:31:37.0628 3900 LanmanServer - ok
16:31:37.0659 3900 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:31:37.0659 3900 LanmanWorkstation - ok
16:31:37.0675 3900 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:31:37.0675 3900 lltdio - ok
16:31:37.0722 3900 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:31:37.0722 3900 lltdsvc - ok
16:31:37.0737 3900 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:31:37.0737 3900 lmhosts - ok
16:31:37.0753 3900 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:31:37.0753 3900 LSI_FC - ok
16:31:37.0769 3900 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:31:37.0769 3900 LSI_SAS - ok
16:31:37.0769 3900 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:31:37.0769 3900 LSI_SAS2 - ok
16:31:37.0784 3900 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:31:37.0784 3900 LSI_SCSI - ok
16:31:37.0784 3900 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:31:37.0800 3900 luafv - ok
16:31:37.0815 3900 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:31:37.0815 3900 MBAMProtector - ok
16:31:37.0878 3900 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:31:37.0893 3900 MBAMService - ok
16:31:37.0971 3900 Mcx2Svc - ok
16:31:37.0987 3900 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:31:37.0987 3900 megasas - ok
16:31:38.0003 3900 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:31:38.0003 3900 MegaSR - ok
16:31:38.0034 3900 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:31:38.0034 3900 MMCSS - ok
16:31:38.0049 3900 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:31:38.0049 3900 Modem - ok
16:31:38.0049 3900 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:31:38.0049 3900 monitor - ok
16:31:38.0065 3900 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:31:38.0065 3900 mouclass - ok
16:31:38.0065 3900 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:31:38.0065 3900 mouhid - ok
16:31:38.0096 3900 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:31:38.0096 3900 mountmgr - ok
16:31:38.0174 3900 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:31:38.0174 3900 MozillaMaintenance - ok
16:31:38.0221 3900 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:31:38.0221 3900 MpFilter - ok
16:31:38.0252 3900 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:31:38.0252 3900 mpio - ok
16:31:38.0283 3900 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:31:38.0283 3900 mpsdrv - ok
16:31:38.0346 3900 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:31:38.0361 3900 MpsSvc - ok
16:31:38.0393 3900 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:31:38.0393 3900 MRxDAV - ok
16:31:38.0424 3900 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:31:38.0439 3900 mrxsmb - ok
16:31:38.0455 3900 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:31:38.0471 3900 mrxsmb10 - ok
16:31:38.0502 3900 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:31:38.0502 3900 mrxsmb20 - ok
16:31:38.0533 3900 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:31:38.0533 3900 msahci - ok
16:31:38.0580 3900 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:31:38.0595 3900 msdsm - ok
16:31:38.0611 3900 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:31:38.0611 3900 MSDTC - ok
16:31:38.0642 3900 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:31:38.0642 3900 Msfs - ok
16:31:38.0658 3900 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:31:38.0658 3900 mshidkmdf - ok
16:31:38.0673 3900 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:31:38.0673 3900 msisadrv - ok
16:31:38.0705 3900 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:31:38.0705 3900 MSiSCSI - ok
16:31:38.0705 3900 msiserver - ok
16:31:38.0720 3900 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:31:38.0720 3900 MSKSSRV - ok
16:31:38.0798 3900 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:31:38.0798 3900 MsMpSvc - ok
16:31:38.0814 3900 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:31:38.0814 3900 MSPCLOCK - ok
16:31:38.0829 3900 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:31:38.0829 3900 MSPQM - ok
16:31:38.0892 3900 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:31:38.0892 3900 MsRPC - ok
16:31:38.0923 3900 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:31:38.0923 3900 mssmbios - ok
16:31:38.0939 3900 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:31:38.0939 3900 MSTEE - ok
16:31:38.0954 3900 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:31:38.0954 3900 MTConfig - ok
16:31:38.0970 3900 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:31:38.0970 3900 Mup - ok
16:31:39.0048 3900 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:31:39.0063 3900 napagent - ok
16:31:39.0095 3900 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:31:39.0095 3900 NativeWifiP - ok
16:31:39.0126 3900 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:31:39.0126 3900 NDIS - ok
16:31:39.0141 3900 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:31:39.0141 3900 NdisCap - ok
16:31:39.0173 3900 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:31:39.0173 3900 NdisTapi - ok
16:31:39.0204 3900 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:31:39.0204 3900 Ndisuio - ok
16:31:39.0235 3900 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:31:39.0235 3900 NdisWan - ok
16:31:39.0251 3900 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:31:39.0251 3900 NDProxy - ok
16:31:39.0251 3900 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:31:39.0251 3900 NetBIOS - ok
16:31:39.0282 3900 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:31:39.0282 3900 NetBT - ok
16:31:39.0297 3900 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:31:39.0297 3900 Netlogon - ok
16:31:39.0344 3900 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:31:39.0344 3900 Netman - ok
16:31:39.0360 3900 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:31:39.0360 3900 netprofm - ok
16:31:39.0391 3900 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:31:39.0391 3900 NetTcpPortSharing - ok
16:31:39.0407 3900 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:31:39.0407 3900 nfrd960 - ok
16:31:39.0453 3900 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:31:39.0453 3900 NisDrv - ok
16:31:39.0500 3900 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:31:39.0516 3900 NisSrv - ok
16:31:39.0547 3900 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:31:39.0547 3900 NlaSvc - ok
16:31:39.0578 3900 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:31:39.0578 3900 Npfs - ok
16:31:39.0594 3900 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:31:39.0594 3900 nsi - ok
16:31:39.0594 3900 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:31:39.0594 3900 nsiproxy - ok
16:31:39.0672 3900 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:31:39.0687 3900 Ntfs - ok
16:31:39.0703 3900 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:31:39.0703 3900 Null - ok
16:31:39.0734 3900 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:31:39.0734 3900 nvraid - ok
16:31:39.0750 3900 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:31:39.0750 3900 nvstor - ok
16:31:39.0765 3900 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:31:39.0765 3900 nv_agp - ok
16:31:39.0812 3900 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:31:39.0812 3900 ohci1394 - ok
16:31:39.0859 3900 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:31:39.0859 3900 p2pimsvc - ok
16:31:39.0890 3900 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:31:39.0906 3900 p2psvc - ok
16:31:39.0937 3900 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:31:39.0937 3900 Parport - ok
16:31:39.0968 3900 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:31:39.0968 3900 partmgr - ok
16:31:39.0999 3900 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:31:39.0999 3900 PcaSvc - ok
16:31:40.0031 3900 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:31:40.0031 3900 pci - ok
16:31:40.0062 3900 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:31:40.0062 3900 pciide - ok
16:31:40.0077 3900 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:31:40.0077 3900 pcmcia - ok
16:31:40.0093 3900 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:31:40.0093 3900 pcw - ok
16:31:40.0109 3900 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:31:40.0124 3900 PEAUTH - ok
16:31:40.0155 3900 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:31:40.0171 3900 PeerDistSvc - ok
16:31:40.0202 3900 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:31:40.0218 3900 PerfHost - ok
16:31:40.0280 3900 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:31:40.0296 3900 pla - ok
16:31:40.0343 3900 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:31:40.0343 3900 PlugPlay - ok
16:31:40.0374 3900 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:31:40.0374 3900 PNRPAutoReg - ok
16:31:40.0389 3900 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:31:40.0389 3900 PNRPsvc - ok
16:31:40.0421 3900 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:31:40.0421 3900 PolicyAgent - ok
16:31:40.0452 3900 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:31:40.0452 3900 Power - ok
16:31:40.0483 3900 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:31:40.0483 3900 PptpMiniport - ok
16:31:40.0499 3900 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:31:40.0499 3900 Processor - ok
16:31:40.0545 3900 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:31:40.0545 3900 ProfSvc - ok
16:31:40.0561 3900 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:31:40.0561 3900 ProtectedStorage - ok
16:31:40.0592 3900 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:31:40.0592 3900 Psched - ok
16:31:40.0670 3900 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:31:40.0686 3900 ql2300 - ok
16:31:40.0701 3900 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:31:40.0701 3900 ql40xx - ok
16:31:40.0733 3900 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:31:40.0748 3900 QWAVE - ok
16:31:40.0764 3900 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:31:40.0764 3900 QWAVEdrv - ok
16:31:40.0764 3900 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:31:40.0764 3900 RasAcd - ok
16:31:40.0811 3900 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:31:40.0811 3900 RasAgileVpn - ok
16:31:40.0826 3900 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:31:40.0826 3900 RasAuto - ok
16:31:40.0857 3900 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:31:40.0857 3900 Rasl2tp - ok
16:31:40.0889 3900 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:31:40.0904 3900 RasMan - ok
16:31:40.0920 3900 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:31:40.0920 3900 RasPppoe - ok
16:31:40.0935 3900 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:31:40.0935 3900 RasSstp - ok
16:31:40.0967 3900 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:31:40.0967 3900 rdbss - ok
16:31:40.0967 3900 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:31:40.0967 3900 rdpbus - ok
16:31:40.0998 3900 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:31:40.0998 3900 RDPCDD - ok
16:31:41.0045 3900 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:31:41.0045 3900 RDPDR - ok
16:31:41.0060 3900 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:31:41.0060 3900 RDPENCDD - ok
16:31:41.0091 3900 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:31:41.0091 3900 RDPREFMP - ok
16:31:41.0138 3900 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:31:41.0138 3900 RdpVideoMiniport - ok
16:31:41.0185 3900 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:31:41.0201 3900 RDPWD - ok
16:31:41.0232 3900 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:31:41.0247 3900 rdyboost - ok
16:31:41.0279 3900 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:31:41.0279 3900 RemoteAccess - ok
16:31:41.0310 3900 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:31:41.0325 3900 RemoteRegistry - ok
16:31:41.0341 3900 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:31:41.0341 3900 RpcEptMapper - ok
16:31:41.0388 3900 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:31:41.0388 3900 RpcLocator - ok
16:31:41.0419 3900 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:31:41.0435 3900 RpcSs - ok
16:31:41.0466 3900 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:31:41.0466 3900 rspndr - ok
16:31:41.0497 3900 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:31:41.0497 3900 RTL8167 - ok
16:31:41.0528 3900 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:31:41.0528 3900 s3cap - ok
16:31:41.0544 3900 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:31:41.0544 3900 SamSs - ok
16:31:41.0559 3900 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:31:41.0575 3900 sbp2port - ok
16:31:41.0591 3900 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:31:41.0606 3900 SCardSvr - ok
16:31:41.0637 3900 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:31:41.0637 3900 scfilter - ok
16:31:41.0684 3900 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:31:41.0700 3900 Schedule - ok
16:31:41.0731 3900 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:31:41.0731 3900 SCPolicySvc - ok
16:31:41.0747 3900 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:31:41.0762 3900 SDRSVC - ok
16:31:41.0793 3900 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:31:41.0793 3900 secdrv - ok
16:31:41.0809 3900 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:31:41.0809 3900 seclogon - ok
16:31:41.0840 3900 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:31:41.0840 3900 SENS - ok
16:31:41.0856 3900 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:31:41.0856 3900 SensrSvc - ok
16:31:41.0887 3900 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:31:41.0887 3900 Serenum - ok
16:31:41.0903 3900 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:31:41.0903 3900 Serial - ok
16:31:41.0934 3900 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:31:41.0934 3900 sermouse - ok
16:31:41.0981 3900 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:31:41.0981 3900 SessionEnv - ok
16:31:42.0012 3900 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:31:42.0012 3900 sffdisk - ok
16:31:42.0027 3900 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:31:42.0027 3900 sffp_mmc - ok
16:31:42.0043 3900 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:31:42.0043 3900 sffp_sd - ok
16:31:42.0043 3900 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:31:42.0059 3900 sfloppy - ok
16:31:42.0090 3900 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:31:42.0090 3900 SharedAccess - ok
16:31:42.0121 3900 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:31:42.0137 3900 ShellHWDetection - ok
16:31:42.0137 3900 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:31:42.0137 3900 SiSRaid2 - ok
16:31:42.0137 3900 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:31:42.0137 3900 SiSRaid4 - ok
16:31:42.0152 3900 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:31:42.0152 3900 Smb - ok
16:31:42.0183 3900 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:31:42.0183 3900 SNMPTRAP - ok
16:31:42.0199 3900 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:31:42.0199 3900 spldr - ok
16:31:42.0246 3900 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:31:42.0261 3900 Spooler - ok
16:31:42.0386 3900 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:31:42.0402 3900 sppsvc - ok
16:31:42.0417 3900 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:31:42.0433 3900 sppuinotify - ok
16:31:42.0464 3900 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:31:42.0464 3900 srv - ok
16:31:42.0480 3900 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:31:42.0495 3900 srv2 - ok
16:31:42.0495 3900 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:31:42.0511 3900 srvnet - ok
16:31:42.0542 3900 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
16:31:42.0542 3900 ssadbus - ok
16:31:42.0558 3900 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:31:42.0573 3900 ssadmdfl - ok
16:31:42.0589 3900 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
16:31:42.0589 3900 ssadmdm - ok
16:31:42.0605 3900 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:31:42.0605 3900 SSDPSRV - ok
16:31:42.0636 3900 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:31:42.0636 3900 SstpSvc - ok
16:31:42.0776 3900 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
16:31:42.0776 3900 STacSV - ok
16:31:42.0807 3900 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:31:42.0807 3900 stexstor - ok
16:31:42.0839 3900 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
16:31:42.0839 3900 STHDA - ok
16:31:42.0885 3900 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:31:42.0885 3900 stisvc - ok
16:31:42.0917 3900 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:31:42.0917 3900 storflt - ok
16:31:42.0932 3900 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:31:42.0932 3900 storvsc - ok
16:31:42.0948 3900 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:31:42.0948 3900 swenum - ok
16:31:42.0979 3900 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:31:42.0995 3900 swprv - ok
16:31:43.0010 3900 Synth3dVsc - ok
16:31:43.0073 3900 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:31:43.0088 3900 SysMain - ok
16:31:43.0119 3900 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:31:43.0119 3900 TabletInputService - ok
16:31:43.0135 3900 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:31:43.0135 3900 TapiSrv - ok
16:31:43.0151 3900 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:31:43.0151 3900 TBS - ok
16:31:43.0229 3900 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:31:43.0244 3900 Tcpip - ok
16:31:43.0307 3900 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:31:43.0322 3900 TCPIP6 - ok
16:31:43.0338 3900 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:31:43.0338 3900 tcpipreg - ok
16:31:43.0369 3900 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:31:43.0369 3900 TDPIPE - ok
16:31:43.0400 3900 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:31:43.0400 3900 TDTCP - ok
16:31:43.0416 3900 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:31:43.0431 3900 tdx - ok
16:31:43.0447 3900 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:31:43.0447 3900 TermDD - ok
16:31:43.0478 3900 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:31:43.0478 3900 TermService - ok
16:31:43.0494 3900 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:31:43.0509 3900 Themes - ok
16:31:43.0541 3900 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:31:43.0541 3900 THREADORDER - ok
16:31:43.0556 3900 [ AA70BED94D7994B9C00E7B4EC0543C2B ] TotRec7 C:\Windows\system32\drivers\TotRec7.sys
16:31:43.0556 3900 TotRec7 - ok
16:31:43.0572 3900 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:31:43.0572 3900 TrkWks - ok
16:31:43.0634 3900 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:31:43.0650 3900 TrustedInstaller - ok
16:31:43.0681 3900 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:31:43.0681 3900 tssecsrv - ok
16:31:43.0712 3900 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:31:43.0728 3900 TsUsbFlt - ok
16:31:43.0728 3900 tsusbhub - ok
16:31:43.0775 3900 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:31:43.0775 3900 tunnel - ok
16:31:43.0806 3900 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:31:43.0806 3900 uagp35 - ok
16:31:43.0837 3900 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:31:43.0837 3900 udfs - ok
16:31:43.0884 3900 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:31:43.0899 3900 UI0Detect - ok
16:31:43.0931 3900 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:31:43.0931 3900 uliagpkx - ok
16:31:43.0962 3900 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:31:43.0962 3900 umbus - ok
16:31:43.0977 3900 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:31:43.0977 3900 UmPass - ok
16:31:44.0024 3900 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:31:44.0024 3900 UmRdpService - ok
16:31:44.0040 3900 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:31:44.0040 3900 upnphost - ok
16:31:44.0071 3900 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:31:44.0087 3900 USBAAPL64 - ok
16:31:44.0102 3900 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:31:44.0102 3900 usbccgp - ok
16:31:44.0133 3900 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:31:44.0133 3900 usbcir - ok
16:31:44.0165 3900 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:31:44.0165 3900 usbehci - ok
16:31:44.0180 3900 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:31:44.0180 3900 usbfilter - ok
16:31:44.0211 3900 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:31:44.0211 3900 usbhub - ok
16:31:44.0227 3900 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:31:44.0227 3900 usbohci - ok
16:31:44.0258 3900 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:31:44.0258 3900 usbprint - ok
16:31:44.0305 3900 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:31:44.0305 3900 usbscan - ok
16:31:44.0321 3900 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:31:44.0321 3900 USBSTOR - ok
16:31:44.0352 3900 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:31:44.0352 3900 usbuhci - ok
16:31:44.0367 3900 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:31:44.0367 3900 usbvideo - ok
16:31:44.0399 3900 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:31:44.0414 3900 UxSms - ok
16:31:44.0414 3900 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:31:44.0414 3900 VaultSvc - ok
16:31:44.0445 3900 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:31:44.0445 3900 vdrvroot - ok
16:31:44.0477 3900 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:31:44.0477 3900 vds - ok
16:31:44.0508 3900 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:31:44.0523 3900 vga - ok
16:31:44.0555 3900 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:31:44.0555 3900 VgaSave - ok
16:31:44.0555 3900 VGPU - ok
16:31:44.0601 3900 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:31:44.0601 3900 vhdmp - ok
16:31:44.0633 3900 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:31:44.0633 3900 viaide - ok
16:31:44.0679 3900 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:31:44.0679 3900 vmbus - ok
16:31:44.0695 3900 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:31:44.0695 3900 VMBusHID - ok
16:31:44.0726 3900 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:31:44.0726 3900 volmgr - ok
16:31:44.0757 3900 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:31:44.0757 3900 volmgrx - ok
16:31:44.0789 3900 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:31:44.0789 3900 volsnap - ok
16:31:44.0835 3900 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:31:44.0835 3900 vsmraid - ok
16:31:44.0898 3900 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:31:44.0913 3900 VSS - ok
16:31:44.0929 3900 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:31:44.0929 3900 vwifibus - ok
16:31:44.0945 3900 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:31:44.0945 3900 vwififlt - ok
16:31:44.0976 3900 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:31:44.0976 3900 W32Time - ok
16:31:44.0991 3900 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:31:44.0991 3900 WacomPen - ok
16:31:45.0007 3900 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:31:45.0007 3900 WANARP - ok
16:31:45.0023 3900 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:31:45.0023 3900 Wanarpv6 - ok
16:31:45.0069 3900 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:31:45.0085 3900 wbengine - ok
16:31:45.0101 3900 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:31:45.0101 3900 WbioSrvc - ok
16:31:45.0116 3900 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:31:45.0132 3900 wcncsvc - ok
16:31:45.0132 3900 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:31:45.0147 3900 WcsPlugInService - ok
16:31:45.0147 3900 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:31:45.0147 3900 Wd - ok
16:31:45.0179 3900 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:31:45.0179 3900 WDC_SAM - ok
16:31:45.0272 3900 [ 7DEDECC376B29A973A0F3384D135F2DA ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
16:31:45.0272 3900 WDDMService - ok
16:31:45.0303 3900 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:31:45.0319 3900 Wdf01000 - ok
16:31:45.0381 3900 [ 8E798F577A684A5F1E464D954C6C7F1E ] WDFMEService C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
16:31:45.0397 3900 WDFMEService - ok
16:31:45.0413 3900 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:31:45.0413 3900 WdiServiceHost - ok
16:31:45.0428 3900 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:31:45.0428 3900 WdiSystemHost - ok
16:31:45.0459 3900 [ 65D571576E366067C22F22B3E919EF8C ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
16:31:45.0475 3900 WDRulesService - ok
16:31:45.0491 3900 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:31:45.0506 3900 WebClient - ok
16:31:45.0537 3900 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:31:45.0553 3900 Wecsvc - ok
16:31:45.0569 3900 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:31:45.0569 3900 wercplsupport - ok
16:31:45.0600 3900 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:31:45.0600 3900 WerSvc - ok
16:31:45.0631 3900 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:31:45.0631 3900 WfpLwf - ok
16:31:45.0647 3900 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:31:45.0647 3900 WIMMount - ok
16:31:45.0678 3900 WinDefend - ok
16:31:45.0678 3900 WinHttpAutoProxySvc - ok
16:31:45.0771 3900 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:31:45.0771 3900 Winmgmt - ok
16:31:45.0849 3900 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:31:45.0865 3900 WinRM - ok
16:31:45.0896 3900 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:31:45.0912 3900 WinUsb - ok
16:31:45.0943 3900 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:31:45.0959 3900 Wlansvc - ok
16:31:45.0990 3900 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:31:45.0990 3900 WmiAcpi - ok
16:31:46.0005 3900 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:31:46.0005 3900 wmiApSrv - ok
16:31:46.0037 3900 WMPNetworkSvc - ok
16:31:46.0052 3900 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:31:46.0052 3900 WPCSvc - ok
16:31:46.0083 3900 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:31:46.0083 3900 WPDBusEnum - ok
16:31:46.0115 3900 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:31:46.0115 3900 ws2ifsl - ok
16:31:46.0130 3900 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:31:46.0130 3900 wscsvc - ok
16:31:46.0177 3900 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:31:46.0177 3900 WSDPrintDevice - ok
16:31:46.0177 3900 WSearch - ok
16:31:46.0255 3900 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:31:46.0286 3900 wuauserv - ok
16:31:46.0302 3900 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:31:46.0302 3900 WudfPf - ok
16:31:46.0317 3900 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:31:46.0317 3900 WUDFRd - ok
16:31:46.0349 3900 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:31:46.0349 3900 wudfsvc - ok
16:31:46.0380 3900 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:31:46.0380 3900 WwanSvc - ok
16:31:46.0380 3900 ================ Scan global ===============================
16:31:46.0427 3900 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:31:46.0458 3900 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:31:46.0489 3900 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:31:46.0520 3900 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:31:46.0551 3900 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:31:46.0551 3900 [Global] - ok
16:31:46.0551 3900 ================ Scan MBR ==================================
16:31:46.0567 3900 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:31:46.0848 3900 \Device\Harddisk0\DR0 - ok
16:31:46.0863 3900 [ 9C032F5010FDD4E49E2318FA454ABCEC ] \Device\Harddisk1\DR1
16:31:53.0868 3900 \Device\Harddisk1\DR1 - ok
16:31:53.0868 3900 ================ Scan VBR ==================================
16:31:53.0883 3900 [ F5BFFB821E45C737BAB138AB8B53EC0E ] \Device\Harddisk0\DR0\Partition1
16:31:53.0899 3900 \Device\Harddisk0\DR0\Partition1 - ok
16:31:53.0899 3900 [ E3179A354FBFFDECC45D21D6495F1B0C ] \Device\Harddisk0\DR0\Partition2
16:31:53.0915 3900 \Device\Harddisk0\DR0\Partition2 - ok
16:31:53.0915 3900 ============================================================
16:31:53.0915 3900 Scan finished
16:31:53.0915 3900 ============================================================
16:31:53.0915 3300 Detected object count: 0
16:31:53.0915 3300 Actual detected object count: 0
16:32:19.0858 0916 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 16:32:26
-----------------------------
16:32:26.896 OS Version: Windows x64 6.1.7601 Service Pack 1
16:32:26.896 Number of processors: 2 586 0x602
16:32:26.896 ComputerName: TRAVISLAPII-PC UserName: Travis Lap II
16:32:28.082 Initialize success
16:33:15.092 AVAST engine defs: 12091400
16:33:46.260 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:33:46.276 Disk 0 Vendor: WDC_WD3200BPVT-00HXZT3 01.01A01 Size: 305245MB BusType: 11
16:33:46.307 Disk 0 MBR read successfully
16:33:46.323 Disk 0 MBR scan
16:33:46.323 Disk 0 Windows 7 default MBR code
16:33:46.338 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:33:46.354 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
16:33:46.401 Disk 0 scanning C:\Windows\system32\drivers
16:33:57.758 Service scanning
16:34:30.892 Modules scanning
16:34:30.892 Disk 0 trace - called modules:
16:34:30.939 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:34:30.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800433c060]
16:34:31.454 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800433b370]
16:34:31.454 5 hpdskflt.sys[fffff880019d2189] -> nt!IofCallDriver -> [0xfffffa8003dc4400]
16:34:31.469 7 ACPI.sys[fffff88000f327a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042b9060]
16:34:33.497 AVAST engine scan C:\Windows
16:34:38.801 AVAST engine scan C:\Windows\system32
16:39:29.732 AVAST engine scan C:\Windows\system32\drivers
16:39:42.634 AVAST engine scan C:\Users\Travis Lap II
16:49:37.419 AVAST engine scan C:\ProgramData
16:50:09.633 Scan finished successfully
17:22:02.682 Disk 0 MBR has been saved successfully to "C:\Users\Travis Lap II\Desktop\MBR.dat"
17:22:02.682 The log file has been saved successfully to "C:\Users\Travis Lap II\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users