Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal assistance request


  • Please log in to reply
27 replies to this topic

#1 ckb1985

ckb1985

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 19 December 2011 - 03:26 PM

I have done battle with win 7 antivirus 2011 before so when it popped up I rand the reg fix and process killers so I could scan and remove it with malwarebytes. A large number of things were found and removed. 24 hours later the bogus antivirus is back has borked MSE after I reinstalled and I am back to square one. Any assistance would be very helpful.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Chris at 15:17:00 on 2011-12-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6381 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\FPSensor\bin\DpHost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\FPSensor\bin\iZHost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ZKSoftware\ZKECO\zkeco\units\adms\memcached.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\tinySpell\tinyspell.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{590CC9C6-A8CD-48C8-B2B0-3FAA841179F6} : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{DC543B36-A298-45D9-B58B-419BCE6011AC}\259636860596E656 : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r93ktmbf.default\
FF - prefs.js: browser.search.defaulturl - www.google.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - search.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-9-27 745880]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 iZHost;iZHost;C:\Program Files (x86)\FPSensor\bin\iZHost.exe [2011-11-16 251392]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-1 2337144]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-9 2983808]
R2 ZKECOMemCachedService;ZKECOMemCached Service;C:\Program Files (x86)\ZKSoftware\ZKECO\zkeco\units\adms\memcached.exe -p 11211 -m 512 -d runservice --> C:\Program Files (x86)\ZKSoftware\ZKECO\zkeco\units\adms\memcached.exe -p 11211 -m 512 -d runservice [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S2 ZKECOBackupDB;ZKECO Backup Database;C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\Lib\site-packages\win32\pythonservice.exe [2011-11-14 11776]
S2 ZKECODataCommCenterService;ZKECO Data Comm Center Service;C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\Lib\site-packages\win32\pythonservice.exe [2011-11-14 11776]
S2 ZKECOMYSQL;ZKECOMYSQL;C:\Program Files (x86)\ZKSoftware\ZKECO\mysql\bin\mysqld-nt.exe [2011-11-14 5730304]
S2 ZKECOWEBService;ZKECO Web Service;C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\Lib\site-packages\win32\pythonservice.exe [2011-11-14 11776]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\system32\Drivers\CH341S64.SYS --> C:\Windows\system32\Drivers\CH341S64.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]
S3 Svk2pl;GigawareX USB to Serial Driver;C:\Windows\system32\DRIVERS\Svk2pl64.sys --> C:\Windows\system32\DRIVERS\Svk2pl64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-19 19:59:45 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-19 19:54:20 79872 ----a-w- C:\Windows\SysWow64\8lE3O5NB.com_
2011-12-19 19:53:03 -------- d-----we C:\Windows\system64
2011-12-19 19:52:53 331264 ----a-w- C:\Users\Chris\AppData\Local\hxi.exe
2011-12-19 15:03:35 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83DB5C9C-61D9-487A-9772-9DE12BD71FE4}\gapaengine.dll
2011-12-19 15:03:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDA7609-8142-45D8-8169-99C324A6B984}\offreg.dll
2011-12-19 15:03:31 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDA7609-8142-45D8-8169-99C324A6B984}\mpengine.dll
2011-12-19 15:03:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-19 14:26:53 -------- d-----w- C:\Windows\TempDCD49746-353B-6FC3-1E05-EBBCC5E2A4D7-Signatures
2011-12-19 14:26:45 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-18 17:04:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-16 21:50:39 98816 ----a-w- C:\Windows\sed.exe
2011-12-16 21:50:39 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-16 21:50:39 256000 ----a-w- C:\Windows\PEV.exe
2011-12-16 21:50:39 208896 ----a-w- C:\Windows\MBR.exe
2011-12-16 21:41:45 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2011-12-16 20:34:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2011-12-16 20:34:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-16 20:34:38 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-16 20:34:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-06 15:40:00 -------- d-----w- C:\iCCard
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 15:17:54.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 22 December 2011 - 09:15 AM

Win 7 antivirus has not come back yet but things still are not right.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 26 December 2011 - 03:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433400 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 December 2011 - 09:08 AM

Yes I still need help nothing should have changed in the DDS log the system is not in use. But as requested here it is.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Chris at 9:19:29 on 2011-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6509 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\tinySpell\tinyspell.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{590CC9C6-A8CD-48C8-B2B0-3FAA841179F6} : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{DC543B36-A298-45D9-B58B-419BCE6011AC}\259636860596E656 : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-9-27 745880]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-9 2983808]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S2 ZKECOBackupDB;ZKECO Backup Database;"C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe" --> C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [?]
S2 ZKECODataCommCenterService;ZKECO Data Comm Center Service;"C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe" --> C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [?]
S2 ZKECOWEBService;ZKECO Web Service;"C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe" --> C:\Program Files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [?]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\system32\Drivers\CH341S64.SYS --> C:\Windows\system32\Drivers\CH341S64.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]
S3 Svk2pl;GigawareX USB to Serial Driver;C:\Windows\system32\DRIVERS\Svk2pl64.sys --> C:\Windows\system32\DRIVERS\Svk2pl64.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-19 19:54:20 79872 ----a-w- C:\Windows\SysWow64\8lE3O5NB.com_
2011-12-19 19:53:03 -------- d-----we C:\Windows\system64
2011-12-19 19:52:53 331264 ----a-w- C:\Users\Chris\AppData\Local\hxi.exe
2011-12-19 15:03:35 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83DB5C9C-61D9-487A-9772-9DE12BD71FE4}\gapaengine.dll
2011-12-19 15:03:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDA7609-8142-45D8-8169-99C324A6B984}\offreg.dll
2011-12-19 15:03:31 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEDA7609-8142-45D8-8169-99C324A6B984}\mpengine.dll
2011-12-19 15:03:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-19 14:26:53 -------- d-----w- C:\Windows\TempDCD49746-353B-6FC3-1E05-EBBCC5E2A4D7-Signatures
2011-12-19 14:26:45 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-18 17:04:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-16 21:50:39 98816 ----a-w- C:\Windows\sed.exe
2011-12-16 21:50:39 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-16 21:50:39 256000 ----a-w- C:\Windows\PEV.exe
2011-12-16 21:50:39 208896 ----a-w- C:\Windows\MBR.exe
2011-12-16 21:41:45 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2011-12-16 20:34:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2011-12-16 20:34:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-16 20:34:38 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-16 20:34:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-06 15:40:00 -------- d-----w- C:\iCCard
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:19:48.09 ===============

Attached Files


Edited by ckb1985, 27 December 2011 - 09:21 AM.


#5 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:56 AM

Posted 27 December 2011 - 02:08 PM

Hi,

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

unite_blue.png

Please post the final results, good or bad. We like to know!


#6 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 December 2011 - 02:54 PM

Ran TDSSKiller. Log posted below.
14:10:40.0172 0412 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:10:40.0188 0412 ============================================================
14:10:40.0188 0412 Current date / time: 2011/12/27 14:10:40.0188
14:10:40.0188 0412 SystemInfo:
14:10:40.0188 0412
14:10:40.0188 0412 OS Version: 6.1.7601 ServicePack: 1.0
14:10:40.0188 0412 Product type: Workstation
14:10:40.0188 0412 ComputerName: CHRIS-HP
14:10:40.0188 0412 UserName: Chris
14:10:40.0188 0412 Windows directory: C:\Windows
14:10:40.0188 0412 System windows directory: C:\Windows
14:10:40.0188 0412 Running under WOW64
14:10:40.0188 0412 Processor architecture: Intel x64
14:10:40.0188 0412 Number of processors: 4
14:10:40.0188 0412 Page size: 0x1000
14:10:40.0188 0412 Boot type: Normal boot
14:10:40.0188 0412 ============================================================
14:10:41.0155 0412 Initialize success
14:11:13.0525 3212 ============================================================
14:11:13.0525 3212 Scan started
14:11:13.0525 3212 Mode: Manual; SigCheck; TDLFS;
14:11:13.0525 3212 ============================================================
14:11:13.0837 3212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:11:13.0962 3212 1394ohci - ok
14:11:13.0993 3212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:11:14.0009 3212 ACPI - ok
14:11:14.0025 3212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:11:14.0149 3212 AcpiPmi - ok
14:11:14.0290 3212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:11:14.0337 3212 adp94xx - ok
14:11:14.0368 3212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:11:14.0399 3212 adpahci - ok
14:11:14.0430 3212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:11:14.0430 3212 adpu320 - ok
14:11:14.0477 3212 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:11:14.0508 3212 AFD - ok
14:11:14.0602 3212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:11:14.0633 3212 agp440 - ok
14:11:14.0649 3212 ahcix64s (b7103982196eb826be70f29405c566db) C:\Windows\system32\DRIVERS\ahcix64s.sys
14:11:14.0664 3212 ahcix64s - ok
14:11:14.0695 3212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:11:14.0711 3212 aliide - ok
14:11:14.0727 3212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:11:14.0742 3212 amdide - ok
14:11:14.0758 3212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:11:14.0789 3212 AmdK8 - ok
14:11:15.0007 3212 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:11:15.0179 3212 amdkmdag - ok
14:11:15.0210 3212 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
14:11:15.0273 3212 amdkmdap - ok
14:11:15.0351 3212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:11:15.0413 3212 AmdPPM - ok
14:11:15.0444 3212 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
14:11:15.0475 3212 amdsata - ok
14:11:15.0491 3212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:11:15.0507 3212 amdsbs - ok
14:11:15.0522 3212 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
14:11:15.0522 3212 amdxata - ok
14:11:15.0600 3212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:11:15.0741 3212 AppID - ok
14:11:15.0865 3212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:11:15.0897 3212 arc - ok
14:11:15.0912 3212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:11:15.0928 3212 arcsas - ok
14:11:16.0037 3212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:16.0209 3212 AsyncMac - ok
14:11:16.0271 3212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:11:16.0287 3212 atapi - ok
14:11:16.0349 3212 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:11:16.0396 3212 AtiPcie - ok
14:11:16.0443 3212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:11:16.0505 3212 b06bdrv - ok
14:11:16.0552 3212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:11:16.0630 3212 b57nd60a - ok
14:11:16.0692 3212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:11:16.0770 3212 Beep - ok
14:11:16.0817 3212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:11:16.0879 3212 blbdrive - ok
14:11:16.0989 3212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:11:17.0067 3212 bowser - ok
14:11:17.0098 3212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:11:17.0269 3212 BrFiltLo - ok
14:11:17.0301 3212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:11:17.0332 3212 BrFiltUp - ok
14:11:17.0410 3212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:11:17.0488 3212 Brserid - ok
14:11:17.0519 3212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:11:17.0566 3212 BrSerWdm - ok
14:11:17.0597 3212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:11:17.0644 3212 BrUsbMdm - ok
14:11:17.0737 3212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:11:17.0753 3212 BrUsbSer - ok
14:11:17.0800 3212 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:11:17.0862 3212 BthEnum - ok
14:11:17.0893 3212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:11:17.0940 3212 BTHMODEM - ok
14:11:18.0034 3212 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:11:18.0081 3212 BthPan - ok
14:11:18.0143 3212 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:11:18.0221 3212 BTHPORT - ok
14:11:18.0299 3212 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:11:18.0346 3212 BTHUSB - ok
14:11:18.0377 3212 catchme - ok
14:11:18.0408 3212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:11:18.0486 3212 cdfs - ok
14:11:18.0595 3212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:11:18.0627 3212 cdrom - ok
14:11:18.0673 3212 CH341SER_A64 (37c29f723a1174b21e7cc6e66d7c2c37) C:\Windows\system32\Drivers\CH341S64.SYS
14:11:18.0767 3212 CH341SER_A64 - ok
14:11:18.0829 3212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:11:18.0907 3212 circlass - ok
14:11:18.0970 3212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:11:19.0017 3212 CLFS - ok
14:11:19.0110 3212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:19.0173 3212 CmBatt - ok
14:11:19.0204 3212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:11:19.0219 3212 cmdide - ok
14:11:19.0266 3212 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:11:19.0313 3212 CNG - ok
14:11:19.0329 3212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:11:19.0344 3212 Compbatt - ok
14:11:19.0407 3212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:11:19.0453 3212 CompositeBus - ok
14:11:19.0500 3212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:11:19.0531 3212 crcdisk - ok
14:11:19.0578 3212 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:11:19.0641 3212 dc3d - ok
14:11:19.0734 3212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:11:19.0812 3212 DfsC - ok
14:11:19.0843 3212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:11:19.0906 3212 discache - ok
14:11:19.0937 3212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:11:19.0953 3212 Disk - ok
14:11:20.0031 3212 dpK00701 - ok
14:11:20.0062 3212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:11:20.0109 3212 drmkaud - ok
14:11:20.0171 3212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:11:20.0202 3212 DXGKrnl - ok
14:11:20.0311 3212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:11:20.0389 3212 ebdrv - ok
14:11:20.0483 3212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:11:20.0514 3212 elxstor - ok
14:11:20.0530 3212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:11:20.0592 3212 ErrDev - ok
14:11:20.0655 3212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:11:20.0701 3212 exfat - ok
14:11:20.0717 3212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:11:20.0795 3212 fastfat - ok
14:11:20.0889 3212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:11:21.0154 3212 fdc - ok
14:11:21.0216 3212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:11:21.0232 3212 FileInfo - ok
14:11:21.0247 3212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:11:21.0310 3212 Filetrace - ok
14:11:21.0357 3212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:21.0372 3212 flpydisk - ok
14:11:21.0403 3212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:11:21.0419 3212 FltMgr - ok
14:11:21.0466 3212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:11:21.0481 3212 FsDepends - ok
14:11:21.0513 3212 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:11:21.0513 3212 fssfltr - ok
14:11:21.0559 3212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:11:21.0575 3212 Fs_Rec - ok
14:11:21.0606 3212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:11:21.0622 3212 fvevol - ok
14:11:21.0653 3212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:11:21.0653 3212 gagp30kx - ok
14:11:21.0715 3212 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:11:21.0731 3212 GEARAspiWDM - ok
14:11:21.0793 3212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:11:21.0871 3212 hcw85cir - ok
14:11:21.0903 3212 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:11:21.0918 3212 HdAudAddService - ok
14:11:21.0981 3212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:11:22.0027 3212 HDAudBus - ok
14:11:22.0043 3212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:11:22.0090 3212 HidBatt - ok
14:11:22.0121 3212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:11:22.0183 3212 HidBth - ok
14:11:22.0215 3212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:11:22.0277 3212 HidIr - ok
14:11:22.0371 3212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:11:22.0417 3212 HidUsb - ok
14:11:22.0464 3212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:11:22.0480 3212 HpSAMD - ok
14:11:22.0511 3212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:11:22.0573 3212 HTTP - ok
14:11:22.0620 3212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:11:22.0620 3212 hwpolicy - ok
14:11:22.0714 3212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:11:22.0745 3212 i8042prt - ok
14:11:22.0776 3212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:11:22.0807 3212 iaStorV - ok
14:11:22.0823 3212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:11:22.0839 3212 iirsp - ok
14:11:22.0917 3212 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:11:22.0948 3212 IntcAzAudAddService - ok
14:11:23.0026 3212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:11:23.0041 3212 intelide - ok
14:11:23.0073 3212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:11:23.0104 3212 intelppm - ok
14:11:23.0166 3212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:23.0244 3212 IpFilterDriver - ok
14:11:23.0275 3212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:11:23.0322 3212 IPMIDRV - ok
14:11:23.0416 3212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:11:23.0494 3212 IPNAT - ok
14:11:23.0525 3212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:11:23.0603 3212 IRENUM - ok
14:11:23.0619 3212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:11:23.0634 3212 isapnp - ok
14:11:23.0697 3212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:11:23.0728 3212 iScsiPrt - ok
14:11:23.0759 3212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:23.0775 3212 kbdclass - ok
14:11:23.0790 3212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:23.0821 3212 kbdhid - ok
14:11:23.0868 3212 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:11:23.0884 3212 KSecDD - ok
14:11:23.0962 3212 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:11:23.0993 3212 KSecPkg - ok
14:11:24.0024 3212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:11:24.0102 3212 ksthunk - ok
14:11:24.0196 3212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:11:24.0289 3212 lltdio - ok
14:11:24.0336 3212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:11:24.0352 3212 LSI_FC - ok
14:11:24.0367 3212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:11:24.0383 3212 LSI_SAS - ok
14:11:24.0399 3212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:11:24.0399 3212 LSI_SAS2 - ok
14:11:24.0414 3212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:11:24.0430 3212 LSI_SCSI - ok
14:11:24.0523 3212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:11:24.0570 3212 luafv - ok
14:11:24.0601 3212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:11:24.0601 3212 megasas - ok
14:11:24.0633 3212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:11:24.0648 3212 MegaSR - ok
14:11:24.0664 3212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:11:24.0726 3212 Modem - ok
14:11:24.0773 3212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:11:24.0820 3212 monitor - ok
14:11:24.0898 3212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:11:24.0929 3212 mouclass - ok
14:11:24.0976 3212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:11:25.0023 3212 mouhid - ok
14:11:25.0085 3212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:11:25.0116 3212 mountmgr - ok
14:11:25.0194 3212 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:11:25.0210 3212 MpFilter - ok
14:11:25.0241 3212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:11:25.0241 3212 mpio - ok
14:11:25.0288 3212 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:11:25.0303 3212 MpNWMon - ok
14:11:25.0335 3212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:11:25.0413 3212 mpsdrv - ok
14:11:25.0491 3212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:11:25.0553 3212 MRxDAV - ok
14:11:25.0584 3212 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:25.0615 3212 mrxsmb - ok
14:11:25.0662 3212 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:25.0693 3212 mrxsmb10 - ok
14:11:25.0756 3212 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:25.0787 3212 mrxsmb20 - ok
14:11:25.0818 3212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:11:25.0834 3212 msahci - ok
14:11:25.0865 3212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:11:25.0881 3212 msdsm - ok
14:11:25.0896 3212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:11:25.0943 3212 Msfs - ok
14:11:25.0959 3212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:11:26.0005 3212 mshidkmdf - ok
14:11:26.0068 3212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:11:26.0099 3212 msisadrv - ok
14:11:26.0146 3212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:11:26.0224 3212 MSKSSRV - ok
14:11:26.0255 3212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:26.0333 3212 MSPCLOCK - ok
14:11:26.0349 3212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:11:26.0380 3212 MSPQM - ok
14:11:26.0489 3212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:11:26.0536 3212 MsRPC - ok
14:11:26.0551 3212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:11:26.0567 3212 mssmbios - ok
14:11:26.0598 3212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:11:26.0676 3212 MSTEE - ok
14:11:26.0739 3212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:11:26.0785 3212 MTConfig - ok
14:11:26.0848 3212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:11:26.0863 3212 Mup - ok
14:11:26.0910 3212 mv2 (621c40398b1a0242acbcc2ba65c23a66) C:\Windows\system32\DRIVERS\mv2.sys
14:11:26.0941 3212 mv2 - ok
14:11:27.0004 3212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:11:27.0082 3212 NativeWifiP - ok
14:11:27.0175 3212 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:11:27.0207 3212 NDIS - ok
14:11:27.0222 3212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:11:27.0253 3212 NdisCap - ok
14:11:27.0300 3212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:27.0378 3212 NdisTapi - ok
14:11:27.0409 3212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:27.0487 3212 Ndisuio - ok
14:11:27.0550 3212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:27.0628 3212 NdisWan - ok
14:11:27.0706 3212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:11:27.0784 3212 NDProxy - ok
14:11:27.0815 3212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:11:27.0877 3212 NetBIOS - ok
14:11:27.0909 3212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:11:27.0987 3212 NetBT - ok
14:11:28.0111 3212 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
14:11:28.0158 3212 netr28x - ok
14:11:28.0189 3212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:11:28.0189 3212 nfrd960 - ok
14:11:28.0267 3212 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:11:28.0283 3212 NisDrv - ok
14:11:28.0377 3212 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
14:11:28.0392 3212 NPF - ok
14:11:28.0423 3212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:11:28.0501 3212 Npfs - ok
14:11:28.0548 3212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:11:28.0595 3212 nsiproxy - ok
14:11:28.0673 3212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:11:28.0735 3212 Ntfs - ok
14:11:28.0798 3212 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:11:28.0813 3212 NuidFltr - ok
14:11:28.0845 3212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:11:28.0923 3212 Null - ok
14:11:29.0001 3212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:11:29.0032 3212 nvraid - ok
14:11:29.0047 3212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:11:29.0079 3212 nvstor - ok
14:11:29.0110 3212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:11:29.0141 3212 nv_agp - ok
14:11:29.0172 3212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:11:29.0203 3212 ohci1394 - ok
14:11:29.0297 3212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:11:29.0328 3212 Parport - ok
14:11:29.0359 3212 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:11:29.0375 3212 partmgr - ok
14:11:29.0406 3212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:11:29.0437 3212 pci - ok
14:11:29.0469 3212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:11:29.0469 3212 pciide - ok
14:11:29.0547 3212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:11:29.0562 3212 pcmcia - ok
14:11:29.0593 3212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:11:29.0593 3212 pcw - ok
14:11:29.0625 3212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:11:29.0703 3212 PEAUTH - ok
14:11:29.0749 3212 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:11:29.0765 3212 Point64 - ok
14:11:29.0843 3212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:11:29.0905 3212 PptpMiniport - ok
14:11:29.0937 3212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:11:29.0968 3212 Processor - ok
14:11:30.0030 3212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:11:30.0093 3212 Psched - ok
14:11:30.0264 3212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:11:30.0327 3212 ql2300 - ok
14:11:30.0342 3212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:11:30.0342 3212 ql40xx - ok
14:11:30.0373 3212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:11:30.0436 3212 QWAVEdrv - ok
14:11:30.0451 3212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:11:30.0529 3212 RasAcd - ok
14:11:30.0607 3212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:11:30.0701 3212 RasAgileVpn - ok
14:11:30.0732 3212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:30.0841 3212 Rasl2tp - ok
14:11:30.0873 3212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:30.0935 3212 RasPppoe - ok
14:11:31.0029 3212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:11:31.0107 3212 RasSstp - ok
14:11:31.0153 3212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:11:31.0247 3212 rdbss - ok
14:11:31.0294 3212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:11:31.0309 3212 rdpbus - ok
14:11:31.0387 3212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:31.0465 3212 RDPCDD - ok
14:11:31.0512 3212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:11:31.0590 3212 RDPENCDD - ok
14:11:31.0606 3212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:11:31.0621 3212 RDPREFMP - ok
14:11:31.0653 3212 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:11:31.0684 3212 RDPWD - ok
14:11:31.0762 3212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:11:31.0793 3212 rdyboost - ok
14:11:31.0855 3212 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:11:31.0902 3212 RFCOMM - ok
14:11:32.0043 3212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:11:32.0105 3212 rspndr - ok
14:11:32.0136 3212 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:11:32.0136 3212 RTL8167 - ok
14:11:32.0167 3212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:11:32.0167 3212 sbp2port - ok
14:11:32.0199 3212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:11:32.0277 3212 scfilter - ok
14:11:32.0370 3212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:11:32.0433 3212 secdrv - ok
14:11:32.0448 3212 Ser2pl - ok
14:11:32.0479 3212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:11:32.0526 3212 Serenum - ok
14:11:32.0557 3212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:11:32.0573 3212 Serial - ok
14:11:32.0604 3212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:11:32.0635 3212 sermouse - ok
14:11:32.0729 3212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:11:32.0791 3212 sffdisk - ok
14:11:32.0791 3212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:11:32.0823 3212 sffp_mmc - ok
14:11:32.0854 3212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:11:32.0885 3212 sffp_sd - ok
14:11:32.0916 3212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:11:32.0963 3212 sfloppy - ok
14:11:33.0072 3212 silabenm (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys
14:11:33.0088 3212 silabenm - ok
14:11:33.0103 3212 silabser (39a6f89d7eff9b1b839570134170d859) C:\Windows\system32\DRIVERS\silabser.sys
14:11:33.0150 3212 silabser - ok
14:11:33.0244 3212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:11:33.0259 3212 SiSRaid2 - ok
14:11:33.0275 3212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:11:33.0291 3212 SiSRaid4 - ok
14:11:33.0337 3212 SIUSBXP (55c26c510199730d3eb87db9cb77ed29) C:\Windows\system32\drivers\SiUSBXp.sys
14:11:33.0384 3212 SIUSBXP - ok
14:11:33.0447 3212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:11:33.0509 3212 Smb - ok
14:11:33.0603 3212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:11:33.0618 3212 spldr - ok
14:11:33.0665 3212 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:11:33.0727 3212 srv - ok
14:11:33.0774 3212 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:11:33.0837 3212 srv2 - ok
14:11:33.0899 3212 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:11:33.0946 3212 srvnet - ok
14:11:34.0008 3212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:11:34.0024 3212 stexstor - ok
14:11:34.0071 3212 Svk2pl (3d120c97d6d047f33ac0c08d35f31103) C:\Windows\system32\DRIVERS\Svk2pl64.sys
14:11:34.0102 3212 Svk2pl - ok
14:11:34.0180 3212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:11:34.0195 3212 swenum - ok
14:11:34.0289 3212 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:11:34.0336 3212 Tcpip - ok
14:11:34.0367 3212 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:11:34.0398 3212 TCPIP6 - ok
14:11:34.0429 3212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:11:34.0492 3212 tcpipreg - ok
14:11:34.0570 3212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:11:34.0648 3212 TDPIPE - ok
14:11:34.0679 3212 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:11:34.0710 3212 TDTCP - ok
14:11:34.0726 3212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:11:34.0757 3212 tdx - ok
14:11:34.0835 3212 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:11:34.0835 3212 teamviewervpn - ok
14:11:34.0866 3212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:11:34.0882 3212 TermDD - ok
14:11:34.0913 3212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:34.0944 3212 tssecsrv - ok
14:11:34.0991 3212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:11:35.0007 3212 TsUsbFlt - ok
14:11:35.0085 3212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:11:35.0163 3212 tunnel - ok
14:11:35.0209 3212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:11:35.0241 3212 uagp35 - ok
14:11:35.0272 3212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:11:35.0350 3212 udfs - ok
14:11:35.0428 3212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:11:35.0443 3212 uliagpkx - ok
14:11:35.0475 3212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:11:35.0506 3212 umbus - ok
14:11:35.0537 3212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:11:35.0584 3212 UmPass - ok
14:11:35.0677 3212 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:11:35.0693 3212 USBAAPL64 - ok
14:11:35.0724 3212 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:35.0755 3212 usbccgp - ok
14:11:35.0787 3212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:11:35.0833 3212 usbcir - ok
14:11:35.0911 3212 usbdpfp - ok
14:11:35.0943 3212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:11:35.0989 3212 usbehci - ok
14:11:36.0036 3212 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
14:11:36.0067 3212 usbfilter - ok
14:11:36.0099 3212 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:11:36.0161 3212 usbhub - ok
14:11:36.0239 3212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:11:36.0286 3212 usbohci - ok
14:11:36.0348 3212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:11:36.0411 3212 usbprint - ok
14:11:36.0442 3212 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:11:36.0473 3212 usbscan - ok
14:11:36.0535 3212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:36.0582 3212 USBSTOR - ok
14:11:36.0613 3212 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:36.0676 3212 usbuhci - ok
14:11:36.0738 3212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:11:36.0754 3212 vdrvroot - ok
14:11:36.0847 3212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:36.0879 3212 vga - ok
14:11:36.0894 3212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:11:36.0972 3212 VgaSave - ok
14:11:37.0035 3212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:11:37.0050 3212 vhdmp - ok
14:11:37.0081 3212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:11:37.0097 3212 viaide - ok
14:11:37.0144 3212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:11:37.0175 3212 volmgr - ok
14:11:37.0206 3212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:11:37.0237 3212 volmgrx - ok
14:11:37.0269 3212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:11:37.0284 3212 volsnap - ok
14:11:37.0300 3212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:11:37.0315 3212 vsmraid - ok
14:11:37.0378 3212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:11:37.0440 3212 vwifibus - ok
14:11:37.0471 3212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:11:37.0518 3212 vwififlt - ok
14:11:37.0581 3212 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:11:37.0612 3212 vwifimp - ok
14:11:37.0705 3212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:11:37.0721 3212 WacomPen - ok
14:11:37.0924 3212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:38.0002 3212 WANARP - ok
14:11:38.0017 3212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:38.0033 3212 Wanarpv6 - ok
14:11:38.0080 3212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:11:38.0080 3212 Wd - ok
14:11:38.0111 3212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:11:38.0142 3212 Wdf01000 - ok
14:11:38.0236 3212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:11:38.0283 3212 WfpLwf - ok
14:11:38.0298 3212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:11:38.0298 3212 WIMMount - ok
14:11:38.0361 3212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:11:38.0423 3212 WinUsb - ok
14:11:38.0485 3212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:11:38.0501 3212 WmiAcpi - ok
14:11:38.0579 3212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:11:38.0673 3212 ws2ifsl - ok
14:11:38.0704 3212 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:11:38.0766 3212 WSDPrintDevice - ok
14:11:38.0797 3212 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
14:11:38.0844 3212 WSDScan - ok
14:11:38.0953 3212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:11:39.0063 3212 WudfPf - ok
14:11:39.0094 3212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:39.0187 3212 WUDFRd - ok
14:11:39.0234 3212 MBR (0x1B8) (3d14f55c0b66d28af0debca3cd3ab76d) \Device\Harddisk0\DR0
14:11:39.0515 3212 \Device\Harddisk0\DR0 - ok
14:11:39.0531 3212 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
14:11:40.0201 3212 \Device\Harddisk1\DR1 - ok
14:11:40.0201 3212 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk6\DR9
14:11:40.0825 3212 \Device\Harddisk6\DR9 - ok
14:11:40.0825 3212 Boot (0x1200) (fdea19f22f6ae46925d3d596775c9667) \Device\Harddisk0\DR0\Partition0
14:11:40.0825 3212 \Device\Harddisk0\DR0\Partition0 - ok
14:11:40.0872 3212 Boot (0x1200) (349dfbf1a8bbaea32a7b5c513f057abc) \Device\Harddisk0\DR0\Partition1
14:11:40.0872 3212 \Device\Harddisk0\DR0\Partition1 - ok
14:11:40.0903 3212 Boot (0x1200) (20bdf5efbc5654ca2d4b1f94a7f90683) \Device\Harddisk0\DR0\Partition2
14:11:40.0903 3212 \Device\Harddisk0\DR0\Partition2 - ok
14:11:40.0903 3212 Boot (0x1200) (c95d17da067ca6e3fd2cc2a7adea4088) \Device\Harddisk1\DR1\Partition0
14:11:40.0919 3212 \Device\Harddisk1\DR1\Partition0 - ok
14:11:40.0919 3212 Boot (0x1200) (d532e225e34d3a5a964b7c05b8736f31) \Device\Harddisk6\DR9\Partition0
14:11:40.0919 3212 \Device\Harddisk6\DR9\Partition0 - ok
14:11:40.0919 3212 ============================================================
14:11:40.0919 3212 Scan finished
14:11:40.0919 3212 ============================================================
14:11:40.0935 4016 Detected object count: 0
14:11:40.0935 4016 Actual detected object count: 0
14:14:39.0929 2900 ============================================================
14:14:39.0929 2900 Scan started
14:14:39.0929 2900 Mode: Manual; SigCheck; TDLFS;
14:14:39.0929 2900 ============================================================
14:14:40.0210 2900 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:14:40.0257 2900 1394ohci - ok
14:14:40.0288 2900 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:14:40.0304 2900 ACPI - ok
14:14:40.0335 2900 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:14:40.0350 2900 AcpiPmi - ok
14:14:40.0382 2900 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:14:40.0397 2900 adp94xx - ok
14:14:40.0444 2900 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:14:40.0475 2900 adpahci - ok
14:14:40.0522 2900 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:14:40.0553 2900 adpu320 - ok
14:14:40.0569 2900 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:14:40.0600 2900 AFD - ok
14:14:40.0616 2900 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:14:40.0631 2900 agp440 - ok
14:14:40.0678 2900 ahcix64s (b7103982196eb826be70f29405c566db) C:\Windows\system32\DRIVERS\ahcix64s.sys
14:14:40.0694 2900 ahcix64s - ok
14:14:40.0725 2900 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:14:40.0740 2900 aliide - ok
14:14:40.0772 2900 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:14:40.0787 2900 amdide - ok
14:14:40.0818 2900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:14:40.0834 2900 AmdK8 - ok
14:14:40.0974 2900 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:14:41.0052 2900 amdkmdag - ok
14:14:41.0099 2900 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
14:14:41.0115 2900 amdkmdap - ok
14:14:41.0162 2900 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:14:41.0193 2900 AmdPPM - ok
14:14:41.0208 2900 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
14:14:41.0224 2900 amdsata - ok
14:14:41.0240 2900 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:14:41.0255 2900 amdsbs - ok
14:14:41.0255 2900 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
14:14:41.0271 2900 amdxata - ok
14:14:41.0286 2900 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:14:41.0318 2900 AppID - ok
14:14:41.0380 2900 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:14:41.0411 2900 arc - ok
14:14:41.0442 2900 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:14:41.0474 2900 arcsas - ok
14:14:41.0505 2900 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:14:41.0536 2900 AsyncMac - ok
14:14:41.0567 2900 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:14:41.0567 2900 atapi - ok
14:14:41.0614 2900 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:14:41.0630 2900 AtiPcie - ok
14:14:41.0676 2900 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:14:41.0692 2900 b06bdrv - ok
14:14:41.0739 2900 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:14:41.0754 2900 b57nd60a - ok
14:14:41.0770 2900 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:14:41.0817 2900 Beep - ok
14:14:41.0832 2900 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:41.0848 2900 blbdrive - ok
14:14:41.0864 2900 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:14:41.0864 2900 bowser - ok
14:14:41.0910 2900 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:14:41.0942 2900 BrFiltLo - ok
14:14:41.0957 2900 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:14:41.0973 2900 BrFiltUp - ok
14:14:42.0020 2900 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:14:42.0051 2900 Brserid - ok
14:14:42.0066 2900 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:42.0082 2900 BrSerWdm - ok
14:14:42.0098 2900 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:42.0113 2900 BrUsbMdm - ok
14:14:42.0160 2900 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:42.0176 2900 BrUsbSer - ok
14:14:42.0222 2900 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:14:42.0254 2900 BthEnum - ok
14:14:42.0269 2900 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:14:42.0285 2900 BTHMODEM - ok
14:14:42.0316 2900 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:14:42.0332 2900 BthPan - ok
14:14:42.0363 2900 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:14:42.0378 2900 BTHPORT - ok
14:14:42.0441 2900 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:14:42.0456 2900 BTHUSB - ok
14:14:42.0472 2900 catchme - ok
14:14:42.0503 2900 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:14:42.0566 2900 cdfs - ok
14:14:42.0581 2900 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:14:42.0597 2900 cdrom - ok
14:14:42.0628 2900 CH341SER_A64 (37c29f723a1174b21e7cc6e66d7c2c37) C:\Windows\system32\Drivers\CH341S64.SYS
14:14:42.0628 2900 CH341SER_A64 - ok
14:14:42.0659 2900 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:14:42.0690 2900 circlass - ok
14:14:42.0722 2900 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:14:42.0768 2900 CLFS - ok
14:14:42.0800 2900 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:14:42.0815 2900 CmBatt - ok
14:14:42.0831 2900 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:14:42.0831 2900 cmdide - ok
14:14:42.0878 2900 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:14:42.0893 2900 CNG - ok
14:14:42.0924 2900 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:14:42.0940 2900 Compbatt - ok
14:14:42.0956 2900 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:14:42.0971 2900 CompositeBus - ok
14:14:43.0002 2900 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:14:43.0034 2900 crcdisk - ok
14:14:43.0065 2900 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:14:43.0080 2900 dc3d - ok
14:14:43.0112 2900 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:14:43.0158 2900 DfsC - ok
14:14:43.0190 2900 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:14:43.0221 2900 discache - ok
14:14:43.0268 2900 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:14:43.0283 2900 Disk - ok
14:14:43.0314 2900 dpK00701 - ok
14:14:43.0330 2900 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:14:43.0346 2900 drmkaud - ok
14:14:43.0377 2900 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:14:43.0408 2900 DXGKrnl - ok
14:14:43.0486 2900 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:14:43.0533 2900 ebdrv - ok
14:14:43.0611 2900 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:14:43.0642 2900 elxstor - ok
14:14:43.0673 2900 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:14:43.0689 2900 ErrDev - ok
14:14:43.0736 2900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:14:43.0782 2900 exfat - ok
14:14:43.0798 2900 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:14:43.0829 2900 fastfat - ok
14:14:43.0892 2900 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:14:43.0907 2900 fdc - ok
14:14:43.0938 2900 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:14:43.0954 2900 FileInfo - ok
14:14:43.0970 2900 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:14:44.0016 2900 Filetrace - ok
14:14:44.0032 2900 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:14:44.0032 2900 flpydisk - ok
14:14:44.0063 2900 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:14:44.0079 2900 FltMgr - ok
14:14:44.0126 2900 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:14:44.0157 2900 FsDepends - ok
14:14:44.0172 2900 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:14:44.0188 2900 fssfltr - ok
14:14:44.0204 2900 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:14:44.0219 2900 Fs_Rec - ok
14:14:44.0250 2900 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:14:44.0266 2900 fvevol - ok
14:14:44.0297 2900 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:14:44.0313 2900 gagp30kx - ok
14:14:44.0375 2900 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:14:44.0391 2900 GEARAspiWDM - ok
14:14:44.0422 2900 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:14:44.0438 2900 hcw85cir - ok
14:14:44.0469 2900 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:14:44.0484 2900 HdAudAddService - ok
14:14:44.0500 2900 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:14:44.0516 2900 HDAudBus - ok
14:14:44.0547 2900 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:14:44.0562 2900 HidBatt - ok
14:14:44.0625 2900 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:14:44.0656 2900 HidBth - ok
14:14:44.0672 2900 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:14:44.0687 2900 HidIr - ok
14:14:44.0703 2900 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:14:44.0718 2900 HidUsb - ok
14:14:44.0765 2900 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:14:44.0781 2900 HpSAMD - ok
14:14:44.0906 2900 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:14:44.0952 2900 HTTP - ok
14:14:45.0030 2900 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:14:45.0046 2900 hwpolicy - ok
14:14:45.0062 2900 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:14:45.0093 2900 i8042prt - ok
14:14:45.0140 2900 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:14:45.0171 2900 iaStorV - ok
14:14:45.0233 2900 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:14:45.0249 2900 iirsp - ok
14:14:45.0311 2900 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:14:45.0358 2900 IntcAzAudAddService - ok
14:14:45.0374 2900 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:14:45.0374 2900 intelide - ok
14:14:45.0405 2900 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:14:45.0405 2900 intelppm - ok
14:14:45.0483 2900 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:45.0545 2900 IpFilterDriver - ok
14:14:45.0561 2900 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:14:45.0561 2900 IPMIDRV - ok
14:14:45.0592 2900 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:14:45.0608 2900 IPNAT - ok
14:14:45.0623 2900 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:14:45.0639 2900 IRENUM - ok
14:14:45.0654 2900 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:14:45.0670 2900 isapnp - ok
14:14:45.0732 2900 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:14:45.0764 2900 iScsiPrt - ok
14:14:45.0764 2900 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:14:45.0779 2900 kbdclass - ok
14:14:45.0795 2900 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:14:45.0795 2900 kbdhid - ok
14:14:45.0826 2900 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:14:45.0842 2900 KSecDD - ok
14:14:45.0873 2900 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:14:45.0888 2900 KSecPkg - ok
14:14:45.0951 2900 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:14:46.0013 2900 ksthunk - ok
14:14:46.0013 2900 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:14:46.0044 2900 lltdio - ok
14:14:46.0076 2900 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:14:46.0076 2900 LSI_FC - ok
14:14:46.0091 2900 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:14:46.0107 2900 LSI_SAS - ok
14:14:46.0122 2900 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:14:46.0122 2900 LSI_SAS2 - ok
14:14:46.0138 2900 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:14:46.0154 2900 LSI_SCSI - ok
14:14:46.0216 2900 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:14:46.0278 2900 luafv - ok
14:14:46.0294 2900 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:14:46.0294 2900 megasas - ok
14:14:46.0310 2900 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:14:46.0325 2900 MegaSR - ok
14:14:46.0341 2900 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:14:46.0356 2900 Modem - ok
14:14:46.0372 2900 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:14:46.0388 2900 monitor - ok
14:14:46.0403 2900 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:14:46.0403 2900 mouclass - ok
14:14:46.0481 2900 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:14:46.0497 2900 mouhid - ok
14:14:46.0528 2900 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:14:46.0559 2900 mountmgr - ok
14:14:46.0590 2900 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:14:46.0606 2900 MpFilter - ok
14:14:46.0622 2900 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:14:46.0622 2900 mpio - ok
14:14:46.0637 2900 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:14:46.0653 2900 MpNWMon - ok
14:14:46.0715 2900 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:14:46.0778 2900 mpsdrv - ok
14:14:46.0809 2900 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:14:46.0824 2900 MRxDAV - ok
14:14:46.0840 2900 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:46.0840 2900 mrxsmb - ok
14:14:46.0871 2900 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:46.0887 2900 mrxsmb10 - ok
14:14:46.0902 2900 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:46.0902 2900 mrxsmb20 - ok
14:14:46.0980 2900 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:14:46.0980 2900 msahci - ok
14:14:46.0996 2900 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:14:47.0012 2900 msdsm - ok
14:14:47.0027 2900 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:14:47.0058 2900 Msfs - ok
14:14:47.0074 2900 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:14:47.0105 2900 mshidkmdf - ok
14:14:47.0105 2900 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:14:47.0121 2900 msisadrv - ok
14:14:47.0136 2900 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:14:47.0168 2900 MSKSSRV - ok
14:14:47.0230 2900 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:47.0292 2900 MSPCLOCK - ok
14:14:47.0292 2900 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:14:47.0324 2900 MSPQM - ok
14:14:47.0339 2900 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:14:47.0355 2900 MsRPC - ok
14:14:47.0370 2900 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:14:47.0386 2900 mssmbios - ok
14:14:47.0417 2900 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:14:47.0448 2900 MSTEE - ok
14:14:47.0464 2900 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:14:47.0480 2900 MTConfig - ok
14:14:47.0526 2900 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:14:47.0558 2900 Mup - ok
14:14:47.0589 2900 mv2 (621c40398b1a0242acbcc2ba65c23a66) C:\Windows\system32\DRIVERS\mv2.sys
14:14:47.0604 2900 mv2 - ok
14:14:47.0620 2900 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:14:47.0636 2900 NativeWifiP - ok
14:14:47.0698 2900 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:14:47.0714 2900 NDIS - ok
14:14:47.0776 2900 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:47.0838 2900 NdisCap - ok
14:14:47.0854 2900 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:47.0870 2900 NdisTapi - ok
14:14:47.0901 2900 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:47.0932 2900 Ndisuio - ok
14:14:47.0963 2900 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:47.0979 2900 NdisWan - ok
14:14:48.0010 2900 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:14:48.0073 2900 NDProxy - ok
14:14:48.0119 2900 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:14:48.0182 2900 NetBIOS - ok
14:14:48.0213 2900 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:14:48.0229 2900 NetBT - ok
14:14:48.0275 2900 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
14:14:48.0291 2900 netr28x - ok
14:14:48.0338 2900 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:14:48.0338 2900 nfrd960 - ok
14:14:48.0400 2900 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:14:48.0431 2900 NisDrv - ok
14:14:48.0463 2900 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
14:14:48.0478 2900 NPF - ok
14:14:48.0494 2900 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:14:48.0525 2900 Npfs - ok
14:14:48.0541 2900 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:14:48.0572 2900 nsiproxy - ok
14:14:48.0603 2900 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:14:48.0634 2900 Ntfs - ok
14:14:48.0697 2900 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:14:48.0712 2900 NuidFltr - ok
14:14:48.0743 2900 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:14:48.0806 2900 Null - ok
14:14:48.0821 2900 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:14:48.0821 2900 nvraid - ok
14:14:48.0837 2900 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:14:48.0853 2900 nvstor - ok
14:14:48.0868 2900 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:14:48.0884 2900 nv_agp - ok
14:14:48.0931 2900 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:14:48.0962 2900 ohci1394 - ok
14:14:49.0009 2900 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:14:49.0024 2900 Parport - ok
14:14:49.0055 2900 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:14:49.0055 2900 partmgr - ok
14:14:49.0071 2900 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:14:49.0087 2900 pci - ok
14:14:49.0118 2900 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:14:49.0118 2900 pciide - ok
14:14:49.0180 2900 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:14:49.0211 2900 pcmcia - ok
14:14:49.0243 2900 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:14:49.0274 2900 pcw - ok
14:14:49.0289 2900 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:14:49.0336 2900 PEAUTH - ok
14:14:49.0367 2900 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:14:49.0367 2900 Point64 - ok
14:14:49.0399 2900 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:14:49.0430 2900 PptpMiniport - ok
14:14:49.0492 2900 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:14:49.0523 2900 Processor - ok
14:14:49.0570 2900 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:14:49.0617 2900 Psched - ok
14:14:49.0648 2900 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:14:49.0664 2900 ql2300 - ok
14:14:49.0679 2900 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:14:49.0695 2900 ql40xx - ok
14:14:49.0757 2900 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:14:49.0789 2900 QWAVEdrv - ok
14:14:49.0820 2900 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:14:49.0851 2900 RasAcd - ok
14:14:49.0867 2900 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:14:49.0882 2900 RasAgileVpn - ok
14:14:49.0913 2900 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:14:49.0945 2900 Rasl2tp - ok
14:14:49.0960 2900 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:14:49.0976 2900 RasPppoe - ok
14:14:49.0991 2900 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:14:50.0023 2900 RasSstp - ok
14:14:50.0101 2900 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:14:50.0163 2900 rdbss - ok
14:14:50.0194 2900 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:14:50.0210 2900 rdpbus - ok
14:14:50.0241 2900 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:14:50.0272 2900 RDPCDD - ok
14:14:50.0288 2900 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:14:50.0303 2900 RDPENCDD - ok
14:14:50.0319 2900 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:14:50.0350 2900 RDPREFMP - ok
14:14:50.0413 2900 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:14:50.0475 2900 RDPWD - ok
14:14:50.0522 2900 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:14:50.0553 2900 rdyboost - ok
14:14:50.0584 2900 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:14:50.0600 2900 RFCOMM - ok
14:14:50.0631 2900 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:14:50.0662 2900 rspndr - ok
14:14:50.0725 2900 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:14:50.0756 2900 RTL8167 - ok
14:14:50.0787 2900 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:14:50.0803 2900 sbp2port - ok
14:14:50.0834 2900 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:14:50.0865 2900 scfilter - ok
14:14:50.0896 2900 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:14:50.0927 2900 secdrv - ok
14:14:50.0974 2900 Ser2pl - ok
14:14:51.0005 2900 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:14:51.0021 2900 Serenum - ok
14:14:51.0052 2900 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:14:51.0068 2900 Serial - ok
14:14:51.0099 2900 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:14:51.0115 2900 sermouse - ok
14:14:51.0130 2900 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:14:51.0130 2900 sffdisk - ok
14:14:51.0161 2900 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:14:51.0161 2900 sffp_mmc - ok
14:14:51.0224 2900 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:14:51.0255 2900 sffp_sd - ok
14:14:51.0286 2900 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:14:51.0302 2900 sfloppy - ok
14:14:51.0317 2900 silabenm (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys
14:14:51.0333 2900 silabenm - ok
14:14:51.0333 2900 silabser (39a6f89d7eff9b1b839570134170d859) C:\Windows\system32\DRIVERS\silabser.sys
14:14:51.0349 2900 silabser - ok
14:14:51.0364 2900 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:14:51.0364 2900 SiSRaid2 - ok
14:14:51.0380 2900 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:14:51.0395 2900 SiSRaid4 - ok
14:14:51.0458 2900 SIUSBXP (55c26c510199730d3eb87db9cb77ed29) C:\Windows\system32\drivers\SiUSBXp.sys
14:14:51.0489 2900 SIUSBXP - ok
14:14:51.0520 2900 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:14:51.0567 2900 Smb - ok
14:14:51.0583 2900 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:14:51.0583 2900 spldr - ok
14:14:51.0614 2900 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:14:51.0629 2900 srv - ok
14:14:51.0645 2900 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:14:51.0661 2900 srv2 - ok
14:14:51.0707 2900 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:14:51.0739 2900 srvnet - ok
14:14:51.0770 2900 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:14:51.0785 2900 stexstor - ok
14:14:51.0817 2900 Svk2pl (3d120c97d6d047f33ac0c08d35f31103) C:\Windows\system32\DRIVERS\Svk2pl64.sys
14:14:51.0832 2900 Svk2pl - ok
14:14:51.0848 2900 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:14:51.0863 2900 swenum - ok
14:14:51.0973 2900 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:14:52.0004 2900 Tcpip - ok
14:14:52.0035 2900 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:14:52.0066 2900 TCPIP6 - ok
14:14:52.0097 2900 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:14:52.0160 2900 tcpipreg - ok
14:14:52.0175 2900 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:14:52.0222 2900 TDPIPE - ok
14:14:52.0238 2900 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:14:52.0269 2900 TDTCP - ok
14:14:52.0331 2900 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:14:52.0378 2900 tdx - ok
14:14:52.0394 2900 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:14:52.0409 2900 teamviewervpn - ok
14:14:52.0425 2900 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:14:52.0441 2900 TermDD - ok
14:14:52.0472 2900 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:14:52.0503 2900 tssecsrv - ok
14:14:52.0519 2900 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:14:52.0519 2900 TsUsbFlt - ok
14:14:52.0597 2900 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:14:52.0659 2900 tunnel - ok
14:14:52.0675 2900 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:14:52.0690 2900 uagp35 - ok
14:14:52.0706 2900 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:14:52.0737 2900 udfs - ok
14:14:52.0768 2900 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:14:52.0799 2900 uliagpkx - ok
14:14:52.0831 2900 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:14:52.0862 2900 umbus - ok
14:14:52.0877 2900 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:14:52.0893 2900 UmPass - ok
14:14:52.0924 2900 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:14:52.0940 2900 USBAAPL64 - ok
14:14:52.0971 2900 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:14:52.0987 2900 usbccgp - ok
14:14:53.0018 2900 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:14:53.0033 2900 usbcir - ok
14:14:53.0065 2900 usbdpfp - ok
14:14:53.0096 2900 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:14:53.0111 2900 usbehci - ok
14:14:53.0143 2900 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
14:14:53.0143 2900 usbfilter - ok
14:14:53.0189 2900 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:14:53.0205 2900 usbhub - ok
14:14:53.0236 2900 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:14:53.0252 2900 usbohci - ok
14:14:53.0314 2900 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:14:53.0345 2900 usbprint - ok
14:14:53.0377 2900 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:14:53.0392 2900 usbscan - ok
14:14:53.0423 2900 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:14:53.0439 2900 USBSTOR - ok
14:14:53.0470 2900 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:14:53.0470 2900 usbuhci - ok
14:14:53.0517 2900 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:14:53.0517 2900 vdrvroot - ok
14:14:53.0595 2900 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:14:53.0626 2900 vga - ok
14:14:53.0626 2900 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:14:53.0657 2900 VgaSave - ok
14:14:53.0689 2900 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:14:53.0689 2900 vhdmp - ok
14:14:53.0704 2900 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:14:53.0704 2900 viaide - ok
14:14:53.0735 2900 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:14:53.0735 2900 volmgr - ok
14:14:53.0813 2900 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:14:53.0845 2900 volmgrx - ok
14:14:53.0876 2900 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:14:53.0891 2900 volsnap - ok
14:14:53.0907 2900 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:14:53.0923 2900 vsmraid - ok
14:14:53.0985 2900 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:14:54.0016 2900 vwifibus - ok
14:14:54.0047 2900 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:14:54.0079 2900 vwififlt - ok
14:14:54.0094 2900 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:14:54.0110 2900 vwifimp - ok
14:14:54.0157 2900 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:14:54.0188 2900 WacomPen - ok
14:14:54.0266 2900 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:14:54.0313 2900 WANARP - ok
14:14:54.0313 2900 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:14:54.0344 2900 Wanarpv6 - ok
14:14:54.0359 2900 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:14:54.0375 2900 Wd - ok
14:14:54.0391 2900 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:14:54.0406 2900 Wdf01000 - ok
14:14:54.0437 2900 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:14:54.0453 2900 WfpLwf - ok
14:14:54.0484 2900 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:14:54.0484 2900 WIMMount - ok
14:14:54.0562 2900 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:14:54.0593 2900 WinUsb - ok
14:14:54.0609 2900 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:14:54.0625 2900 WmiAcpi - ok
14:14:54.0656 2900 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:14:54.0671 2900 ws2ifsl - ok
14:14:54.0703 2900 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:14:54.0718 2900 WSDPrintDevice - ok
14:14:54.0749 2900 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
14:14:54.0765 2900 WSDScan - ok
14:14:54.0812 2900 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:14:54.0874 2900 WudfPf - ok
14:14:54.0890 2900 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:14:54.0921 2900 WUDFRd - ok
14:14:54.0937 2900 MBR (0x1B8) (3d14f55c0b66d28af0debca3cd3ab76d) \Device\Harddisk0\DR0
14:14:55.0233 2900 \Device\Harddisk0\DR0 - ok
14:14:55.0249 2900 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
14:14:55.0919 2900 \Device\Harddisk1\DR1 - ok
14:14:55.0919 2900 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk6\DR9
14:14:56.0559 2900 \Device\Harddisk6\DR9 - ok
14:14:56.0559 2900 Boot (0x1200) (fdea19f22f6ae46925d3d596775c9667) \Device\Harddisk0\DR0\Partition0
14:14:56.0559 2900 \Device\Harddisk0\DR0\Partition0 - ok
14:14:56.0590 2900 Boot (0x1200) (349dfbf1a8bbaea32a7b5c513f057abc) \Device\Harddisk0\DR0\Partition1
14:14:56.0590 2900 \Device\Harddisk0\DR0\Partition1 - ok
14:14:56.0621 2900 Boot (0x1200) (20bdf5efbc5654ca2d4b1f94a7f90683) \Device\Harddisk0\DR0\Partition2
14:14:56.0621 2900 \Device\Harddisk0\DR0\Partition2 - ok
14:14:56.0637 2900 Boot (0x1200) (c95d17da067ca6e3fd2cc2a7adea4088) \Device\Harddisk1\DR1\Partition0
14:14:56.0637 2900 \Device\Harddisk1\DR1\Partition0 - ok
14:14:56.0637 2900 Boot (0x1200) (d532e225e34d3a5a964b7c05b8736f31) \Device\Harddisk6\DR9\Partition0
14:14:56.0637 2900 \Device\Harddisk6\DR9\Partition0 - ok
14:14:56.0653 2900 ============================================================
14:14:56.0653 2900 Scan finished
14:14:56.0653 2900 ============================================================
14:14:56.0653 2816 Detected object count: 0
14:14:56.0653 2816 Actual detected object count: 0
14:15:12.0688 3524 ============================================================
14:15:12.0688 3524 Scan started
14:15:12.0688 3524 Mode: Manual; SigCheck; TDLFS;
14:15:12.0688 3524 ============================================================
14:15:13.0624 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:15:13.0655 3524 1394ohci - ok
14:15:13.0686 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:15:13.0702 3524 ACPI - ok
14:15:13.0733 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:15:13.0764 3524 AcpiPmi - ok
14:15:13.0811 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:15:13.0827 3524 adp94xx - ok
14:15:13.0905 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:15:13.0936 3524 adpahci - ok
14:15:13.0951 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:15:13.0983 3524 adpu320 - ok
14:15:14.0014 3524 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:15:14.0029 3524 AFD - ok
14:15:14.0061 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:15:14.0076 3524 agp440 - ok
14:15:14.0154 3524 ahcix64s (b7103982196eb826be70f29405c566db) C:\Windows\system32\DRIVERS\ahcix64s.sys
14:15:14.0170 3524 ahcix64s - ok
14:15:14.0185 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:15:14.0217 3524 aliide - ok
14:15:14.0217 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:15:14.0232 3524 amdide - ok
14:15:14.0248 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:15:14.0263 3524 AmdK8 - ok
14:15:14.0404 3524 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:15:14.0466 3524 amdkmdag - ok
14:15:14.0575 3524 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
14:15:14.0607 3524 amdkmdap - ok
14:15:14.0669 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:15:14.0685 3524 AmdPPM - ok
14:15:14.0747 3524 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
14:15:14.0763 3524 amdsata - ok
14:15:14.0887 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:15:14.0903 3524 amdsbs - ok
14:15:14.0919 3524 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
14:15:14.0919 3524 amdxata - ok
14:15:14.0965 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:15:14.0981 3524 AppID - ok
14:15:15.0012 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:15:15.0028 3524 arc - ok
14:15:15.0028 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:15:15.0043 3524 arcsas - ok
14:15:15.0075 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:15.0090 3524 AsyncMac - ok
14:15:15.0168 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:15:15.0184 3524 atapi - ok
14:15:15.0215 3524 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:15:15.0215 3524 AtiPcie - ok
14:15:15.0262 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:15:15.0262 3524 b06bdrv - ok
14:15:15.0293 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:15:15.0293 3524 b57nd60a - ok
14:15:15.0324 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:15:15.0355 3524 Beep - ok
14:15:15.0402 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:15:15.0433 3524 blbdrive - ok
14:15:15.0465 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:15:15.0496 3524 bowser - ok
14:15:15.0511 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:15:15.0543 3524 BrFiltLo - ok
14:15:15.0574 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:15:15.0605 3524 BrFiltUp - ok
14:15:15.0636 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:15:15.0652 3524 Brserid - ok
14:15:15.0714 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:15.0745 3524 BrSerWdm - ok
14:15:15.0745 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:15.0761 3524 BrUsbMdm - ok
14:15:15.0792 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:15.0808 3524 BrUsbSer - ok
14:15:15.0823 3524 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:15:15.0839 3524 BthEnum - ok
14:15:15.0855 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:15:15.0870 3524 BTHMODEM - ok
14:15:15.0901 3524 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:15:15.0917 3524 BthPan - ok
14:15:15.0979 3524 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:15:16.0011 3524 BTHPORT - ok
14:15:16.0026 3524 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:15:16.0042 3524 BTHUSB - ok
14:15:16.0042 3524 catchme - ok
14:15:16.0073 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:15:16.0104 3524 cdfs - ok
14:15:16.0120 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:15:16.0135 3524 cdrom - ok
14:15:16.0167 3524 CH341SER_A64 (37c29f723a1174b21e7cc6e66d7c2c37) C:\Windows\system32\Drivers\CH341S64.SYS
14:15:16.0167 3524 CH341SER_A64 - ok
14:15:16.0229 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:15:16.0245 3524 circlass - ok
14:15:16.0276 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:15:16.0276 3524 CLFS - ok
14:15:16.0307 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:15:16.0307 3524 CmBatt - ok
14:15:16.0323 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:15:16.0338 3524 cmdide - ok
14:15:16.0369 3524 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:15:16.0385 3524 CNG - ok
14:15:16.0416 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:15:16.0416 3524 Compbatt - ok
14:15:16.0479 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:15:16.0494 3524 CompositeBus - ok
14:15:16.0510 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:15:16.0510 3524 crcdisk - ok
14:15:16.0541 3524 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:15:16.0541 3524 dc3d - ok
14:15:16.0588 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:15:16.0603 3524 DfsC - ok
14:15:16.0635 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:15:16.0650 3524 discache - ok
14:15:16.0728 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:15:16.0759 3524 Disk - ok
14:15:16.0775 3524 dpK00701 - ok
14:15:16.0791 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:15:16.0822 3524 drmkaud - ok
14:15:16.0869 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:15:16.0900 3524 DXGKrnl - ok
14:15:16.0962 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:15:17.0009 3524 ebdrv - ok
14:15:17.0103 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:15:17.0118 3524 elxstor - ok
14:15:17.0149 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:15:17.0149 3524 ErrDev - ok
14:15:17.0181 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:15:17.0227 3524 exfat - ok
14:15:17.0243 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:15:17.0274 3524 fastfat - ok
14:15:17.0290 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:15:17.0290 3524 fdc - ok
14:15:17.0352 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:15:17.0383 3524 FileInfo - ok
14:15:17.0399 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:15:17.0446 3524 Filetrace - ok
14:15:17.0461 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:15:17.0477 3524 flpydisk - ok
14:15:17.0493 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:15:17.0508 3524 FltMgr - ok
14:15:17.0524 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:15:17.0539 3524 FsDepends - ok
14:15:17.0602 3524 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:15:17.0617 3524 fssfltr - ok
14:15:17.0649 3524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:15:17.0664 3524 Fs_Rec - ok
14:15:17.0695 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:15:17.0727 3524 fvevol - ok
14:15:17.0758 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:15:17.0758 3524 gagp30kx - ok
14:15:17.0773 3524 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:15:17.0773 3524 GEARAspiWDM - ok
14:15:17.0851 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:15:17.0851 3524 hcw85cir - ok
14:15:17.0883 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:15:17.0898 3524 HdAudAddService - ok
14:15:17.0914 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:15:17.0929 3524 HDAudBus - ok
14:15:17.0945 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:15:17.0945 3524 HidBatt - ok
14:15:17.0961 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:15:17.0976 3524 HidBth - ok
14:15:17.0992 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:15:18.0007 3524 HidIr - ok
14:15:18.0070 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:15:18.0085 3524 HidUsb - ok
14:15:18.0117 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:15:18.0117 3524 HpSAMD - ok
14:15:18.0148 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:15:18.0179 3524 HTTP - ok
14:15:18.0210 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:15:18.0210 3524 hwpolicy - ok
14:15:18.0226 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:15:18.0241 3524 i8042prt - ok
14:15:18.0273 3524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:15:18.0273 3524 iaStorV - ok
14:15:18.0351 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:15:18.0351 3524 iirsp - ok
14:15:18.0413 3524 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:15:18.0444 3524 IntcAzAudAddService - ok
14:15:18.0460 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:15:18.0475 3524 intelide - ok
14:15:18.0491 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:15:18.0491 3524 intelppm - ok
14:15:18.0538 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:18.0553 3524 IpFilterDriver - ok
14:15:18.0616 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:15:18.0631 3524 IPMIDRV - ok
14:15:18.0756 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:15:18.0787 3524 IPNAT - ok
14:15:18.0850 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:15:18.0881 3524 IRENUM - ok
14:15:18.0897 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:15:18.0912 3524 isapnp - ok
14:15:18.0943 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:15:18.0943 3524 iScsiPrt - ok
14:15:18.0959 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:15:18.0975 3524 kbdclass - ok
14:15:19.0037 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:15:19.0037 3524 kbdhid - ok
14:15:19.0068 3524 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:15:19.0084 3524 KSecDD - ok
14:15:19.0115 3524 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:15:19.0115 3524 KSecPkg - ok
14:15:19.0146 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:15:19.0162 3524 ksthunk - ok
14:15:19.0193 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:15:19.0209 3524 lltdio - ok
14:15:19.0240 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:15:19.0255 3524 LSI_FC - ok
14:15:19.0318 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:15:19.0318 3524 LSI_SAS - ok
14:15:19.0333 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:15:19.0333 3524 LSI_SAS2 - ok
14:15:19.0365 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:15:19.0365 3524 LSI_SCSI - ok
14:15:19.0380 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:15:19.0411 3524 luafv - ok
14:15:19.0427 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:15:19.0443 3524 megasas - ok
14:15:19.0458 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:15:19.0458 3524 MegaSR - ok
14:15:19.0474 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:15:19.0505 3524 Modem - ok
14:15:19.0567 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:15:19.0599 3524 monitor - ok
14:15:19.0614 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:15:19.0630 3524 mouclass - ok
14:15:19.0645 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:15:19.0661 3524 mouhid - ok
14:15:19.0692 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:15:19.0708 3524 mountmgr - ok
14:15:19.0739 3524 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:15:19.0755 3524 MpFilter - ok
14:15:19.0833 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:15:19.0848 3524 mpio - ok
14:15:19.0864 3524 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:15:19.0879 3524 MpNWMon - ok
14:15:19.0911 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:15:19.0942 3524 mpsdrv - ok
14:15:19.0973 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:15:19.0989 3524 MRxDAV - ok
14:15:20.0004 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:20.0020 3524 mrxsmb - ok
14:15:20.0098 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:20.0098 3524 mrxsmb10 - ok
14:15:20.0113 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:20.0129 3524 mrxsmb20 - ok
14:15:20.0145 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:15:20.0160 3524 msahci - ok
14:15:20.0176 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:15:20.0176 3524 msdsm - ok
14:15:20.0566 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:15:20.0597 3524 Msfs - ok
14:15:20.0628 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:15:20.0659 3524 mshidkmdf - ok
14:15:20.0691 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:15:20.0691 3524 msisadrv - ok
14:15:20.0722 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:15:20.0737 3524 MSKSSRV - ok
14:15:20.0753 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:20.0784 3524 MSPCLOCK - ok
14:15:20.0862 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:15:20.0956 3524 MSPQM - ok
14:15:21.0034 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:15:21.0049 3524 MsRPC - ok
14:15:21.0096 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:15:21.0112 3524 mssmbios - ok
14:15:21.0143 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:15:21.0174 3524 MSTEE - ok
14:15:21.0205 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:15:21.0205 3524 MTConfig - ok
14:15:21.0237 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:15:21.0252 3524 Mup - ok
14:15:21.0283 3524 mv2 (621c40398b1a0242acbcc2ba65c23a66) C:\Windows\system32\DRIVERS\mv2.sys
14:15:21.0283 3524 mv2 - ok
14:15:21.0330 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:15:21.0346 3524 NativeWifiP - ok
14:15:21.0393 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:15:21.0408 3524 NDIS - ok
14:15:21.0424 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:21.0455 3524 NdisCap - ok
14:15:21.0471 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:21.0486 3524 NdisTapi - ok
14:15:21.0533 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:21.0564 3524 Ndisuio - ok
14:15:21.0611 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:21.0642 3524 NdisWan - ok
14:15:21.0673 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:15:21.0705 3524 NDProxy - ok
14:15:21.0720 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:15:21.0751 3524 NetBIOS - ok
14:15:21.0798 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:15:21.0814 3524 NetBT - ok
14:15:21.0892 3524 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
14:15:21.0907 3524 netr28x - ok
14:15:21.0939 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:15:21.0939 3524 nfrd960 - ok
14:15:21.0970 3524 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:15:21.0985 3524 NisDrv - ok
14:15:22.0017 3524 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
14:15:22.0017 3524 NPF - ok
14:15:22.0048 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:15:22.0110 3524 Npfs - ok
14:15:22.0141 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:15:22.0204 3524 nsiproxy - ok
14:15:22.0251 3524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:15:22.0297 3524 Ntfs - ok
14:15:22.0329 3524 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:15:22.0329 3524 NuidFltr - ok
14:15:22.0375 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:15:22.0422 3524 Null - ok
14:15:22.0469 3524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:15:22.0469 3524 nvraid - ok
14:15:22.0485 3524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:15:22.0500 3524 nvstor - ok
14:15:22.0516 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:15:22.0531 3524 nv_agp - ok
14:15:22.0563 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:15:22.0594 3524 ohci1394 - ok
14:15:22.0625 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:15:22.0641 3524 Parport - ok
14:15:22.0687 3524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:15:22.0703 3524 partmgr - ok
14:15:22.0734 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:15:22.0750 3524 pci - ok
14:15:22.0765 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:15:22.0781 3524 pciide - ok
14:15:22.0828 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:15:22.0828 3524 pcmcia - ok
14:15:22.0890 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:15:22.0890 3524 pcw - ok
14:15:22.0906 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:15:22.0937 3524 PEAUTH - ok
14:15:22.0984 3524 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:15:22.0984 3524 Point64 - ok
14:15:23.0015 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:15:23.0046 3524 PptpMiniport - ok
14:15:23.0093 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:15:23.0093 3524 Processor - ok
14:15:23.0155 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:15:23.0187 3524 Psched - ok
14:15:23.0218 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:15:23.0249 3524 ql2300 - ok
14:15:23.0265 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:23.0265 3524 ql40xx - ok
14:15:23.0311 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:15:23.0327 3524 QWAVEdrv - ok
14:15:23.0358 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:15:23.0389 3524 RasAcd - ok
14:15:23.0421 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:23.0452 3524 RasAgileVpn - ok
14:15:23.0483 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:23.0514 3524 Rasl2tp - ok
14:15:23.0530 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:23.0545 3524 RasPppoe - ok
14:15:23.0561 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:15:23.0592 3524 RasSstp - ok
14:15:23.0639 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:15:23.0655 3524 rdbss - ok
14:15:23.0733 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:23.0733 3524 rdpbus - ok
14:15:23.0764 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:23.0795 3524 RDPCDD - ok
14:15:23.0811 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:15:23.0842 3524 RDPENCDD - ok
14:15:23.0935 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:15:23.0982 3524 RDPREFMP - ok
14:15:24.0123 3524 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:15:24.0185 3524 RDPWD - ok
14:15:24.0357 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:15:24.0372 3524 rdyboost - ok
14:15:24.0403 3524 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:15:24.0419 3524 RFCOMM - ok
14:15:24.0450 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:15:24.0481 3524 rspndr - ok
14:15:24.0544 3524 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:15:24.0575 3524 RTL8167 - ok
14:15:24.0622 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:15:24.0637 3524 sbp2port - ok
14:15:24.0669 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:15:24.0715 3524 scfilter - ok
14:15:24.0747 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:15:24.0778 3524 secdrv - ok
14:15:24.0778 3524 Ser2pl - ok
14:15:24.0809 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:15:24.0809 3524 Serenum - ok
14:15:24.0871 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:15:24.0887 3524 Serial - ok
14:15:24.0934 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:15:24.0949 3524 sermouse - ok
14:15:24.0965 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:15:24.0965 3524 sffdisk - ok
14:15:24.0981 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:15:24.0981 3524 sffp_mmc - ok
14:15:24.0996 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:15:25.0012 3524 sffp_sd - ok
14:15:25.0059 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:25.0059 3524 sfloppy - ok
14:15:25.0090 3524 silabenm (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys
14:15:25.0090 3524 silabenm - ok
14:15:25.0121 3524 silabser (39a6f89d7eff9b1b839570134170d859) C:\Windows\system32\DRIVERS\silabser.sys
14:15:25.0137 3524 silabser - ok
14:15:25.0168 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:25.0168 3524 SiSRaid2 - ok
14:15:25.0261 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:25.0261 3524 SiSRaid4 - ok
14:15:25.0293 3524 SIUSBXP (55c26c510199730d3eb87db9cb77ed29) C:\Windows\system32\drivers\SiUSBXp.sys
14:15:25.0293 3524 SIUSBXP - ok
14:15:25.0324 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:15:25.0355 3524 Smb - ok
14:15:25.0402 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:15:25.0402 3524 spldr - ok
14:15:25.0433 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:15:25.0449 3524 srv - ok
14:15:25.0480 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:15:25.0495 3524 srv2 - ok
14:15:25.0511 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:15:25.0511 3524 srvnet - ok
14:15:25.0542 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:15:25.0542 3524 stexstor - ok
14:15:25.0605 3524 Svk2pl (3d120c97d6d047f33ac0c08d35f31103) C:\Windows\system32\DRIVERS\Svk2pl64.sys
14:15:25.0605 3524 Svk2pl - ok
14:15:25.0636 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:15:25.0636 3524 swenum - ok
14:15:25.0714 3524 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:15:25.0745 3524 Tcpip - ok
14:15:25.0776 3524 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:15:25.0792 3524 TCPIP6 - ok
14:15:25.0839 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:15:25.0854 3524 tcpipreg - ok
14:15:25.0901 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:15:25.0932 3524 TDPIPE - ok
14:15:25.0948 3524 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:15:25.0979 3524 TDTCP - ok
14:15:26.0041 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:15:26.0057 3524 tdx - ok
14:15:26.0088 3524 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:15:26.0088 3524 teamviewervpn - ok
14:15:26.0135 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:15:26.0135 3524 TermDD - ok
14:15:26.0182 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:26.0213 3524 tssecsrv - ok
14:15:26.0228 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:15:26.0244 3524 TsUsbFlt - ok
14:15:26.0275 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:15:26.0306 3524 tunnel - ok
14:15:26.0338 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:15:26.0338 3524 uagp35 - ok
14:15:26.0478 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:15:26.0509 3524 udfs - ok
14:15:26.0634 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:15:26.0650 3524 uliagpkx - ok
14:15:26.0696 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:15:26.0712 3524 umbus - ok
14:15:26.0728 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:15:26.0743 3524 UmPass - ok
14:15:26.0852 3524 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:15:26.0852 3524 USBAAPL64 - ok
14:15:26.0946 3524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:26.0962 3524 usbccgp - ok
14:15:27.0071 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:15:27.0071 3524 usbcir - ok
14:15:27.0118 3524 usbdpfp - ok
14:15:27.0196 3524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:15:27.0196 3524 usbehci - ok
14:15:27.0274 3524 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
14:15:27.0289 3524 usbfilter - ok
14:15:27.0352 3524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:15:27.0352 3524 usbhub - ok
14:15:27.0383 3524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:15:27.0398 3524 usbohci - ok
14:15:27.0430 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:15:27.0430 3524 usbprint - ok
14:15:27.0476 3524 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:15:27.0492 3524 usbscan - ok
14:15:27.0632 3524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:27.0632 3524 USBSTOR - ok
14:15:27.0695 3524 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:15:27.0695 3524 usbuhci - ok
14:15:27.0742 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:15:27.0757 3524 vdrvroot - ok
14:15:27.0773 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:27.0788 3524 vga - ok
14:15:27.0820 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:15:27.0835 3524 VgaSave - ok
14:15:27.0866 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:15:27.0882 3524 vhdmp - ok
14:15:27.0929 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:15:27.0944 3524 viaide - ok
14:15:27.0960 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:15:27.0960 3524 volmgr - ok
14:15:28.0007 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:15:28.0022 3524 volmgrx - ok
14:15:28.0085 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:15:28.0100 3524 volsnap - ok
14:15:28.0116 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:15:28.0132 3524 vsmraid - ok
14:15:28.0194 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:28.0194 3524 vwifibus - ok
14:15:28.0210 3524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:28.0225 3524 vwififlt - ok
14:15:28.0241 3524 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:15:28.0256 3524 vwifimp - ok
14:15:28.0288 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:15:28.0288 3524 WacomPen - ok
14:15:28.0350 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:28.0412 3524 WANARP - ok
14:15:28.0412 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:28.0444 3524 Wanarpv6 - ok
14:15:28.0522 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:15:28.0537 3524 Wd - ok
14:15:28.0568 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:15:28.0584 3524 Wdf01000 - ok
14:15:28.0693 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:28.0756 3524 WfpLwf - ok
14:15:28.0834 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:15:28.0834 3524 WIMMount - ok
14:15:28.0896 3524 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:15:28.0912 3524 WinUsb - ok
14:15:29.0052 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:15:29.0083 3524 WmiAcpi - ok
14:15:29.0161 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:15:29.0192 3524 ws2ifsl - ok
14:15:29.0224 3524 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:15:29.0239 3524 WSDPrintDevice - ok
14:15:29.0380 3524 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
14:15:29.0411 3524 WSDScan - ok
14:15:29.0520 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:15:29.0582 3524 WudfPf - ok
14:15:29.0645 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:29.0707 3524 WUDFRd - ok
14:15:29.0754 3524 MBR (0x1B8) (3d14f55c0b66d28af0debca3cd3ab76d) \Device\Harddisk0\DR0
14:15:30.0035 3524 \Device\Harddisk0\DR0 - ok
14:15:30.0035 3524 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
14:15:30.0674 3524 \Device\Harddisk1\DR1 - ok
14:15:30.0690 3524 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk6\DR9
14:15:31.0330 3524 \Device\Harddisk6\DR9 - ok
14:15:31.0376 3524 Boot (0x1200) (fdea19f22f6ae46925d3d596775c9667) \Device\Harddisk0\DR0\Partition0
14:15:31.0376 3524 \Device\Harddisk0\DR0\Partition0 - ok
14:15:31.0392 3524 Boot (0x1200) (349dfbf1a8bbaea32a7b5c513f057abc) \Device\Harddisk0\DR0\Partition1
14:15:31.0392 3524 \Device\Harddisk0\DR0\Partition1 - ok
14:15:31.0423 3524 Boot (0x1200) (20bdf5efbc5654ca2d4b1f94a7f90683) \Device\Harddisk0\DR0\Partition2
14:15:31.0423 3524 \Device\Harddisk0\DR0\Partition2 - ok
14:15:31.0423 3524 Boot (0x1200) (c95d17da067ca6e3fd2cc2a7adea4088) \Device\Harddisk1\DR1\Partition0
14:15:31.0423 3524 \Device\Harddisk1\DR1\Partition0 - ok
14:15:31.0439 3524 Boot (0x1200) (d532e225e34d3a5a964b7c05b8736f31) \Device\Harddisk6\DR9\Partition0
14:15:31.0439 3524 \Device\Harddisk6\DR9\Partition0 - ok
14:15:31.0439 3524 ============================================================
14:15:31.0439 3524 Scan finished
14:15:31.0439 3524 ============================================================
14:15:31.0532 3932 Detected object count: 0
14:15:31.0532 3932 Actual detected object count: 0

#7 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 December 2011 - 02:58 PM

I ran combofix my computer rebooted during the process when I tried to retrieve the log this is what I found. It shows up as a folder whose contents are just links to my drives.
Posted Image

#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:56 AM

Posted 27 December 2011 - 03:09 PM

Try looking here: C:\Qoobox\ComboFix.txt

If that file doesn't exist either, please re-run ComboFix. It'll hopefully create a log this time. :)

unite_blue.png

Please post the final results, good or bad. We like to know!


#9 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 December 2011 - 03:20 PM

Ping.exe eating up memory. Thanks for any and all assistance provided.
http://dl.dropbox.com/u/36287544/ping.exe

Edit: I think I found the log where you mentioned. Hmm the dates seem a bit off. I think I ran combofix before coming here at one point could this be the log from before?


ComboFix 11-12-16.03 - Chris 12/16/2011 16:52:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6152 [GMT -5:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dat
C:\Install.exe
c:\users\Chris\AppData\Local\jxy.exe
c:\users\Chris\g2mdlhlpx.exe
c:\windows\System64
c:\windows\SysWow64\winsusrm.dll
c:\windows\SysWow64\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 22:03 . 2011-12-16 22:03 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCB18DB6-08EE-4D5E-9CB1-2C35A9F523C5}\offreg.dll
2011-12-16 21:58 . 2011-12-16 21:58 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2011-12-16 21:58 . 2011-12-16 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 21:42 . 2011-11-21 08:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCB18DB6-08EE-4D5E-9CB1-2C35A9F523C5}\mpengine.dll
2011-12-16 21:41 . 2011-12-16 21:41 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2011-12-16 21:41 . 2011-12-16 21:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2011-12-16 21:39 . 2011-12-16 22:04 -------- d-----w- c:\users\Chris\AppData\Local\PMB Files
2011-12-16 20:34 . 2011-12-16 20:35 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-16 20:34 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 15:40 . 2011-12-16 20:41 -------- d-----w- C:\iCCard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:29 . 2011-11-09 22:58 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-19 21:33 . 2011-11-16 21:03 32768 ----a-w- c:\windows\system32\drivers\usbser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tinySpell"="c:\program files (x86)\tinySpell\tinyspell.exe" [2011-06-01 253952]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-27 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5832536]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2009\QBW32.EXE [2011-7-6 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-28 745880]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 iZHost;iZHost;c:\program files (x86)\FPSensor\bin\iZHost.exe [2011-03-23 251392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 19:04]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 19:04]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 16:42]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 16:42]
.
2011-12-10 c:\windows\Tasks\Maglocks.com a division of Gravino Group, LLC 1315417664.job
- c:\program files (x86)\Intuit\QuickBooks 2009\AutoBackupEXE.exe [2011-07-06 17:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
"combofix"="c:\combofix\CF26772.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r93ktmbf.default\
FF - prefs.js: browser.search.defaulturl - www.google.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - search.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-SIUSBXP&10C4&EA61 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\SIUSBXP&10C4&EA61
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\FPSensor\bin\DpHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\ZKSoftware\ZKECO\zkeco\units\adms\memcached.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe
.
**************************************************************************
.
Completion time: 2011-12-16 17:08:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 22:08
.
Pre-Run: 909,228,384,256 bytes free
Post-Run: 911,487,242,240 bytes free
.
- - End Of File - - 55E2D8E65007A026012642C4DFA3BE1C

Edited by ckb1985, 27 December 2011 - 03:26 PM.


#10 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:56 AM

Posted 27 December 2011 - 03:28 PM

That's not the right log file.

ComboFix 11-12-16.03 - Chris 12/16/2011 16:52:35.1.4 - x64

That log was created 11 days ago.



Are there multiple log files (e.g., combofix2.txt, combofix3.txt)? If so, please post the latest (the one with the highest number.

If not, please rerun ComboFix and post the resulting log file.

unite_blue.png

Please post the final results, good or bad. We like to know!


#11 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 December 2011 - 03:31 PM

The file posted was labeled 2 and the only one. Running again I will edit this post with log or update.

#12 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 December 2011 - 03:46 PM

Combofix log posted below. Also you should know combofix complained that MSE was still active however mse has been uninstalled and is not listed in the task bar.


ComboFix 11-12-27.01 - Chris 12/27/2011 15:34:19.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6175 [GMT -5:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Local\hxi.exe
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\suf9F00.tmp
c:\windows\SysWow64\suf9F8D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 20:38 . 2011-12-27 20:38 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2011-12-27 20:38 . 2011-12-27 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 19:54 . 2011-12-19 19:55 79872 ----a-w- c:\windows\SysWow64\8lE3O5NB.com_
2011-12-19 14:26 . 2011-12-19 14:26 -------- d-----w- c:\windows\TempDCD49746-353B-6FC3-1E05-EBBCC5E2A4D7-Signatures
2011-12-16 21:41 . 2011-12-19 15:02 -------- d-----w- c:\program files\Microsoft Security Essentials
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-16 20:34 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 15:40 . 2011-12-19 15:10 -------- d-----w- C:\iCCard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:29 . 2011-11-09 22:58 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-16_22.03.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-16 20:43 . 2011-12-16 21:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-16 20:43 . 2011-12-27 20:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-16 21:06 . 2011-12-16 21:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-16 21:06 . 2011-12-27 20:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-27 20:07 . 2011-12-27 20:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122720111228\index.dat
+ 2011-12-27 20:07 . 2011-12-27 20:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121920111226\index.dat
+ 2011-12-19 20:27 . 2011-12-19 20:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121220111219\index.dat
+ 2011-12-16 20:43 . 2011-12-27 20:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-16 20:43 . 2011-12-16 21:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-09-15 19:17 . 2011-12-21 19:34 51542 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-27 19:26 43510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-15 19:17 . 2011-12-27 19:26 16288 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3170685843-4262705979-1591337028-1000_UserData.bin
- 2010-09-15 19:23 . 2011-12-16 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 19:23 . 2011-12-27 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 19:23 . 2011-12-27 14:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-15 19:23 . 2011-12-16 21:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-27 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-16 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 20:32 . 2011-12-27 19:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 20:32 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 20:32 . 2011-12-16 21:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-15 20:32 . 2011-12-27 19:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-15 20:32 . 2011-12-27 19:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-15 20:32 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 21:06 . 2011-12-27 19:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 21:06 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 21:06 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 21:06 . 2011-12-27 19:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-16 22:03 . 2011-12-16 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-27 20:39 . 2011-12-27 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-16 22:03 . 2011-12-16 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-27 20:39 . 2011-12-27 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-12-27 20:33 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-27 20:33 557056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-12-16 21:45 669992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-27 20:25 669992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-27 20:25 125970 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-16 21:45 125970 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-12-16 22:02 381692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-27 20:38 381692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-16 21:40 . 2011-12-16 21:40 223744 c:\windows\assembly\temp\kwrd.dll
+ 2011-12-19 19:54 . 2011-12-27 19:24 223744 c:\windows\assembly\temp\kwrd.dll
+ 2011-12-19 14:26 . 2011-11-21 08:40 8822856 c:\windows\TempDCD49746-353B-6FC3-1E05-EBBCC5E2A4D7-Signatures\mpengine.dll
+ 2009-07-14 04:54 . 2011-12-27 20:33 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-15 19:07 . 2011-12-27 20:38 4788624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-15 19:07 . 2011-12-16 21:22 4788624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-18 07:29 . 2011-12-27 20:38 1120444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3170685843-4262705979-1591337028-1000-12288.dat
- 2011-06-18 07:29 . 2011-12-16 21:32 1120444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3170685843-4262705979-1591337028-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tinySpell"="c:\program files (x86)\tinySpell\tinyspell.exe" [2011-06-01 253952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5832536]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2009\QBW32.EXE [2011-7-6 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R2 ZKECOBackupDB;ZKECO Backup Database;c:\program files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [x]
R2 ZKECODataCommCenterService;ZKECO Data Comm Center Service;c:\program files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [x]
R2 ZKECOWEBService;ZKECO Web Service;c:\program files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [x]
R3 dpK00701;U.are.UŽ Fingerprint Reader Upper Driver;c:\windows\system32\DRIVERS\dpK00701.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [x]
R3 Svk2pl;GigawareX USB to Serial Driver;c:\windows\system32\DRIVERS\Svk2pl64.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 usbdpfp;U.are.UŽ Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-28 745880]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-09 2983808]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2010-04-28 679936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\At10.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At12.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At14.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At16.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At18.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At2.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At20.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At22.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At24.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At26.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At28.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At30.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At32.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-26 c:\windows\Tasks\At34.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-26 c:\windows\Tasks\At36.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-26 c:\windows\Tasks\At38.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At4.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At40.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At42.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At44.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At46.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At48.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At6.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\At8.job
- c:\windows\system32\8lE3O5NB.com_ [2011-12-19 19:55]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 19:04]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 19:04]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 16:42]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 16:42]
.
2011-12-24 c:\windows\Tasks\Maglocks.com a division of Gravino Group, LLC 1315417664.job
- c:\program files (x86)\Intuit\QuickBooks 2009\AutoBackupEXE.exe [2011-07-06 17:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF2276.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2011-12-27 15:43:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 20:43
ComboFix2.txt 2011-12-16 22:08
.
Pre-Run: 911,520,301,056 bytes free
Post-Run: 911,527,378,944 bytes free
.
- - End Of File - - 7031EEF9D37C228C4B9DC538B73DF260

#13 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:56 AM

Posted 27 December 2011 - 04:03 PM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\SysWow64\8lE3O5NB.com_
c:\windows\system32\8lE3O5NB.com_

Folder::
c:\windows\assembly\temp
c:\program files (x86)\Application Updater

Driver::
Application Updater

AtJob::

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite_blue.png

Please post the final results, good or bad. We like to know!


#14 ckb1985

ckb1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 December 2011 - 04:26 PM

As instructed.

ComboFix 11-12-27.01 - Chris 12/27/2011 16:14:31.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6410 [GMT -5:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\8lE3O5NB.com_"
"c:\windows\SysWow64\8lE3O5NB.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Application Updater
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\Application Updater\config.ini
c:\windows\assembly\temp
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
c:\windows\SysWow64\8lE3O5NB.com_
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 21:18 . 2011-12-27 21:18 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2011-12-27 21:18 . 2011-12-27 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 14:26 . 2011-12-19 14:26 -------- d-----w- c:\windows\TempDCD49746-353B-6FC3-1E05-EBBCC5E2A4D7-Signatures
2011-12-16 21:41 . 2011-12-19 15:02 -------- d-----w- c:\program files\Microsoft Security Essentials
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 20:34 . 2011-12-16 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-16 20:34 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 15:40 . 2011-12-27 21:12 -------- d-----w- C:\iCCard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:29 . 2011-11-09 22:58 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-16_22.03.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-16 20:43 . 2011-12-27 20:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-16 20:43 . 2011-12-16 21:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-16 21:06 . 2011-12-27 20:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2011-12-16 21:06 . 2011-12-16 21:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-27 20:07 . 2011-12-27 20:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122720111228\index.dat
+ 2011-12-27 20:07 . 2011-12-27 20:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121920111226\index.dat
+ 2011-12-19 20:27 . 2011-12-19 20:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121220111219\index.dat
- 2011-12-16 20:43 . 2011-12-16 21:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-16 20:43 . 2011-12-27 20:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-09-15 19:17 . 2011-12-21 19:34 51542 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-27 20:41 43510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-15 19:17 . 2011-12-27 20:41 16320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3170685843-4262705979-1591337028-1000_UserData.bin
- 2010-09-15 19:23 . 2011-12-16 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 19:23 . 2011-12-27 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 19:23 . 2011-12-16 21:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-15 19:23 . 2011-12-27 14:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-16 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-27 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-15 20:32 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 20:32 . 2011-12-27 21:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 20:32 . 2011-12-27 21:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-15 20:32 . 2011-12-16 21:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-15 20:32 . 2011-12-27 21:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-15 20:32 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 21:06 . 2011-12-27 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 21:06 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-15 21:06 . 2011-12-16 21:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 21:06 . 2011-12-27 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-27 21:19 . 2011-12-27 21:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-16 22:03 . 2011-12-16 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-27 21:19 . 2011-12-27 21:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-16 22:03 . 2011-12-16 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-12-27 20:39 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-27 20:39 557056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2011-12-27 21:14 669992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-16 21:45 669992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-16 21:45 125970 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-27 21:14 125970 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-12-27 21:18 381692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-16 22:02 381692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-19 14:26 . 2011-11-21 08:40 8822856 c:\windows\TempDCD49746-353B-6FC3-1E05-EBBCC5E2A4D7-Signatures\mpengine.dll
+ 2009-07-14 04:54 . 2011-12-27 20:39 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-15 19:07 . 2011-12-16 21:22 4788624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-15 19:07 . 2011-12-27 20:38 4788624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-06-18 07:29 . 2011-12-16 21:32 1120444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3170685843-4262705979-1591337028-1000-12288.dat
+ 2011-06-18 07:29 . 2011-12-27 20:38 1120444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3170685843-4262705979-1591337028-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tinySpell"="c:\program files (x86)\tinySpell\tinyspell.exe" [2011-06-01 253952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5832536]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2009\QBW32.EXE [2011-7-6 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R2 ZKECOBackupDB;ZKECO Backup Database;c:\program files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [x]
R2 ZKECODataCommCenterService;ZKECO Data Comm Center Service;c:\program files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [x]
R2 ZKECOWEBService;ZKECO Web Service;c:\program files (x86)\ZKSoftware\ZKECO\Python26\lib\site-packages\win32\PythonService.exe [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [x]
R3 dpK00701;U.are.UŽ Fingerprint Reader Upper Driver;c:\windows\system32\DRIVERS\dpK00701.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [x]
R3 Svk2pl;GigawareX USB to Serial Driver;c:\windows\system32\DRIVERS\Svk2pl64.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 usbdpfp;U.are.UŽ Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-09 2983808]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2010-04-28 679936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 19:04]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 19:04]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 16:42]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 16:42]
.
2011-12-24 c:\windows\Tasks\Maglocks.com a division of Gravino Group, LLC 1315417664.job
- c:\program files (x86)\Intuit\QuickBooks 2009\AutoBackupEXE.exe [2011-07-06 17:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF10195.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2011-12-27 16:24:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 21:24
ComboFix2.txt 2011-12-27 20:43
ComboFix3.txt 2011-12-16 22:08
.
Pre-Run: 912,011,739,136 bytes free
Post-Run: 911,950,761,984 bytes free
.
- - End Of File - - AD132CC4D0830A052306861AA6E44DD2

#15 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:56 AM

Posted 27 December 2011 - 04:28 PM

Hi,

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by Gammo, 27 December 2011 - 04:29 PM.

unite_blue.png

Please post the final results, good or bad. We like to know!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users