Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Connectivity issues, random ads


  • This topic is locked This topic is locked
44 replies to this topic

#1 Cratti

Cratti

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 02:57 PM

Redirect from: This thread

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Chris at 13:54:59 on 2012-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3463 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\TVersitybar\TVersitybarToolbarHelper1.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 208.180.83.133 208.180.42.68
TCP: Interfaces\{E72DFB40-2DBC-4D9B-9EA8-961AB1C8B3FC} : DhcpNameServer = 208.180.83.133 208.180.42.68
TCP: Interfaces\{F1178EEE-9041-447F-9E94-E3AB6A426AC7} : DhcpNameServer = 208.180.83.133 208.180.42.68
TCP: Interfaces\{F1178EEE-9041-447F-9E94-E3AB6A426AC7}\2456C6B696E6E233335463 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F1178EEE-9041-447F-9E94-E3AB6A426AC7}\2456C6B696E6F574F505C65737F5D494D4F4F5339393348373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F1178EEE-9041-447F-9E94-E3AB6A426AC7}\A4F656C6D27657563747 : DhcpNameServer = 208.180.83.133 208.180.42.68
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll
BHO-X64: TVersitybar - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xs8zrmne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-3-9 366000]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-20 652872]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-20 2214504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-19 1153368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-20 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 dopewars-server;dopewars server;C:\Program Files (x86)\dopewars-1.5.12\dopewars.exe -N --> C:\Program Files (x86)\dopewars-1.5.12\dopewars.exe -N [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 PS3 Media Server;PS3 Media Server;"C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" --> C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-21 19:50:47 859 ----a-w- C:\ProgramData\mvxjdaa.tmp
2012-01-21 19:48:30 828 ----a-w- C:\ProgramData\kvxjdaa.tmp
2012-01-21 19:37:52 827 ----a-w- C:\ProgramData\nvxjdaa.tmp
2012-01-21 19:37:44 831 ----a-w- C:\ProgramData\lvxjdaa.tmp
2012-01-21 03:34:56 865 ----a-w- C:\ProgramData\iorhbaa.tmp
2012-01-21 02:42:24 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-21 02:42:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-21 02:36:38 828 ----a-w- C:\ProgramData\morhbaa.tmp
2012-01-21 00:59:33 873 ----a-w- C:\ProgramData\lorhbaa.tmp
2012-01-21 00:58:00 820 ----a-w- C:\ProgramData\korhbaa.tmp
2012-01-20 23:42:04 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-01-20 16:40:27 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-20 16:30:36 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-01-20 16:30:31 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-01-20 15:42:52 16200 ----a-w- C:\Windows\stinger.sys
2012-01-20 15:42:08 -------- d-----w- C:\Program Files (x86)\stinger
2012-01-20 15:05:16 -------- d-----w- C:\Program Files (x86)\CCleaner
2012-01-20 07:17:23 -------- d-----w- C:\e
2012-01-20 07:15:27 -------- d-----w- C:\Data
2012-01-20 06:45:25 817 ----a-w- C:\ProgramData\lxkjfaa.tmp
2012-01-20 06:43:35 794 ----a-w- C:\ProgramData\mxkjfaa.tmp
2012-01-20 06:23:47 846 ----a-w- C:\ProgramData\oxkjfaa.tmp
2012-01-20 06:21:51 855 ----a-w- C:\ProgramData\kxkjfaa.tmp
2012-01-20 06:12:08 926 ----a-w- C:\ProgramData\nxkjfaa.tmp
2012-01-20 03:52:43 843 ----a-w- C:\ProgramData\ukblbaa.tmp
2012-01-20 03:51:03 854 ----a-w- C:\ProgramData\qkblbaa.tmp
2012-01-20 03:50:46 853 ----a-w- C:\ProgramData\skblbaa.tmp
2012-01-20 03:47:27 868 ----a-w- C:\ProgramData\rkblbaa.tmp
2012-01-20 03:08:38 858 ----a-w- C:\ProgramData\tkblbaa.tmp
2012-01-19 05:08:06 838 ----a-w- C:\ProgramData\yeicbaa.tmp
2012-01-19 05:05:57 834 ----a-w- C:\ProgramData\aficbaa.tmp
2012-01-19 05:05:53 839 ----a-w- C:\ProgramData\zeicbaa.tmp
2012-01-19 05:03:30 826 ----a-w- C:\ProgramData\bficbaa.tmp
2012-01-19 05:02:46 848 ----a-w- C:\ProgramData\cficbaa.tmp
2012-01-16 03:05:34 843 ----a-w- C:\ProgramData\qnclcaa.tmp
2012-01-16 02:42:53 852 ----a-w- C:\ProgramData\pnclcaa.tmp
2012-01-16 02:39:09 805 ----a-w- C:\ProgramData\snclcaa.tmp
2012-01-16 02:05:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-01-16 02:05:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-16 01:50:14 788 ----a-w- C:\ProgramData\onclcaa.tmp
2012-01-16 01:49:29 855 ----a-w- C:\ProgramData\rnclcaa.tmp
2012-01-16 01:45:49 -------- d-s---w- C:\ComboFix
2012-01-16 01:33:16 865 ----a-w- C:\ProgramData\cuogbaa.tmp
2012-01-15 21:07:16 888 ----a-w- C:\ProgramData\buogbaa.tmp
2012-01-15 18:03:45 835 ----a-w- C:\ProgramData\auogbaa.tmp
2012-01-15 17:13:10 863 ----a-w- C:\ProgramData\euogbaa.tmp
2012-01-15 17:13:05 851 ----a-w- C:\ProgramData\duogbaa.tmp
2012-01-15 00:04:50 -------- d-----w- C:\Program Files (x86)\TNod User & Password Finder
2012-01-14 21:15:04 -------- d-----w- C:\Program Files\ESET
2012-01-12 18:02:33 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 18:02:33 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 18:02:33 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 18:02:33 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 13:48:46 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 13:48:45 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 13:48:45 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 13:48:45 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 13:48:41 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 13:48:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 13:48:41 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 13:48:41 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-01 19:31:46 -------- d-----w- C:\Users\Chris\AppData\Local\Gas Powered Games
2012-01-01 18:47:05 -------- d-----w- C:\Program Files (x86)\Supreme Commander 2
.
==================== Find3M ====================
.
2011-12-21 05:01:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 13:56:16.76 ===============

Attached Files


Edited by Cratti, 21 January 2012 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:54 AM

Posted 21 January 2012 - 03:14 PM

Hi,

Please do the following:

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well



NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 04:14 PM

From aswMBR

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 14:19:44
-----------------------------
14:19:44.393 OS Version: Windows x64 6.1.7601 Service Pack 1
14:19:44.393 Number of processors: 4 586 0x170A
14:19:44.394 ComputerName: DESKTOP UserName: Chris
14:19:49.190 Initialize success
14:25:29.622 AVAST engine defs: 12012101
14:33:19.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:33:19.709 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
14:33:19.719 Disk 0 MBR read successfully
14:33:19.721 Disk 0 MBR scan
14:33:19.726 Disk 0 unknown MBR code
14:33:19.729 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 63
14:33:19.735 Service scanning
14:33:21.021 Modules scanning
14:33:21.024 Disk 0 trace - called modules:
14:33:21.029 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:33:21.033 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f71060]
14:33:21.037 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8005960cd0]
14:33:21.041 5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005cea060]
14:33:25.486 AVAST engine scan C:\Windows
14:33:29.108 AVAST engine scan C:\Windows\system32
14:36:26.731 AVAST engine scan C:\Windows\system32\drivers
14:36:44.764 AVAST engine scan C:\Users\Chris
15:07:59.817 AVAST engine scan C:\ProgramData
15:11:52.381 Scan finished successfully
15:12:20.552 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
15:12:20.559 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"


Attached Files

  • Attached File  MBR.zip   543bytes   0 downloads


#4 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 04:23 PM

TDSSKiller:

15:21:40.0867 5040 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
15:21:41.0615 5040 ============================================================
15:21:41.0615 5040 Current date / time: 2012/01/21 15:21:41.0615
15:21:41.0615 5040 SystemInfo:
15:21:41.0615 5040
15:21:41.0615 5040 OS Version: 6.1.7601 ServicePack: 1.0
15:21:41.0615 5040 Product type: Workstation
15:21:41.0615 5040 ComputerName: DESKTOP
15:21:41.0615 5040 UserName: Chris
15:21:41.0615 5040 Windows directory: C:\Windows
15:21:41.0615 5040 System windows directory: C:\Windows
15:21:41.0615 5040 Running under WOW64
15:21:41.0615 5040 Processor architecture: Intel x64
15:21:41.0615 5040 Number of processors: 4
15:21:41.0615 5040 Page size: 0x1000
15:21:41.0615 5040 Boot type: Normal boot
15:21:41.0615 5040 ============================================================
15:21:42.0752 5040 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:21:42.0910 5040 Initialize success
15:21:44.0857 3832 ============================================================
15:21:44.0857 3832 Scan started
15:21:44.0857 3832 Mode: Manual;
15:21:44.0857 3832 ============================================================
15:21:49.0733 3832 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:21:49.0735 3832 1394ohci - ok
15:21:49.0781 3832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:21:49.0783 3832 ACPI - ok
15:21:49.0821 3832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:21:49.0822 3832 AcpiPmi - ok
15:21:49.0865 3832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:21:49.0869 3832 adp94xx - ok
15:21:49.0888 3832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:21:49.0891 3832 adpahci - ok
15:21:49.0912 3832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:21:49.0914 3832 adpu320 - ok
15:21:49.0973 3832 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:21:49.0976 3832 AFD - ok
15:21:50.0020 3832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:21:50.0021 3832 agp440 - ok
15:21:50.0036 3832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:21:50.0037 3832 aliide - ok
15:21:50.0073 3832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:21:50.0074 3832 amdide - ok
15:21:50.0087 3832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:21:50.0089 3832 AmdK8 - ok
15:21:50.0103 3832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:21:50.0105 3832 AmdPPM - ok
15:21:50.0145 3832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:21:50.0146 3832 amdsata - ok
15:21:50.0170 3832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:21:50.0172 3832 amdsbs - ok
15:21:50.0191 3832 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:21:50.0192 3832 amdxata - ok
15:21:50.0233 3832 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:21:50.0234 3832 AppID - ok
15:21:50.0277 3832 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:21:50.0278 3832 arc - ok
15:21:50.0288 3832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:21:50.0290 3832 arcsas - ok
15:21:50.0302 3832 AsIO - ok
15:21:50.0328 3832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:21:50.0329 3832 AsyncMac - ok
15:21:50.0367 3832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:21:50.0367 3832 atapi - ok
15:21:50.0412 3832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:21:50.0415 3832 b06bdrv - ok
15:21:50.0433 3832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:21:50.0436 3832 b57nd60a - ok
15:21:50.0452 3832 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:21:50.0453 3832 Beep - ok
15:21:50.0474 3832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:21:50.0475 3832 blbdrive - ok
15:21:50.0513 3832 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:21:50.0514 3832 bowser - ok
15:21:50.0527 3832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:21:50.0528 3832 BrFiltLo - ok
15:21:50.0545 3832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:21:50.0545 3832 BrFiltUp - ok
15:21:50.0571 3832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:21:50.0573 3832 Brserid - ok
15:21:50.0585 3832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:21:50.0586 3832 BrSerWdm - ok
15:21:50.0601 3832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:21:50.0601 3832 BrUsbMdm - ok
15:21:50.0612 3832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:21:50.0614 3832 BrUsbSer - ok
15:21:50.0648 3832 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
15:21:50.0649 3832 BTCFilterService - ok
15:21:50.0665 3832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:21:50.0666 3832 BTHMODEM - ok
15:21:50.0702 3832 catchme - ok
15:21:50.0731 3832 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:21:50.0732 3832 cdfs - ok
15:21:50.0780 3832 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:21:50.0782 3832 cdrom - ok
15:21:50.0799 3832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:21:50.0800 3832 circlass - ok
15:21:50.0833 3832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:21:50.0836 3832 CLFS - ok
15:21:50.0891 3832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:21:50.0892 3832 CmBatt - ok
15:21:50.0935 3832 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:21:50.0935 3832 cmdide - ok
15:21:50.0964 3832 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:21:50.0967 3832 CNG - ok
15:21:50.0975 3832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:21:50.0976 3832 Compbatt - ok
15:21:51.0025 3832 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:21:51.0026 3832 CompositeBus - ok
15:21:51.0042 3832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:21:51.0043 3832 crcdisk - ok
15:21:51.0102 3832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:21:51.0103 3832 DfsC - ok
15:21:51.0124 3832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:21:51.0125 3832 discache - ok
15:21:51.0153 3832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:21:51.0153 3832 Disk - ok
15:21:51.0197 3832 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:21:51.0197 3832 drmkaud - ok
15:21:51.0247 3832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:21:51.0253 3832 DXGKrnl - ok
15:21:51.0286 3832 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
15:21:51.0288 3832 eamonm - ok
15:21:51.0354 3832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:21:51.0374 3832 ebdrv - ok
15:21:51.0397 3832 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
15:21:51.0398 3832 ehdrv - ok
15:21:51.0442 3832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:21:51.0446 3832 elxstor - ok
15:21:51.0475 3832 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
15:21:51.0477 3832 epfw - ok
15:21:51.0496 3832 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:21:51.0497 3832 EpfwLWF - ok
15:21:51.0527 3832 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
15:21:51.0528 3832 epfwwfp - ok
15:21:51.0567 3832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:21:51.0567 3832 ErrDev - ok
15:21:51.0593 3832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:21:51.0595 3832 exfat - ok
15:21:51.0611 3832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:21:51.0614 3832 fastfat - ok
15:21:51.0632 3832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:21:51.0633 3832 fdc - ok
15:21:51.0657 3832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:21:51.0658 3832 FileInfo - ok
15:21:51.0675 3832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:21:51.0676 3832 Filetrace - ok
15:21:51.0692 3832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:21:51.0693 3832 flpydisk - ok
15:21:51.0741 3832 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:21:51.0742 3832 FltMgr - ok
15:21:51.0772 3832 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:21:51.0774 3832 FsDepends - ok
15:21:51.0797 3832 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:21:51.0798 3832 Fs_Rec - ok
15:21:51.0837 3832 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:21:51.0839 3832 fvevol - ok
15:21:51.0848 3832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:21:51.0849 3832 gagp30kx - ok
15:21:51.0926 3832 GGSAFERDriver - ok
15:21:51.0943 3832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:21:51.0945 3832 hcw85cir - ok
15:21:52.0002 3832 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:21:52.0386 3832 HdAudAddService - ok
15:21:52.0412 3832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:21:52.0413 3832 HDAudBus - ok
15:21:52.0426 3832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:21:52.0427 3832 HidBatt - ok
15:21:52.0446 3832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:21:52.0450 3832 HidBth - ok
15:21:52.0465 3832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:21:52.0465 3832 HidIr - ok
15:21:52.0508 3832 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:21:52.0510 3832 HidUsb - ok
15:21:52.0571 3832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:21:52.0573 3832 HpSAMD - ok
15:21:52.0640 3832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:21:52.0645 3832 HTTP - ok
15:21:52.0683 3832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:21:52.0683 3832 hwpolicy - ok
15:21:52.0701 3832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:21:52.0702 3832 i8042prt - ok
15:21:52.0741 3832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:21:52.0744 3832 iaStorV - ok
15:21:52.0882 3832 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:21:52.0927 3832 igfx - ok
15:21:52.0957 3832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:21:52.0958 3832 iirsp - ok
15:21:52.0991 3832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:21:53.0335 3832 intelide - ok
15:21:53.0360 3832 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:21:53.0361 3832 intelppm - ok
15:21:53.0404 3832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:21:53.0405 3832 IpFilterDriver - ok
15:21:53.0426 3832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:21:53.0427 3832 IPMIDRV - ok
15:21:53.0448 3832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:21:53.0452 3832 IPNAT - ok
15:21:53.0468 3832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:21:53.0469 3832 IRENUM - ok
15:21:53.0486 3832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:21:53.0487 3832 isapnp - ok
15:21:53.0502 3832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:21:53.0505 3832 iScsiPrt - ok
15:21:53.0536 3832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:21:53.0537 3832 kbdclass - ok
15:21:53.0550 3832 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:21:53.0551 3832 kbdhid - ok
15:21:53.0603 3832 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:21:53.0605 3832 KSecDD - ok
15:21:53.0622 3832 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:21:53.0623 3832 KSecPkg - ok
15:21:53.0642 3832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:21:53.0643 3832 ksthunk - ok
15:21:53.0715 3832 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
15:21:53.0716 3832 Lavasoft Kernexplorer - ok
15:21:53.0753 3832 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
15:21:53.0754 3832 Lbd - ok
15:21:53.0775 3832 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:21:53.0776 3832 lltdio - ok
15:21:53.0800 3832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:21:53.0801 3832 LSI_FC - ok
15:21:53.0815 3832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:21:53.0817 3832 LSI_SAS - ok
15:21:53.0830 3832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:21:53.0831 3832 LSI_SAS2 - ok
15:21:53.0841 3832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:21:53.0843 3832 LSI_SCSI - ok
15:21:53.0860 3832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:21:53.0862 3832 luafv - ok
15:21:53.0901 3832 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:21:53.0903 3832 MBAMProtector - ok
15:21:53.0940 3832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:21:53.0942 3832 megasas - ok
15:21:53.0959 3832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:21:53.0961 3832 MegaSR - ok
15:21:53.0986 3832 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:21:53.0987 3832 Modem - ok
15:21:54.0019 3832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:21:54.0020 3832 monitor - ok
15:21:54.0058 3832 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
15:21:54.0060 3832 motccgp - ok
15:21:54.0092 3832 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
15:21:54.0093 3832 motccgpfl - ok
15:21:54.0121 3832 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
15:21:54.0122 3832 motmodem - ok
15:21:54.0151 3832 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
15:21:54.0152 3832 MotoSwitchService - ok
15:21:54.0180 3832 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
15:21:54.0181 3832 Motousbnet - ok
15:21:54.0208 3832 motusbdevice (4244e427cda5f6485e74461b5b48a7b6) C:\Windows\system32\DRIVERS\motusbdevice.sys
15:21:54.0209 3832 motusbdevice - ok
15:21:54.0245 3832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:21:54.0246 3832 mouclass - ok
15:21:54.0270 3832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:21:54.0271 3832 mouhid - ok
15:21:54.0331 3832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:21:54.0332 3832 mountmgr - ok
15:21:54.0368 3832 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:21:54.0370 3832 mpio - ok
15:21:54.0389 3832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:21:54.0390 3832 mpsdrv - ok
15:21:54.0433 3832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:21:54.0435 3832 MRxDAV - ok
15:21:54.0458 3832 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:21:54.0460 3832 mrxsmb - ok
15:21:54.0498 3832 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:21:54.0500 3832 mrxsmb10 - ok
15:21:54.0533 3832 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:21:54.0534 3832 mrxsmb20 - ok
15:21:54.0569 3832 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:21:54.0570 3832 msahci - ok
15:21:54.0591 3832 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:21:54.0592 3832 msdsm - ok
15:21:54.0619 3832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:21:54.0620 3832 Msfs - ok
15:21:54.0630 3832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:21:54.0631 3832 mshidkmdf - ok
15:21:54.0647 3832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:21:54.0648 3832 msisadrv - ok
15:21:54.0674 3832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:21:54.0675 3832 MSKSSRV - ok
15:21:54.0885 3832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:21:54.0886 3832 MSPCLOCK - ok
15:21:54.0914 3832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:21:54.0915 3832 MSPQM - ok
15:21:54.0959 3832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:21:54.0962 3832 MsRPC - ok
15:21:54.0980 3832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:21:54.0980 3832 mssmbios - ok
15:21:54.0990 3832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:21:54.0991 3832 MSTEE - ok
15:21:55.0009 3832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:21:55.0010 3832 MTConfig - ok
15:21:55.0043 3832 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
15:21:55.0043 3832 MTsensor - ok
15:21:55.0060 3832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:21:55.0062 3832 Mup - ok
15:21:55.0089 3832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:21:55.0093 3832 NativeWifiP - ok
15:21:55.0146 3832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:21:55.0156 3832 NDIS - ok
15:21:55.0185 3832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:21:55.0186 3832 NdisCap - ok
15:21:55.0215 3832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:21:55.0216 3832 NdisTapi - ok
15:21:55.0254 3832 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:21:55.0255 3832 Ndisuio - ok
15:21:55.0291 3832 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:21:55.0293 3832 NdisWan - ok
15:21:55.0326 3832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:21:55.0327 3832 NDProxy - ok
15:21:55.0361 3832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:21:55.0364 3832 NetBIOS - ok
15:21:55.0402 3832 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:21:55.0405 3832 NetBT - ok
15:21:55.0448 3832 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
15:21:55.0459 3832 netr28x - ok
15:21:55.0492 3832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:21:55.0493 3832 nfrd960 - ok
15:21:55.0525 3832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:21:55.0527 3832 Npfs - ok
15:21:55.0545 3832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:21:55.0546 3832 nsiproxy - ok
15:21:55.0612 3832 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:21:55.0647 3832 Ntfs - ok
15:21:55.0672 3832 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:21:55.0673 3832 Null - ok
15:21:56.0032 3832 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:21:56.0248 3832 nvlddmkm - ok
15:21:56.0320 3832 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:21:56.0323 3832 nvraid - ok
15:21:56.0346 3832 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:21:56.0349 3832 nvstor - ok
15:21:56.0398 3832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:21:56.0400 3832 nv_agp - ok
15:21:56.0419 3832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:21:56.0421 3832 ohci1394 - ok
15:21:56.0453 3832 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:21:56.0455 3832 Parport - ok
15:21:56.0494 3832 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:21:56.0498 3832 partmgr - ok
15:21:56.0531 3832 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:21:56.0534 3832 pci - ok
15:21:56.0547 3832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:21:56.0549 3832 pciide - ok
15:21:56.0585 3832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:21:56.0589 3832 pcmcia - ok
15:21:56.0634 3832 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
15:21:56.0637 3832 pcouffin - ok
15:21:56.0667 3832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:21:56.0669 3832 pcw - ok
15:21:56.0693 3832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:21:56.0701 3832 PEAUTH - ok
15:21:56.0735 3832 pfc - ok
15:21:56.0818 3832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:21:56.0819 3832 PptpMiniport - ok
15:21:56.0839 3832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:21:56.0841 3832 Processor - ok
15:21:56.0909 3832 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:21:56.0911 3832 Psched - ok
15:21:56.0954 3832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:21:56.0980 3832 ql2300 - ok
15:21:57.0010 3832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:21:57.0012 3832 ql40xx - ok
15:21:57.0050 3832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:21:57.0050 3832 QWAVEdrv - ok
15:21:57.0076 3832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:21:57.0077 3832 RasAcd - ok
15:21:57.0110 3832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:21:57.0111 3832 RasAgileVpn - ok
15:21:57.0151 3832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:21:57.0152 3832 Rasl2tp - ok
15:21:57.0185 3832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:21:57.0186 3832 RasPppoe - ok
15:21:57.0203 3832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:21:57.0204 3832 RasSstp - ok
15:21:57.0249 3832 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:21:57.0253 3832 rdbss - ok
15:21:57.0274 3832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:21:57.0276 3832 rdpbus - ok
15:21:57.0294 3832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:21:57.0297 3832 RDPCDD - ok
15:21:57.0312 3832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:21:57.0313 3832 RDPENCDD - ok
15:21:57.0329 3832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:21:57.0330 3832 RDPREFMP - ok
15:21:57.0376 3832 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:21:57.0380 3832 RDPWD - ok
15:21:57.0421 3832 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:21:57.0424 3832 rdyboost - ok
15:21:57.0453 3832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:21:57.0454 3832 rspndr - ok
15:21:57.0493 3832 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:21:57.0497 3832 RTL8167 - ok
15:21:57.0550 3832 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:21:57.0552 3832 sbp2port - ok
15:21:57.0615 3832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:21:57.0616 3832 scfilter - ok
15:21:57.0652 3832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:21:57.0653 3832 secdrv - ok
15:21:57.0695 3832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:21:57.0697 3832 Serenum - ok
15:21:57.0713 3832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:21:57.0715 3832 Serial - ok
15:21:57.0749 3832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:21:57.0751 3832 sermouse - ok
15:21:57.0796 3832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:21:57.0797 3832 sffdisk - ok
15:21:57.0810 3832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:21:57.0812 3832 sffp_mmc - ok
15:21:57.0829 3832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:21:57.0831 3832 sffp_sd - ok
15:21:57.0853 3832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:21:57.0854 3832 sfloppy - ok
15:21:57.0892 3832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:21:57.0894 3832 SiSRaid2 - ok
15:21:57.0913 3832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:21:57.0915 3832 SiSRaid4 - ok
15:21:57.0929 3832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:21:57.0930 3832 Smb - ok
15:21:57.0959 3832 speedfan - ok
15:21:57.0976 3832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:21:57.0977 3832 spldr - ok
15:21:58.0016 3832 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:21:58.0025 3832 sptd - ok
15:21:58.0068 3832 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:21:58.0074 3832 srv - ok
15:21:58.0110 3832 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:21:58.0115 3832 srv2 - ok
15:21:58.0128 3832 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:21:58.0131 3832 srvnet - ok
15:21:58.0167 3832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:21:58.0169 3832 stexstor - ok
15:21:58.0212 3832 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:21:58.0213 3832 StillCam - ok
15:21:58.0275 3832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:21:58.0277 3832 swenum - ok
15:21:58.0371 3832 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:21:58.0405 3832 Tcpip - ok
15:21:58.0462 3832 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:21:58.0473 3832 TCPIP6 - ok
15:21:58.0529 3832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:21:58.0530 3832 tcpipreg - ok
15:21:58.0550 3832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:21:58.0551 3832 TDPIPE - ok
15:21:58.0568 3832 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:21:58.0569 3832 TDTCP - ok
15:21:58.0609 3832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:21:58.0610 3832 tdx - ok
15:21:58.0643 3832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:21:58.0646 3832 TermDD - ok
15:21:58.0711 3832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:21:58.0712 3832 tssecsrv - ok
15:21:58.0764 3832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:21:58.0765 3832 TsUsbFlt - ok
15:21:58.0814 3832 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:21:58.0817 3832 tunnel - ok
15:21:58.0848 3832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:21:58.0850 3832 uagp35 - ok
15:21:58.0889 3832 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:21:58.0892 3832 udfs - ok
15:21:58.0920 3832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:21:58.0922 3832 uliagpkx - ok
15:21:58.0942 3832 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:21:58.0945 3832 umbus - ok
15:21:58.0960 3832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:21:58.0961 3832 UmPass - ok
15:21:58.0979 3832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:21:58.0982 3832 usbccgp - ok
15:21:59.0005 3832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:21:59.0007 3832 usbcir - ok
15:21:59.0033 3832 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:21:59.0035 3832 usbehci - ok
15:21:59.0070 3832 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:21:59.0074 3832 usbhub - ok
15:21:59.0091 3832 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:21:59.0100 3832 usbohci - ok
15:21:59.0130 3832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:21:59.0133 3832 usbprint - ok
15:21:59.0152 3832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:21:59.0154 3832 USBSTOR - ok
15:21:59.0167 3832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:21:59.0169 3832 usbuhci - ok
15:21:59.0188 3832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:21:59.0190 3832 vdrvroot - ok
15:21:59.0209 3832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:21:59.0210 3832 vga - ok
15:21:59.0232 3832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:21:59.0234 3832 VgaSave - ok
15:21:59.0260 3832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:21:59.0264 3832 vhdmp - ok
15:21:59.0284 3832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:21:59.0287 3832 viaide - ok
15:21:59.0308 3832 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:21:59.0310 3832 volmgr - ok
15:21:59.0352 3832 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:21:59.0356 3832 volmgrx - ok
15:21:59.0378 3832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:21:59.0382 3832 volsnap - ok
15:21:59.0410 3832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:21:59.0412 3832 vsmraid - ok
15:21:59.0436 3832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:21:59.0437 3832 vwifibus - ok
15:21:59.0454 3832 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:21:59.0455 3832 vwififlt - ok
15:21:59.0479 3832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:21:59.0481 3832 WacomPen - ok
15:21:59.0515 3832 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:59.0516 3832 WANARP - ok
15:21:59.0521 3832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:59.0522 3832 Wanarpv6 - ok
15:21:59.0564 3832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:21:59.0566 3832 Wd - ok
15:21:59.0591 3832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:21:59.0598 3832 Wdf01000 - ok
15:21:59.0645 3832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:21:59.0645 3832 WfpLwf - ok
15:21:59.0660 3832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:21:59.0661 3832 WIMMount - ok
15:21:59.0703 3832 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:21:59.0705 3832 WinUsb - ok
15:21:59.0780 3832 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
15:21:59.0781 3832 WmBEnum - ok
15:21:59.0804 3832 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
15:21:59.0806 3832 WmFilter - ok
15:21:59.0838 3832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:21:59.0839 3832 WmiAcpi - ok
15:21:59.0894 3832 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
15:21:59.0896 3832 WmVirHid - ok
15:22:00.0117 3832 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
15:22:00.0154 3832 WmXlCore - ok
15:22:00.0176 3832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:22:00.0177 3832 ws2ifsl - ok
15:22:00.0223 3832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:22:00.0225 3832 WudfPf - ok
15:22:00.0246 3832 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:00.0248 3832 WUDFRd - ok
15:22:00.0310 3832 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0
15:22:00.0342 3832 \Device\Harddisk0\DR0 - ok
15:22:00.0346 3832 Boot (0x1200) (90c86de05767949cc21b64806c9866c2) \Device\Harddisk0\DR0\Partition0
15:22:00.0352 3832 \Device\Harddisk0\DR0\Partition0 - ok
15:22:00.0353 3832 ============================================================
15:22:00.0353 3832 Scan finished
15:22:00.0353 3832 ============================================================
15:22:00.0369 7400 Detected object count: 0
15:22:00.0369 7400 Actual detected object count: 0
15:22:30.0906 1812 ============================================================
15:22:30.0906 1812 Scan started
15:22:30.0906 1812 Mode: Manual;
15:22:30.0906 1812 ============================================================
15:22:33.0956 1812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:22:33.0958 1812 1394ohci - ok
15:22:34.0245 1812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:22:34.0772 1812 ACPI - ok
15:22:34.0810 1812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:22:34.0811 1812 AcpiPmi - ok
15:22:34.0864 1812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:22:34.0867 1812 adp94xx - ok
15:22:34.0885 1812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:22:34.0888 1812 adpahci - ok
15:22:34.0918 1812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:22:34.0919 1812 adpu320 - ok
15:22:34.0962 1812 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:22:34.0965 1812 AFD - ok
15:22:34.0985 1812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:22:34.0986 1812 agp440 - ok
15:22:35.0000 1812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:22:35.0001 1812 aliide - ok
15:22:35.0029 1812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:22:35.0029 1812 amdide - ok
15:22:35.0043 1812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:22:35.0045 1812 AmdK8 - ok
15:22:35.0059 1812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:22:35.0060 1812 AmdPPM - ok
15:22:35.0071 1812 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:22:35.0072 1812 amdsata - ok
15:22:35.0093 1812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:22:35.0094 1812 amdsbs - ok
15:22:35.0113 1812 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:22:35.0114 1812 amdxata - ok
15:22:35.0155 1812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:22:35.0156 1812 AppID - ok
15:22:35.0191 1812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:22:35.0192 1812 arc - ok
15:22:35.0208 1812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:22:35.0211 1812 arcsas - ok
15:22:35.0215 1812 AsIO - ok
15:22:35.0242 1812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:35.0243 1812 AsyncMac - ok
15:22:35.0256 1812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:22:35.0256 1812 atapi - ok
15:22:35.0317 1812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:22:35.0320 1812 b06bdrv - ok
15:22:35.0348 1812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:22:35.0350 1812 b57nd60a - ok
15:22:35.0399 1812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:22:35.0725 1812 Beep - ok
15:22:35.0763 1812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:22:35.0764 1812 blbdrive - ok
15:22:35.0809 1812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:22:35.0810 1812 bowser - ok
15:22:35.0824 1812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:22:35.0825 1812 BrFiltLo - ok
15:22:35.0842 1812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:22:35.0842 1812 BrFiltUp - ok
15:22:35.0876 1812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:22:35.0878 1812 Brserid - ok
15:22:35.0899 1812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:35.0900 1812 BrSerWdm - ok
15:22:35.0914 1812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:35.0918 1812 BrUsbMdm - ok
15:22:35.0934 1812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:35.0934 1812 BrUsbSer - ok
15:22:35.0961 1812 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
15:22:35.0962 1812 BTCFilterService - ok
15:22:35.0979 1812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:22:35.0980 1812 BTHMODEM - ok
15:22:36.0007 1812 catchme - ok
15:22:36.0036 1812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:22:36.0037 1812 cdfs - ok
15:22:36.0069 1812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:22:36.0070 1812 cdrom - ok
15:22:36.0081 1812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:22:36.0083 1812 circlass - ok
15:22:36.0114 1812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:22:36.0118 1812 CLFS - ok
15:22:36.0146 1812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:22:36.0147 1812 CmBatt - ok
15:22:36.0165 1812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:22:36.0166 1812 cmdide - ok
15:22:36.0195 1812 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:22:36.0199 1812 CNG - ok
15:22:36.0206 1812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:22:36.0208 1812 Compbatt - ok
15:22:36.0245 1812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:22:36.0246 1812 CompositeBus - ok
15:22:36.0265 1812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:22:36.0265 1812 crcdisk - ok
15:22:36.0324 1812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:22:36.0325 1812 DfsC - ok
15:22:36.0346 1812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:22:36.0347 1812 discache - ok
15:22:36.0375 1812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:22:36.0376 1812 Disk - ok
15:22:36.0410 1812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:22:36.0411 1812 drmkaud - ok
15:22:36.0465 1812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:22:36.0472 1812 DXGKrnl - ok
15:22:36.0499 1812 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
15:22:36.0501 1812 eamonm - ok
15:22:36.0584 1812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:22:36.0603 1812 ebdrv - ok
15:22:36.0652 1812 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
15:22:36.0654 1812 ehdrv - ok
15:22:36.0689 1812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:22:36.0693 1812 elxstor - ok
15:22:36.0722 1812 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
15:22:36.0724 1812 epfw - ok
15:22:36.0743 1812 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:22:36.0744 1812 EpfwLWF - ok
15:22:36.0774 1812 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
15:22:36.0775 1812 epfwwfp - ok
15:22:36.0814 1812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:22:36.0814 1812 ErrDev - ok
15:22:36.0849 1812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:22:36.0850 1812 exfat - ok
15:22:36.0867 1812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:22:36.0868 1812 fastfat - ok
15:22:36.0890 1812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:22:36.0891 1812 fdc - ok
15:22:36.0921 1812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:22:36.0922 1812 FileInfo - ok
15:22:36.0938 1812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:22:36.0939 1812 Filetrace - ok
15:22:36.0955 1812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:36.0956 1812 flpydisk - ok
15:22:37.0003 1812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:22:37.0005 1812 FltMgr - ok
15:22:37.0027 1812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:22:37.0031 1812 FsDepends - ok
15:22:37.0040 1812 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:22:37.0041 1812 Fs_Rec - ok
15:22:37.0092 1812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:22:37.0094 1812 fvevol - ok
15:22:37.0104 1812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:22:37.0106 1812 gagp30kx - ok
15:22:37.0156 1812 GGSAFERDriver - ok
15:22:37.0172 1812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:22:37.0173 1812 hcw85cir - ok
15:22:37.0199 1812 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:22:37.0201 1812 HdAudAddService - ok
15:22:37.0217 1812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:22:37.0218 1812 HDAudBus - ok
15:22:37.0231 1812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:22:37.0233 1812 HidBatt - ok
15:22:37.0251 1812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:22:37.0252 1812 HidBth - ok
15:22:37.0270 1812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:22:37.0272 1812 HidIr - ok
15:22:37.0289 1812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:22:37.0290 1812 HidUsb - ok
15:22:37.0318 1812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:22:37.0319 1812 HpSAMD - ok
15:22:37.0371 1812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:22:37.0376 1812 HTTP - ok
15:22:37.0414 1812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:22:37.0415 1812 hwpolicy - ok
15:22:37.0432 1812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:22:37.0433 1812 i8042prt - ok
15:22:37.0455 1812 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:22:37.0459 1812 iaStorV - ok
15:22:37.0592 1812 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:22:37.0636 1812 igfx - ok
15:22:37.0650 1812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:22:37.0650 1812 iirsp - ok
15:22:37.0680 1812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:22:37.0681 1812 intelide - ok
15:22:37.0699 1812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:22:37.0700 1812 intelppm - ok
15:22:37.0742 1812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:37.0743 1812 IpFilterDriver - ok
15:22:37.0773 1812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:22:37.0774 1812 IPMIDRV - ok
15:22:37.0796 1812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:22:37.0797 1812 IPNAT - ok
15:22:37.0815 1812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:22:37.0815 1812 IRENUM - ok
15:22:37.0833 1812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:22:37.0834 1812 isapnp - ok
15:22:37.0859 1812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:22:37.0862 1812 iScsiPrt - ok
15:22:37.0901 1812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:37.0902 1812 kbdclass - ok
15:22:37.0920 1812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:22:37.0921 1812 kbdhid - ok
15:22:37.0959 1812 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:22:37.0960 1812 KSecDD - ok
15:22:37.0976 1812 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:22:37.0978 1812 KSecPkg - ok
15:22:37.0998 1812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:22:37.0998 1812 ksthunk - ok
15:22:38.0070 1812 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
15:22:38.0071 1812 Lavasoft Kernexplorer - ok
15:22:38.0092 1812 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
15:22:38.0092 1812 Lbd - ok
15:22:38.0114 1812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:22:38.0115 1812 lltdio - ok
15:22:38.0155 1812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:22:38.0156 1812 LSI_FC - ok
15:22:38.0171 1812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:22:38.0172 1812 LSI_SAS - ok
15:22:38.0186 1812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:22:38.0187 1812 LSI_SAS2 - ok
15:22:38.0197 1812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:22:38.0199 1812 LSI_SCSI - ok
15:22:38.0240 1812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:22:38.0241 1812 luafv - ok
15:22:38.0281 1812 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:22:38.0282 1812 MBAMProtector - ok
15:22:38.0329 1812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:22:38.0330 1812 megasas - ok
15:22:38.0347 1812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:22:38.0350 1812 MegaSR - ok
15:22:38.0366 1812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:22:38.0367 1812 Modem - ok
15:22:38.0399 1812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:22:38.0400 1812 monitor - ok
15:22:38.0430 1812 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
15:22:38.0431 1812 motccgp - ok
15:22:38.0472 1812 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
15:22:38.0473 1812 motccgpfl - ok
15:22:38.0501 1812 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
15:22:38.0503 1812 motmodem - ok
15:22:38.0523 1812 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
15:22:38.0524 1812 MotoSwitchService - ok
15:22:38.0552 1812 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
15:22:38.0553 1812 Motousbnet - ok
15:22:38.0572 1812 motusbdevice (4244e427cda5f6485e74461b5b48a7b6) C:\Windows\system32\DRIVERS\motusbdevice.sys
15:22:38.0573 1812 motusbdevice - ok
15:22:38.0608 1812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:22:38.0609 1812 mouclass - ok
15:22:38.0626 1812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:22:38.0626 1812 mouhid - ok
15:22:38.0670 1812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:22:38.0671 1812 mountmgr - ok
15:22:38.0690 1812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:22:38.0691 1812 mpio - ok
15:22:38.0711 1812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:22:38.0712 1812 mpsdrv - ok
15:22:38.0755 1812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:22:38.0756 1812 MRxDAV - ok
15:22:38.0789 1812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:38.0790 1812 mrxsmb - ok
15:22:38.0829 1812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:38.0831 1812 mrxsmb10 - ok
15:22:38.0855 1812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:38.0857 1812 mrxsmb20 - ok
15:22:38.0891 1812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:22:38.0892 1812 msahci - ok
15:22:38.0913 1812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:22:38.0915 1812 msdsm - ok
15:22:38.0940 1812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:22:38.0941 1812 Msfs - ok
15:22:38.0952 1812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:22:38.0953 1812 mshidkmdf - ok
15:22:38.0977 1812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:22:38.0978 1812 msisadrv - ok
15:22:38.0996 1812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:22:38.0997 1812 MSKSSRV - ok
15:22:39.0010 1812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:39.0011 1812 MSPCLOCK - ok
15:22:39.0022 1812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:22:39.0023 1812 MSPQM - ok
15:22:39.0082 1812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:22:39.0085 1812 MsRPC - ok
15:22:39.0102 1812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:22:39.0103 1812 mssmbios - ok
15:22:39.0111 1812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:22:39.0113 1812 MSTEE - ok
15:22:39.0132 1812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:22:39.0132 1812 MTConfig - ok
15:22:39.0148 1812 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
15:22:39.0149 1812 MTsensor - ok
15:22:39.0166 1812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:22:39.0167 1812 Mup - ok
15:22:39.0195 1812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:22:39.0198 1812 NativeWifiP - ok
15:22:39.0360 1812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:22:39.0366 1812 NDIS - ok
15:22:39.0399 1812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:39.0400 1812 NdisCap - ok
15:22:39.0420 1812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:39.0421 1812 NdisTapi - ok
15:22:39.0452 1812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:39.0452 1812 Ndisuio - ok
15:22:39.0488 1812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:39.0490 1812 NdisWan - ok
15:22:39.0523 1812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:22:39.0524 1812 NDProxy - ok
15:22:39.0542 1812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:22:39.0543 1812 NetBIOS - ok
15:22:39.0558 1812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:22:39.0560 1812 NetBT - ok
15:22:39.0612 1812 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
15:22:39.0617 1812 netr28x - ok
15:22:39.0639 1812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:22:39.0640 1812 nfrd960 - ok
15:22:39.0664 1812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:22:39.0665 1812 Npfs - ok
15:22:39.0692 1812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:22:39.0693 1812 nsiproxy - ok
15:22:39.0769 1812 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:22:39.0779 1812 Ntfs - ok
15:22:39.0794 1812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:22:39.0795 1812 Null - ok
15:22:40.0037 1812 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:22:40.0123 1812 nvlddmkm - ok
15:22:40.0168 1812 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:22:40.0170 1812 nvraid - ok
15:22:40.0186 1812 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:22:40.0187 1812 nvstor - ok
15:22:40.0237 1812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:22:40.0238 1812 nv_agp - ok
15:22:40.0258 1812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:22:40.0259 1812 ohci1394 - ok
15:22:40.0284 1812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:22:40.0286 1812 Parport - ok
15:22:40.0314 1812 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:22:40.0315 1812 partmgr - ok
15:22:40.0345 1812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:22:40.0347 1812 pci - ok
15:22:40.0386 1812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:22:40.0387 1812 pciide - ok
15:22:40.0416 1812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:22:40.0418 1812 pcmcia - ok
15:22:40.0457 1812 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
15:22:40.0458 1812 pcouffin - ok
15:22:40.0473 1812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:22:40.0474 1812 pcw - ok
15:22:40.0499 1812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:22:40.0508 1812 PEAUTH - ok
15:22:40.0536 1812 pfc - ok
15:22:40.0616 1812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:22:40.0617 1812 PptpMiniport - ok
15:22:40.0636 1812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:22:40.0638 1812 Processor - ok
15:22:40.0690 1812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:22:40.0692 1812 Psched - ok
15:22:40.0750 1812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:22:40.0760 1812 ql2300 - ok
15:22:40.0807 1812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:22:40.0809 1812 ql40xx - ok
15:22:40.0839 1812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:22:40.0840 1812 QWAVEdrv - ok
15:22:40.0857 1812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:22:40.0858 1812 RasAcd - ok
15:22:40.0891 1812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:22:40.0892 1812 RasAgileVpn - ok
15:22:40.0932 1812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:40.0933 1812 Rasl2tp - ok
15:22:40.0949 1812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:40.0950 1812 RasPppoe - ok
15:22:40.0967 1812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:22:40.0968 1812 RasSstp - ok
15:22:41.0013 1812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:22:41.0015 1812 rdbss - ok
15:22:41.0038 1812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:22:41.0039 1812 rdpbus - ok
15:22:41.0058 1812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:41.0059 1812 RDPCDD - ok
15:22:41.0084 1812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:22:41.0085 1812 RDPENCDD - ok
15:22:41.0102 1812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:22:41.0103 1812 RDPREFMP - ok
15:22:41.0148 1812 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:22:41.0150 1812 RDPWD - ok
15:22:41.0194 1812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:22:41.0196 1812 rdyboost - ok
15:22:41.0251 1812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:22:41.0253 1812 rspndr - ok
15:22:41.0285 1812 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:22:41.0288 1812 RTL8167 - ok
15:22:41.0348 1812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:22:41.0349 1812 sbp2port - ok
15:22:41.0396 1812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:22:41.0397 1812 scfilter - ok
15:22:41.0449 1812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:22:41.0450 1812 secdrv - ok
15:22:41.0476 1812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:22:41.0477 1812 Serenum - ok
15:22:41.0494 1812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:22:41.0495 1812 Serial - ok
15:22:41.0530 1812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:22:41.0531 1812 sermouse - ok
15:22:41.0585 1812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:22:41.0585 1812 sffdisk - ok
15:22:41.0600 1812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:22:41.0600 1812 sffp_mmc - ok
15:22:41.0619 1812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:22:41.0619 1812 sffp_sd - ok
15:22:41.0642 1812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:22:41.0643 1812 sfloppy - ok
15:22:41.0665 1812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:22:41.0666 1812 SiSRaid2 - ok
15:22:41.0686 1812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:22:41.0687 1812 SiSRaid4 - ok
15:22:41.0702 1812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:22:41.0703 1812 Smb - ok
15:22:41.0717 1812 speedfan - ok
15:22:41.0740 1812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:22:41.0741 1812 spldr - ok
15:22:41.0790 1812 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:22:41.0796 1812 sptd - ok
15:22:41.0841 1812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:22:41.0844 1812 srv - ok
15:22:41.0883 1812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:22:41.0886 1812 srv2 - ok
15:22:41.0901 1812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:22:41.0902 1812 srvnet - ok
15:22:41.0932 1812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:22:41.0933 1812 stexstor - ok
15:22:41.0976 1812 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:22:41.0978 1812 StillCam - ok
15:22:42.0006 1812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:22:42.0007 1812 swenum - ok
15:22:42.0084 1812 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:22:42.0096 1812 Tcpip - ok
15:22:42.0143 1812 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:22:42.0154 1812 TCPIP6 - ok
15:22:42.0194 1812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:22:42.0195 1812 tcpipreg - ok
15:22:42.0223 1812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:22:42.0224 1812 TDPIPE - ok
15:22:42.0241 1812 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:22:42.0242 1812 TDTCP - ok
15:22:42.0281 1812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:22:42.0283 1812 tdx - ok
15:22:42.0299 1812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:22:42.0301 1812 TermDD - ok
15:22:42.0367 1812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:42.0368 1812 tssecsrv - ok
15:22:42.0420 1812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:22:42.0421 1812 TsUsbFlt - ok
15:22:42.0454 1812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:22:42.0455 1812 tunnel - ok
15:22:42.0479 1812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:22:42.0480 1812 uagp35 - ok
15:22:42.0526 1812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:22:42.0530 1812 udfs - ok
15:22:42.0568 1812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:22:42.0569 1812 uliagpkx - ok
15:22:42.0589 1812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:22:42.0590 1812 umbus - ok
15:22:42.0633 1812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:22:42.0633 1812 UmPass - ok
15:22:42.0652 1812 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:42.0653 1812 usbccgp - ok
15:22:42.0686 1812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:22:42.0687 1812 usbcir - ok
15:22:42.0706 1812 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:22:42.0707 1812 usbehci - ok
15:22:42.0726 1812 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:22:42.0729 1812 usbhub - ok
15:22:42.0747 1812 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:22:42.0748 1812 usbohci - ok
15:22:42.0769 1812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:22:42.0770 1812 usbprint - ok
15:22:42.0792 1812 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:42.0793 1812 USBSTOR - ok
15:22:42.0807 1812 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:22:42.0807 1812 usbuhci - ok
15:22:42.0844 1812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:22:42.0845 1812 vdrvroot - ok
15:22:42.0865 1812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:42.0866 1812 vga - ok
15:22:42.0888 1812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:22:42.0889 1812 VgaSave - ok
15:22:42.0915 1812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:22:42.0916 1812 vhdmp - ok
15:22:42.0932 1812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:22:42.0933 1812 viaide - ok
15:22:42.0956 1812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:22:42.0957 1812 volmgr - ok
15:22:42.0999 1812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:22:43.0003 1812 volmgrx - ok
15:22:43.0025 1812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:22:43.0027 1812 volsnap - ok
15:22:43.0063 1812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:22:43.0064 1812 vsmraid - ok
15:22:43.0084 1812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:22:43.0085 1812 vwifibus - ok
15:22:43.0101 1812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:22:43.0102 1812 vwififlt - ok
15:22:43.0127 1812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:22:43.0128 1812 WacomPen - ok
15:22:43.0162 1812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:22:43.0164 1812 WANARP - ok
15:22:43.0168 1812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:22:43.0169 1812 Wanarpv6 - ok
15:22:43.0212 1812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:22:43.0213 1812 Wd - ok
15:22:43.0249 1812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:22:43.0253 1812 Wdf01000 - ok
15:22:43.0301 1812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:22:43.0302 1812 WfpLwf - ok
15:22:43.0324 1812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:22:43.0325 1812 WIMMount - ok
15:22:43.0376 1812 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:22:43.0377 1812 WinUsb - ok
15:22:43.0428 1812 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
15:22:43.0428 1812 WmBEnum - ok
15:22:43.0451 1812 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
15:22:43.0452 1812 WmFilter - ok
15:22:43.0469 1812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:22:43.0469 1812 WmiAcpi - ok
15:22:43.0526 1812 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
15:22:43.0526 1812 WmVirHid - ok
15:22:43.0565 1812 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
15:22:43.0566 1812 WmXlCore - ok
15:22:43.0599 1812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:22:43.0601 1812 ws2ifsl - ok
15:22:43.0655 1812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:22:43.0656 1812 WudfPf - ok
15:22:43.0710 1812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:43.0712 1812 WUDFRd - ok
15:22:43.0750 1812 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0
15:22:43.0779 1812 \Device\Harddisk0\DR0 - ok
15:22:43.0782 1812 Boot (0x1200) (90c86de05767949cc21b64806c9866c2) \Device\Harddisk0\DR0\Partition0
15:22:43.0783 1812 \Device\Harddisk0\DR0\Partition0 - ok
15:22:43.0786 1812 ============================================================
15:22:43.0786 1812 Scan finished
15:22:43.0786 1812 ============================================================
15:22:43.0860 7440 Detected object count: 0
15:22:43.0861 7440 Actual detected object count: 0


Nothing found, no reboot, nothin'.

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:54 AM

Posted 21 January 2012 - 06:14 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 09:45 PM

Uhhmm. My post's too long and the attachment is too large to attach on here. So I guess I have to split this into chunks. Sorry.
Edit: Content removed; please see attachment below.

Edited by Cratti, 21 January 2012 - 10:02 PM.


#7 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 09:53 PM

Content removed due to space constraints

Edited by Cratti, 21 January 2012 - 10:01 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:54 AM

Posted 21 January 2012 - 09:55 PM

perhaps you could zip that file up and attach it as the forum software doesn't appear to be co-operating

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 09:56 PM

Edited for brevity's sake.

Edited by Cratti, 21 January 2012 - 10:00 PM.


#10 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 09:58 PM

perhaps you could zip that file up and attach it as the forum software doesn't appear to be co-operating


Uhm.
Yeah.
I feel pretty stupid. Sorry, been coming down with a cold and it tends to lead to more lapses in good judgement than I'd like to admit.
Feel free to delete those ridiculous posts.

Edit: Hey, I managed to actually click "attach" this time...

Attached Files

  • Attached File  log.zip   162.66KB   3 downloads

Edited by Cratti, 21 January 2012 - 09:59 PM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:54 AM

Posted 21 January 2012 - 09:59 PM

no problem

I can't delete them

you could just edit the content out if you wish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 10:03 PM

Alright, that works too. Attachment included in prior post (another brain-fart, sorry) and ridiculously long posts edited. Sorry for the spam.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:54 AM

Posted 21 January 2012 - 10:20 PM

That's OK, you have given me a giggle with your comments, so it's all good

(hope you feel better soon)


Please do the following:

(the log won't be so huge this time as the "snapshot" section has been reset)

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
c:\programdata\kcxdbaa.tmp
c:\programdata\mcxdbaa.tmp
c:\programdata\lcxdbaa.tmp
c:\programdata\jcxdbaa.tmp
c:\programdata\icxdbaa.tmp

FCopy::
c:\windows\ERDNT\cache86\user32.dll | c:\windows\SysWOW64\user32.dll


ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 January 2012 - 11:18 PM

ComboFix again (with the script)


ComboFix 12-01-21.02 - Chris 01/21/2012 21:45:14.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4199 [GMT -6:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\icxdbaa.tmp"
"c:\programdata\jcxdbaa.tmp"
"c:\programdata\kcxdbaa.tmp"
"c:\programdata\lcxdbaa.tmp"
"c:\programdata\mcxdbaa.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\icxdbaa.tmp
c:\programdata\jcxdbaa.tmp
c:\programdata\kcxdbaa.tmp
c:\programdata\lcxdbaa.tmp
c:\programdata\mcxdbaa.tmp
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache86\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 03:53 . 2012-01-22 03:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-22 03:53 . 2012-01-22 03:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-22 03:53 . 2012-01-22 03:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-22 03:53 . 2012-01-22 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-21 02:42 . 2012-01-21 02:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-21 02:42 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-20 23:42 . 2012-01-20 16:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-20 16:40 . 2012-01-20 16:40 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-20 16:30 . 2012-01-20 16:30 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-20 16:30 . 2011-12-23 13:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-20 16:30 . 2012-01-20 16:30 -------- d-----w- c:\programdata\Lavasoft
2012-01-20 16:30 . 2012-01-20 16:30 -------- d-----w- c:\program files (x86)\Lavasoft
2012-01-20 15:42 . 2012-01-20 15:42 16200 ----a-w- c:\windows\stinger.sys
2012-01-20 15:42 . 2012-01-21 00:26 -------- d-----w- c:\program files (x86)\stinger
2012-01-20 15:05 . 2012-01-20 15:05 -------- d-----w- c:\program files (x86)\CCleaner
2012-01-20 07:17 . 2012-01-20 07:17 -------- d-----w- C:\e
2012-01-16 03:32 . 2012-01-16 03:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-16 02:05 . 2012-01-16 02:05 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-01-16 02:05 . 2012-01-16 02:05 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 00:04 . 2012-01-20 23:41 -------- d-----w- c:\program files (x86)\TNod User & Password Finder
2012-01-14 21:15 . 2012-01-14 21:15 -------- d-----w- c:\program files\ESET
2012-01-12 18:02 . 2012-01-12 18:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 18:02 . 2012-01-12 18:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 18:02 . 2012-01-12 18:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 18:02 . 2012-01-12 18:02 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 13:48 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 13:48 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:48 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 13:48 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 13:48 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:48 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 13:48 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:48 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-01 19:31 . 2012-01-01 19:31 -------- d-----w- c:\users\Chris\AppData\Local\Gas Powered Games
2012-01-01 18:47 . 2012-01-01 18:55 -------- d-----w- c:\program files (x86)\Supreme Commander 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 05:01 . 2011-05-14 23:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 02:19 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 11:54 . 2010-05-18 09:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:41 . 2011-12-14 02:19 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 02:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 02:19 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 02:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 02:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 02:19 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 02:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 9CA3C2B189C5507E8EB1534AA0118040 . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-01-22_02.17.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-22 02:49 . 2012-01-22 02:49 16384 c:\windows\temp\SDIAG_c763c79b-b448-4519-a63c-c17f88f79ee3\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-22 03:39 . 2012-01-22 03:39 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{AC26FC2E-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:41 . 2012-01-22 03:42 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDB91B0E-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:41 . 2012-01-22 03:43 96256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F4B50DA8-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:37 59392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3920B03-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:37 60928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3920B02-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:26 . 2012-01-22 03:28 41472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DACE924E-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:36 80384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2FD0E31-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:11 . 2012-01-22 03:18 65024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA9474F8-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:11 . 2012-01-22 03:17 44032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7F46BE1-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:18 . 2012-01-22 03:23 23040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6E0EF6A-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:25 . 2012-01-22 03:25 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6C43CA3-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:41 . 2012-01-22 02:45 76800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{944175F6-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:02 . 2012-01-22 03:03 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E106B34-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:26 . 2012-01-22 02:29 80896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73CC6CEB-44A0-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:01 . 2012-01-22 03:03 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7089343E-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:22 . 2012-01-22 03:23 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{60A53379-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:22 . 2012-01-22 03:22 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4598B07C-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:29 . 2012-01-22 03:36 81408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4276FEBC-44A9-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:00 . 2012-01-22 03:03 77312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3959AE6E-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:59 . 2012-01-22 02:59 17920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21B482DE-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:35 . 2012-01-22 03:40 23552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13509AA6-44AA-11E1-B8EF-00248CDDED69}.dat
- 2012-01-15 17:13 . 2012-01-22 00:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-15 17:13 . 2012-01-22 03:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-01-15 17:13 . 2012-01-22 00:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2012-01-15 17:13 . 2012-01-22 03:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2011-04-21 08:00 . 2012-01-22 03:41 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-04-21 08:00 . 2012-01-22 02:16 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-08-11 19:55 . 2012-01-22 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-11 19:55 . 2012-01-22 02:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-11 19:55 . 2012-01-22 01:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-11 19:55 . 2012-01-22 02:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-11 19:55 . 2012-01-22 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-11 19:55 . 2012-01-22 02:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-17 01:03 . 2012-01-22 02:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-17 01:03 . 2012-01-22 02:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-17 01:03 . 2012-01-22 02:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-17 01:03 . 2012-01-22 02:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-22 03:39 . 2012-01-22 03:39 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{AC26FC2C-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:39 . 2012-01-22 03:39 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{AC26FC2B-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-21 19:42 . 2012-01-22 03:42 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{03E69C10-4468-11E1-AEAB-00248CDDED69}.dat
- 2012-01-21 19:42 . 2012-01-22 00:43 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{03E69C10-4468-11E1-AEAB-00248CDDED69}.dat
+ 2012-01-22 02:29 . 2012-01-22 02:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F6D4E8FE-44A0-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:41 . 2012-01-22 03:41 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F4B50DA7-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:27 . 2012-01-22 03:27 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F356005E-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E91E8052-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:05 . 2012-01-22 03:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E6DC94C0-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:19 . 2012-01-22 03:25 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E610B6C1-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:43 . 2012-01-22 02:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E5114D63-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:12 . 2012-01-22 03:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E410447D-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3B780D3-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:05 . 2012-01-22 03:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0A107E4-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:19 . 2012-01-22 03:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DE948304-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:22 . 2012-01-22 02:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDC00F2D-449F-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:21 . 2012-01-22 02:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC883AE9-449F-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:26 . 2012-01-22 03:26 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DACE924D-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:21 . 2012-01-22 02:21 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6B6448C-449F-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:21 . 2012-01-22 02:21 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6B61D7C-449F-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:28 . 2012-01-22 02:28 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D32507A1-44A0-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:40 . 2012-01-22 03:40 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD5429FF-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:11 . 2012-01-22 03:11 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CA9474F7-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:11 . 2012-01-22 03:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C7F46BE0-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:18 . 2012-01-22 03:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6E0EF69-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:35 . 2012-01-22 02:35 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B5A235F4-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:39 . 2012-01-22 03:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B581A481-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:42 . 2012-01-22 02:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B1ACF7D9-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:25 . 2012-01-22 03:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7319D4-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:39 . 2012-01-22 03:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A79D5CA8-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:17 . 2012-01-22 03:17 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9FD81EAB-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:24 . 2012-01-22 03:24 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9BCD260C-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:41 . 2012-01-22 02:41 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{944175F5-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:33 . 2012-01-22 02:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C1F96F6-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:40 . 2012-01-22 02:40 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78067D25-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:23 . 2012-01-22 03:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{756D5701-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:26 . 2012-01-22 02:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73CC6CEA-44A0-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:32 . 2012-01-22 02:36 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{65EB40E7-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:54 . 2012-01-22 02:54 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{63CD064E-44A4-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:29 . 2012-01-22 03:36 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4276FEBB-44A9-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:53 . 2012-01-22 02:53 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3D72D12E-44A4-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:00 . 2012-01-22 03:03 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3959AE6D-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:36 . 2012-01-22 03:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37A71C54-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:45 . 2012-01-22 02:45 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34004ED9-44A3-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:52 . 2012-01-22 02:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{300528C4-44A4-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:00 . 2012-01-22 03:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C02C274-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:35 . 2012-01-22 03:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20FBC178-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:28 . 2012-01-22 03:28 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1711C89B-44A9-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:35 . 2012-01-22 03:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13509AA5-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:30 . 2012-01-22 02:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0DDAB824-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:59 . 2012-01-22 02:59 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0BAA69A1-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:06 . 2012-01-22 03:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{07CF5BF2-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:13 . 2012-01-22 03:13 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02BE1C3D-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:29 . 2012-01-22 02:35 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F6D4E8FF-44A0-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:27 . 2012-01-22 03:27 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F356005F-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:05 . 2012-01-22 03:11 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6DC94C1-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:12 . 2012-01-22 03:19 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E410447E-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:41 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3B780D4-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:22 . 2012-01-22 02:26 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDC00F2E-449F-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:22 . 2012-01-22 02:26 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC883AEA-449F-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:28 . 2012-01-22 02:28 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D32507A2-44A0-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:40 . 2012-01-22 03:40 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD542A00-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:33 . 2012-01-22 03:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8638A42-44A9-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:25 . 2012-01-22 03:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BD2EB220-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:25 . 2012-01-22 03:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6C43CA4-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:25 . 2012-01-22 03:29 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AD7319D5-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:24 . 2012-01-22 03:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4696046-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:17 . 2012-01-22 03:17 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9FD81EAC-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:48 . 2012-01-22 02:49 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E7930FF-44A3-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:24 . 2012-01-22 03:24 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9BCD260D-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:41 . 2012-01-22 02:41 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{98991892-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:02 . 2012-01-22 03:03 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8369AB5A-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:23 . 2012-01-22 03:26 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{756D5702-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:40 . 2012-01-22 02:40 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6435E8B9-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:54 . 2012-01-22 02:54 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63CD064F-44A4-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:53 . 2012-01-22 02:53 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3D72D12F-44A4-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:38 . 2012-01-22 02:39 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BEE1F96-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:00 . 2012-01-22 03:05 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C02C275-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:38 . 2012-01-22 02:38 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2BBDE3D9-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:21 . 2012-01-22 03:21 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2895EB25-44A8-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:42 . 2012-01-22 03:42 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2574C12E-44AB-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:35 . 2012-01-22 03:39 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20FBC179-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:30 . 2012-01-22 02:36 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0DDAB825-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:59 . 2012-01-22 02:59 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BAA69A2-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:06 . 2012-01-22 03:12 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07CF5BF3-44A6-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:13 . 2012-01-22 03:13 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02BE1C3E-44A7-11E1-B8EF-00248CDDED69}.dat
- 2012-01-22 02:16 . 2012-01-22 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 03:55 . 2012-01-22 03:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-22 02:16 . 2012-01-22 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-22 03:55 . 2012-01-22 03:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-21 08:00 . 2012-01-22 03:58 245760 c:\windows\temp\Cookies\index.dat
- 2011-04-21 08:00 . 2012-01-22 02:16 245760 c:\windows\temp\Cookies\index.dat
+ 2012-01-22 03:39 . 2012-01-22 03:39 853504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{AC26FC2D-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:42 . 2012-01-22 03:42 102400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{248DDBB4-44AB-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:43 209408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E91E8053-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:19 . 2012-01-22 03:26 411136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E610B6C2-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:43 . 2012-01-22 02:49 146432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E5114D64-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:05 . 2012-01-22 03:08 117760 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0A107E5-44A5-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:19 . 2012-01-22 03:26 493568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE948305-44A7-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:21 . 2012-01-22 02:28 213504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6B61D7D-449F-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:36 . 2012-01-22 02:36 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2FD0E32-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:35 . 2012-01-22 02:41 109568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5A235F5-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:39 . 2012-01-22 03:43 193536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B581A482-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:42 . 2012-01-22 02:48 186368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1ACF7DA-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:39 . 2012-01-22 03:42 102912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A79D5CA9-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:33 . 2012-01-22 02:40 280064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C1F96F7-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:40 . 2012-01-22 02:45 147968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78067D26-44A2-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:33 . 2012-01-22 02:39 155136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65EB40E8-44A1-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:36 . 2012-01-22 03:41 116736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37A71C55-44AA-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:45 . 2012-01-22 02:51 160256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34004EDA-44A3-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 02:52 . 2012-01-22 02:59 142848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{300528C5-44A4-11E1-B8EF-00248CDDED69}.dat
+ 2012-01-22 03:28 . 2012-01-22 03:34 137728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1711C89C-44A9-11E1-B8EF-00248CDDED69}.dat
+ 2009-07-14 02:36 . 2012-01-22 02:23 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-22 02:00 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-22 02:23 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-22 02:00 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-22 02:15 290600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-22 03:54 290600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-21 08:00 . 2012-01-22 03:58 2392064 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-21 08:00 . 2012-01-22 02:16 2392064 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-21 08:00 . 2012-01-22 03:58 2883584 c:\windows\temp\History\History.IE5\index.dat
- 2011-04-21 08:00 . 2012-01-22 02:16 2883584 c:\windows\temp\History\History.IE5\index.dat
+ 2012-01-22 02:21 . 2012-01-22 02:28 1242624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6B6448D-449F-11E1-B8EF-00248CDDED69}.dat
+ 2010-05-22 03:00 . 2012-01-22 03:54 18189320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2264980532-2362915812-74843369-1000-12288.dat
- 2010-05-22 03:00 . 2012-01-22 01:54 18189320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2264980532-2362915812-74843369-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files (x86)\TVersitybar\prxtbTVe0.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\TVersitybar\prxtbTVe0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files (x86)\TVersitybar\prxtbTVe0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 2273792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-03-01 2841088]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 dopewars-server;dopewars server;c:\program files (x86)\dopewars-1.5.12\dopewars.exe [2011-04-24 301056]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-20 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-20 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-03-01 2841088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 208.180.83.133 208.180.42.68
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xs8zrmne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,7f,f5,d8,65,e2,1e,44,83,63,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,7f,f5,d8,65,e2,1e,44,83,63,fd,\
.
[HKEY_USERS\S-1-5-21-2264980532-2362915812-74843369-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86867A33-83C9-4E38-9992-373AB6C5EAEE}*]
"bbmmpmephfecljbagbkcdolhbkjkjdkfbncb"=hex:61,62,64,70,64,6f,67,6f,6e,63,6c,65,
65,6a,63,6f,62,61,68,6c,6e,6d,61,6d,67,68,6a,65,6b,6c,68,66,62,6a,00,6a
"abmmpmephfecljbagbdcogbkabchffncbp"=hex:65,62,6d,6d,61,6c,6b,70,6b,6c,67,6e,
62,6e,68,68,6f,6f,67,70,66,61,6e,69,67,61,63,70,6e,70,67,6e,6f,6a,6c,6a,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\programdata\TVersity\Media Server\berkelium.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-01-21 22:11:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 04:11
ComboFix2.txt 2012-01-22 02:40
ComboFix3.txt 2011-04-21 00:43
.
Pre-Run: 413,325,803,520 bytes free
Post-Run: 413,288,550,400 bytes free
.
- - End Of File - - 90B5EFC98B84AF7B10094E22C2753CE9

#15 Cratti

Cratti
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 22 January 2012 - 12:10 AM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Chris :: DESKTOP [administrator]

Protection: Enabled

1/21/2012 10:19:20 PM
mbam-log-2012-01-21 (22-19-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197071
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users