Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe CPU Hog


  • This topic is locked This topic is locked
11 replies to this topic

#1 brafas

brafas

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 21 February 2012 - 05:45 PM

For some reason, after a few days of running explorer.exe, it starts to use around 15-20 percent of my CPU. If I restart my computer it goes away for a bit. I used process explorer and found that the thread it was using was called SHLWAPI.dll!SHRegGetUSValueW+0x1a4. Beforehand I did some research and found that users using Search would have this problem but after disabling some Search options it would cease to continue. This was not the case with me. So I come to this forum hoping I can fix this problem. I have included a HijackThis Log.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 27 February 2012 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 brafas

brafas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 27 February 2012 - 02:35 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Braden at 14:29:31 on 2012-02-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1280 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Braden\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
P:\srcds\orangebox\SDOC\sdcontrol.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
P:\srcds\orangebox\SDOC\serverdoc.exe
P:\srcds\orangebox\srcds.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Braden\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Braden\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Braden\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{1B2CD61C-8079-4634-905A-34C2D0E906AC} : NameServer = 208.67.222.222,208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-26 8704]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-1-29 275912]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-26 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-23 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-29 3027840]
.
=============== Created Last 30 ================
.
2012-02-27 14:57:23 -------- d-----w- C:\Users\Braden\AppData\Local\{46361E94-D1F0-4225-BD1A-F9175E605E1D}
2012-02-27 14:57:11 -------- d-----w- C:\Users\Braden\AppData\Local\{86EEFC86-213D-4FBB-BEA0-C4C3C3119943}
2012-02-27 14:21:42 -------- d-----w- C:\Users\Braden\AppData\Local\{DCBDC894-A338-42B4-B4AC-8D20F554EC83}
2012-02-27 14:21:16 -------- d-----w- C:\Users\Braden\AppData\Local\{DE3BA1D9-F75C-4C54-8703-9C530BB7CE9C}
2012-02-27 01:16:00 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-02-27 01:15:28 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-02-26 23:48:28 -------- d-----w- C:\Users\Braden\AppData\Local\{956A9003-5EF0-4229-8946-63D6627AD78F}
2012-02-26 23:48:15 -------- d-----w- C:\Users\Braden\AppData\Local\{BBB56BDB-2945-4F51-91CA-7960E375EDEE}
2012-02-26 19:30:39 -------- d-----w- C:\Users\Braden\Calibre Library
2012-02-26 17:12:17 -------- d-----w- C:\Users\Braden\AppData\Roaming\LibreOffice
2012-02-26 17:10:08 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E589F397-6134-46FD-B3B9-B57BFB4830A1}\mpengine.dll
2012-02-26 16:37:51 -------- d-----w- C:\Users\Braden\AppData\Roaming\Malwarebytes
2012-02-26 16:37:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-26 16:37:10 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-26 16:37:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-26 11:48:02 -------- d-----w- C:\Users\Braden\AppData\Local\{A254E2C4-430E-457E-88F2-DC61074D6998}
2012-02-26 11:47:50 -------- d-----w- C:\Users\Braden\AppData\Local\{06715F7D-60E5-4D4D-8C93-D61EA8FD0E93}
2012-02-26 04:21:46 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent
2012-02-26 04:20:05 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2012-02-26 04:20:05 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2012-02-26 04:20:00 -------- d-----w- C:\Program Files (x86)\MagicDisc
2012-02-26 04:14:41 -------- d-----w- C:\Program Files (x86)\MagicISO
2012-02-26 04:14:34 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.5
2012-02-25 23:47:36 -------- d-----w- C:\Users\Braden\AppData\Local\{23E602ED-4F03-46DF-85A7-55671C2DF59E}
2012-02-25 23:47:24 -------- d-----w- C:\Users\Braden\AppData\Local\{012D6018-E257-45B9-97AB-7F31FA81EB2A}
2012-02-25 16:42:34 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-25 16:42:28 -------- d-----w- C:\Users\Braden\AppData\Local\PunkBuster
2012-02-25 16:37:17 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-25 16:37:17 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-25 16:37:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-25 16:12:40 -------- d-----w- C:\Users\Braden\outerra
2012-02-25 16:09:20 -------- d-----w- C:\Program Files (x86)\Outerra
2012-02-25 11:46:56 -------- d-----w- C:\Users\Braden\AppData\Local\{1C28183F-B0A8-4A7B-AE2F-0CC4CD500969}
2012-02-25 11:46:44 -------- d-----w- C:\Users\Braden\AppData\Local\{0416C87F-3CCE-40B9-AC7D-C662629BC234}
2012-02-24 23:46:31 -------- d-----w- C:\Users\Braden\AppData\Local\{CAF488CE-6D68-4D2C-B8FA-5008C7734768}
2012-02-24 23:46:19 -------- d-----w- C:\Users\Braden\AppData\Local\{E06E1288-E403-43ED-945D-48475A0BB95B}
2012-02-24 11:46:06 -------- d-----w- C:\Users\Braden\AppData\Local\{1F5EED8C-4F1F-482D-AB53-AB9041B5D75C}
2012-02-24 11:45:55 -------- d-----w- C:\Users\Braden\AppData\Local\{2F8641D3-E56D-4D65-A95F-BAC629B1D9FD}
2012-02-23 23:45:42 -------- d-----w- C:\Users\Braden\AppData\Local\{CB766EB0-E38F-4CF3-AC19-1D8D9EFF7249}
2012-02-23 23:45:30 -------- d-----w- C:\Users\Braden\AppData\Local\{B7A7BF90-ECC2-4D1B-B930-B74E85F6F5DE}
2012-02-23 20:19:17 -------- d-----w- C:\Users\Braden\AppData\Local\FeedDemon
2012-02-23 20:18:59 -------- d-----w- C:\Program Files (x86)\FeedDemon
2012-02-23 11:45:17 -------- d-----w- C:\Users\Braden\AppData\Local\{138FB625-F567-40F5-A7D4-E014ED363385}
2012-02-23 11:45:05 -------- d-----w- C:\Users\Braden\AppData\Local\{3DD27499-6ACA-45C4-8496-6E4175739B76}
2012-02-23 02:24:30 1066176 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-23 02:24:23 1066176 ----a-w- C:\Windows\System32\MSCOMCTL.OCX
2012-02-22 23:44:52 -------- d-----w- C:\Users\Braden\AppData\Local\{4045C8EF-F563-45E2-AFBC-294D8B9EFC62}
2012-02-22 23:44:39 -------- d-----w- C:\Users\Braden\AppData\Local\{87158A8F-5809-4F29-9670-30C1070AF1BA}
2012-02-22 20:35:03 -------- d-----w- C:\Windows\System32\appmgmt
2012-02-22 20:22:28 -------- d-----w- C:\Program Files (x86)\ASUS E-Green
2012-02-22 11:44:13 -------- d-----w- C:\Users\Braden\AppData\Local\{AF00BA74-0A2E-4CBE-A7E8-5B80624EBA05}
2012-02-22 11:44:01 -------- d-----w- C:\Users\Braden\AppData\Local\{CD6C41F7-7B89-4FE0-80B0-5FD8307A65AE}
2012-02-22 00:04:21 -------- d-----w- C:\ProgramData\Nexon
2012-02-21 23:43:47 -------- d-----w- C:\Users\Braden\AppData\Local\{36B4ED0E-1FFA-4C86-87DD-0AF9CCEE3F7D}
2012-02-21 23:43:35 -------- d-----w- C:\Users\Braden\AppData\Local\{A4574E98-ACB5-4B8A-BEC5-A5F043419CB4}
2012-02-21 11:43:07 -------- d-----w- C:\Users\Braden\AppData\Local\{7361EC35-94BA-4592-A007-EF609E236E12}
2012-02-21 11:42:55 -------- d-----w- C:\Users\Braden\AppData\Local\{86F324A1-0ACD-4C51-B2C2-CB8271CC3FB4}
2012-02-21 01:45:54 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-21 01:45:41 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-21 01:45:40 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-21 01:45:38 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-21 01:45:37 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-21 01:45:36 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-21 01:44:18 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-21 01:44:18 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-21 01:44:03 860672 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-02-21 01:44:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-21 01:44:01 1013248 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-02-21 01:44:00 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-20 23:42:40 -------- d-----w- C:\Users\Braden\AppData\Local\{C3551FAE-7A87-4B09-8A7B-812E602C332E}
2012-02-20 23:42:27 -------- d-----w- C:\Users\Braden\AppData\Local\{B3CA8A55-C42D-44B2-9851-250C57CEE96E}
2012-02-20 11:42:14 -------- d-----w- C:\Users\Braden\AppData\Local\{E909398C-BC6C-45A1-9B50-8D5094C15C88}
2012-02-20 11:42:02 -------- d-----w- C:\Users\Braden\AppData\Local\{EC2A4DB8-F6FA-4E62-997A-5DA9CC6FBA24}
2012-02-20 02:21:04 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-02-20 02:21:04 497664 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2012-02-20 02:21:03 -------- d-----w- C:\Program Files (x86)\AC3Filter
2012-02-19 23:41:49 -------- d-----w- C:\Users\Braden\AppData\Local\{B7F20B68-5568-4A25-9BE4-470854B16CFD}
2012-02-19 23:41:36 -------- d-----w- C:\Users\Braden\AppData\Local\{051850E3-EAEF-4ECB-A874-4BDAE41D7C75}
2012-02-19 21:13:07 -------- d-----w- C:\RPi
2012-02-19 21:11:17 -------- d-----w- C:\Users\Braden\VirtualBox VMs
2012-02-19 21:00:21 -------- d-----w- C:\Users\Braden\.VirtualBox
2012-02-19 20:55:56 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-02-19 20:54:52 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-02-19 20:54:42 -------- d-----w- C:\Program Files\Oracle
2012-02-19 11:41:23 -------- d-----w- C:\Users\Braden\AppData\Local\{C829FAAE-55FF-4F32-B5D3-C49A0F746824}
2012-02-19 11:41:12 -------- d-----w- C:\Users\Braden\AppData\Local\{28A45E1A-96DC-433B-BE83-DC655043DFCA}
2012-02-19 00:43:12 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2012-02-19 00:29:12 -------- d-----w- C:\ProgramData\NexonUS
2012-02-18 23:40:56 -------- d-----w- C:\Users\Braden\AppData\Local\{D418CE19-4C63-42FD-8A8B-BB97D966839F}
2012-02-18 23:40:43 -------- d-----w- C:\Users\Braden\AppData\Local\{5964DAC5-0B94-4C99-8918-2F722CEDF01A}
2012-02-18 23:23:31 -------- d-----w- C:\Users\Braden\AppData\Local\PMB Files
2012-02-18 23:23:29 -------- d-----w- C:\ProgramData\PMB Files
2012-02-18 23:23:09 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-02-18 11:40:30 -------- d-----w- C:\Users\Braden\AppData\Local\{3B0F8945-A487-4B3D-A419-1E925555AC1B}
2012-02-18 11:40:19 -------- d-----w- C:\Users\Braden\AppData\Local\{8FE8E470-9F88-4BEB-BEDC-78462694DD49}
2012-02-17 23:40:05 -------- d-----w- C:\Users\Braden\AppData\Local\{6FE64893-48B6-472F-9095-FF6527B8415B}
2012-02-17 23:39:51 -------- d-----w- C:\Users\Braden\AppData\Local\{EDF1CF39-F5A9-46B4-974A-33EB67982353}
2012-02-17 11:39:33 -------- d-----w- C:\Users\Braden\AppData\Local\{9DF29BAB-48B7-4962-9F78-9A3D9E84FDFE}
2012-02-17 11:39:21 -------- d-----w- C:\Users\Braden\AppData\Local\{5CF4B38E-86D9-4560-800D-0894367E58CC}
2012-02-16 23:39:06 -------- d-----w- C:\Users\Braden\AppData\Local\{F7B64D7D-2BE7-4AF4-A78B-6EE70B91046C}
2012-02-16 23:38:52 -------- d-----w- C:\Users\Braden\AppData\Local\{7C7860EF-13D6-4A59-BDF6-D852410E7395}
2012-02-16 21:42:44 -------- d-----w- C:\Program Files\Speccy
2012-02-16 11:38:39 -------- d-----w- C:\Users\Braden\AppData\Local\{5D40E8B9-A869-409C-8881-7E85F7E780A9}
2012-02-16 11:38:27 -------- d-----w- C:\Users\Braden\AppData\Local\{80EF75EF-D499-4C7D-B380-F48ADBA73363}
2012-02-15 23:38:13 -------- d-----w- C:\Users\Braden\AppData\Local\{4E09FDAD-C4D7-4EC8-9FF3-6418581A489E}
2012-02-15 23:37:58 -------- d-----w- C:\Users\Braden\AppData\Local\{1AFE26EC-2293-4FD8-9922-A32A419440E0}
2012-02-15 11:37:45 -------- d-----w- C:\Users\Braden\AppData\Local\{1E011205-20A9-4284-8279-F83738A13E88}
2012-02-15 11:37:34 -------- d-----w- C:\Users\Braden\AppData\Local\{445D3C8B-6AAA-4A78-865D-0AB3AD74B117}
2012-02-15 03:57:37 -------- d-----w- C:\Users\Braden\AppData\Roaming\DarknessII
2012-02-14 23:37:20 -------- d-----w- C:\Users\Braden\AppData\Local\{24A6FEA6-2438-44F4-943A-2A108F5A4298}
2012-02-14 23:37:06 -------- d-----w- C:\Users\Braden\AppData\Local\{AEF57E3A-DBD8-4E7A-B447-29E53E0A50FC}
2012-02-14 11:36:53 -------- d-----w- C:\Users\Braden\AppData\Local\{38AAC951-FA74-4FAB-8970-0E47BE6C45B4}
2012-02-14 11:36:42 -------- d-----w- C:\Users\Braden\AppData\Local\{543F64E8-523D-4085-AE74-BAE4D8EB7729}
2012-02-13 23:36:27 -------- d-----w- C:\Users\Braden\AppData\Local\{0BD3685D-08AB-4D9E-BA42-072DAC966601}
2012-02-13 23:36:13 -------- d-----w- C:\Users\Braden\AppData\Local\{B57FF0CA-4E2C-4751-921D-EF941601E7A5}
2012-02-13 11:36:00 -------- d-----w- C:\Users\Braden\AppData\Local\{8E88A75A-C913-4AC6-9076-99EFA2DD868B}
2012-02-13 11:35:48 -------- d-----w- C:\Users\Braden\AppData\Local\{DAEEE09E-BD78-462B-9DD0-9D5457B97D0B}
2012-02-12 23:35:33 -------- d-----w- C:\Users\Braden\AppData\Local\{06D09AED-20E4-40FA-9A50-1F9747788ECA}
2012-02-12 23:35:18 -------- d-----w- C:\Users\Braden\AppData\Local\{1FFC1F59-E14A-4CE5-86EB-881DDA926F30}
2012-02-12 11:35:04 -------- d-----w- C:\Users\Braden\AppData\Local\{3AC6B9FB-4D00-49BF-8474-0A8867FBD5DE}
2012-02-12 11:34:52 -------- d-----w- C:\Users\Braden\AppData\Local\{F140ADA7-5932-4B9F-B1CB-AE3D7AE9CA34}
2012-02-12 04:11:35 -------- d-----w- C:\Users\Braden\AppData\Local\CrashRpt
2012-02-12 04:11:23 -------- d-----w- C:\Users\Braden\AppData\Local\Procaster
2012-02-12 04:11:23 -------- d-----w- C:\Program Files (x86)\Livestream Procaster
2012-02-11 23:34:25 -------- d-----w- C:\Users\Braden\AppData\Local\{F978053A-FE0C-4CF1-98A9-FBC42E352CA1}
2012-02-11 23:34:13 -------- d-----w- C:\Users\Braden\AppData\Local\{7B76A13B-80F5-4096-B886-70B41FD72FB4}
2012-02-11 11:34:00 -------- d-----w- C:\Users\Braden\AppData\Local\{AD3E6A8D-C5E0-468D-B72D-8E181372A412}
2012-02-11 11:33:48 -------- d-----w- C:\Users\Braden\AppData\Local\{6B77CE85-2B03-4EE6-B3EC-47AC5865B1C6}
2012-02-11 03:37:06 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-11 03:36:41 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83DD98C4-AB87-44A7-9734-E76392B7A200}\gapaengine.dll
2012-02-11 03:14:05 -------- d-----w- C:\Users\Braden\AppData\Local\Adobe
2012-02-10 23:33:22 -------- d-----w- C:\Users\Braden\AppData\Local\{6C11FB4C-7B46-4F8E-973E-C111E485A3F6}
2012-02-10 23:33:10 -------- d-----w- C:\Users\Braden\AppData\Local\{D5962823-8786-4852-B57A-308AEB51336B}
2012-02-10 11:32:57 -------- d-----w- C:\Users\Braden\AppData\Local\{E30F500D-9C4B-446E-86C7-118CCBA31EB3}
2012-02-10 11:32:44 -------- d-----w- C:\Users\Braden\AppData\Local\{6F70DA75-5D32-4DCC-8323-B67F91D943F2}
2012-02-10 02:12:43 -------- d-----w- C:\Windows\System32\SPReview
2012-02-10 02:11:32 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-10 02:09:04 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 02:09:02 -------- d-----w- C:\Program Files (x86)\WinSCP
2012-02-10 02:00:59 322048 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2012-02-10 01:59:59 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-02-10 01:58:59 668160 ----a-w- C:\Windows\SysWow64\autochk.exe
2012-02-10 01:57:59 80896 ----a-w- C:\Windows\SysWow64\QUTIL.DLL
2012-02-10 01:56:59 7168 ----a-w- C:\Windows\SysWow64\KBDSF.DLL
2012-02-10 01:55:15 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-02-10 01:55:14 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-02-10 01:55:14 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-02-10 01:45:51 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-02-10 01:45:51 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-02-10 01:43:39 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-02-09 23:32:12 -------- d-----w- C:\Users\Braden\AppData\Local\{70375AB6-0F1C-44B4-ADD5-A85CAFB61229}
2012-02-09 23:31:59 -------- d-----w- C:\Users\Braden\AppData\Local\{4DA30CCA-A51D-4E71-8E34-4E3BE10FFEE3}
2012-02-09 11:31:46 -------- d-----w- C:\Users\Braden\AppData\Local\{047C2777-4B80-4FAE-BFC7-E7A5E601F959}
2012-02-09 11:31:34 -------- d-----w- C:\Users\Braden\AppData\Local\{61AA5C3B-0AC6-46A4-9C49-6AB20C966114}
2012-02-09 02:42:29 -------- d-s---w- C:\Program Files (x86)\HLSW
2012-02-09 02:42:29 -------- d-----w- C:\Users\Braden\AppData\Roaming\HLSW
2012-02-09 00:53:45 -------- d-----w- C:\Windows\pss
2012-02-09 00:53:38 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-09 00:52:53 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-08 23:31:08 -------- d-----w- C:\Users\Braden\AppData\Local\{D735F857-68F3-4621-BC7B-66329E4780E2}
2012-02-08 11:30:44 -------- d-----w- C:\Users\Braden\AppData\Local\{80B4DDAC-CF28-4940-B73F-152B3149DA4C}
2012-02-07 23:30:18 -------- d-----w- C:\Users\Braden\AppData\Local\{027D4D43-9FD7-4FCD-B29C-5E4546E30212}
2012-02-07 11:29:53 -------- d-----w- C:\Users\Braden\AppData\Local\{40FDF462-CF68-4CAB-B0ED-FBA03163EE3B}
2012-02-07 03:25:45 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-02-07 03:25:45 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-02-07 03:25:45 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-02-07 03:24:48 -------- d-----w- C:\Program Files\iPod
2012-02-07 03:24:47 -------- d-----w- C:\Program Files\iTunes
2012-02-07 03:24:47 -------- d-----w- C:\Program Files (x86)\iTunes
2012-02-07 03:13:56 -------- d-----w- C:\Users\Braden\AppData\Local\VS Revo Group
2012-02-07 03:13:44 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-02-07 03:13:42 -------- d-----w- C:\Program Files\VS Revo Group
2012-02-07 03:07:02 -------- d-----w- C:\Users\Braden\AppData\Roaming\redsn0w
2012-02-07 01:25:16 -------- d-----w- C:\Users\Braden\AppData\Roaming\DisplayFusion
2012-02-07 01:24:24 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2012-02-06 23:29:27 -------- d-----w- C:\Users\Braden\AppData\Local\{85F5E8C9-5E5A-4C68-BF15-EE3F9D60A5E5}
2012-02-06 23:29:15 -------- d-----w- C:\Users\Braden\AppData\Local\{2954E46E-5A48-49C1-B441-37935D8B32EF}
2012-02-06 20:28:19 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-06 20:28:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-06 20:28:19 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-06 20:28:19 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-02-06 20:28:19 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-06 20:21:22 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-02-06 20:21:22 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-02-06 20:21:22 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2012-02-06 20:20:42 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-02-06 20:20:42 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-02-06 20:20:42 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-02-06 20:20:41 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-02-06 20:20:41 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-02-06 20:20:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-02-06 20:20:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-02-06 20:20:40 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-02-06 20:20:39 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-02-06 20:20:39 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-02-06 20:20:38 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-02-06 20:13:27 -------- d-----w- C:\Program Files\CCleaner
2012-02-06 11:28:48 -------- d-----w- C:\Users\Braden\AppData\Local\{85F2AED7-B8D2-4EA3-8A37-ABE12E1029C4}
2012-02-06 11:28:37 -------- d-----w- C:\Users\Braden\AppData\Local\{6CE06C0D-8347-4C14-9FC6-530FFCB4A37E}
2012-02-06 02:29:55 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-02-06 02:00:00 -------- d-----w- C:\Users\Braden\AppData\Roaming\XBMC
2012-02-06 01:44:22 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-02-06 01:44:18 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-02-05 23:28:22 -------- d-----w- C:\Users\Braden\AppData\Local\{42DC39B5-519A-4F2E-B8B0-94FE6BD9C166}
2012-02-05 23:28:10 -------- d-----w- C:\Users\Braden\AppData\Local\{05298698-2B1A-4878-B081-BA50187FF4C6}
2012-02-05 18:04:12 -------- d-----w- C:\Skyrim Mods
2012-02-05 17:51:05 -------- d-----w- C:\Users\Braden\AppData\Local\Black_Tree_Gaming
2012-02-05 17:50:43 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-02-05 17:08:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2012-02-05 11:27:42 -------- d-----w- C:\Users\Braden\AppData\Local\{2660BAA9-CFFF-495A-9584-05D5CAED779C}
2012-02-05 11:27:28 -------- d-----w- C:\Users\Braden\AppData\Local\{09B99AD9-1A72-499C-A1F0-9D0016DCC53A}
2012-02-05 05:30:17 -------- d-----w- C:\Users\Braden\AppData\Local\DDMSettings
2012-02-05 05:28:39 -------- d-----w- C:\Program Files\DivX
2012-02-05 05:28:21 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-02-05 05:27:36 -------- d-----w- C:\Program Files (x86)\DivX
2012-02-05 05:26:59 -------- d-----w- C:\ProgramData\DivX
2012-02-05 02:46:14 -------- d-----w- C:\Program Files\Tracker Software
2012-02-04 23:52:42 -------- d-----w- C:\Program Files (x86)\LastPass
2012-02-04 23:27:15 -------- d-----w- C:\Users\Braden\AppData\Local\{381FCD5E-0F37-4855-A5BD-F2AF07559E3E}
2012-02-04 23:27:04 -------- d-----w- C:\Users\Braden\AppData\Local\{333D26C6-8889-4BDF-ABA8-E7A2C89C2B45}
2012-02-04 11:26:51 -------- d-----w- C:\Users\Braden\AppData\Local\{A8595032-DE20-4E3E-9189-2EECD3668A7A}
2012-02-04 11:26:39 -------- d-----w- C:\Users\Braden\AppData\Local\{1E2B6EE9-AF86-47F7-B90C-1E1BFB7FFBEB}
2012-02-03 23:26:26 -------- d-----w- C:\Users\Braden\AppData\Local\{797BED65-D6F6-4647-B0CA-9EA80BC2A0AF}
2012-02-03 23:26:15 -------- d-----w- C:\Users\Braden\AppData\Local\{1725A3FB-27A0-41E7-BEFA-73F1EC6A0DBA}
2012-02-03 11:26:02 -------- d-----w- C:\Users\Braden\AppData\Local\{C94AAAA9-1D82-4AB5-9733-65254791151E}
2012-02-03 11:25:51 -------- d-----w- C:\Users\Braden\AppData\Local\{DD97CB5C-84EA-4CDC-A87A-C28C6C4F5649}
2012-02-02 23:25:37 -------- d-----w- C:\Users\Braden\AppData\Local\{3071F18F-3BD3-4483-9EC2-9D06637F98D5}
2012-02-02 23:25:25 -------- d-----w- C:\Users\Braden\AppData\Local\{D4070AFE-4101-408F-86AD-8D7129B67BFC}
2012-02-02 22:42:46 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-02-02 22:41:51 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-02-02 22:41:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-02-02 11:25:12 -------- d-----w- C:\Users\Braden\AppData\Local\{A2B73F62-BF5A-4CFE-A539-BAAB6D4F6F07}
2012-02-02 11:25:00 -------- d-----w- C:\Users\Braden\AppData\Local\{BAC075AB-49A4-4A3B-8966-2237E8895EFB}
2012-02-01 23:30:28 -------- d-----w- C:\Program Files (x86)\Audacity
2012-02-01 23:24:47 -------- d-----w- C:\Users\Braden\AppData\Local\{C49486CD-2759-4886-86EB-6CAD68CE794B}
2012-02-01 23:24:35 -------- d-----w- C:\Users\Braden\AppData\Local\{08027E46-B124-4DA1-8D4E-4E8F3D128A06}
2012-02-01 11:24:09 -------- d-----w- C:\Users\Braden\AppData\Local\{803048E4-D702-4CC8-A0AD-2F3BB3E1F5C1}
2012-02-01 11:23:58 -------- d-----w- C:\Users\Braden\AppData\Local\{B7E7C5AF-421B-41C1-A1FE-EEC281D0D4F3}
2012-01-31 23:23:45 -------- d-----w- C:\Users\Braden\AppData\Local\{F91AF8B4-C50C-4261-B3AD-8AF9568DCE49}
2012-01-31 23:23:33 -------- d-----w- C:\Users\Braden\AppData\Local\{659307F0-3B4D-4358-8754-BFF1D5238789}
2012-01-31 11:23:20 -------- d-----w- C:\Users\Braden\AppData\Local\{CDA6D832-53D3-4206-8554-CEF53CEE07DF}
2012-01-31 11:23:09 -------- d-----w- C:\Users\Braden\AppData\Local\{0D75F11D-53A3-4F2F-BEE4-E259DACDAA20}
2012-01-31 00:28:57 -------- d-----w- C:\Program Files (x86)\AMD
2012-01-31 00:28:53 -------- d-----w- C:\Users\Braden\AppData\Local\Downloaded Installations
2012-01-31 00:28:46 -------- d-----w- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-01-31 00:28:45 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-01-31 00:26:03 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
2012-01-31 00:26:03 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2012-01-31 00:26:03 513544 ----a-w- C:\Windows\System32\XAudio2_2.dll
2012-01-31 00:26:03 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2012-01-31 00:26:01 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2012-01-31 00:26:01 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-01-31 00:26:01 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll
2012-01-31 00:26:01 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2012-01-31 00:26:01 177672 ----a-w- C:\Windows\System32\xactengine3_2.dll
2012-01-31 00:26:01 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-01-31 00:26:00 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2012-01-31 00:26:00 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-01-30 23:22:52 -------- d-----w- C:\Users\Braden\AppData\Local\{66B3B7DC-9763-441A-A3AD-221380FCB53D}
2012-01-30 23:22:37 -------- d-----w- C:\Users\Braden\AppData\Local\{DCBAF30A-F26F-456C-A982-B004FFA553FC}
2012-01-30 11:22:23 -------- d-----w- C:\Users\Braden\AppData\Local\{FA703812-67B3-455F-8D18-0064AACFFCCE}
2012-01-30 11:22:12 -------- d-----w- C:\Users\Braden\AppData\Local\{EB0FF9BF-7043-4896-A5A7-DBE4EC26D353}
2012-01-29 23:21:57 -------- d-----w- C:\Users\Braden\AppData\Local\{D92E2685-A518-48CA-B72A-77583A018649}
2012-01-29 23:21:45 -------- d-----w- C:\Users\Braden\AppData\Local\{9E51B359-8FEA-450D-98EA-54DCC7C8C83F}
2012-01-29 22:50:01 -------- d-----w- C:\Users\Braden\AppData\Roaming\OpenOffice.org
2012-01-29 21:30:45 -------- d-----w- C:\Users\Braden\AppData\Roaming\TeamViewer
2012-01-29 21:29:49 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-01-29 21:02:36 -------- d-----w- C:\Program Files (x86)\JDownloader
2012-01-29 16:03:17 -------- d-----w- C:\Users\Braden\AppData\Local\Trend Micro
2012-01-29 16:02:16 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-01-29 16:02:15 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-01-29 16:02:14 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-01-29 16:02:05 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-01-29 16:02:05 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-01-29 16:02:05 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-01-29 16:01:05 -------- d-----w- C:\ProgramData\Trend Micro
2012-01-29 16:00:53 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-01-29 16:00:29 -------- d-----w- C:\Program Files\Trend Micro
2012-01-29 11:21:17 -------- d-----w- C:\Users\Braden\AppData\Local\{775CDD2C-2D29-4A6B-B70C-903EDC440E04}
2012-01-29 11:21:06 -------- d-----w- C:\Users\Braden\AppData\Local\{43B74D2A-FCE5-4A9C-90A7-A5AD52AFD551}
2012-01-29 03:46:47 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-01-28 23:20:53 -------- d-----w- C:\Users\Braden\AppData\Local\{266118F6-3210-4E04-91A4-AE2E64681F72}
2012-01-28 23:20:41 -------- d-----w- C:\Users\Braden\AppData\Local\{D9970CDF-8119-4581-9963-A344AD2C3856}
2012-01-28 21:46:31 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-01-28 21:46:02 -------- d-----w- C:\Users\Braden\AppData\Roaming\uTorrent
2012-01-28 21:39:04 -------- d-----w- C:\Users\Braden\AppData\Local\Apple Computer
2012-01-28 21:37:26 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-28 21:36:24 -------- d-----w- C:\Users\Braden\AppData\Local\Apple
2012-01-28 21:35:14 -------- d-----w- C:\Program Files\Bonjour
2012-01-28 21:35:14 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2012-02-25 17:08:21 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 02:31:44 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-10 02:31:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-24 03:06:12 77352 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2012-01-24 01:57:58 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-01-24 01:50:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-19 18:45:22 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-12-19 18:43:54 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-12-19 18:43:54 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:31:10.64 ===============

Attached Files


Edited by brafas, 27 February 2012 - 02:36 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 28 February 2012 - 07:51 AM

Please run the other 2 tools I also requested in my first post.

Post the results when ready.

#5 brafas

brafas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 February 2012 - 04:35 PM

Sorry for the erroneous first post. I was so caught up in getting the first step right :). Here's the second part.


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 16:29:57
-----------------------------
16:29:57.731 OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:57.731 Number of processors: 4 586 0x403
16:29:57.732 ComputerName: BRADEN-PC UserName: Braden
16:30:00.194 Initialize success
16:30:33.170 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:30:33.171 Disk 0 Vendor: WDC_WD1001FALS-00Y6A0 05.01D05 Size: 953869MB BusType: 3
16:30:33.174 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-3
16:30:33.177 Disk 1 Vendor: ST3500620AS HP24 Size: 476940MB BusType: 3
16:30:33.186 Disk 1 MBR read successfully
16:30:33.188 Disk 1 MBR scan
16:30:33.191 Disk 1 Windows 7 default MBR code
16:30:33.194 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463461 MB offset 63
16:30:33.216 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 13476 MB offset 949168395
16:30:33.267 Disk 1 scanning C:\Windows\system32\drivers
16:30:46.012 Service scanning
16:30:54.228 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:31:05.838 Modules scanning
16:31:05.843 Disk 1 trace - called modules:
16:31:05.851 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:31:05.854 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004a49060]
16:31:05.857 3 CLASSPNP.SYS[fffff8800198d43f] -> nt!IofCallDriver -> [0xfffffa8003aea670]
16:31:05.860 5 ACPI.sys[fffff88000edf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0xfffffa800445c060]
16:31:05.864 Scan finished successfully
16:31:45.737 Disk 1 MBR has been saved successfully to "C:\Users\Braden\Desktop\MBR.dat"
16:31:45.743 The log file has been saved successfully to "C:\Users\Braden\Desktop\aswMBR.txt"




Attached File  MBR.zip   594bytes   0 downloads

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 29 February 2012 - 08:21 AM

Can you now run the TDSSKiller.exe and post the log.

#7 brafas

brafas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 29 February 2012 - 11:17 AM

16:27:26.0338 5952 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:27:26.0797 5952 ============================================================
16:27:26.0798 5952 Current date / time: 2012/02/28 16:27:26.0797
16:27:26.0798 5952 SystemInfo:
16:27:26.0798 5952
16:27:26.0798 5952 OS Version: 6.1.7601 ServicePack: 1.0
16:27:26.0798 5952 Product type: Workstation
16:27:26.0798 5952 ComputerName: BRADEN-PC
16:27:26.0798 5952 UserName: Braden
16:27:26.0798 5952 Windows directory: C:\Windows
16:27:26.0798 5952 System windows directory: C:\Windows
16:27:26.0798 5952 Running under WOW64
16:27:26.0798 5952 Processor architecture: Intel x64
16:27:26.0798 5952 Number of processors: 4
16:27:26.0798 5952 Page size: 0x1000
16:27:26.0798 5952 Boot type: Normal boot
16:27:26.0798 5952 ============================================================
16:27:34.0991 5952 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:35.0006 5952 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:35.0407 5952 \Device\Harddisk0\DR0:
16:27:35.0423 5952 MBR used
16:27:35.0423 5952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:27:35.0423 5952 \Device\Harddisk1\DR1:
16:27:35.0450 5952 MBR used
16:27:35.0450 5952 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x389328CC
16:27:35.0450 5952 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3893290B, BlocksNum 0x1A52336
16:27:35.0616 5952 Initialize success
16:27:35.0616 5952 ============================================================
16:27:56.0071 4216 ============================================================
16:27:56.0071 4216 Scan started
16:27:56.0071 4216 Mode: Manual;
16:27:56.0071 4216 ============================================================
16:27:59.0899 4216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:27:59.0903 4216 1394ohci - ok
16:27:59.0948 4216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:27:59.0954 4216 ACPI - ok
16:27:59.0994 4216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:27:59.0996 4216 AcpiPmi - ok
16:28:00.0066 4216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:00.0073 4216 adp94xx - ok
16:28:00.0099 4216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:28:00.0105 4216 adpahci - ok
16:28:00.0126 4216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:28:00.0130 4216 adpu320 - ok
16:28:00.0228 4216 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:28:00.0247 4216 AFD - ok
16:28:00.0297 4216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:28:00.0300 4216 agp440 - ok
16:28:00.0344 4216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:28:00.0346 4216 aliide - ok
16:28:00.0363 4216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:28:00.0366 4216 amdide - ok
16:28:00.0390 4216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:28:00.0392 4216 AmdK8 - ok
16:28:00.0425 4216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:28:00.0426 4216 AmdPPM - ok
16:28:00.0448 4216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:28:00.0450 4216 amdsata - ok
16:28:00.0476 4216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:00.0481 4216 amdsbs - ok
16:28:00.0504 4216 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:28:00.0506 4216 amdxata - ok
16:28:00.0579 4216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:28:00.0621 4216 AppID - ok
16:28:00.0693 4216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:28:00.0696 4216 arc - ok
16:28:00.0714 4216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:28:00.0717 4216 arcsas - ok
16:28:00.0750 4216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:00.0752 4216 AsyncMac - ok
16:28:00.0798 4216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:28:00.0799 4216 atapi - ok
16:28:00.0907 4216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:00.0915 4216 b06bdrv - ok
16:28:00.0961 4216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:00.0966 4216 b57nd60a - ok
16:28:00.0988 4216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:28:00.0990 4216 Beep - ok
16:28:01.0019 4216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:01.0022 4216 blbdrive - ok
16:28:01.0062 4216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:28:01.0065 4216 bowser - ok
16:28:01.0081 4216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:01.0083 4216 BrFiltLo - ok
16:28:01.0100 4216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:01.0103 4216 BrFiltUp - ok
16:28:01.0124 4216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:28:01.0129 4216 Brserid - ok
16:28:01.0158 4216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:01.0160 4216 BrSerWdm - ok
16:28:01.0180 4216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:01.0182 4216 BrUsbMdm - ok
16:28:01.0198 4216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:01.0201 4216 BrUsbSer - ok
16:28:01.0269 4216 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:28:01.0271 4216 BthEnum - ok
16:28:01.0296 4216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:01.0298 4216 BTHMODEM - ok
16:28:01.0338 4216 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:28:01.0340 4216 BthPan - ok
16:28:01.0400 4216 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:28:01.0407 4216 BTHPORT - ok
16:28:01.0443 4216 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:28:01.0446 4216 BTHUSB - ok
16:28:01.0462 4216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:28:01.0464 4216 cdfs - ok
16:28:01.0522 4216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:28:01.0551 4216 cdrom - ok
16:28:01.0589 4216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:28:01.0591 4216 circlass - ok
16:28:01.0635 4216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:28:01.0641 4216 CLFS - ok
16:28:01.0716 4216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:01.0718 4216 CmBatt - ok
16:28:01.0772 4216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:28:01.0774 4216 cmdide - ok
16:28:01.0830 4216 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:28:01.0837 4216 CNG - ok
16:28:01.0858 4216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:28:01.0860 4216 Compbatt - ok
16:28:01.0912 4216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:28:01.0915 4216 CompositeBus - ok
16:28:01.0953 4216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:01.0978 4216 crcdisk - ok
16:28:02.0025 4216 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:28:02.0032 4216 CSC - ok
16:28:02.0076 4216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:28:02.0101 4216 DfsC - ok
16:28:02.0131 4216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:28:02.0133 4216 discache - ok
16:28:02.0167 4216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:28:02.0170 4216 Disk - ok
16:28:02.0236 4216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:28:02.0238 4216 drmkaud - ok
16:28:02.0301 4216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:28:02.0319 4216 DXGKrnl - ok
16:28:02.0347 4216 EagleX64 - ok
16:28:02.0430 4216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:28:02.0481 4216 ebdrv - ok
16:28:02.0538 4216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:28:02.0546 4216 elxstor - ok
16:28:02.0586 4216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:28:02.0588 4216 ErrDev - ok
16:28:02.0634 4216 EuMusDesignVirtualAudioCableWdm (3184759434d6ba5031ac221df6765b86) C:\Windows\system32\DRIVERS\vrtaucbl.sys
16:28:02.0688 4216 EuMusDesignVirtualAudioCableWdm - ok
16:28:02.0729 4216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:28:02.0734 4216 exfat - ok
16:28:02.0753 4216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:28:02.0758 4216 fastfat - ok
16:28:02.0778 4216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:28:02.0780 4216 fdc - ok
16:28:02.0833 4216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:28:02.0867 4216 FileInfo - ok
16:28:02.0888 4216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:28:02.0890 4216 Filetrace - ok
16:28:02.0911 4216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:02.0915 4216 flpydisk - ok
16:28:02.0970 4216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:28:02.0976 4216 FltMgr - ok
16:28:03.0035 4216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:28:03.0037 4216 FsDepends - ok
16:28:03.0087 4216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:28:03.0089 4216 Fs_Rec - ok
16:28:03.0146 4216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:28:03.0151 4216 fvevol - ok
16:28:03.0207 4216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:03.0215 4216 gagp30kx - ok
16:28:03.0280 4216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:28:03.0282 4216 GEARAspiWDM - ok
16:28:03.0333 4216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:28:03.0336 4216 hcw85cir - ok
16:28:03.0392 4216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:28:03.0397 4216 HdAudAddService - ok
16:28:03.0434 4216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:28:03.0436 4216 HDAudBus - ok
16:28:03.0485 4216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:03.0487 4216 HidBatt - ok
16:28:03.0530 4216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:28:03.0533 4216 HidBth - ok
16:28:03.0580 4216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:28:03.0582 4216 HidIr - ok
16:28:03.0640 4216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:28:03.0648 4216 HidUsb - ok
16:28:03.0706 4216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:28:03.0708 4216 HpSAMD - ok
16:28:03.0768 4216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:28:03.0786 4216 HTTP - ok
16:28:03.0836 4216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:28:03.0838 4216 hwpolicy - ok
16:28:03.0884 4216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:28:03.0886 4216 i8042prt - ok
16:28:03.0923 4216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:28:03.0929 4216 iaStorV - ok
16:28:03.0994 4216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:28:03.0996 4216 iirsp - ok
16:28:04.0038 4216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:28:04.0040 4216 intelide - ok
16:28:04.0097 4216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:28:04.0100 4216 intelppm - ok
16:28:04.0143 4216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:04.0145 4216 IpFilterDriver - ok
16:28:04.0187 4216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:28:04.0190 4216 IPMIDRV - ok
16:28:04.0236 4216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:28:04.0238 4216 IPNAT - ok
16:28:04.0297 4216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:28:04.0299 4216 IRENUM - ok
16:28:04.0316 4216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:28:04.0320 4216 isapnp - ok
16:28:04.0339 4216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:28:04.0343 4216 iScsiPrt - ok
16:28:04.0382 4216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:28:04.0407 4216 kbdclass - ok
16:28:04.0440 4216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:28:04.0442 4216 kbdhid - ok
16:28:04.0491 4216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:28:04.0494 4216 KSecDD - ok
16:28:04.0540 4216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:28:04.0543 4216 KSecPkg - ok
16:28:04.0557 4216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:28:04.0559 4216 ksthunk - ok
16:28:04.0599 4216 LADF_CaptureOnly (ce4347e2d90db2e5517b6f2bc720a862) C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
16:28:04.0605 4216 LADF_CaptureOnly - ok
16:28:04.0621 4216 LADF_RenderOnly (85a9d21d3ae2ea963e111cb150895877) C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
16:28:04.0627 4216 LADF_RenderOnly - ok
16:28:04.0670 4216 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
16:28:04.0672 4216 LGBusEnum - ok
16:28:04.0714 4216 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
16:28:04.0717 4216 LGVirHid - ok
16:28:04.0756 4216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:28:04.0759 4216 lltdio - ok
16:28:04.0804 4216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:04.0807 4216 LSI_FC - ok
16:28:04.0841 4216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:04.0845 4216 LSI_SAS - ok
16:28:04.0871 4216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:04.0874 4216 LSI_SAS2 - ok
16:28:04.0948 4216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:04.0954 4216 LSI_SCSI - ok
16:28:05.0009 4216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:28:05.0012 4216 luafv - ok
16:28:05.0098 4216 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:28:05.0106 4216 MBAMProtector - ok
16:28:05.0165 4216 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:28:05.0254 4216 mcdbus - ok
16:28:05.0285 4216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:28:05.0287 4216 megasas - ok
16:28:05.0309 4216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:05.0314 4216 MegaSR - ok
16:28:05.0348 4216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:28:05.0351 4216 Modem - ok
16:28:05.0376 4216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:28:05.0377 4216 monitor - ok
16:28:05.0427 4216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:28:05.0429 4216 mouclass - ok
16:28:05.0483 4216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:28:05.0505 4216 mouhid - ok
16:28:05.0565 4216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:28:05.0568 4216 mountmgr - ok
16:28:05.0634 4216 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:28:05.0659 4216 MpFilter - ok
16:28:05.0714 4216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:28:05.0718 4216 mpio - ok
16:28:05.0735 4216 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:28:05.0737 4216 MpNWMon - ok
16:28:05.0792 4216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:28:05.0794 4216 mpsdrv - ok
16:28:05.0846 4216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:28:05.0850 4216 MRxDAV - ok
16:28:05.0888 4216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:05.0891 4216 mrxsmb - ok
16:28:05.0910 4216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:05.0915 4216 mrxsmb10 - ok
16:28:05.0963 4216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:05.0966 4216 mrxsmb20 - ok
16:28:06.0027 4216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:28:06.0029 4216 msahci - ok
16:28:06.0069 4216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:28:06.0073 4216 msdsm - ok
16:28:06.0129 4216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:28:06.0132 4216 Msfs - ok
16:28:06.0148 4216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:28:06.0150 4216 mshidkmdf - ok
16:28:06.0192 4216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:28:06.0194 4216 msisadrv - ok
16:28:06.0254 4216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:28:06.0256 4216 MSKSSRV - ok
16:28:06.0285 4216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:06.0287 4216 MSPCLOCK - ok
16:28:06.0314 4216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:28:06.0316 4216 MSPQM - ok
16:28:06.0371 4216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:28:06.0377 4216 MsRPC - ok
16:28:06.0394 4216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:28:06.0394 4216 mssmbios - ok
16:28:06.0452 4216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:28:06.0454 4216 MSTEE - ok
16:28:06.0472 4216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:06.0474 4216 MTConfig - ok
16:28:06.0514 4216 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
16:28:06.0516 4216 MTsensor - ok
16:28:06.0541 4216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:28:06.0543 4216 Mup - ok
16:28:06.0618 4216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:28:06.0623 4216 NativeWifiP - ok
16:28:06.0710 4216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:28:06.0728 4216 NDIS - ok
16:28:06.0784 4216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:06.0787 4216 NdisCap - ok
16:28:06.0809 4216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:06.0811 4216 NdisTapi - ok
16:28:06.0879 4216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:06.0885 4216 Ndisuio - ok
16:28:06.0956 4216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:06.0964 4216 NdisWan - ok
16:28:07.0035 4216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:28:07.0039 4216 NDProxy - ok
16:28:07.0072 4216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:28:07.0074 4216 NetBIOS - ok
16:28:07.0124 4216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:28:07.0128 4216 NetBT - ok
16:28:07.0210 4216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:07.0213 4216 nfrd960 - ok
16:28:07.0262 4216 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:28:07.0265 4216 NisDrv - ok
16:28:07.0280 4216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:28:07.0282 4216 Npfs - ok
16:28:07.0299 4216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:28:07.0301 4216 nsiproxy - ok
16:28:07.0378 4216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:28:07.0412 4216 Ntfs - ok
16:28:07.0430 4216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:28:07.0433 4216 Null - ok
16:28:07.0474 4216 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:28:07.0478 4216 NVHDA - ok
16:28:07.0696 4216 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:28:07.0882 4216 nvlddmkm - ok
16:28:07.0952 4216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:28:07.0956 4216 nvraid - ok
16:28:07.0975 4216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:28:07.0979 4216 nvstor - ok
16:28:08.0035 4216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:28:08.0050 4216 nv_agp - ok
16:28:08.0095 4216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:28:08.0099 4216 ohci1394 - ok
16:28:08.0163 4216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:28:08.0189 4216 Parport - ok
16:28:08.0239 4216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:28:08.0241 4216 partmgr - ok
16:28:08.0288 4216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:28:08.0292 4216 pci - ok
16:28:08.0330 4216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:28:08.0332 4216 pciide - ok
16:28:08.0357 4216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:08.0362 4216 pcmcia - ok
16:28:08.0383 4216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:28:08.0386 4216 pcw - ok
16:28:08.0406 4216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:28:08.0415 4216 PEAUTH - ok
16:28:08.0526 4216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:28:08.0529 4216 PptpMiniport - ok
16:28:08.0550 4216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:28:08.0552 4216 Processor - ok
16:28:08.0576 4216 PROCEXP151 - ok
16:28:08.0657 4216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:28:08.0660 4216 Psched - ok
16:28:08.0703 4216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:28:08.0729 4216 ql2300 - ok
16:28:08.0756 4216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:08.0759 4216 ql40xx - ok
16:28:08.0776 4216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:28:08.0778 4216 QWAVEdrv - ok
16:28:08.0794 4216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:28:08.0796 4216 RasAcd - ok
16:28:08.0893 4216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:08.0895 4216 RasAgileVpn - ok
16:28:08.0953 4216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:08.0956 4216 Rasl2tp - ok
16:28:08.0977 4216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:08.0980 4216 RasPppoe - ok
16:28:09.0037 4216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:28:09.0040 4216 RasSstp - ok
16:28:09.0098 4216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:28:09.0102 4216 rdbss - ok
16:28:09.0117 4216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:09.0119 4216 rdpbus - ok
16:28:09.0135 4216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:09.0138 4216 RDPCDD - ok
16:28:09.0188 4216 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:28:09.0192 4216 RDPDR - ok
16:28:09.0202 4216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:28:09.0203 4216 RDPENCDD - ok
16:28:09.0229 4216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:28:09.0231 4216 RDPREFMP - ok
16:28:09.0303 4216 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:28:09.0324 4216 RdpVideoMiniport - ok
16:28:09.0368 4216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:28:09.0372 4216 RDPWD - ok
16:28:09.0455 4216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:28:09.0459 4216 rdyboost - ok
16:28:09.0531 4216 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
16:28:09.0545 4216 Revoflt - ok
16:28:09.0624 4216 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:28:09.0627 4216 RFCOMM - ok
16:28:09.0692 4216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:28:09.0694 4216 rspndr - ok
16:28:09.0749 4216 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:28:09.0767 4216 RTL8167 - ok
16:28:09.0804 4216 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:28:09.0806 4216 s3cap - ok
16:28:09.0848 4216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:28:09.0850 4216 sbp2port - ok
16:28:09.0894 4216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:28:09.0897 4216 scfilter - ok
16:28:09.0916 4216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:28:09.0918 4216 secdrv - ok
16:28:09.0939 4216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:28:09.0941 4216 Serenum - ok
16:28:09.0956 4216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:28:09.0958 4216 Serial - ok
16:28:09.0989 4216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:28:09.0991 4216 sermouse - ok
16:28:10.0015 4216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:28:10.0018 4216 sffdisk - ok
16:28:10.0036 4216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:28:10.0039 4216 sffp_mmc - ok
16:28:10.0053 4216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:28:10.0055 4216 sffp_sd - ok
16:28:10.0072 4216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:10.0075 4216 sfloppy - ok
16:28:10.0101 4216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:10.0103 4216 SiSRaid2 - ok
16:28:10.0120 4216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:10.0124 4216 SiSRaid4 - ok
16:28:10.0145 4216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:28:10.0148 4216 Smb - ok
16:28:10.0202 4216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:28:10.0204 4216 spldr - ok
16:28:10.0263 4216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:28:10.0269 4216 srv - ok
16:28:10.0337 4216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:28:10.0344 4216 srv2 - ok
16:28:10.0397 4216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:28:10.0402 4216 srvnet - ok
16:28:10.0473 4216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:28:10.0475 4216 stexstor - ok
16:28:10.0521 4216 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:28:10.0524 4216 storflt - ok
16:28:10.0567 4216 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:28:10.0570 4216 storvsc - ok
16:28:10.0615 4216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:28:10.0617 4216 swenum - ok
16:28:10.0648 4216 Synth3dVsc - ok
16:28:10.0745 4216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:28:10.0796 4216 Tcpip - ok
16:28:10.0845 4216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:28:10.0854 4216 TCPIP6 - ok
16:28:10.0930 4216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:28:10.0938 4216 tcpipreg - ok
16:28:10.0982 4216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:28:10.0985 4216 TDPIPE - ok
16:28:11.0006 4216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:28:11.0008 4216 TDTCP - ok
16:28:11.0051 4216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:28:11.0053 4216 tdx - ok
16:28:11.0086 4216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:28:11.0088 4216 TermDD - ok
16:28:11.0168 4216 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
16:28:11.0171 4216 tmactmon - ok
16:28:11.0218 4216 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
16:28:11.0222 4216 tmcomm - ok
16:28:11.0267 4216 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
16:28:11.0268 4216 tmeevw - ok
16:28:11.0324 4216 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
16:28:11.0327 4216 tmevtmgr - ok
16:28:11.0369 4216 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
16:28:11.0372 4216 tmnciesc - ok
16:28:11.0433 4216 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
16:28:11.0435 4216 tmtdi - ok
16:28:11.0491 4216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:11.0493 4216 tssecsrv - ok
16:28:11.0544 4216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:28:11.0547 4216 TsUsbFlt - ok
16:28:11.0579 4216 tsusbhub - ok
16:28:11.0641 4216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:28:11.0643 4216 tunnel - ok
16:28:11.0672 4216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:28:11.0675 4216 uagp35 - ok
16:28:11.0731 4216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:28:11.0736 4216 udfs - ok
16:28:11.0769 4216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:28:11.0771 4216 uliagpkx - ok
16:28:11.0836 4216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:28:11.0856 4216 umbus - ok
16:28:11.0888 4216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:28:11.0890 4216 UmPass - ok
16:28:11.0907 4216 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:28:11.0910 4216 USBAAPL64 - ok
16:28:11.0972 4216 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:28:11.0993 4216 usbaudio - ok
16:28:12.0034 4216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:12.0044 4216 usbccgp - ok
16:28:12.0095 4216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:28:12.0099 4216 usbcir - ok
16:28:12.0149 4216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:28:12.0151 4216 usbehci - ok
16:28:12.0175 4216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:28:12.0180 4216 usbhub - ok
16:28:12.0200 4216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:28:12.0202 4216 usbohci - ok
16:28:12.0249 4216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:28:12.0251 4216 usbprint - ok
16:28:12.0268 4216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:12.0270 4216 USBSTOR - ok
16:28:12.0287 4216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:28:12.0290 4216 usbuhci - ok
16:28:12.0362 4216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:28:12.0374 4216 usbvideo - ok
16:28:12.0435 4216 VaneFltr (81a9f455bf2c9180348949f7c8d93e66) C:\Windows\system32\drivers\Lachesis.sys
16:28:12.0437 4216 VaneFltr - ok
16:28:12.0489 4216 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:28:12.0537 4216 VBoxDrv - ok
16:28:12.0589 4216 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
16:28:12.0625 4216 VBoxNetAdp - ok
16:28:12.0677 4216 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
16:28:12.0711 4216 VBoxNetFlt - ok
16:28:12.0761 4216 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:28:12.0796 4216 VBoxUSBMon - ok
16:28:12.0886 4216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:28:12.0888 4216 vdrvroot - ok
16:28:12.0940 4216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:12.0942 4216 vga - ok
16:28:12.0994 4216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:28:12.0997 4216 VgaSave - ok
16:28:13.0017 4216 VGPU - ok
16:28:13.0083 4216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:28:13.0089 4216 vhdmp - ok
16:28:13.0137 4216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:28:13.0155 4216 viaide - ok
16:28:13.0182 4216 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:28:13.0186 4216 vmbus - ok
16:28:13.0203 4216 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:28:13.0205 4216 VMBusHID - ok
16:28:13.0223 4216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:28:13.0226 4216 volmgr - ok
16:28:13.0272 4216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:28:13.0277 4216 volmgrx - ok
16:28:13.0298 4216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:28:13.0303 4216 volsnap - ok
16:28:13.0368 4216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:28:13.0372 4216 vsmraid - ok
16:28:13.0392 4216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:28:13.0394 4216 vwifibus - ok
16:28:13.0417 4216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:28:13.0419 4216 WacomPen - ok
16:28:13.0446 4216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:13.0449 4216 WANARP - ok
16:28:13.0452 4216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:13.0453 4216 Wanarpv6 - ok
16:28:13.0475 4216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:28:13.0477 4216 Wd - ok
16:28:13.0500 4216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:28:13.0509 4216 Wdf01000 - ok
16:28:13.0538 4216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:13.0540 4216 WfpLwf - ok
16:28:13.0559 4216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:28:13.0562 4216 WIMMount - ok
16:28:13.0603 4216 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:28:13.0605 4216 WinUsb - ok
16:28:13.0670 4216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:28:13.0671 4216 WmiAcpi - ok
16:28:13.0693 4216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:28:13.0695 4216 ws2ifsl - ok
16:28:13.0759 4216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:28:13.0762 4216 WudfPf - ok
16:28:13.0779 4216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:13.0783 4216 WUDFRd - ok
16:28:13.0805 4216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:28:13.0822 4216 \Device\Harddisk0\DR0 - ok
16:28:13.0837 4216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:28:13.0863 4216 \Device\Harddisk1\DR1 - ok
16:28:13.0865 4216 Boot (0x1200) (287a626194a1d9720c445c4be2eaf297) \Device\Harddisk0\DR0\Partition0
16:28:13.0866 4216 \Device\Harddisk0\DR0\Partition0 - ok
16:28:13.0869 4216 Boot (0x1200) (8b761df6109123c485c3e1d94037d876) \Device\Harddisk1\DR1\Partition0
16:28:13.0871 4216 \Device\Harddisk1\DR1\Partition0 - ok
16:28:13.0885 4216 Boot (0x1200) (a6fd4f6cdd9698cc26ac0d2874a1c756) \Device\Harddisk1\DR1\Partition1
16:28:13.0887 4216 \Device\Harddisk1\DR1\Partition1 - ok
16:28:13.0888 4216 ============================================================
16:28:13.0888 4216 Scan finished
16:28:13.0888 4216 ============================================================
16:28:13.0897 3908 Detected object count: 0
16:28:13.0897 3908 Actual detected object count: 0
16:28:39.0414 7188 Deinitialize success

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 29 February 2012 - 02:02 PM

The logs are clean. You are good to run this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#9 brafas

brafas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 29 February 2012 - 03:53 PM

ComboFix 12-02-29.01 - Braden 02/29/2012 14:46:22.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1891 [GMT -5:00]
Running from: c:\users\Braden\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Braden\Documents\15b731264ebd97a13dab88f5e4590257.dua
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 19:55 . 2012-02-29 19:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-29 19:55 . 2012-02-29 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 21:27 . 2012-02-28 21:27 116016 ----a-w- c:\windows\system32\drivers\64230973.sys
2012-02-28 14:58 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B818D0D-8B11-4219-9F7D-5F5AD458A985}\mpengine.dll
2012-02-27 01:16 . 2012-02-29 04:10 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-02-27 01:15 . 2012-02-29 04:10 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-02-26 19:30 . 2012-02-26 19:30 -------- d-----w- c:\users\Braden\Calibre Library
2012-02-26 17:12 . 2012-02-26 17:12 -------- d-----w- c:\users\Braden\AppData\Roaming\LibreOffice
2012-02-26 16:37 . 2012-02-26 16:37 -------- d-----w- c:\users\Braden\AppData\Roaming\Malwarebytes
2012-02-26 16:37 . 2012-02-26 16:37 -------- d-----w- c:\programdata\Malwarebytes
2012-02-26 16:37 . 2012-02-26 16:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-26 16:37 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 04:21 . 2012-02-29 16:40 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2012-02-26 04:20 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-02-26 04:20 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-02-26 04:20 . 2012-02-26 04:20 -------- d-----w- c:\program files (x86)\MagicDisc
2012-02-26 04:14 . 2012-02-26 04:15 -------- d-----w- c:\program files (x86)\MagicISO
2012-02-26 04:14 . 2012-02-26 04:17 -------- d-----w- c:\program files (x86)\LibreOffice 3.5
2012-02-25 16:42 . 2012-02-29 04:46 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-25 16:42 . 2012-02-25 16:42 -------- d-----w- c:\users\Braden\AppData\Local\PunkBuster
2012-02-25 16:37 . 2012-02-29 04:46 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-25 16:37 . 2012-02-29 04:16 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-25 16:37 . 2012-02-25 16:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-25 16:12 . 2012-02-25 16:12 -------- d-----w- c:\users\Braden\outerra
2012-02-25 16:09 . 2012-02-25 16:09 -------- d-----w- c:\program files (x86)\Outerra
2012-02-23 20:19 . 2012-02-23 20:19 -------- d-----w- c:\users\Braden\AppData\Local\FeedDemon
2012-02-23 20:18 . 2012-02-23 20:19 -------- d-----w- c:\program files (x86)\FeedDemon
2012-02-23 02:24 . 2000-05-22 21:58 1066176 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-23 02:24 . 2000-05-22 21:58 1066176 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-22 20:35 . 2012-02-22 20:35 -------- d-----w- c:\windows\system32\appmgmt
2012-02-22 20:22 . 2012-02-22 20:22 -------- d-----w- c:\program files (x86)\ASUS E-Green
2012-02-22 00:04 . 2012-02-22 00:04 -------- d-----w- c:\programdata\Nexon
2012-02-21 23:02 . 2012-02-21 23:02 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-21 01:45 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 01:45 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-21 01:45 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-21 01:45 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-21 01:45 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-21 01:45 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-21 01:44 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-21 01:44 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-21 01:44 . 2011-12-16 07:52 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-02-21 01:44 . 2011-12-16 08:44 1013248 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-21 01:44 . 2011-12-16 07:54 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-21 01:44 . 2011-12-16 08:47 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-20 02:21 . 2009-08-12 02:22 580096 ----a-w- c:\windows\system32\ac3filter64.acm
2012-02-20 02:21 . 2009-08-12 02:18 497664 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:\program files (x86)\AC3Filter
2012-02-19 21:13 . 2012-02-19 21:15 -------- d-----w- C:\RPi
2012-02-19 21:11 . 2012-02-29 02:13 -------- d-----w- c:\users\Braden\VirtualBox VMs
2012-02-19 21:00 . 2012-02-29 02:17 -------- d-----w- c:\users\Braden\.VirtualBox
2012-02-19 20:55 . 2011-12-19 18:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-02-19 20:54 . 2011-12-19 18:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-02-19 20:54 . 2012-02-19 20:54 -------- d-----w- c:\program files\Oracle
2012-02-19 00:43 . 2012-02-19 00:43 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-02-18 23:23 . 2012-02-19 03:53 -------- d-----w- c:\users\Braden\AppData\Local\PMB Files
2012-02-18 23:23 . 2012-02-18 23:23 -------- d-----w- c:\programdata\PMB Files
2012-02-18 23:23 . 2012-02-18 23:23 -------- d-----w- c:\program files (x86)\Pando Networks
2012-02-16 21:42 . 2012-02-16 21:42 -------- d-----w- c:\program files\Speccy
2012-02-15 03:57 . 2012-02-15 03:57 -------- d-----w- c:\users\Braden\AppData\Roaming\DarknessII
2012-02-12 04:11 . 2012-02-12 04:11 -------- d-----w- c:\users\Braden\AppData\Local\CrashRpt
2012-02-12 04:11 . 2012-02-13 02:58 -------- d-----w- c:\users\Braden\AppData\Local\Procaster
2012-02-12 04:11 . 2012-02-12 04:11 -------- d-----w- c:\program files (x86)\Livestream Procaster
2012-02-11 03:37 . 2012-02-09 00:56 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-11 03:36 . 2012-02-11 03:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83DD98C4-AB87-44A7-9734-E76392B7A200}\gapaengine.dll
2012-02-11 03:22 . 2012-02-11 03:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-02-11 03:16 . 2012-02-11 03:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-11 03:14 . 2012-02-11 03:19 -------- d-----w- c:\users\Braden\AppData\Local\Adobe
2012-02-10 02:12 . 2012-02-10 02:12 -------- d-----w- c:\windows\system32\SPReview
2012-02-10 02:11 . 2012-02-10 02:11 -------- d-----w- c:\windows\system32\EventProviders
2012-02-10 02:09 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 02:09 . 2012-02-10 02:09 -------- d-----w- c:\program files (x86)\WinSCP
2012-02-10 02:00 . 2010-11-20 13:27 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-02-10 01:59 . 2010-11-20 13:25 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-02-10 01:58 . 2010-11-20 13:27 118784 ----a-w- c:\windows\system32\wkssvc.dll
2012-02-10 01:57 . 2010-11-20 13:27 215040 ----a-w- c:\windows\system32\wpdwcn.dll
2012-02-10 01:56 . 2010-11-20 13:02 7168 ----a-w- c:\windows\system32\KBDUS.DLL
2012-02-10 01:55 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-02-10 01:55 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-02-10 01:55 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-02-10 01:45 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-02-10 01:45 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-02-10 01:43 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-02-09 04:22 . 2012-02-09 04:22 -------- d-----w- c:\users\Braden2
2012-02-09 02:42 . 2012-02-09 03:51 -------- d-----w- c:\users\Braden\AppData\Roaming\HLSW
2012-02-09 02:42 . 2012-02-09 02:42 -------- d-s---w- c:\program files (x86)\HLSW
2012-02-09 00:53 . 2012-02-09 00:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-09 00:52 . 2012-02-09 00:54 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-07 03:25 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-07 03:25 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-02-07 03:25 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-02-07 03:24 . 2012-02-07 03:24 -------- d-----w- c:\program files\iPod
2012-02-07 03:24 . 2012-02-07 03:25 -------- d-----w- c:\program files\iTunes
2012-02-07 03:24 . 2012-02-07 03:25 -------- d-----w- c:\program files (x86)\iTunes
2012-02-07 03:13 . 2012-02-07 03:13 -------- d-----w- c:\users\Braden\AppData\Local\VS Revo Group
2012-02-07 03:13 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-02-07 03:13 . 2012-02-07 03:13 -------- d-----w- c:\program files\VS Revo Group
2012-02-07 03:07 . 2012-02-07 03:07 -------- d-----w- c:\users\Braden\AppData\Roaming\redsn0w
2012-02-07 01:25 . 2012-02-07 01:34 -------- d-----w- c:\users\Braden\AppData\Roaming\DisplayFusion
2012-02-07 01:24 . 2012-02-07 01:24 -------- d-----w- c:\program files (x86)\DisplayFusion
2012-02-06 20:28 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-02-06 20:28 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-06 20:28 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-06 20:28 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-06 20:28 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-06 20:21 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-02-06 20:21 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-02-06 20:21 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2012-02-06 20:20 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-02-06 20:20 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-02-06 20:20 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-02-06 20:20 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-02-06 20:20 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-02-06 20:20 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-02-06 20:20 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-02-06 20:20 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-02-06 20:20 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-02-06 20:20 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-02-06 20:20 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-02-06 20:13 . 2012-02-06 20:13 -------- d-----w- c:\program files\CCleaner
2012-02-06 02:29 . 2012-02-06 02:29 -------- d-----w- c:\program files (x86)\NirSoft
2012-02-06 02:00 . 2012-02-19 23:52 -------- d-----w- c:\users\Braden\AppData\Roaming\XBMC
2012-02-06 01:44 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-02-06 01:44 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-02-05 18:04 . 2012-02-26 17:29 -------- d-----w- C:\Skyrim Mods
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 17:08 . 2012-01-23 23:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 02:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-10 02:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-31 12:44 . 2012-01-23 08:13 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-29 15:58 . 2012-01-29 16:02 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-01-24 03:06 . 2012-01-24 03:06 77352 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2012-01-24 01:57 . 2012-01-24 01:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-24 01:50 . 2012-01-24 01:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-23 19:56 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-17 12:39 . 2012-01-24 14:06 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B61F113-5C56-4756-A40D-5CB87BBCB181}\mpengine.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-19 18:45 . 2011-12-19 18:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 18:43 . 2011-12-19 18:43 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 18:43 . 2011-12-19 18:43 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Braden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Braden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Braden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Braden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Braden\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - tmactmon
*Deregistered* - tmcomm
*Deregistered* - tmeevw
*Deregistered* - tmevtmgr
*Deregistered* - tmnciesc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2669122662-166629237-1990781580-1001Core.job
- c:\users\Braden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 12:31]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2669122662-166629237-1990781580-1001UA.job
- c:\users\Braden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 12:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Braden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Braden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Braden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Braden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"000_TmTdiUninstall"="c:\windows\TmNSCIns.dll" [2012-01-29 232464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{1B2CD61C-8079-4634-905A-34C2D0E906AC}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-29 14:58:41
ComboFix-quarantined-files.txt 2012-02-29 19:58
.
Pre-Run: 39,315,292,160 bytes free
Post-Run: 41,591,861,248 bytes free
.
- - End Of File - - C916880A44F3C0ECBA3F9A7D950BDB93

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 01 March 2012 - 09:17 AM

The log is clean.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 07 March 2012 - 11:25 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 AM

Posted 13 March 2012 - 08:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users