Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sound virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 Zashin

Zashin

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 25 February 2012 - 11:50 AM

Hello, once again the amazing zashin gets a virus he cant handle. This time the virus is playing tv shows such as jackie chan adventures and alot of random music and commercials. As much as i like jackie chan i cant stand not seeing it and knowing a virus is hiding and microsoft,spybot,malwarebytes cant find it scares me. Please help me find this wierd music/tv virus and destroy it if its even possible.



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bigman at 11:48:21 on 2012-02-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8189.5092 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\TEMP\mrt513A.tmp\stdrt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
c:\users\bigman\documents\visual studio 2010\Projects\WindowsApplication3\WindowsApplication3\bin\Debug\WindowsApplication3.vshost.exe
c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\TraceDebugger Tools\IntelliTrace.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CA098012-8FD7-4EED-858B-B6CFE544D00A} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-7 652360]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-24 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]
R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-1-3 689492]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-25 08:40:49 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD42AD9B-70FE-4ABC-BC02-F99C36ABD199}\offreg.dll
2012-02-25 08:40:01 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD42AD9B-70FE-4ABC-BC02-F99C36ABD199}\mpengine.dll
2012-02-24 06:04:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-24 06:04:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-23 15:52:56 -------- d-----w- C:\Riot Games
2012-02-20 21:42:44 -------- d-----w- C:\Users\Bigman\AppData\Local\SCE
2012-02-16 06:06:18 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 06:06:18 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 06:06:14 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 06:06:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 06:06:13 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 06:06:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 06:06:10 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 06:06:10 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 00:21:33 -------- d-----w- C:\Users\Bigman\AppData\Roaming\Microsoft Corporation
2012-02-10 21:58:52 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 21:58:41 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFA43618-FB0C-453E-BF42-1A960AC2B941}\gapaengine.dll
2012-02-07 08:19:12 -------- d-----w- C:\Users\Bigman\AppData\Roaming\Malwarebytes
2012-02-07 08:19:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-07 08:19:06 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-07 08:19:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-05 23:52:04 -------- d-----w- C:\Users\Bigman\AppData\Roaming\Trillian
2012-02-05 19:07:35 -------- d-----w- C:\Users\Bigman\AppData\Roaming\StepMania 5
2012-02-05 19:07:13 -------- d-----w- C:\Springtime
2012-02-05 19:07:10 -------- d-----w- C:\Program Files (x86)\StepMania
2012-02-05 19:00:05 -------- d-----w- C:\ProgramData\Microsoft Visual Studio
2012-02-04 02:31:16 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31:16 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31:07 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:31:07 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:30:36 -------- d-----w- C:\Windows\System32\RsFx
2012-02-04 02:26:56 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-02-04 02:26:41 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-02-04 02:26:05 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-02-04 02:26:05 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-02-04 02:25:54 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-02-04 02:25:21 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-02-04 02:23:12 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-02-04 02:23:08 -------- d-----w- C:\Program Files\IIS
2012-02-04 02:23:07 -------- d-----w- C:\Program Files (x86)\IIS
2012-02-04 02:22:33 2478272 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-04 02:18:35 -------- d-----w- C:\Windows\SysWow64\1033
2012-02-04 02:18:14 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-02-04 02:18:14 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2012-02-04 02:18:14 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-02-04 02:18:14 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-02-04 02:16:44 -------- d-----w- C:\Windows\System32\1033
2012-02-04 02:16:44 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-02-04 02:16:44 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-02-02 21:05:39 -------- d-----w- C:\Windows\System32\appmgmt
2012-02-02 21:01:08 -------- d-----w- C:\Users\Bigman\AppData\Roaming\e-academy Inc
2012-02-02 21:01:08 -------- d-----w- C:\Users\Bigman\AppData\Local\e-academy Inc
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-10 02:06:59 384 ----a-w- C:\Windows\SysWow64\checkOS.bat
2012-01-03 17:39:41 689492 ----a-w- C:\Windows\SysWow64\adbcnsl.exe
2011-12-31 22:11:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-31 20:20:03 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-31 20:20:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-31 18:42:07 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 11:49:09.97 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:41 PM

Posted 26 February 2012 - 02:13 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 26 February 2012 - 11:08 AM

ComboFix 12-02-25.02 - Bigman 02/26/2012 10:50:43.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8189.5947 [GMT -5:00]
Running from: c:\users\Bigman\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 15:55 . 2012-02-26 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 06:52 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{017A132A-834C-4B36-9388-A1518B2C1FE1}\mpengine.dll
2012-02-24 06:04 . 2012-02-24 06:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-24 06:04 . 2012-02-24 06:06 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 15:52 . 2012-02-23 15:52 -------- d-----w- C:\Riot Games
2012-02-20 21:42 . 2012-02-20 21:42 -------- d-----w- c:\users\Bigman\AppData\Local\SCE
2012-02-16 06:06 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 06:06 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 06:06 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 06:06 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 06:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 06:06 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 06:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 06:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 00:21 . 2012-02-14 00:21 -------- d-----w- c:\users\Bigman\AppData\Roaming\Microsoft Corporation
2012-02-10 21:58 . 2011-12-31 20:42 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 21:58 . 2012-02-10 21:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFA43618-FB0C-453E-BF42-1A960AC2B941}\gapaengine.dll
2012-02-07 08:19 . 2012-02-07 08:19 -------- d-----w- c:\users\Bigman\AppData\Roaming\Malwarebytes
2012-02-07 08:19 . 2012-02-07 08:19 -------- d-----w- c:\programdata\Malwarebytes
2012-02-07 08:19 . 2012-02-07 08:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-07 08:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 23:52 . 2012-02-05 23:52 -------- d-----w- c:\programdata\RoboForm
2012-02-05 23:52 . 2012-02-05 23:52 -------- d-----w- c:\users\Bigman\AppData\Roaming\Trillian
2012-02-05 23:51 . 2012-02-05 23:52 -------- d-----w- c:\program files (x86)\Trillian
2012-02-05 19:07 . 2012-02-05 19:07 -------- d-----w- c:\users\Bigman\AppData\Roaming\StepMania 5
2012-02-05 19:07 . 2012-02-05 19:07 -------- d-----w- C:\Springtime
2012-02-05 19:07 . 2012-02-05 19:07 -------- d-----w- c:\program files (x86)\StepMania
2012-02-05 19:00 . 2012-02-05 19:00 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-02-04 02:31 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:31 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:30 . 2012-02-04 02:30 -------- d-----w- c:\windows\system32\RsFx
2012-02-04 02:30 . 2012-02-04 02:30 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-02-04 02:29 . 2012-02-04 02:29 -------- d-----w- c:\program files\Microsoft.NET
2012-02-04 02:26 . 2012-02-04 02:30 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-04 02:26 . 2012-02-04 02:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-02-04 02:26 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-02-04 02:26 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-04 02:26 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-04 02:25 . 2012-02-04 02:25 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-04 02:25 . 2012-02-04 02:25 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-02-04 02:23 . 2012-02-04 02:23 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-02-04 02:23 . 2012-02-04 02:23 -------- d-----w- c:\program files\IIS
2012-02-04 02:23 . 2012-02-04 02:23 -------- d-----w- c:\program files (x86)\IIS
2012-02-04 02:22 . 2012-02-05 08:15 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-04 02:18 . 2012-02-04 02:30 -------- d-----w- c:\windows\SysWow64\1033
2012-02-04 02:18 . 2012-02-05 08:09 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-02-04 02:18 . 2012-02-04 02:25 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-02-04 02:18 . 2012-02-04 02:20 -------- d-----w- c:\program files (x86)\Microsoft F#
2012-02-04 02:18 . 2012-02-04 02:19 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-02-04 02:16 . 2012-02-04 02:16 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-02-04 02:16 . 2012-02-04 02:30 -------- d-----w- c:\windows\system32\1033
2012-02-04 02:16 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-02-04 02:16 . 2012-02-04 02:26 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-02-04 02:16 . 2012-02-04 02:16 -------- d-----w- c:\windows\symbols
2012-02-04 02:16 . 2012-02-04 02:16 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-02 21:05 . 2012-02-02 21:05 -------- d-----w- c:\windows\system32\appmgmt
2012-02-02 21:01 . 2012-02-02 21:01 -------- d-----w- c:\users\Bigman\AppData\Roaming\e-academy Inc
2012-02-02 21:01 . 2012-02-02 21:01 -------- d-----w- c:\users\Bigman\AppData\Local\e-academy Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2012-01-01 16:19 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-12-31 19:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 02:06 . 2012-01-10 02:06 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-01-10 01:43 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-03 17:39 . 2012-01-03 17:39 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2011-12-31 22:11 . 2011-12-31 22:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-31 20:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-31 20:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-31 19:18 . 2011-12-31 19:18 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-31 19:18 . 2011-12-31 19:18 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-31 19:18 . 2011-12-31 19:18 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-31 19:18 . 2011-12-31 19:18 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-31 19:18 . 2011-12-31 19:18 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-31 19:18 . 2011-12-31 19:18 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-31 19:18 . 2011-12-31 19:18 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-31 19:18 . 2011-12-31 19:18 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-31 19:18 . 2011-12-31 19:18 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-31 19:18 . 2011-12-31 19:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-31 19:18 . 2011-12-31 19:18 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-31 19:18 . 2011-12-31 19:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-31 19:18 . 2011-12-31 19:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-31 19:18 . 2011-12-31 19:18 448512 ----a-w- c:\windows\system32\html.iec
2011-12-31 19:18 . 2011-12-31 19:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-31 19:18 . 2011-12-31 19:18 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-31 19:18 . 2011-12-31 19:18 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-31 19:18 . 2011-12-31 19:18 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-31 19:18 . 2011-12-31 19:18 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-31 19:18 . 2011-12-31 19:18 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-31 19:18 . 2011-12-31 19:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-31 19:18 . 2011-12-31 19:18 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-31 19:18 . 2011-12-31 19:18 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-31 19:18 . 2011-12-31 19:18 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-31 19:18 . 2011-12-31 19:18 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-31 19:18 . 2011-12-31 19:18 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-31 19:18 . 2011-12-31 19:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-31 19:18 . 2011-12-31 19:18 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-31 19:18 . 2011-12-31 19:18 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-31 19:18 . 2011-12-31 19:18 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-31 19:18 . 2011-12-31 19:18 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-31 19:18 . 2011-12-31 19:18 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-31 19:18 . 2011-12-31 19:18 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-31 19:18 . 2011-12-31 19:18 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-30 07:21 . 2011-12-31 19:01 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B4BA64F-46D8-466F-9584-00E3B65DD44A}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-07 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-12-31 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-01-03 689492]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DDA57003-0068-4ED2-9D32-4D1EC707D94D}"=hex:51,66,7a,6c,4c,1d,38,12,6d,73,b6,
d9,5a,4e,bc,0b,e2,24,0e,5e,c2,59,9d,59
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11,
5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s your father's last wish.]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s your father's last wish.\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*s your father's last wish.]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,42,69,67,6d,61,6e,5c,44,65,73,6b,74,6f,70,
5c,4e,65,77,20,66,6f,6c,64,65,72,5c,61,6e,67,65,6c,5c,4d,6f,6f,6e,6c,69,67,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\02\03\07$4?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\TEMP\mrt4C89.tmp\stdrt.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-02-26 11:02:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 16:02
.
Pre-Run: 510,367,285,248 bytes free
Post-Run: 509,898,616,832 bytes free
.
- - End Of File - - 41588DF501A1E422415A85C8BEF23CAF

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:41 PM

Posted 26 February 2012 - 11:24 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 26 February 2012 - 03:15 PM

I cant open the TDSSKILLER LOG.TXT. A error message saying illegal operation attempted on a registry key that has been marked for deleteion. There is a ok button and when clicked it closes....shall i put it up as a attach?

#6 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 26 February 2012 - 03:17 PM

nvm



15:10:37.0932 5064 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
15:10:38.0262 5064 ============================================================
15:10:38.0262 5064 Current date / time: 2012/02/26 15:10:38.0262
15:10:38.0262 5064 SystemInfo:
15:10:38.0262 5064
15:10:38.0262 5064 OS Version: 6.1.7601 ServicePack: 1.0
15:10:38.0262 5064 Product type: Workstation
15:10:38.0262 5064 ComputerName: BIGMAN-PC
15:10:38.0262 5064 UserName: Bigman
15:10:38.0262 5064 Windows directory: C:\Windows
15:10:38.0262 5064 System windows directory: C:\Windows
15:10:38.0262 5064 Running under WOW64
15:10:38.0262 5064 Processor architecture: Intel x64
15:10:38.0262 5064 Number of processors: 4
15:10:38.0262 5064 Page size: 0x1000
15:10:38.0262 5064 Boot type: Normal boot
15:10:38.0262 5064 ============================================================
15:10:48.0382 5064 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:10:48.0392 5064 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:10:48.0412 5064 \Device\Harddisk1\DR1:
15:10:48.0412 5064 MBR used
15:10:48.0412 5064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:10:48.0412 5064 \Device\Harddisk0\DR0:
15:10:48.0412 5064 MBR used
15:10:48.0412 5064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
15:10:48.0422 5064 Initialize success
15:10:48.0422 5064 ============================================================
15:10:51.0572 4604 ============================================================
15:10:51.0572 4604 Scan started
15:10:51.0572 4604 Mode: Manual;
15:10:51.0572 4604 ============================================================
15:10:52.0572 4604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:10:52.0572 4604 1394ohci - ok
15:10:52.0592 4604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:10:52.0602 4604 ACPI - ok
15:10:52.0612 4604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:10:52.0612 4604 AcpiPmi - ok
15:10:52.0662 4604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:10:52.0662 4604 adp94xx - ok
15:10:52.0682 4604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:10:52.0692 4604 adpahci - ok
15:10:52.0702 4604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:10:52.0712 4604 adpu320 - ok
15:10:52.0762 4604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:10:52.0762 4604 AFD - ok
15:10:52.0782 4604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:10:52.0792 4604 agp440 - ok
15:10:52.0802 4604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:10:52.0802 4604 aliide - ok
15:10:52.0822 4604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:10:52.0822 4604 amdide - ok
15:10:52.0832 4604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:10:52.0832 4604 AmdK8 - ok
15:10:53.0042 4604 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
15:10:53.0242 4604 amdkmdag - ok
15:10:53.0262 4604 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
15:10:53.0262 4604 amdkmdap - ok
15:10:53.0272 4604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:10:53.0272 4604 AmdPPM - ok
15:10:53.0292 4604 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:10:53.0292 4604 amdsata - ok
15:10:53.0302 4604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:10:53.0302 4604 amdsbs - ok
15:10:53.0322 4604 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:10:53.0322 4604 amdxata - ok
15:10:53.0342 4604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:10:53.0342 4604 AppID - ok
15:10:53.0372 4604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:10:53.0372 4604 arc - ok
15:10:53.0392 4604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:10:53.0392 4604 arcsas - ok
15:10:53.0422 4604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:10:53.0422 4604 AsyncMac - ok
15:10:53.0442 4604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:10:53.0442 4604 atapi - ok
15:10:53.0472 4604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:10:53.0482 4604 b06bdrv - ok
15:10:53.0502 4604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:10:53.0502 4604 b57nd60a - ok
15:10:53.0542 4604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:10:53.0542 4604 Beep - ok
15:10:53.0572 4604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:10:53.0572 4604 blbdrive - ok
15:10:53.0592 4604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:10:53.0592 4604 bowser - ok
15:10:53.0602 4604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:10:53.0602 4604 BrFiltLo - ok
15:10:53.0622 4604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:10:53.0622 4604 BrFiltUp - ok
15:10:53.0632 4604 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:10:53.0632 4604 BridgeMP - ok
15:10:53.0642 4604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:10:53.0642 4604 Brserid - ok
15:10:53.0652 4604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:10:53.0652 4604 BrSerWdm - ok
15:10:53.0662 4604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:10:53.0662 4604 BrUsbMdm - ok
15:10:53.0672 4604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:10:53.0672 4604 BrUsbSer - ok
15:10:53.0682 4604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:10:53.0682 4604 BTHMODEM - ok
15:10:53.0692 4604 catchme - ok
15:10:53.0712 4604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:10:53.0712 4604 cdfs - ok
15:10:53.0722 4604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:10:53.0722 4604 cdrom - ok
15:10:53.0742 4604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:10:53.0742 4604 circlass - ok
15:10:53.0772 4604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:10:53.0772 4604 CLFS - ok
15:10:53.0782 4604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:10:53.0782 4604 CmBatt - ok
15:10:53.0792 4604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:10:53.0792 4604 cmdide - ok
15:10:53.0822 4604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:10:53.0822 4604 CNG - ok
15:10:53.0832 4604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:10:53.0832 4604 Compbatt - ok
15:10:53.0842 4604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:10:53.0842 4604 CompositeBus - ok
15:10:53.0852 4604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:10:53.0852 4604 crcdisk - ok
15:10:53.0892 4604 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:10:53.0892 4604 CSC - ok
15:10:53.0922 4604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:10:53.0922 4604 DfsC - ok
15:10:53.0942 4604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:10:53.0942 4604 discache - ok
15:10:53.0952 4604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:10:53.0952 4604 Disk - ok
15:10:53.0982 4604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:10:53.0982 4604 drmkaud - ok
15:10:54.0012 4604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:10:54.0012 4604 DXGKrnl - ok
15:10:54.0092 4604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:10:54.0152 4604 ebdrv - ok
15:10:54.0182 4604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:10:54.0192 4604 elxstor - ok
15:10:54.0212 4604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:10:54.0212 4604 ErrDev - ok
15:10:54.0232 4604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:10:54.0232 4604 exfat - ok
15:10:54.0242 4604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:10:54.0252 4604 fastfat - ok
15:10:54.0272 4604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:10:54.0272 4604 fdc - ok
15:10:54.0292 4604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:10:54.0292 4604 FileInfo - ok
15:10:54.0312 4604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:10:54.0312 4604 Filetrace - ok
15:10:54.0332 4604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:10:54.0332 4604 flpydisk - ok
15:10:54.0352 4604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:10:54.0352 4604 FltMgr - ok
15:10:54.0372 4604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:10:54.0372 4604 FsDepends - ok
15:10:54.0412 4604 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
15:10:54.0412 4604 fssfltr - ok
15:10:54.0432 4604 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:10:54.0432 4604 Fs_Rec - ok
15:10:54.0452 4604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:10:54.0452 4604 fvevol - ok
15:10:54.0472 4604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:10:54.0472 4604 gagp30kx - ok
15:10:54.0482 4604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:10:54.0482 4604 hcw85cir - ok
15:10:54.0532 4604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:10:54.0542 4604 HdAudAddService - ok
15:10:54.0572 4604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:10:54.0582 4604 HDAudBus - ok
15:10:54.0592 4604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:10:54.0592 4604 HidBatt - ok
15:10:54.0602 4604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:10:54.0612 4604 HidBth - ok
15:10:54.0622 4604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:10:54.0622 4604 HidIr - ok
15:10:54.0642 4604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:10:54.0642 4604 HidUsb - ok
15:10:54.0662 4604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:10:54.0662 4604 HpSAMD - ok
15:10:54.0702 4604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:10:54.0712 4604 HTTP - ok
15:10:54.0732 4604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:10:54.0732 4604 hwpolicy - ok
15:10:54.0742 4604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:10:54.0742 4604 i8042prt - ok
15:10:54.0762 4604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:10:54.0772 4604 iaStorV - ok
15:10:54.0782 4604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:10:54.0782 4604 iirsp - ok
15:10:54.0792 4604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:10:54.0792 4604 intelide - ok
15:10:54.0812 4604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:10:54.0812 4604 intelppm - ok
15:10:54.0832 4604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:10:54.0832 4604 IpFilterDriver - ok
15:10:54.0852 4604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:10:54.0852 4604 IPMIDRV - ok
15:10:54.0862 4604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:10:54.0862 4604 IPNAT - ok
15:10:54.0882 4604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:10:54.0882 4604 IRENUM - ok
15:10:54.0892 4604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:10:54.0892 4604 isapnp - ok
15:10:54.0912 4604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:10:54.0922 4604 iScsiPrt - ok
15:10:54.0942 4604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:10:54.0942 4604 kbdclass - ok
15:10:54.0962 4604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:10:54.0962 4604 kbdhid - ok
15:10:54.0972 4604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:10:54.0972 4604 KSecDD - ok
15:10:54.0992 4604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:10:54.0992 4604 KSecPkg - ok
15:10:55.0002 4604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:10:55.0002 4604 ksthunk - ok
15:10:55.0042 4604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:10:55.0042 4604 lltdio - ok
15:10:55.0062 4604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:10:55.0062 4604 LSI_FC - ok
15:10:55.0082 4604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:10:55.0082 4604 LSI_SAS - ok
15:10:55.0102 4604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:10:55.0102 4604 LSI_SAS2 - ok
15:10:55.0122 4604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:10:55.0122 4604 LSI_SCSI - ok
15:10:55.0142 4604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:10:55.0142 4604 luafv - ok
15:10:55.0172 4604 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:10:55.0172 4604 MBAMProtector - ok
15:10:55.0202 4604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:10:55.0202 4604 megasas - ok
15:10:55.0222 4604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:10:55.0222 4604 MegaSR - ok
15:10:55.0242 4604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:10:55.0242 4604 Modem - ok
15:10:55.0262 4604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:10:55.0262 4604 monitor - ok
15:10:55.0282 4604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:10:55.0282 4604 mouclass - ok
15:10:55.0292 4604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:10:55.0292 4604 mouhid - ok
15:10:55.0312 4604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:10:55.0312 4604 mountmgr - ok
15:10:55.0332 4604 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:10:55.0332 4604 MpFilter - ok
15:10:55.0352 4604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:10:55.0362 4604 mpio - ok
15:10:55.0372 4604 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:10:55.0382 4604 MpNWMon - ok
15:10:55.0402 4604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:10:55.0402 4604 mpsdrv - ok
15:10:55.0422 4604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:10:55.0422 4604 MRxDAV - ok
15:10:55.0442 4604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:10:55.0442 4604 mrxsmb - ok
15:10:55.0462 4604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:10:55.0472 4604 mrxsmb10 - ok
15:10:55.0482 4604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:10:55.0482 4604 mrxsmb20 - ok
15:10:55.0492 4604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:10:55.0492 4604 msahci - ok
15:10:55.0512 4604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:10:55.0512 4604 msdsm - ok
15:10:55.0532 4604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:10:55.0532 4604 Msfs - ok
15:10:55.0552 4604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:10:55.0552 4604 mshidkmdf - ok
15:10:55.0572 4604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:10:55.0572 4604 msisadrv - ok
15:10:55.0592 4604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:10:55.0592 4604 MSKSSRV - ok
15:10:55.0612 4604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:10:55.0612 4604 MSPCLOCK - ok
15:10:55.0622 4604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:10:55.0622 4604 MSPQM - ok
15:10:55.0652 4604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:10:55.0652 4604 MsRPC - ok
15:10:55.0682 4604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:10:55.0682 4604 mssmbios - ok
15:10:55.0702 4604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:10:55.0702 4604 MSTEE - ok
15:10:55.0722 4604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:10:55.0722 4604 MTConfig - ok
15:10:55.0742 4604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:10:55.0742 4604 Mup - ok
15:10:55.0772 4604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:10:55.0772 4604 NativeWifiP - ok
15:10:55.0812 4604 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:10:55.0812 4604 NDIS - ok
15:10:55.0832 4604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:10:55.0832 4604 NdisCap - ok
15:10:55.0852 4604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:10:55.0852 4604 NdisTapi - ok
15:10:55.0882 4604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:10:55.0882 4604 Ndisuio - ok
15:10:55.0912 4604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:10:55.0922 4604 NdisWan - ok
15:10:55.0942 4604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:10:55.0952 4604 NDProxy - ok
15:10:55.0962 4604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:10:55.0962 4604 NetBIOS - ok
15:10:55.0992 4604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:10:55.0992 4604 NetBT - ok
15:10:56.0032 4604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:10:56.0032 4604 nfrd960 - ok
15:10:56.0052 4604 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:10:56.0052 4604 NisDrv - ok
15:10:56.0072 4604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:10:56.0072 4604 Npfs - ok
15:10:56.0092 4604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:10:56.0092 4604 nsiproxy - ok
15:10:56.0152 4604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:10:56.0162 4604 Ntfs - ok
15:10:56.0182 4604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:10:56.0182 4604 Null - ok
15:10:56.0212 4604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:10:56.0222 4604 nvraid - ok
15:10:56.0242 4604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:10:56.0242 4604 nvstor - ok
15:10:56.0262 4604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:10:56.0262 4604 nv_agp - ok
15:10:56.0292 4604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:10:56.0292 4604 ohci1394 - ok
15:10:56.0322 4604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:10:56.0332 4604 Parport - ok
15:10:56.0352 4604 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:10:56.0352 4604 partmgr - ok
15:10:56.0372 4604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:10:56.0372 4604 pci - ok
15:10:56.0382 4604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:10:56.0382 4604 pciide - ok
15:10:56.0392 4604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:10:56.0402 4604 pcmcia - ok
15:10:56.0412 4604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:10:56.0412 4604 pcw - ok
15:10:56.0432 4604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:10:56.0442 4604 PEAUTH - ok
15:10:56.0502 4604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:10:56.0502 4604 PptpMiniport - ok
15:10:56.0522 4604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:10:56.0522 4604 Processor - ok
15:10:56.0552 4604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:10:56.0552 4604 Psched - ok
15:10:56.0592 4604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:10:56.0602 4604 ql2300 - ok
15:10:56.0622 4604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:10:56.0622 4604 ql40xx - ok
15:10:56.0642 4604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:10:56.0642 4604 QWAVEdrv - ok
15:10:56.0652 4604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:10:56.0652 4604 RasAcd - ok
15:10:56.0682 4604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:10:56.0682 4604 RasAgileVpn - ok
15:10:56.0702 4604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:10:56.0702 4604 Rasl2tp - ok
15:10:56.0722 4604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:10:56.0722 4604 RasPppoe - ok
15:10:56.0732 4604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:10:56.0732 4604 RasSstp - ok
15:10:56.0752 4604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:10:56.0762 4604 rdbss - ok
15:10:56.0772 4604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:10:56.0772 4604 rdpbus - ok
15:10:56.0782 4604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:10:56.0782 4604 RDPCDD - ok
15:10:56.0812 4604 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:10:56.0822 4604 RDPDR - ok
15:10:56.0832 4604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:10:56.0832 4604 RDPENCDD - ok
15:10:56.0842 4604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:10:56.0842 4604 RDPREFMP - ok
15:10:56.0862 4604 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:10:56.0862 4604 RDPWD - ok
15:10:56.0902 4604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:10:56.0902 4604 rdyboost - ok
15:10:56.0962 4604 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
15:10:56.0972 4604 RsFx0103 - ok
15:10:56.0992 4604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:10:56.0992 4604 rspndr - ok
15:10:57.0032 4604 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:10:57.0032 4604 RTL8167 - ok
15:10:57.0062 4604 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:10:57.0062 4604 s3cap - ok
15:10:57.0092 4604 SaiK0CCB (37fe3f97ac8ecab53df56bf275f8d2d5) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
15:10:57.0102 4604 SaiK0CCB - ok
15:10:57.0142 4604 SaiMini (356dc2b0f2b413c6ad2c191ecf2734be) C:\Windows\system32\DRIVERS\SaiMini.sys
15:10:57.0142 4604 SaiMini - ok
15:10:57.0162 4604 SaiNtBus (e47b4067f2c489fbe4c2ae29ef96054e) C:\Windows\system32\drivers\SaiBus.sys
15:10:57.0162 4604 SaiNtBus - ok
15:10:57.0172 4604 SaiU0CCB (950dca50af39563d96eec57ac614366c) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
15:10:57.0172 4604 SaiU0CCB - ok
15:10:57.0192 4604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:10:57.0202 4604 sbp2port - ok
15:10:57.0222 4604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:10:57.0222 4604 scfilter - ok
15:10:57.0252 4604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:10:57.0252 4604 secdrv - ok
15:10:57.0272 4604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:10:57.0272 4604 Serenum - ok
15:10:57.0292 4604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:10:57.0292 4604 Serial - ok
15:10:57.0312 4604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:10:57.0312 4604 sermouse - ok
15:10:57.0332 4604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:10:57.0332 4604 sffdisk - ok
15:10:57.0342 4604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:10:57.0342 4604 sffp_mmc - ok
15:10:57.0352 4604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:10:57.0352 4604 sffp_sd - ok
15:10:57.0362 4604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:10:57.0372 4604 sfloppy - ok
15:10:57.0392 4604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:10:57.0392 4604 SiSRaid2 - ok
15:10:57.0402 4604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:10:57.0402 4604 SiSRaid4 - ok
15:10:57.0412 4604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:10:57.0412 4604 Smb - ok
15:10:57.0432 4604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:10:57.0432 4604 spldr - ok
15:10:57.0472 4604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:10:57.0472 4604 srv - ok
15:10:57.0492 4604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:10:57.0502 4604 srv2 - ok
15:10:57.0512 4604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:10:57.0512 4604 srvnet - ok
15:10:57.0562 4604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:10:57.0572 4604 stexstor - ok
15:10:57.0602 4604 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:10:57.0602 4604 storflt - ok
15:10:57.0612 4604 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:10:57.0612 4604 storvsc - ok
15:10:57.0622 4604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:10:57.0622 4604 swenum - ok
15:10:57.0702 4604 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:10:57.0722 4604 Tcpip - ok
15:10:57.0772 4604 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:10:57.0782 4604 TCPIP6 - ok
15:10:57.0802 4604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:10:57.0802 4604 tcpipreg - ok
15:10:57.0822 4604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:10:57.0822 4604 TDPIPE - ok
15:10:57.0832 4604 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:10:57.0832 4604 TDTCP - ok
15:10:57.0852 4604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:10:57.0852 4604 tdx - ok
15:10:57.0862 4604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:10:57.0862 4604 TermDD - ok
15:10:57.0892 4604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:10:57.0892 4604 tssecsrv - ok
15:10:57.0942 4604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:10:57.0942 4604 TsUsbFlt - ok
15:10:57.0972 4604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:10:57.0982 4604 tunnel - ok
15:10:57.0992 4604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:10:57.0992 4604 uagp35 - ok
15:10:58.0012 4604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:10:58.0022 4604 udfs - ok
15:10:58.0042 4604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:10:58.0052 4604 uliagpkx - ok
15:10:58.0072 4604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:10:58.0072 4604 umbus - ok
15:10:58.0092 4604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:10:58.0092 4604 UmPass - ok
15:10:58.0132 4604 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:10:58.0132 4604 usbaudio - ok
15:10:58.0152 4604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:10:58.0152 4604 usbccgp - ok
15:10:58.0172 4604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:10:58.0182 4604 usbcir - ok
15:10:58.0192 4604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:10:58.0202 4604 usbehci - ok
15:10:58.0222 4604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:10:58.0222 4604 usbhub - ok
15:10:58.0232 4604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:10:58.0232 4604 usbohci - ok
15:10:58.0252 4604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:10:58.0252 4604 usbprint - ok
15:10:58.0272 4604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:10:58.0272 4604 USBSTOR - ok
15:10:58.0292 4604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:10:58.0292 4604 usbuhci - ok
15:10:58.0312 4604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:10:58.0312 4604 vdrvroot - ok
15:10:58.0322 4604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:10:58.0322 4604 vga - ok
15:10:58.0342 4604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:10:58.0342 4604 VgaSave - ok
15:10:58.0362 4604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:10:58.0372 4604 vhdmp - ok
15:10:58.0382 4604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:10:58.0382 4604 viaide - ok
15:10:58.0402 4604 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:10:58.0402 4604 vmbus - ok
15:10:58.0422 4604 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:10:58.0422 4604 VMBusHID - ok
15:10:58.0442 4604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:10:58.0442 4604 volmgr - ok
15:10:58.0472 4604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:10:58.0482 4604 volmgrx - ok
15:10:58.0492 4604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:10:58.0502 4604 volsnap - ok
15:10:58.0522 4604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:10:58.0522 4604 vsmraid - ok
15:10:58.0622 4604 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
15:10:58.0622 4604 VSPerfDrv100 - ok
15:10:58.0652 4604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:10:58.0652 4604 vwifibus - ok
15:10:58.0672 4604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:10:58.0672 4604 WacomPen - ok
15:10:58.0702 4604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:10:58.0702 4604 WANARP - ok
15:10:58.0702 4604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:10:58.0712 4604 Wanarpv6 - ok
15:10:58.0732 4604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:10:58.0742 4604 Wd - ok
15:10:58.0762 4604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:10:58.0772 4604 Wdf01000 - ok
15:10:58.0812 4604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:10:58.0812 4604 WfpLwf - ok
15:10:58.0822 4604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:10:58.0822 4604 WIMMount - ok
15:10:58.0862 4604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:10:58.0862 4604 WmiAcpi - ok
15:10:58.0882 4604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:10:58.0882 4604 ws2ifsl - ok
15:10:58.0912 4604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:10:58.0912 4604 WudfPf - ok
15:10:58.0932 4604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:10:58.0942 4604 WUDFRd - ok
15:10:58.0972 4604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:10:58.0992 4604 \Device\Harddisk1\DR1 - ok
15:10:59.0012 4604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:10:59.0012 4604 \Device\Harddisk0\DR0 - ok
15:10:59.0012 4604 Boot (0x1200) (55159cf6d87ef3db0029b91a9047699c) \Device\Harddisk1\DR1\Partition0
15:10:59.0012 4604 \Device\Harddisk1\DR1\Partition0 - ok
15:10:59.0022 4604 Boot (0x1200) (4acf785e787753bae9cf0498a58309fe) \Device\Harddisk0\DR0\Partition0
15:10:59.0022 4604 \Device\Harddisk0\DR0\Partition0 - ok
15:10:59.0022 4604 ============================================================
15:10:59.0022 4604 Scan finished
15:10:59.0022 4604 ============================================================
15:10:59.0032 5196 Detected object count: 0
15:10:59.0032 5196 Actual detected object count: 0
15:11:04.0182 5456 ============================================================
15:11:04.0182 5456 Scan started
15:11:04.0182 5456 Mode: Manual;
15:11:04.0182 5456 ============================================================
15:11:04.0442 5456 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:11:04.0442 5456 1394ohci - ok
15:11:04.0462 5456 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:11:04.0472 5456 ACPI - ok
15:11:04.0492 5456 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:11:04.0502 5456 AcpiPmi - ok
15:11:04.0532 5456 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:11:04.0542 5456 adp94xx - ok
15:11:04.0552 5456 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:11:04.0552 5456 adpahci - ok
15:11:04.0572 5456 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:11:04.0572 5456 adpu320 - ok
15:11:04.0622 5456 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:11:04.0632 5456 AFD - ok
15:11:04.0652 5456 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:11:04.0652 5456 agp440 - ok
15:11:04.0682 5456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:11:04.0682 5456 aliide - ok
15:11:04.0702 5456 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:11:04.0702 5456 amdide - ok
15:11:04.0722 5456 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:11:04.0722 5456 AmdK8 - ok
15:11:04.0912 5456 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
15:11:04.0952 5456 amdkmdag - ok
15:11:04.0972 5456 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
15:11:04.0972 5456 amdkmdap - ok
15:11:04.0982 5456 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:11:04.0982 5456 AmdPPM - ok
15:11:05.0002 5456 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:11:05.0002 5456 amdsata - ok
15:11:05.0012 5456 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:11:05.0012 5456 amdsbs - ok
15:11:05.0022 5456 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:11:05.0022 5456 amdxata - ok
15:11:05.0052 5456 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:11:05.0052 5456 AppID - ok
15:11:05.0072 5456 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:11:05.0072 5456 arc - ok
15:11:05.0082 5456 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:11:05.0082 5456 arcsas - ok
15:11:05.0102 5456 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:11:05.0102 5456 AsyncMac - ok
15:11:05.0112 5456 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:11:05.0112 5456 atapi - ok
15:11:05.0142 5456 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:11:05.0142 5456 b06bdrv - ok
15:11:05.0162 5456 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:11:05.0162 5456 b57nd60a - ok
15:11:05.0182 5456 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:11:05.0182 5456 Beep - ok
15:11:05.0202 5456 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:11:05.0202 5456 blbdrive - ok
15:11:05.0222 5456 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:11:05.0222 5456 bowser - ok
15:11:05.0232 5456 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:11:05.0232 5456 BrFiltLo - ok
15:11:05.0232 5456 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:11:05.0232 5456 BrFiltUp - ok
15:11:05.0242 5456 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:11:05.0242 5456 BridgeMP - ok
15:11:05.0252 5456 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:11:05.0252 5456 Brserid - ok
15:11:05.0262 5456 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:11:05.0262 5456 BrSerWdm - ok
15:11:05.0262 5456 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:11:05.0262 5456 BrUsbMdm - ok
15:11:05.0272 5456 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:11:05.0272 5456 BrUsbSer - ok
15:11:05.0292 5456 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:11:05.0292 5456 BTHMODEM - ok
15:11:05.0292 5456 catchme - ok
15:11:05.0312 5456 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:11:05.0312 5456 cdfs - ok
15:11:05.0322 5456 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:11:05.0322 5456 cdrom - ok
15:11:05.0332 5456 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:11:05.0332 5456 circlass - ok
15:11:05.0362 5456 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:11:05.0362 5456 CLFS - ok
15:11:05.0372 5456 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:05.0372 5456 CmBatt - ok
15:11:05.0392 5456 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:11:05.0392 5456 cmdide - ok
15:11:05.0412 5456 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:11:05.0412 5456 CNG - ok
15:11:05.0422 5456 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:11:05.0422 5456 Compbatt - ok
15:11:05.0432 5456 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:11:05.0432 5456 CompositeBus - ok
15:11:05.0442 5456 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:11:05.0452 5456 crcdisk - ok
15:11:05.0482 5456 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:11:05.0482 5456 CSC - ok
15:11:05.0512 5456 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:11:05.0512 5456 DfsC - ok
15:11:05.0512 5456 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:11:05.0512 5456 discache - ok
15:11:05.0532 5456 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:11:05.0532 5456 Disk - ok
15:11:05.0572 5456 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:11:05.0572 5456 drmkaud - ok
15:11:05.0592 5456 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:11:05.0602 5456 DXGKrnl - ok
15:11:05.0692 5456 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:11:05.0712 5456 ebdrv - ok
15:11:05.0752 5456 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:11:05.0752 5456 elxstor - ok
15:11:05.0762 5456 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:11:05.0762 5456 ErrDev - ok
15:11:05.0772 5456 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:11:05.0772 5456 exfat - ok
15:11:05.0802 5456 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:11:05.0802 5456 fastfat - ok
15:11:05.0812 5456 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:11:05.0812 5456 fdc - ok
15:11:05.0822 5456 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:11:05.0822 5456 FileInfo - ok
15:11:05.0832 5456 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:11:05.0832 5456 Filetrace - ok
15:11:05.0842 5456 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:05.0842 5456 flpydisk - ok
15:11:05.0872 5456 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:11:05.0872 5456 FltMgr - ok
15:11:05.0882 5456 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:11:05.0882 5456 FsDepends - ok
15:11:05.0912 5456 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
15:11:05.0912 5456 fssfltr - ok
15:11:05.0942 5456 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:11:05.0942 5456 Fs_Rec - ok
15:11:05.0972 5456 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:11:05.0972 5456 fvevol - ok
15:11:05.0982 5456 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:11:05.0992 5456 gagp30kx - ok
15:11:06.0012 5456 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:11:06.0012 5456 hcw85cir - ok
15:11:06.0032 5456 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:11:06.0032 5456 HdAudAddService - ok
15:11:06.0052 5456 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:11:06.0052 5456 HDAudBus - ok
15:11:06.0062 5456 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:11:06.0062 5456 HidBatt - ok
15:11:06.0072 5456 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:11:06.0072 5456 HidBth - ok
15:11:06.0072 5456 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:11:06.0082 5456 HidIr - ok
15:11:06.0092 5456 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:11:06.0092 5456 HidUsb - ok
15:11:06.0112 5456 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:11:06.0112 5456 HpSAMD - ok
15:11:06.0142 5456 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:11:06.0142 5456 HTTP - ok
15:11:06.0162 5456 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:11:06.0162 5456 hwpolicy - ok
15:11:06.0172 5456 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:11:06.0172 5456 i8042prt - ok
15:11:06.0192 5456 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:11:06.0192 5456 iaStorV - ok
15:11:06.0212 5456 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:11:06.0212 5456 iirsp - ok
15:11:06.0222 5456 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:11:06.0222 5456 intelide - ok
15:11:06.0232 5456 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:11:06.0232 5456 intelppm - ok
15:11:06.0252 5456 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:06.0252 5456 IpFilterDriver - ok
15:11:06.0262 5456 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:11:06.0262 5456 IPMIDRV - ok
15:11:06.0272 5456 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:11:06.0272 5456 IPNAT - ok
15:11:06.0292 5456 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:11:06.0292 5456 IRENUM - ok
15:11:06.0302 5456 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:11:06.0302 5456 isapnp - ok
15:11:06.0322 5456 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:11:06.0322 5456 iScsiPrt - ok
15:11:06.0342 5456 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:06.0342 5456 kbdclass - ok
15:11:06.0352 5456 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:06.0352 5456 kbdhid - ok
15:11:06.0362 5456 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:11:06.0362 5456 KSecDD - ok
15:11:06.0382 5456 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:11:06.0382 5456 KSecPkg - ok
15:11:06.0402 5456 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:11:06.0402 5456 ksthunk - ok
15:11:06.0422 5456 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:11:06.0422 5456 lltdio - ok
15:11:06.0442 5456 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:11:06.0442 5456 LSI_FC - ok
15:11:06.0452 5456 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:11:06.0452 5456 LSI_SAS - ok
15:11:06.0462 5456 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:11:06.0462 5456 LSI_SAS2 - ok
15:11:06.0472 5456 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:11:06.0472 5456 LSI_SCSI - ok
15:11:06.0492 5456 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:11:06.0492 5456 luafv - ok
15:11:06.0502 5456 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:11:06.0502 5456 MBAMProtector - ok
15:11:06.0512 5456 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:11:06.0522 5456 megasas - ok
15:11:06.0532 5456 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:11:06.0532 5456 MegaSR - ok
15:11:06.0552 5456 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:11:06.0552 5456 Modem - ok
15:11:06.0572 5456 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:11:06.0572 5456 monitor - ok
15:11:06.0582 5456 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:11:06.0582 5456 mouclass - ok
15:11:06.0592 5456 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:11:06.0592 5456 mouhid - ok
15:11:06.0612 5456 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:11:06.0612 5456 mountmgr - ok
15:11:06.0632 5456 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:11:06.0632 5456 MpFilter - ok
15:11:06.0662 5456 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:11:06.0662 5456 mpio - ok
15:11:06.0682 5456 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:11:06.0692 5456 MpNWMon - ok
15:11:06.0702 5456 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:11:06.0702 5456 mpsdrv - ok
15:11:06.0722 5456 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:11:06.0722 5456 MRxDAV - ok
15:11:06.0752 5456 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:11:06.0752 5456 mrxsmb - ok
15:11:06.0772 5456 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:11:06.0772 5456 mrxsmb10 - ok
15:11:06.0802 5456 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:11:06.0802 5456 mrxsmb20 - ok
15:11:06.0812 5456 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:11:06.0812 5456 msahci - ok
15:11:06.0822 5456 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:11:06.0822 5456 msdsm - ok
15:11:06.0842 5456 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:11:06.0842 5456 Msfs - ok
15:11:06.0862 5456 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:11:06.0862 5456 mshidkmdf - ok
15:11:06.0872 5456 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:11:06.0882 5456 msisadrv - ok
15:11:06.0892 5456 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:11:06.0892 5456 MSKSSRV - ok
15:11:06.0912 5456 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:11:06.0912 5456 MSPCLOCK - ok
15:11:06.0922 5456 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:11:06.0922 5456 MSPQM - ok
15:11:06.0952 5456 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:11:06.0952 5456 MsRPC - ok
15:11:06.0972 5456 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:11:06.0972 5456 mssmbios - ok
15:11:06.0982 5456 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:11:06.0982 5456 MSTEE - ok
15:11:07.0002 5456 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:11:07.0002 5456 MTConfig - ok
15:11:07.0022 5456 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:11:07.0022 5456 Mup - ok
15:11:07.0032 5456 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:11:07.0042 5456 NativeWifiP - ok
15:11:07.0072 5456 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:11:07.0072 5456 NDIS - ok
15:11:07.0092 5456 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:11:07.0092 5456 NdisCap - ok
15:11:07.0102 5456 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:11:07.0112 5456 NdisTapi - ok
15:11:07.0132 5456 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:11:07.0132 5456 Ndisuio - ok
15:11:07.0142 5456 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:11:07.0152 5456 NdisWan - ok
15:11:07.0172 5456 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:11:07.0172 5456 NDProxy - ok
15:11:07.0182 5456 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:11:07.0182 5456 NetBIOS - ok
15:11:07.0192 5456 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:11:07.0202 5456 NetBT - ok
15:11:07.0232 5456 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:11:07.0232 5456 nfrd960 - ok
15:11:07.0252 5456 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:11:07.0252 5456 NisDrv - ok
15:11:07.0282 5456 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:11:07.0282 5456 Npfs - ok
15:11:07.0292 5456 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:11:07.0302 5456 nsiproxy - ok
15:11:07.0352 5456 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:11:07.0362 5456 Ntfs - ok
15:11:07.0372 5456 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:11:07.0372 5456 Null - ok
15:11:07.0402 5456 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:11:07.0402 5456 nvraid - ok
15:11:07.0422 5456 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:11:07.0422 5456 nvstor - ok
15:11:07.0442 5456 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:11:07.0442 5456 nv_agp - ok
15:11:07.0462 5456 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:11:07.0462 5456 ohci1394 - ok
15:11:07.0482 5456 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:11:07.0482 5456 Parport - ok
15:11:07.0492 5456 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:11:07.0502 5456 partmgr - ok
15:11:07.0512 5456 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:11:07.0512 5456 pci - ok
15:11:07.0522 5456 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:11:07.0532 5456 pciide - ok
15:11:07.0542 5456 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:11:07.0552 5456 pcmcia - ok
15:11:07.0562 5456 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:11:07.0562 5456 pcw - ok
15:11:07.0582 5456 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:11:07.0592 5456 PEAUTH - ok
15:11:07.0632 5456 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:11:07.0632 5456 PptpMiniport - ok
15:11:07.0642 5456 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:11:07.0642 5456 Processor - ok
15:11:07.0662 5456 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:11:07.0662 5456 Psched - ok
15:11:07.0702 5456 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:11:07.0712 5456 ql2300 - ok
15:11:07.0722 5456 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:11:07.0722 5456 ql40xx - ok
15:11:07.0742 5456 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:11:07.0742 5456 QWAVEdrv - ok
15:11:07.0752 5456 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:11:07.0752 5456 RasAcd - ok
15:11:07.0782 5456 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:11:07.0782 5456 RasAgileVpn - ok
15:11:07.0792 5456 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:11:07.0792 5456 Rasl2tp - ok
15:11:07.0812 5456 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:11:07.0812 5456 RasPppoe - ok
15:11:07.0822 5456 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:11:07.0822 5456 RasSstp - ok
15:11:07.0852 5456 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:11:07.0852 5456 rdbss - ok
15:11:07.0862 5456 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:11:07.0862 5456 rdpbus - ok
15:11:07.0882 5456 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:11:07.0882 5456 RDPCDD - ok
15:11:07.0912 5456 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:11:07.0912 5456 RDPDR - ok
15:11:07.0932 5456 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:11:07.0932 5456 RDPENCDD - ok
15:11:07.0942 5456 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:11:07.0942 5456 RDPREFMP - ok
15:11:07.0962 5456 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:11:07.0962 5456 RDPWD - ok
15:11:08.0002 5456 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:11:08.0002 5456 rdyboost - ok
15:11:08.0042 5456 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
15:11:08.0042 5456 RsFx0103 - ok
15:11:08.0062 5456 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:11:08.0062 5456 rspndr - ok
15:11:08.0082 5456 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:11:08.0092 5456 RTL8167 - ok
15:11:08.0102 5456 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:11:08.0102 5456 s3cap - ok
15:11:08.0142 5456 SaiK0CCB (37fe3f97ac8ecab53df56bf275f8d2d5) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
15:11:08.0142 5456 SaiK0CCB - ok
15:11:08.0152 5456 SaiMini (356dc2b0f2b413c6ad2c191ecf2734be) C:\Windows\system32\DRIVERS\SaiMini.sys
15:11:08.0162 5456 SaiMini - ok
15:11:08.0172 5456 SaiNtBus (e47b4067f2c489fbe4c2ae29ef96054e) C:\Windows\system32\drivers\SaiBus.sys
15:11:08.0172 5456 SaiNtBus - ok
15:11:08.0192 5456 SaiU0CCB (950dca50af39563d96eec57ac614366c) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
15:11:08.0192 5456 SaiU0CCB - ok
15:11:08.0202 5456 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:11:08.0202 5456 sbp2port - ok
15:11:08.0232 5456 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:11:08.0232 5456 scfilter - ok
15:11:08.0252 5456 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:11:08.0252 5456 secdrv - ok
15:11:08.0272 5456 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:11:08.0272 5456 Serenum - ok
15:11:08.0292 5456 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:11:08.0292 5456 Serial - ok
15:11:08.0312 5456 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:11:08.0312 5456 sermouse - ok
15:11:08.0332 5456 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:11:08.0332 5456 sffdisk - ok
15:11:08.0342 5456 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:11:08.0342 5456 sffp_mmc - ok
15:11:08.0352 5456 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:11:08.0352 5456 sffp_sd - ok
15:11:08.0372 5456 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:11:08.0372 5456 sfloppy - ok
15:11:08.0392 5456 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:11:08.0392 5456 SiSRaid2 - ok
15:11:08.0402 5456 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:11:08.0402 5456 SiSRaid4 - ok
15:11:08.0412 5456 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:11:08.0412 5456 Smb - ok
15:11:08.0432 5456 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:11:08.0432 5456 spldr - ok
15:11:08.0482 5456 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:11:08.0482 5456 srv - ok
15:11:08.0502 5456 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:11:08.0512 5456 srv2 - ok
15:11:08.0522 5456 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:11:08.0522 5456 srvnet - ok
15:11:08.0542 5456 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:11:08.0542 5456 stexstor - ok
15:11:08.0552 5456 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:11:08.0562 5456 storflt - ok
15:11:08.0572 5456 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:11:08.0572 5456 storvsc - ok
15:11:08.0582 5456 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:11:08.0582 5456 swenum - ok
15:11:08.0642 5456 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:11:08.0652 5456 Tcpip - ok
15:11:08.0692 5456 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:11:08.0702 5456 TCPIP6 - ok
15:11:08.0722 5456 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:11:08.0722 5456 tcpipreg - ok
15:11:08.0742 5456 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:11:08.0742 5456 TDPIPE - ok
15:11:08.0742 5456 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:11:08.0742 5456 TDTCP - ok
15:11:08.0762 5456 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:11:08.0762 5456 tdx - ok
15:11:08.0772 5456 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:11:08.0772 5456 TermDD - ok
15:11:08.0802 5456 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:11:08.0802 5456 tssecsrv - ok
15:11:08.0822 5456 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:11:08.0822 5456 TsUsbFlt - ok
15:11:08.0842 5456 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:11:08.0842 5456 tunnel - ok
15:11:08.0852 5456 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:11:08.0852 5456 uagp35 - ok
15:11:08.0872 5456 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:11:08.0882 5456 udfs - ok
15:11:08.0902 5456 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:11:08.0902 5456 uliagpkx - ok
15:11:08.0912 5456 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:11:08.0912 5456 umbus - ok
15:11:08.0932 5456 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:11:08.0932 5456 UmPass - ok
15:11:08.0972 5456 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:11:08.0972 5456 usbaudio - ok
15:11:08.0992 5456 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:11:08.0992 5456 usbccgp - ok
15:11:09.0012 5456 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:11:09.0012 5456 usbcir - ok
15:11:09.0032 5456 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:11:09.0032 5456 usbehci - ok
15:11:09.0052 5456 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:11:09.0052 5456 usbhub - ok
15:11:09.0072 5456 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:11:09.0072 5456 usbohci - ok
15:11:09.0082 5456 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:11:09.0082 5456 usbprint - ok
15:11:09.0102 5456 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:11:09.0102 5456 USBSTOR - ok
15:11:09.0122 5456 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:11:09.0122 5456 usbuhci - ok
15:11:09.0142 5456 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:11:09.0152 5456 vdrvroot - ok
15:11:09.0152 5456 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:11:09.0162 5456 vga - ok
15:11:09.0172 5456 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:11:09.0172 5456 VgaSave - ok
15:11:09.0202 5456 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:11:09.0202 5456 vhdmp - ok
15:11:09.0232 5456 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:11:09.0232 5456 viaide - ok
15:11:09.0242 5456 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:11:09.0242 5456 vmbus - ok
15:11:09.0262 5456 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:11:09.0262 5456 VMBusHID - ok
15:11:09.0282 5456 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:11:09.0282 5456 volmgr - ok
15:11:09.0312 5456 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:11:09.0312 5456 volmgrx - ok
15:11:09.0332 5456 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:11:09.0332 5456 volsnap - ok
15:11:09.0352 5456 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:11:09.0352 5456 vsmraid - ok
15:11:09.0432 5456 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
15:11:09.0432 5456 VSPerfDrv100 - ok
15:11:09.0462 5456 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:11:09.0462 5456 vwifibus - ok
15:11:09.0482 5456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:11:09.0482 5456 WacomPen - ok
15:11:09.0492 5456 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:11:09.0492 5456 WANARP - ok
15:11:09.0502 5456 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:11:09.0502 5456 Wanarpv6 - ok
15:11:09.0522 5456 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:11:09.0522 5456 Wd - ok
15:11:09.0552 5456 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:11:09.0552 5456 Wdf01000 - ok
15:11:09.0572 5456 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:11:09.0572 5456 WfpLwf - ok
15:11:09.0582 5456 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:11:09.0582 5456 WIMMount - ok
15:11:09.0622 5456 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:11:09.0622 5456 WmiAcpi - ok
15:11:09.0642 5456 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:11:09.0642 5456 ws2ifsl - ok
15:11:09.0672 5456 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:11:09.0672 5456 WudfPf - ok
15:11:09.0682 5456 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:11:09.0682 5456 WUDFRd - ok
15:11:09.0712 5456 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:11:09.0722 5456 \Device\Harddisk1\DR1 - ok
15:11:09.0722 5456 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:11:09.0732 5456 \Device\Harddisk0\DR0 - ok
15:11:09.0732 5456 Boot (0x1200) (55159cf6d87ef3db0029b91a9047699c) \Device\Harddisk1\DR1\Partition0
15:11:09.0732 5456 \Device\Harddisk1\DR1\Partition0 - ok
15:11:09.0742 5456 Boot (0x1200) (4acf785e787753bae9cf0498a58309fe) \Device\Harddisk0\DR0\Partition0
15:11:09.0742 5456 \Device\Harddisk0\DR0\Partition0 - ok
15:11:09.0742 5456 ============================================================
15:11:09.0742 5456 Scan finished
15:11:09.0742 5456 ============================================================
15:11:09.0742 6008 Detected object count: 0
15:11:09.0742 6008 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:41 PM

Posted 26 February 2012 - 03:29 PM

Hello Zashin


Can you send me the aswMBR report


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 26 February 2012 - 03:47 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 15:17:50
-----------------------------
15:17:50.226 OS Version: Windows x64 6.1.7601 Service Pack 1
15:17:50.226 Number of processors: 4 586 0x402
15:17:50.226 ComputerName: BIGMAN-PC UserName: Bigman
15:17:52.746 Initialize success
15:20:54.636 AVAST engine defs: 12022603
15:25:14.877 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
15:25:14.877 Disk 0 Vendor: WDC_WD7501AALS-00E8B0 05.00K05 Size: 715404MB BusType: 11
15:25:14.887 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
15:25:14.887 Disk 1 Vendor: WDC_WD7501AALS-00E8B0 05.00K05 Size: 715404MB BusType: 11
15:25:14.907 Disk 0 MBR read successfully
15:25:14.907 Disk 0 MBR scan
15:25:14.977 Disk 0 Windows 7 default MBR code
15:25:14.977 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 715402 MB offset 2048
15:25:15.037 Disk 0 scanning C:\Windows\system32\drivers
15:25:22.557 Service scanning
15:25:46.598 Modules scanning
15:25:46.608 Disk 0 trace - called modules:
15:25:46.628 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:25:46.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af5060]
15:25:46.968 3 CLASSPNP.SYS[fffff8800196243f] -> nt!IofCallDriver -> [0xfffffa8006b084d0]
15:25:46.978 5 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0xfffffa800782f1f0]
15:25:49.788 AVAST engine scan C:\Windows
15:25:54.288 AVAST engine scan C:\Windows\system32
15:30:24.985 AVAST engine scan C:\Windows\system32\drivers
15:30:36.195 AVAST engine scan C:\Users\Bigman
15:37:30.243 AVAST engine scan C:\ProgramData
15:38:02.183 Scan finished successfully
15:46:18.872 Disk 0 MBR has been saved successfully to "C:\Users\Bigman\Documents\MBR.dat"
15:46:18.872 The log file has been saved successfully to "C:\Users\Bigman\Documents\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:41 PM

Posted 26 February 2012 - 04:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 26 February 2012 - 05:31 PM

just after it made log it started up with the whole Illegal operation attempted on a registery key that has been marked for deletion.


ComboFix 12-02-25.02 - Bigman 02/26/2012 17:16:21.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8189.6642 [GMT -5:00]
Running from: c:\users\Bigman\Downloads\ComboFix.exe
Command switches used :: c:\users\Bigman\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 22:22 . 2012-02-26 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 22:22 . 2012-02-26 22:22 -------- d-----w- c:\users\Bigman\AppData\Local\Diagnostics
2012-02-26 06:52 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{017A132A-834C-4B36-9388-A1518B2C1FE1}\mpengine.dll
2012-02-24 06:04 . 2012-02-24 06:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-24 06:04 . 2012-02-24 06:06 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 15:52 . 2012-02-23 15:52 -------- d-----w- C:\Riot Games
2012-02-20 21:42 . 2012-02-20 21:42 -------- d-----w- c:\users\Bigman\AppData\Local\SCE
2012-02-16 06:06 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 06:06 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 06:06 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 06:06 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 06:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 06:06 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 06:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 06:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 00:21 . 2012-02-14 00:21 -------- d-----w- c:\users\Bigman\AppData\Roaming\Microsoft Corporation
2012-02-10 21:58 . 2011-12-31 20:42 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 21:58 . 2012-02-10 21:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFA43618-FB0C-453E-BF42-1A960AC2B941}\gapaengine.dll
2012-02-07 08:19 . 2012-02-07 08:19 -------- d-----w- c:\users\Bigman\AppData\Roaming\Malwarebytes
2012-02-07 08:19 . 2012-02-07 08:19 -------- d-----w- c:\programdata\Malwarebytes
2012-02-07 08:19 . 2012-02-07 08:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-07 08:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 23:52 . 2012-02-05 23:52 -------- d-----w- c:\programdata\RoboForm
2012-02-05 23:52 . 2012-02-05 23:52 -------- d-----w- c:\users\Bigman\AppData\Roaming\Trillian
2012-02-05 23:51 . 2012-02-05 23:52 -------- d-----w- c:\program files (x86)\Trillian
2012-02-05 19:07 . 2012-02-05 19:07 -------- d-----w- c:\users\Bigman\AppData\Roaming\StepMania 5
2012-02-05 19:07 . 2012-02-05 19:07 -------- d-----w- C:\Springtime
2012-02-05 19:07 . 2012-02-05 19:07 -------- d-----w- c:\program files (x86)\StepMania
2012-02-05 19:00 . 2012-02-05 19:00 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-02-04 02:31 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:31 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:30 . 2012-02-04 02:30 -------- d-----w- c:\windows\system32\RsFx
2012-02-04 02:30 . 2012-02-04 02:30 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-02-04 02:29 . 2012-02-04 02:29 -------- d-----w- c:\program files\Microsoft.NET
2012-02-04 02:26 . 2012-02-04 02:30 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-04 02:26 . 2012-02-04 02:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-02-04 02:26 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-02-04 02:26 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-04 02:26 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-04 02:25 . 2012-02-04 02:25 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-04 02:25 . 2012-02-04 02:25 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-02-04 02:23 . 2012-02-04 02:23 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-02-04 02:23 . 2012-02-04 02:23 -------- d-----w- c:\program files\IIS
2012-02-04 02:23 . 2012-02-04 02:23 -------- d-----w- c:\program files (x86)\IIS
2012-02-04 02:22 . 2012-02-05 08:15 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-04 02:18 . 2012-02-04 02:30 -------- d-----w- c:\windows\SysWow64\1033
2012-02-04 02:18 . 2012-02-05 08:09 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-02-04 02:18 . 2012-02-04 02:25 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-02-04 02:18 . 2012-02-04 02:20 -------- d-----w- c:\program files (x86)\Microsoft F#
2012-02-04 02:18 . 2012-02-04 02:19 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-02-04 02:16 . 2012-02-04 02:16 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-02-04 02:16 . 2012-02-04 02:30 -------- d-----w- c:\windows\system32\1033
2012-02-04 02:16 . 2012-02-04 02:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-02-04 02:16 . 2012-02-04 02:26 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-02-04 02:16 . 2012-02-04 02:16 -------- d-----w- c:\windows\symbols
2012-02-04 02:16 . 2012-02-04 02:16 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-02 21:05 . 2012-02-02 21:05 -------- d-----w- c:\windows\system32\appmgmt
2012-02-02 21:01 . 2012-02-02 21:01 -------- d-----w- c:\users\Bigman\AppData\Roaming\e-academy Inc
2012-02-02 21:01 . 2012-02-02 21:01 -------- d-----w- c:\users\Bigman\AppData\Local\e-academy Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2012-01-01 16:19 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-12-31 19:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 02:06 . 2012-01-10 02:06 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-01-10 01:43 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-03 17:39 . 2012-01-03 17:39 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2011-12-31 22:11 . 2011-12-31 22:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-31 20:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-31 20:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-31 19:18 . 2011-12-31 19:18 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-31 19:18 . 2011-12-31 19:18 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-31 19:18 . 2011-12-31 19:18 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-31 19:18 . 2011-12-31 19:18 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-31 19:18 . 2011-12-31 19:18 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-31 19:18 . 2011-12-31 19:18 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-31 19:18 . 2011-12-31 19:18 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-31 19:18 . 2011-12-31 19:18 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-31 19:18 . 2011-12-31 19:18 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-31 19:18 . 2011-12-31 19:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-31 19:18 . 2011-12-31 19:18 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-31 19:18 . 2011-12-31 19:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-31 19:18 . 2011-12-31 19:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-31 19:18 . 2011-12-31 19:18 448512 ----a-w- c:\windows\system32\html.iec
2011-12-31 19:18 . 2011-12-31 19:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-31 19:18 . 2011-12-31 19:18 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-31 19:18 . 2011-12-31 19:18 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-31 19:18 . 2011-12-31 19:18 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-31 19:18 . 2011-12-31 19:18 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-31 19:18 . 2011-12-31 19:18 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-31 19:18 . 2011-12-31 19:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-31 19:18 . 2011-12-31 19:18 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-31 19:18 . 2011-12-31 19:18 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-31 19:18 . 2011-12-31 19:18 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-31 19:18 . 2011-12-31 19:18 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-31 19:18 . 2011-12-31 19:18 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-31 19:18 . 2011-12-31 19:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-31 19:18 . 2011-12-31 19:18 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-31 19:18 . 2011-12-31 19:18 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-31 19:18 . 2011-12-31 19:18 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-31 19:18 . 2011-12-31 19:18 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-31 19:18 . 2011-12-31 19:18 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-31 19:18 . 2011-12-31 19:18 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-31 19:18 . 2011-12-31 19:18 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-30 07:21 . 2011-12-31 19:01 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B4BA64F-46D8-466F-9584-00E3B65DD44A}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-26_15.57.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-26 15:57 . 2012-02-26 15:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022620120227\index.dat
+ 2012-02-26 22:24 . 2012-02-26 22:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022620120227\index.dat
+ 2012-01-31 19:44 . 2012-02-26 22:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-01-31 19:44 . 2012-02-26 15:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-31 19:30 . 2012-02-26 22:15 26586 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-26 22:15 27530 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-31 21:28 . 2012-02-25 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-31 21:28 . 2012-02-26 21:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-31 21:28 . 2012-02-26 21:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-31 21:28 . 2012-02-25 16:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-26 21:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-25 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-12 08:16 . 2012-02-26 22:23 3456 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-31 18:44 . 2012-02-26 22:15 7206 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1369465228-991504099-720452141-1001_UserData.bin
+ 2012-02-26 22:23 . 2012-02-26 22:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-26 15:57 . 2012-02-26 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-26 15:57 . 2012-02-26 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-26 22:23 . 2012-02-26 22:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-26 22:24 . 2012-02-26 22:24 372736 c:\windows\temp\mrt4A77.tmp\stdrt.exe
+ 2012-02-26 22:24 . 2012-02-26 22:24 307200 c:\windows\temp\mrt4A77.tmp\mmfs2.dll
+ 2012-02-16 21:12 . 2012-02-26 19:37 380389 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\MMFApplications\msdc1.dll
+ 2012-01-31 19:44 . 2012-02-26 22:24 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-01-31 19:44 . 2012-02-26 15:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-26 15:57 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-26 22:24 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-26 22:24 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-26 15:57 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-02-24 06:53 727534 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-26 22:19 727534 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-26 22:19 146452 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-24 06:53 146452 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-26 22:23 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-26 15:56 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-12 08:16 . 2012-02-26 22:12 734688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-01-12 08:16 . 2012-02-26 15:56 734688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-02-26 15:57 1818624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-26 22:24 1818624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-01 20:13 . 2012-02-26 15:56 2340868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-8192.dat
+ 2012-01-01 20:13 . 2012-02-26 22:23 2340868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-8192.dat
+ 2012-01-01 20:13 . 2012-02-26 22:12 3149696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-12288.dat
+ 2012-01-01 20:13 . 2012-02-26 22:23 25874072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-4096.dat
- 2012-01-01 20:13 . 2012-02-26 15:56 25874072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-07 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-12-31 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-01-03 689492]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DDA57003-0068-4ED2-9D32-4D1EC707D94D}"=hex:51,66,7a,6c,4c,1d,38,12,6d,73,b6,
d9,5a,4e,bc,0b,e2,24,0e,5e,c2,59,9d,59
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11,
5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s your father's last wish.]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s your father's last wish.\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1369465228-991504099-720452141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*s your father's last wish.]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,42,69,67,6d,61,6e,5c,44,65,73,6b,74,6f,70,
5c,4e,65,77,20,66,6f,6c,64,65,72,5c,61,6e,67,65,6c,5c,4d,6f,6f,6e,6c,69,67,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\02\03\07$4?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\TEMP\mrt4A77.tmp\stdrt.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-02-26 17:29:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 22:29
ComboFix2.txt 2012-02-26 16:02
.
Pre-Run: 508,816,535,552 bytes free
Post-Run: 509,055,430,656 bytes free
.
- - End Of File - - 7A8DF868D872C3130CF27E8167CFB76C

#11 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 26 February 2012 - 05:32 PM

also my malwarebytes has been blocking c:\windows\TEMP\mrt4A77.tmp\stdrt.exe from going to internet. Dont know what that is.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:41 PM

Posted 26 February 2012 - 09:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 26 February 2012 - 09:07 PM

i already did that...... and posted them i did.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:41 PM

Posted 26 February 2012 - 09:18 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\TEMP\mrt4A77.tmp

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Zashin

Zashin
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 27 February 2012 - 01:34 PM

ComboFix 12-02-25.02 - Bigman 02/27/2012 13:09:43.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8189.6826 [GMT -5:00]
Running from: C:\Users\Bigman\Downloads\ComboFix.exe
Command switches used :: C:\Users\Bigman\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\TEMP\mrt4A77.tmp"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\TEMP\mrt4F09.tmp\aviflt.ift
C:\Windows\TEMP\mrt4F09.tmp\bmpflt.ift
C:\Windows\TEMP\mrt4F09.tmp\Download.mfx
C:\Windows\TEMP\mrt4F09.tmp\fliflt.ift
C:\Windows\TEMP\mrt4F09.tmp\Get.mfx
C:\Windows\TEMP\mrt4F09.tmp\gifflt.ift
C:\Windows\TEMP\mrt4F09.tmp\jpgflt.ift
C:\Windows\TEMP\mrt4F09.tmp\kcfile.mfx
C:\Windows\TEMP\mrt4F09.tmp\kcini.mfx
C:\Windows\TEMP\mrt4F09.tmp\kclist.mfx
C:\Windows\TEMP\mrt4F09.tmp\KcWebX.mfx
C:\Windows\TEMP\mrt4F09.tmp\mmfs2.dll
C:\Windows\TEMP\mrt4F09.tmp\pcxflt.ift
C:\Windows\TEMP\mrt4F09.tmp\pngflt.ift
C:\Windows\TEMP\mrt4F09.tmp\Registry2.mfx
C:\Windows\TEMP\mrt4F09.tmp\stdrt.exe
C:\Windows\TEMP\mrt4F09.tmp\tgaflt.ift
C:\Windows\TEMP\mrt4F09.tmp\volume.mfx


((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))


2012-02-27 18:16:18 . 2012-02-27 18:16:18 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-02-27 08:29:41 . 2012-02-08 07:13:59 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4A16DAC-0152-4EA2-8D67-7DB2E0E34A30}\mpengine.dll
2012-02-26 22:22:05 . 2012-02-26 22:22:05 -------- d-----w- C:\Users\Bigman\AppData\Local\Diagnostics
2012-02-24 06:04:55 . 2012-02-24 06:22:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-24 06:04:55 . 2012-02-24 06:06:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-23 15:52:56 . 2012-02-23 15:52:56 -------- d-----w- C:\Riot Games
2012-02-20 21:42:44 . 2012-02-20 21:42:44 -------- d-----w- C:\Users\Bigman\AppData\Local\SCE
2012-02-16 06:06:18 . 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\system32\ntshrui.dll
2012-02-16 06:06:18 . 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 06:06:14 . 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\system32\timedate.cpl
2012-02-16 06:06:14 . 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 06:06:13 . 2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-02-16 06:06:12 . 2011-12-28 03:59:24 498688 ----a-w- C:\Windows\system32\drivers\afd.sys
2012-02-16 06:06:10 . 2011-12-16 08:46:06 634880 ----a-w- C:\Windows\system32\msvcrt.dll
2012-02-16 06:06:10 . 2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 00:21:33 . 2012-02-14 00:21:33 -------- d-----w- C:\Users\Bigman\AppData\Roaming\Microsoft Corporation
2012-02-10 21:58:52 . 2011-12-31 20:42:55 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 21:58:41 . 2012-02-10 21:58:27 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFA43618-FB0C-453E-BF42-1A960AC2B941}\gapaengine.dll
2012-02-07 08:19:12 . 2012-02-07 08:19:12 -------- d-----w- C:\Users\Bigman\AppData\Roaming\Malwarebytes
2012-02-07 08:19:07 . 2012-02-07 08:19:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-07 08:19:06 . 2012-02-07 08:19:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-07 08:19:06 . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-02-05 23:52:46 . 2012-02-05 23:52:46 -------- d-----w- C:\ProgramData\RoboForm
2012-02-05 23:52:04 . 2012-02-05 23:52:45 -------- d-----w- C:\Users\Bigman\AppData\Roaming\Trillian
2012-02-05 23:51:44 . 2012-02-05 23:52:04 -------- d-----w- C:\Program Files (x86)\Trillian
2012-02-05 19:07:35 . 2012-02-05 19:07:35 -------- d-----w- C:\Users\Bigman\AppData\Roaming\StepMania 5
2012-02-05 19:07:13 . 2012-02-05 19:07:13 -------- d-----w- C:\Springtime
2012-02-05 19:07:10 . 2012-02-05 19:07:20 -------- d-----w- C:\Program Files (x86)\StepMania
2012-02-05 19:00:05 . 2012-02-05 19:00:05 -------- d-----w- C:\ProgramData\Microsoft Visual Studio
2012-02-04 02:31:16 . 2009-07-22 08:17:36 78872 ----a-w- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31:16 . 2009-07-22 08:17:36 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-04 02:31:07 . 2009-07-22 08:17:36 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:31:07 . 2009-07-22 08:17:36 111640 ----a-w- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-04 02:30:36 . 2012-02-04 02:30:36 -------- d-----w- C:\Windows\system32\RsFx
2012-02-04 02:30:08 . 2012-02-04 02:30:08 -------- d-----w- C:\Program Files\Microsoft Visual Studio 9.0
2012-02-04 02:29:51 . 2012-02-04 02:29:51 -------- d-----w- C:\Program Files\Microsoft.NET
2012-02-04 02:26:56 . 2012-02-04 02:30:41 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-02-04 02:26:41 . 2012-02-04 02:30:06 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-02-04 02:26:15 . 2012-02-04 02:26:15 -------- d-----w- C:\Program Files\Microsoft Sync Framework
2012-02-04 02:26:05 . 2012-02-04 02:26:05 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-02-04 02:26:05 . 2012-02-04 02:26:05 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-02-04 02:25:54 . 2012-02-04 02:25:54 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-02-04 02:25:21 . 2012-02-04 02:25:21 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-02-04 02:23:12 . 2012-02-04 02:23:12 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-02-04 02:23:08 . 2012-02-04 02:23:08 -------- d-----w- C:\Program Files\IIS
2012-02-04 02:23:07 . 2012-02-04 02:23:07 -------- d-----w- C:\Program Files (x86)\IIS
2012-02-04 02:22:33 . 2012-02-05 08:15:04 2478272 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-04 02:18:35 . 2012-02-04 02:30:00 -------- d-----w- C:\Windows\SysWow64\1033
2012-02-04 02:18:14 . 2012-02-05 08:09:50 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-02-04 02:18:14 . 2012-02-04 02:25:21 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-02-04 02:18:14 . 2012-02-04 02:20:25 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2012-02-04 02:18:14 . 2012-02-04 02:19:14 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-02-04 02:16:54 . 2012-02-04 02:16:55 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2012-02-04 02:16:44 . 2012-02-04 02:30:00 -------- d-----w- C:\Windows\system32\1033
2012-02-04 02:16:44 . 2012-02-04 02:26:38 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-02-04 02:16:44 . 2012-02-04 02:26:24 -------- d-----w- C:\Program Files (x86)\Microsoft SDKs
2012-02-04 02:16:44 . 2012-02-04 02:16:44 -------- d-----w- C:\Windows\symbols
2012-02-04 02:16:44 . 2012-02-04 02:16:44 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-02-02 21:05:39 . 2012-02-02 21:05:39 -------- d-----w- C:\Windows\system32\appmgmt
2012-02-02 21:01:08 . 2012-02-02 21:01:08 -------- d-----w- C:\Users\Bigman\AppData\Roaming\e-academy Inc
2012-02-02 21:01:08 . 2012-02-02 21:01:08 -------- d-----w- C:\Users\Bigman\AppData\Local\e-academy Inc
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-08 07:13:59 . 2012-01-01 16:19:33 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44:20 . 2011-12-31 19:05:45 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-01-10 02:06:59 . 2012-01-10 02:06:59 384 ----a-w- C:\Windows\SysWow64\checkOS.bat
2012-01-10 01:43:36 . 2011-03-28 23:36:46 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-03 17:39:41 . 2012-01-03 17:39:40 689492 ----a-w- C:\Windows\SysWow64\adbcnsl.exe
2011-12-31 22:11:13 . 2011-12-31 22:11:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-31 20:20:03 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
2011-12-31 20:20:03 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 85504 ----a-w- C:\Windows\system32\iesetup.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 76800 ----a-w- C:\Windows\system32\tdc.ocx
2011-12-31 19:18:23 . 2011-12-31 19:18:23 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2011-12-31 19:18:23 . 2011-12-31 19:18:23 603648 ----a-w- C:\Windows\system32\vbscript.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 49664 ----a-w- C:\Windows\system32\imgutil.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 448512 ----a-w- C:\Windows\system32\html.iec
2011-12-31 19:18:23 . 2011-12-31 19:18:23 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 367104 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-31 19:18:23 . 2011-12-31 19:18:23 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 222208 ----a-w- C:\Windows\system32\msls31.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 165888 ----a-w- C:\Windows\system32\iexpress.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 160256 ----a-w- C:\Windows\system32\wextract.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 12288 ----a-w- C:\Windows\system32\mshta.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2011-12-31 19:18:23 . 2011-12-31 19:18:23 114176 ----a-w- C:\Windows\system32\admparse.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2011-12-31 19:18:23 . 2011-12-31 19:18:23 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2011-11-30 07:21:30 . 2011-12-31 19:01:02 8822856 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B4BA64F-46D8-466F-9584-00E3B65DD44A}\mpengine.dll


((((((((((((((((((((((((((((( SnapShot@2012-02-26_15.57.59 )))))))))))))))))))))))))))))))))))))))))

+ 2012-02-05 20:05:57 . 2012-02-27 04:25:45 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2012-02-05 20:05:57 . 2012-02-25 11:16:43 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2012-02-05 20:05:57 . 2012-02-25 11:16:43 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2012-02-05 20:05:57 . 2012-02-27 04:25:45 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2012-02-05 20:05:57 . 2012-02-25 11:16:43 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2012-02-05 20:05:57 . 2012-02-27 04:25:45 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2012-02-27 08:17:26 . 2012-02-27 08:17:26 35840 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7AD7AB17-611B-11E1-9DB4-001D7D013B89}.dat
+ 2012-02-27 02:14:40 . 2012-02-27 08:17:26 11776 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD4AF7C7-60E8-11E1-9DB4-001D7D013B89}.dat
+ 2012-02-27 04:25:41 . 2012-02-27 08:17:26 35840 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B077A2E-60FB-11E1-9DB4-001D7D013B89}.dat
+ 2012-01-31 19:44:19 . 2012-02-27 18:27:50 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-01-31 19:44:19 . 2012-02-26 15:57:48 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-31 19:30:50 . 2012-02-27 08:20:36 27466 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-02-27 08:20:36 27594 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-31 21:28:28 . 2012-02-25 16:53:27 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-31 21:28:28 . 2012-02-27 17:42:13 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-31 21:28:28 . 2012-02-25 16:53:27 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-31 21:28:28 . 2012-02-27 17:42:13 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:19 . 2012-02-25 16:53:27 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54:19 . 2012-02-27 17:42:13 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-08 19:45:56 . 2012-02-27 08:17:26 3584 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{83D60597-528D-11E1-A303-001D7D013B89}.dat
- 2012-02-08 19:45:56 . 2012-02-23 15:37:00 3584 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{83D60597-528D-11E1-A303-001D7D013B89}.dat
+ 2012-02-27 02:14:40 . 2012-02-27 08:17:26 4608 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD4AF7C6-60E8-11E1-9DB4-001D7D013B89}.dat
+ 2012-01-12 08:16:39 . 2012-02-26 22:23:04 3456 C:\Windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-31 18:44:02 . 2012-02-27 08:20:36 7562 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1369465228-991504099-720452141-1001_UserData.bin
+ 2012-02-27 18:17:39 . 2012-02-27 18:17:39 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-26 15:57:10 . 2012-02-26 15:57:10 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-27 18:17:39 . 2012-02-27 18:17:39 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-26 15:57:10 . 2012-02-26 15:57:10 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-27 18:17:44 . 2012-02-27 18:17:44 372736 C:\Windows\temp\mrt50BE.tmp\stdrt.exe
+ 2012-02-27 18:17:44 . 2012-02-27 18:17:44 307200 C:\Windows\temp\mrt50BE.tmp\mmfs2.dll
+ 2012-02-16 21:12:22 . 2012-02-27 18:27:49 345629 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\MMFApplications\msdc1.dll
- 2012-02-05 20:05:31 . 2012-02-24 19:18:07 114688 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2012-02-05 20:05:31 . 2012-02-27 02:14:40 114688 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-01-31 19:44:07 . 2012-02-26 15:57:16 262144 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-31 19:44:07 . 2012-02-27 18:17:46 262144 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54:17 . 2012-02-27 18:17:46 131072 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2012-02-26 15:57:16 131072 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2012-02-26 15:57:16 114688 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54:17 . 2012-02-27 18:17:46 114688 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-01 06:18:31 . 2012-02-27 17:42:13 225914 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36:59 . 2012-02-24 06:53:41 727534 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-02-27 18:23:27 727534 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-02-27 18:23:27 146452 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2012-02-24 06:53:41 146452 C:\Windows\system32\perfc009.dat
- 2009-07-14 05:01:48 . 2012-02-26 15:56:15 228720 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01:48 . 2012-02-27 18:16:35 228720 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-12 08:16:39 . 2012-02-26 15:56:16 734688 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-01-12 08:16:39 . 2012-02-27 08:17:27 734688 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54:17 . 2012-02-27 18:17:46 1818624 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:17 . 2012-02-26 15:57:16 1818624 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-01 20:13:36 . 2012-02-27 18:16:36 2340868 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-8192.dat
- 2012-01-01 20:13:36 . 2012-02-26 15:56:16 2340868 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-8192.dat
+ 2012-01-01 20:13:36 . 2012-02-27 08:17:27 3284700 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-12288.dat
+ 2012-01-01 20:13:36 . 2012-02-27 18:16:36 25926420 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369465228-991504099-720452141-1001-4096.dat

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 09:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49:38 176936 ----a-w- C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27:00 194848 ----a-w- C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 09:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" [2012-01-07 04:53:03 1242448]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 21:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files (x86)\Winamp\winampa.exe" [2011-10-26 18:48:48 74752]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 17:55:28 937920]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 19:53:18 460872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-12-31 22:11:13 247968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-01-03 17:39:41 689492]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 16:14:30 183560]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 04:34:36 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976]
R4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 09:01:06 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 17:55:28 64952]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 19:53:18 652360]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 20:31:10 1153368]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 22:21:18 288272]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys [x]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys [x]



--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 19:35:24 1436736]
"ProfilerU"="C:\Program Files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 01:23:32 310272]
"SaiMfd"="C:\Program Files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 01:23:56 158208]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = C:\Windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1

- - - - ORPHANS REMOVED - - - -

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users