Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pup.Bitminer


  • This topic is locked This topic is locked
19 replies to this topic

#1 cashkingb

cashkingb

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 29 February 2012 - 05:48 AM

*Update* It seems to not pick up pup.bitminer anymore and seems to be working fine but it's still redirecting and i'm not 100% bitminers gone.


Hello there guys I seem to be having a problem with the familiar virus called pup.bitminer.
Now it's been here for a while as it was most likely left over from the system fix virus I had.
Now this is how it's been affecting me.
*Slow computer and internet.
*Random restarts.
*Random crashes.
*Redirecting to random sites (probably dangerous sites).
*Just today I couldn't click anything on my desktop.
*Random system restores(happens after random crashes or restarts).
*When I remove it it comes back later.

I've tried running Spy ware doctor and all those but it keeps coming back.
I've also tried Rkill then scanning it with malwarebytes and removing.

If anyone could provide any help that would be fantastic thanks.
Cashkingb

By the way I think I was to post this but not the file called attach because inside it said do not post unless said. anyway this is the one I think I have to put here also inside it I noticed there was something that said ping.exe I know that this is part of the Pup.bitminer and I didn't run that gmer.exe because my system is 64 not 32.
Also at the very bottom is my malware bites log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Alvarado at 21:56:49 on 2012-02-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4095.2591 [GMT 11:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m3800&r=173601101706p0395v175w49k1t23r
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m3800&r=173601101706p0395v175w49k1t23r
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
uURLSearchHooks: H - No File
mURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: MyTools Class: {c3a44133-7ead-434c-ac9e-7f1da176ba8c} - C:\Program Files (x86)\MyTools\MyTools.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
TB: Pivot Stickfigure Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [RDReminder]
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [WhlCach3.exe] "C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Alvarado\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\Alvarado\AppData\Local\Temp\{BCCD338A-0090-41AC-A8AE-D2EDAD60E700}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/au/plugin/DFusionWeb.Installer.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://webmail.bupa.com.au/InternalSite/WhlCompMgr.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7A39DC4F-675E-442C-9FF2-DD13273207C2} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7A39DC4F-675E-442C-9FF2-DD13273207C2}\34F6374716259636165303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7A39DC4F-675E-442C-9FF2-DD13273207C2}\45548435F5136463541314 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
BHO-X64: RuneScape - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: MyTools Class: {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\MyTools.dll
BHO-X64: MyTools - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
TB-X64: Pivot Stickfigure Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
mRun-x64: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [GrpConv] grpconv -o
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alvarado\AppData\Roaming\Mozilla\Firefox\Profiles\bq64bscn.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
FF - prefs.js: browser.search.selectedEngine - MyTools
FF - prefs.js: keyword.URL - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionWeb\nptidfusionplugin.dll
FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alvarado\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
.
============= SERVICES / DRIVERS ===============
.
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2010-1-24 26624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-7 2343816]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WN111v2w7x.sys --> C:\Windows\system32\DRIVERS\WN111v2w7x.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-22 44768]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-28 8704]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-23 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-13 62208]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-6-21 150928]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-13 240160]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\Downloaded Program Files\DM.0\DMService.exe [2011-12-28 487312]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-29 04:34:01 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-02-29 04:29:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-29 04:25:58 -------- d-----w- C:\Users\Alvarado\AppData\Roaming\TestApp
2012-02-28 11:11:00 -------- d-----w- C:\Users\Alvarado\AppData\Roaming\SUPERAntiSpyware.com
2012-02-28 11:10:31 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-28 11:10:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-28 10:58:44 -------- d-----w- C:\Users\Alvarado\AppData\Roaming\GetRightToGo
2012-02-28 08:50:57 -------- d-----w- C:\Program Files (x86)\ExpressFiles
2012-02-24 04:20:08 -------- d-----w- C:\Program Files (x86)\express-files
2012-02-22 21:19:13 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-15 04:24:01 -------- d-----w- C:\Users\Alvarado\Command and Conquer Generals
2012-02-10 21:40:29 -------- d-----w- C:\Program Files (x86)\Dead Sane
2012-02-10 05:10:47 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-02-09 11:06:03 -------- d-----w- C:\ProgramData\Lionhead Studios
2012-02-09 05:41:37 -------- d-----w- C:\ProgramData\100
2012-02-09 05:25:10 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-02-07 10:38:49 -------- d-----w- C:\Users\Alvarado\AppData\Roaming\Lionhead Studios
2012-02-07 10:19:40 -------- d-----w- C:\Program Files (x86)\Lionhead Studios Ltd
2012-02-07 08:04:25 -------- d-----w- C:\Users\Alvarado\AppData\Roaming\ExpressFiles
2012-02-07 05:12:08 -------- d-----w- C:\Program Files (x86)\MyTools
2012-02-07 05:11:38 -------- d-----w- C:\ProgramData\Premium
2012-02-07 05:11:36 -------- d-----w- C:\ProgramData\InstallMate
2012-02-05 20:55:53 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-04 09:56:33 -------- d-----w- C:\Windows\lhsp
2012-02-04 09:56:19 -------- d-----w- C:\Program Files (x86)\CFS-Technologies
2012-02-03 20:29:40 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-02-03 20:29:40 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-02-03 20:29:40 395776 ----a-w- C:\Windows\System32\webio.dll
2012-02-03 20:29:40 31232 ----a-w- C:\Windows\System32\lsass.exe
2012-02-03 20:29:40 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-02-03 20:29:40 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-02-03 20:29:40 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2012-02-03 20:29:40 136192 ----a-w- C:\Windows\System32\sspicli.dll
2012-02-03 20:29:39 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-02-03 20:29:39 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-02-03 20:29:39 28160 ----a-w- C:\Windows\System32\secur32.dll
2012-02-03 20:29:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-02-01 00:59:17 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-02-01 00:48:10 -------- d-----w- C:\Program Files (x86)\DownloadHQ
.
==================== Find3M ====================
.
2012-01-20 01:18:06 530488 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-01-08 05:39:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-01 06:47:02 215104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-01 06:47:02 215104 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-01 06:44:34 215104 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-25 01:34:15 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2008-10-17 02:12:52 888832 ----a-r- C:\Program Files (x86)\Core.dll
2008-10-03 10:56:54 495616 ----a-w- C:\Program Files (x86)\ModelConverter.exe
.
============= FINISH: 21:57:54.49 ===============



Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Alvarado :: ALVARADO-PC [administrator]

Protection: Disabled

29/02/2012 8:38:40 PM
mbam-log-2012-02-29 (22-06-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 709932
Time elapsed: 1 hour(s), 26 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> No action taken.

(end)

Edited by cashkingb, 01 March 2012 - 02:03 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 02 March 2012 - 02:08 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cashkingb

cashkingb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 March 2012 - 08:55 AM

Hello Gringo Here's the things you wanted


My combo fix log, and the other two are down the bottom.


ComboFix 12-03-01.02 - Alvarado 02/03/2012 23:52:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4095.1418 [GMT 11:00]
Running from: c:\users\Alvarado\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\100
c:\users\Alvarado\AppData\Local\assembly\tmp
c:\users\Alvarado\AppData\Local\TempDIR
c:\users\Alvarado\AppData\Local\TempDIR\GFInstaller\AppName.txt
c:\users\Alvarado\AppData\Local\TempDIR\GFInstaller\Channel.txt
c:\users\Alvarado\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
c:\users\Alvarado\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
c:\users\Alvarado\AppData\Roaming\.#
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\Downloaded Program Files\DM.0
c:\windows\Downloaded Program Files\DM.0\DMService.exe
c:\windows\Downloaded Program Files\DM.0\WhlMgr.dll
c:\windows\iun6002.exe
c:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DMService
-------\Service_DMService
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-02-29 22:55 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-29 22:55 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-02-29 22:55 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-29 22:52 . 2012-02-29 22:52 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-29 04:34 . 2012-02-29 04:34 -------- d-----w- c:\program files (x86)\PC Tools
2012-02-29 04:29 . 2012-03-01 04:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-02-29 04:25 . 2012-02-29 04:25 -------- d-----w- c:\users\Alvarado\AppData\Roaming\TestApp
2012-02-28 21:20 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-28 21:20 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-28 21:20 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-28 11:11 . 2012-02-28 11:11 -------- d-----w- c:\users\Alvarado\AppData\Roaming\SUPERAntiSpyware.com
2012-02-28 11:10 . 2012-02-29 15:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-28 11:10 . 2012-02-28 11:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-28 10:58 . 2012-02-29 15:59 -------- d-----w- c:\users\Alvarado\AppData\Roaming\GetRightToGo
2012-02-28 08:50 . 2012-03-01 04:10 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-02-28 04:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-24 04:20 . 2012-02-29 15:59 -------- d-----w- c:\program files (x86)\express-files
2012-02-22 21:19 . 2011-12-10 04:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 04:24 . 2012-03-01 04:10 -------- d-----w- c:\users\Alvarado\Command and Conquer Generals
2012-02-10 21:40 . 2012-02-10 21:46 -------- d-----w- c:\program files (x86)\Dead Sane
2012-02-09 11:06 . 2012-02-09 11:06 -------- d-----w- c:\programdata\Lionhead Studios
2012-02-09 05:25 . 2012-02-09 05:26 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-02-07 10:38 . 2012-02-09 11:08 -------- d-----w- c:\users\Alvarado\AppData\Roaming\Lionhead Studios
2012-02-07 10:19 . 2012-03-01 04:10 -------- d-----w- c:\program files (x86)\Lionhead Studios Ltd
2012-02-07 08:04 . 2012-03-02 12:45 -------- d-----w- c:\users\Alvarado\AppData\Roaming\ExpressFiles
2012-02-07 05:12 . 2012-02-07 05:12 -------- d-----w- c:\program files (x86)\MyTools
2012-02-07 05:11 . 2012-02-07 05:11 -------- d-----w- c:\programdata\Premium
2012-02-07 05:11 . 2012-02-09 05:41 -------- d-----w- c:\programdata\InstallMate
2012-02-05 20:55 . 2012-03-02 06:56 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 09:56 . 2012-02-04 09:56 -------- d-----w- c:\windows\lhsp
2012-02-04 09:56 . 2012-02-04 09:56 -------- d-----w- c:\program files (x86)\CFS-Technologies
2012-02-04 02:00 . 2012-02-04 02:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-03 20:29 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-03 20:29 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-03 20:29 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-03 20:29 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-02-03 20:29 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-02-03 20:29 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-03 20:29 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-02-03 20:29 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-02-03 20:29 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-02-03 20:29 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-02-03 20:29 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-02-03 20:29 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 05:39 . 2011-08-14 04:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-01 06:47 . 2010-03-07 05:39 215104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-01 06:47 . 2010-03-07 00:33 215104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-01 06:44 . 2010-03-07 00:33 215104 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-25 01:34 . 2010-03-07 00:33 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2008-10-17 02:12 . 2011-11-18 04:15 888832 ----a-r- c:\program files (x86)\Core.dll
2008-10-03 10:56 . 2008-10-03 10:56 495616 ----a-w- c:\program files (x86)\ModelConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRun2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\RuneScape\prxtbRun2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}]
2011-12-30 19:40 167936 ----a-w- c:\program files (x86)\MyTools\mytools.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 08:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRun2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-29 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-09-29 181480]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 64000]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-08 57344]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Control Center"="c:\program files (x86)\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-02-28 443000]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\Alvarado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3 Registration.lnk - c:\users\Alvarado\AppData\Local\Temp\{BCCD338A-0090-41AC-A8AE-D2EDAD60E700}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files (x86)\PrintMaster Platinum 18\Remind.exe [2007-9-9 344064]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-28 942080]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-22 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-09-22 150928]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 21:21]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 21:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"combofix"="c:\combofix\CF18771.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
KMWDFilter
mf
Si3114r5
PSDNServ
PolarUSB
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/au/plugin/DFusionWeb.Installer.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Alvarado\AppData\Roaming\Mozilla\Firefox\Profiles\bq64bscn.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
FF - prefs.js: browser.search.selectedEngine - MyTools
FF - prefs.js: keyword.URL - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RDReminder - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WN111v2\jswtrayutil.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-CRI-Squad-Alpha-0.9.3.5 - c:\users\Alvarado\New folder\carpet bomb\Uninstal.exe
AddRemove-Dll-Files.com Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
AddRemove-Epic Generals Version 1.0 - c:\users\Alvarado\New folder\Command and Conquer Generals - Copy (2)\Uninstal.exe
AddRemove-Epic Generals Version 1.02 Patch - c:\users\Alvarado\New folder\Command and Conquer Generals - Copy (2)\Uninstal.exe
AddRemove-Real Threat Mod1.1 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ExpressFiles\EFupdater.exe
c:\windows\SysWOW64\ASWLSVC.exe
c:\windows\SysWOW64\ASWL2K.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-03-03 00:39:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 13:39
.
Pre-Run: 77,124,853,760 bytes free
Post-Run: 81,937,952,768 bytes free
.
- - End Of File - - D6000ED88208B44A95008C2D96303807

The computer seems to be running fine don't seem to be getting any more redirects and doesn't seem to be running slow.

I had no problems running combo fix nothing went wrong. But if you mean problems that the virus has caused then this is what it did.


*Slow computer and internet.
*Random restarts.
*Random crashes.
*Redirecting to random sites (probably dangerous sites).
*Just today I couldn't click anything on my desktop.
*Random system restores(happens after random crashes or restarts).
*When I remove it it comes back later.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 02 March 2012 - 08:58 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cashkingb

cashkingb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 March 2012 - 09:31 AM

*Update* I'm going to bed I'll be getting up at about 8pm it's about 1.36 am here. good night!

Here is The Tdss log. and further down is the other one.



01:16:33.0831 5324 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
01:16:35.0016 5324 ============================================================
01:16:35.0016 5324 Current date / time: 2012/03/03 01:16:35.0016
01:16:35.0016 5324 SystemInfo:
01:16:35.0016 5324
01:16:35.0016 5324 OS Version: 6.1.7601 ServicePack: 1.0
01:16:35.0016 5324 Product type: Workstation
01:16:35.0016 5324 ComputerName: ALVARADO-PC
01:16:35.0017 5324 UserName: Alvarado
01:16:35.0017 5324 Windows directory: C:\Windows
01:16:35.0017 5324 System windows directory: C:\Windows
01:16:35.0017 5324 Running under WOW64
01:16:35.0017 5324 Processor architecture: Intel x64
01:16:35.0017 5324 Number of processors: 4
01:16:35.0017 5324 Page size: 0x1000
01:16:35.0017 5324 Boot type: Normal boot
01:16:35.0017 5324 ============================================================
01:16:35.0371 5324 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:16:35.0394 5324 \Device\Harddisk0\DR0:
01:16:35.0394 5324 MBR used
01:16:35.0394 5324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
01:16:35.0394 5324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x247E7000
01:16:35.0394 5324 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x26019800, BlocksNum 0x2483E000
01:16:35.0451 5324 Initialize success
01:16:35.0452 5324 ============================================================
01:16:40.0122 4528 ============================================================
01:16:40.0122 4528 Scan started
01:16:40.0122 4528 Mode: Manual; SigCheck; TDLFS;
01:16:40.0122 4528 ============================================================
01:16:40.0828 4528 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:16:40.0923 4528 1394ohci - ok
01:16:40.0991 4528 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:16:41.0011 4528 ACPI - ok
01:16:41.0056 4528 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:16:41.0088 4528 AcpiPmi - ok
01:16:41.0164 4528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:16:41.0188 4528 adp94xx - ok
01:16:41.0220 4528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:16:41.0237 4528 adpahci - ok
01:16:41.0263 4528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:16:41.0277 4528 adpu320 - ok
01:16:41.0348 4528 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:16:41.0404 4528 AFD - ok
01:16:41.0458 4528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:16:41.0472 4528 agp440 - ok
01:16:41.0518 4528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:16:41.0532 4528 aliide - ok
01:16:41.0569 4528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:16:41.0583 4528 amdide - ok
01:16:41.0628 4528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:16:41.0657 4528 AmdK8 - ok
01:16:41.0688 4528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:16:41.0719 4528 AmdPPM - ok
01:16:41.0783 4528 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
01:16:41.0799 4528 amdsata - ok
01:16:41.0838 4528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:16:41.0853 4528 amdsbs - ok
01:16:41.0870 4528 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
01:16:41.0882 4528 amdxata - ok
01:16:41.0942 4528 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:16:41.0993 4528 AppID - ok
01:16:42.0059 4528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:16:42.0072 4528 arc - ok
01:16:42.0085 4528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:16:42.0098 4528 arcsas - ok
01:16:42.0140 4528 ASNDIS4 - ok
01:16:42.0176 4528 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
01:16:42.0202 4528 aswFsBlk - ok
01:16:42.0258 4528 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
01:16:42.0270 4528 aswMonFlt - ok
01:16:42.0305 4528 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
01:16:42.0315 4528 aswRdr - ok
01:16:42.0372 4528 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
01:16:42.0392 4528 aswSnx - ok
01:16:42.0425 4528 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
01:16:42.0439 4528 aswSP - ok
01:16:42.0496 4528 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
01:16:42.0509 4528 aswTdi - ok
01:16:42.0547 4528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:16:42.0605 4528 AsyncMac - ok
01:16:42.0665 4528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:16:42.0678 4528 atapi - ok
01:16:42.0717 4528 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
01:16:42.0730 4528 AtiHdmiService - ok
01:16:42.0856 4528 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
01:16:43.0023 4528 atikmdag - ok
01:16:43.0093 4528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:16:43.0144 4528 b06bdrv - ok
01:16:43.0177 4528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:16:43.0214 4528 b57nd60a - ok
01:16:43.0239 4528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:16:43.0296 4528 Beep - ok
01:16:43.0344 4528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:16:43.0374 4528 blbdrive - ok
01:16:43.0453 4528 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:16:43.0478 4528 bowser - ok
01:16:43.0502 4528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:16:43.0522 4528 BrFiltLo - ok
01:16:43.0547 4528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:16:43.0579 4528 BrFiltUp - ok
01:16:43.0631 4528 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:16:43.0689 4528 BridgeMP - ok
01:16:43.0736 4528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:16:43.0771 4528 Brserid - ok
01:16:43.0805 4528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:16:43.0839 4528 BrSerWdm - ok
01:16:43.0861 4528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:16:43.0895 4528 BrUsbMdm - ok
01:16:43.0915 4528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:16:43.0941 4528 BrUsbSer - ok
01:16:43.0965 4528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:16:43.0994 4528 BTHMODEM - ok
01:16:44.0024 4528 catchme - ok
01:16:44.0049 4528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:16:44.0095 4528 cdfs - ok
01:16:44.0147 4528 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:16:44.0183 4528 cdrom - ok
01:16:44.0210 4528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:16:44.0246 4528 circlass - ok
01:16:44.0274 4528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:16:44.0294 4528 CLFS - ok
01:16:44.0315 4528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:16:44.0330 4528 CmBatt - ok
01:16:44.0346 4528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:16:44.0358 4528 cmdide - ok
01:16:44.0391 4528 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:16:44.0417 4528 CNG - ok
01:16:44.0445 4528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:16:44.0457 4528 Compbatt - ok
01:16:44.0495 4528 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:16:44.0526 4528 CompositeBus - ok
01:16:44.0549 4528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:16:44.0561 4528 crcdisk - ok
01:16:44.0599 4528 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:16:44.0644 4528 DfsC - ok
01:16:44.0662 4528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:16:44.0713 4528 discache - ok
01:16:44.0749 4528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:16:44.0763 4528 Disk - ok
01:16:44.0795 4528 DNISp50a64 - ok
01:16:44.0830 4528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:16:44.0859 4528 drmkaud - ok
01:16:44.0901 4528 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:16:44.0925 4528 DXGKrnl - ok
01:16:44.0963 4528 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
01:16:44.0976 4528 e1yexpress - ok
01:16:45.0038 4528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:16:45.0152 4528 ebdrv - ok
01:16:45.0201 4528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:16:45.0231 4528 elxstor - ok
01:16:45.0273 4528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:16:45.0299 4528 ErrDev - ok
01:16:45.0327 4528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:16:45.0364 4528 exfat - ok
01:16:45.0380 4528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:16:45.0430 4528 fastfat - ok
01:16:45.0451 4528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:16:45.0481 4528 fdc - ok
01:16:45.0502 4528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:16:45.0515 4528 FileInfo - ok
01:16:45.0529 4528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:16:45.0585 4528 Filetrace - ok
01:16:45.0609 4528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:16:45.0627 4528 flpydisk - ok
01:16:45.0665 4528 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:16:45.0684 4528 FltMgr - ok
01:16:45.0720 4528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:16:45.0734 4528 FsDepends - ok
01:16:45.0745 4528 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:16:45.0757 4528 Fs_Rec - ok
01:16:45.0792 4528 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:16:45.0810 4528 fvevol - ok
01:16:45.0826 4528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:16:45.0839 4528 gagp30kx - ok
01:16:45.0884 4528 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:16:45.0893 4528 GEARAspiWDM - ok
01:16:45.0967 4528 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
01:16:45.0980 4528 hamachi - ok
01:16:46.0030 4528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:16:46.0057 4528 hcw85cir - ok
01:16:46.0091 4528 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:16:46.0127 4528 HdAudAddService - ok
01:16:46.0156 4528 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:16:46.0187 4528 HDAudBus - ok
01:16:46.0204 4528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:16:46.0231 4528 HidBatt - ok
01:16:46.0250 4528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:16:46.0288 4528 HidBth - ok
01:16:46.0310 4528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:16:46.0328 4528 HidIr - ok
01:16:46.0351 4528 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
01:16:46.0379 4528 HidUsb - ok
01:16:46.0425 4528 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:16:46.0438 4528 HpSAMD - ok
01:16:46.0513 4528 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:16:46.0588 4528 HTTP - ok
01:16:46.0620 4528 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:16:46.0632 4528 hwpolicy - ok
01:16:46.0670 4528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:16:46.0688 4528 i8042prt - ok
01:16:46.0743 4528 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
01:16:46.0758 4528 iaStor - ok
01:16:46.0783 4528 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
01:16:46.0802 4528 iaStorV - ok
01:16:46.0915 4528 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:16:47.0089 4528 igfx - ok
01:16:47.0113 4528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:16:47.0125 4528 iirsp - ok
01:16:47.0200 4528 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
01:16:47.0238 4528 IntcAzAudAddService - ok
01:16:47.0269 4528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:16:47.0281 4528 intelide - ok
01:16:47.0311 4528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:16:47.0326 4528 intelppm - ok
01:16:47.0365 4528 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:16:47.0415 4528 IpFilterDriver - ok
01:16:47.0447 4528 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:16:47.0475 4528 IPMIDRV - ok
01:16:47.0491 4528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:16:47.0538 4528 IPNAT - ok
01:16:47.0590 4528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:16:47.0612 4528 IRENUM - ok
01:16:47.0632 4528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:16:47.0646 4528 isapnp - ok
01:16:47.0664 4528 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:16:47.0683 4528 iScsiPrt - ok
01:16:47.0708 4528 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
01:16:47.0734 4528 JSWPSLWF - ok
01:16:47.0762 4528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:16:47.0776 4528 kbdclass - ok
01:16:47.0807 4528 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:16:47.0834 4528 kbdhid - ok
01:16:47.0872 4528 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:16:47.0887 4528 KSecDD - ok
01:16:47.0920 4528 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:16:47.0937 4528 KSecPkg - ok
01:16:47.0956 4528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:16:48.0005 4528 ksthunk - ok
01:16:48.0052 4528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:16:48.0101 4528 lltdio - ok
01:16:48.0129 4528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:16:48.0143 4528 LSI_FC - ok
01:16:48.0160 4528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:16:48.0173 4528 LSI_SAS - ok
01:16:48.0186 4528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:16:48.0199 4528 LSI_SAS2 - ok
01:16:48.0216 4528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:16:48.0229 4528 LSI_SCSI - ok
01:16:48.0251 4528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:16:48.0301 4528 luafv - ok
01:16:48.0347 4528 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
01:16:48.0359 4528 MBAMProtector - ok
01:16:48.0378 4528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:16:48.0393 4528 megasas - ok
01:16:48.0416 4528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:16:48.0435 4528 MegaSR - ok
01:16:48.0455 4528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:16:48.0495 4528 Modem - ok
01:16:48.0518 4528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:16:48.0543 4528 monitor - ok
01:16:48.0585 4528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:16:48.0600 4528 mouclass - ok
01:16:48.0620 4528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:16:48.0641 4528 mouhid - ok
01:16:48.0673 4528 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:16:48.0688 4528 mountmgr - ok
01:16:48.0704 4528 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:16:48.0719 4528 mpio - ok
01:16:48.0751 4528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:16:48.0791 4528 mpsdrv - ok
01:16:48.0842 4528 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:16:48.0875 4528 MRxDAV - ok
01:16:48.0911 4528 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:16:48.0930 4528 mrxsmb - ok
01:16:48.0962 4528 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:16:48.0993 4528 mrxsmb10 - ok
01:16:49.0010 4528 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:16:49.0035 4528 mrxsmb20 - ok
01:16:49.0059 4528 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:16:49.0071 4528 msahci - ok
01:16:49.0092 4528 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:16:49.0106 4528 msdsm - ok
01:16:49.0134 4528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:16:49.0178 4528 Msfs - ok
01:16:49.0193 4528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:16:49.0228 4528 mshidkmdf - ok
01:16:49.0243 4528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:16:49.0255 4528 msisadrv - ok
01:16:49.0293 4528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:16:49.0337 4528 MSKSSRV - ok
01:16:49.0344 4528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:16:49.0385 4528 MSPCLOCK - ok
01:16:49.0394 4528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:16:49.0442 4528 MSPQM - ok
01:16:49.0474 4528 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:16:49.0492 4528 MsRPC - ok
01:16:49.0508 4528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:16:49.0519 4528 mssmbios - ok
01:16:49.0533 4528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:16:49.0584 4528 MSTEE - ok
01:16:49.0591 4528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:16:49.0615 4528 MTConfig - ok
01:16:49.0646 4528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:16:49.0660 4528 Mup - ok
01:16:49.0692 4528 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:16:49.0702 4528 mwlPSDFilter - ok
01:16:49.0716 4528 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:16:49.0726 4528 mwlPSDNServ - ok
01:16:49.0744 4528 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:16:49.0753 4528 mwlPSDVDisk - ok
01:16:49.0797 4528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:16:49.0820 4528 NativeWifiP - ok
01:16:49.0868 4528 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:16:49.0907 4528 NDIS - ok
01:16:49.0927 4528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:16:49.0971 4528 NdisCap - ok
01:16:49.0990 4528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:16:50.0037 4528 NdisTapi - ok
01:16:50.0083 4528 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:16:50.0138 4528 Ndisuio - ok
01:16:50.0174 4528 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:16:50.0220 4528 NdisWan - ok
01:16:50.0250 4528 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:16:50.0295 4528 NDProxy - ok
01:16:50.0318 4528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:16:50.0366 4528 NetBIOS - ok
01:16:50.0402 4528 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:16:50.0439 4528 NetBT - ok
01:16:50.0471 4528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:16:50.0489 4528 nfrd960 - ok
01:16:50.0513 4528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:16:50.0549 4528 Npfs - ok
01:16:50.0563 4528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:16:50.0615 4528 nsiproxy - ok
01:16:50.0666 4528 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
01:16:50.0722 4528 Ntfs - ok
01:16:50.0754 4528 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
01:16:50.0764 4528 NTIDrvr - ok
01:16:50.0781 4528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:16:50.0823 4528 Null - ok
01:16:50.0869 4528 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
01:16:50.0886 4528 nvraid - ok
01:16:50.0918 4528 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
01:16:50.0932 4528 nvstor - ok
01:16:50.0951 4528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:16:50.0965 4528 nv_agp - ok
01:16:50.0989 4528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:16:51.0020 4528 ohci1394 - ok
01:16:51.0051 4528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:16:51.0082 4528 Parport - ok
01:16:51.0126 4528 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:16:51.0139 4528 partmgr - ok
01:16:51.0166 4528 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
01:16:51.0178 4528 PCAMp50a64 - ok
01:16:51.0196 4528 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
01:16:51.0206 4528 PCASp50a64 - ok
01:16:51.0230 4528 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:16:51.0244 4528 pci - ok
01:16:51.0254 4528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:16:51.0266 4528 pciide - ok
01:16:51.0284 4528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:16:51.0299 4528 pcmcia - ok
01:16:51.0317 4528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:16:51.0329 4528 pcw - ok
01:16:51.0351 4528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:16:51.0403 4528 PEAUTH - ok
01:16:51.0506 4528 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:16:51.0548 4528 PptpMiniport - ok
01:16:51.0568 4528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:16:51.0601 4528 Processor - ok
01:16:51.0646 4528 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:16:51.0684 4528 Psched - ok
01:16:51.0720 4528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:16:51.0776 4528 ql2300 - ok
01:16:51.0793 4528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:16:51.0807 4528 ql40xx - ok
01:16:51.0826 4528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:16:51.0858 4528 QWAVEdrv - ok
01:16:51.0878 4528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:16:51.0927 4528 RasAcd - ok
01:16:51.0956 4528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:16:52.0006 4528 RasAgileVpn - ok
01:16:52.0040 4528 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:16:52.0082 4528 Rasl2tp - ok
01:16:52.0101 4528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:16:52.0141 4528 RasPppoe - ok
01:16:52.0157 4528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:16:52.0204 4528 RasSstp - ok
01:16:52.0251 4528 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:16:52.0302 4528 rdbss - ok
01:16:52.0323 4528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:16:52.0341 4528 rdpbus - ok
01:16:52.0355 4528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:16:52.0402 4528 RDPCDD - ok
01:16:52.0429 4528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:16:52.0484 4528 RDPENCDD - ok
01:16:52.0504 4528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:16:52.0549 4528 RDPREFMP - ok
01:16:52.0579 4528 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:16:52.0629 4528 RDPWD - ok
01:16:52.0671 4528 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:16:52.0686 4528 rdyboost - ok
01:16:52.0743 4528 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:16:52.0766 4528 RimUsb - ok
01:16:52.0795 4528 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:16:52.0817 4528 RimVSerPort - ok
01:16:52.0837 4528 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
01:16:52.0887 4528 ROOTMODEM - ok
01:16:52.0913 4528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:16:52.0949 4528 rspndr - ok
01:16:52.0987 4528 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:16:53.0003 4528 sbp2port - ok
01:16:53.0040 4528 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:16:53.0074 4528 scfilter - ok
01:16:53.0104 4528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:16:53.0153 4528 secdrv - ok
01:16:53.0180 4528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:16:53.0205 4528 Serenum - ok
01:16:53.0223 4528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:16:53.0247 4528 Serial - ok
01:16:53.0265 4528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:16:53.0281 4528 sermouse - ok
01:16:53.0308 4528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:16:53.0324 4528 sffdisk - ok
01:16:53.0339 4528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:16:53.0355 4528 sffp_mmc - ok
01:16:53.0371 4528 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:16:53.0386 4528 sffp_sd - ok
01:16:53.0402 4528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:16:53.0417 4528 sfloppy - ok
01:16:53.0460 4528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:16:53.0472 4528 SiSRaid2 - ok
01:16:53.0485 4528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:16:53.0498 4528 SiSRaid4 - ok
01:16:53.0527 4528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:16:53.0569 4528 Smb - ok
01:16:53.0593 4528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:16:53.0605 4528 spldr - ok
01:16:53.0660 4528 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
01:16:53.0660 4528 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
01:16:53.0662 4528 sptd ( LockedFile.Multi.Generic ) - warning
01:16:53.0662 4528 sptd - detected LockedFile.Multi.Generic (1)
01:16:53.0703 4528 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:16:53.0730 4528 srv - ok
01:16:53.0751 4528 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:16:53.0779 4528 srv2 - ok
01:16:53.0796 4528 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:16:53.0821 4528 srvnet - ok
01:16:53.0872 4528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:16:53.0885 4528 stexstor - ok
01:16:53.0922 4528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:16:53.0934 4528 swenum - ok
01:16:54.0010 4528 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:16:54.0047 4528 Tcpip - ok
01:16:54.0094 4528 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:16:54.0130 4528 TCPIP6 - ok
01:16:54.0163 4528 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:16:54.0215 4528 tcpipreg - ok
01:16:54.0235 4528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:16:54.0270 4528 TDPIPE - ok
01:16:54.0289 4528 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:16:54.0326 4528 TDTCP - ok
01:16:54.0360 4528 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:16:54.0405 4528 tdx - ok
01:16:54.0427 4528 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:16:54.0439 4528 TermDD - ok
01:16:54.0510 4528 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:16:54.0551 4528 tssecsrv - ok
01:16:54.0633 4528 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:16:54.0654 4528 TsUsbFlt - ok
01:16:54.0700 4528 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:16:54.0763 4528 tunnel - ok
01:16:54.0786 4528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:16:54.0798 4528 uagp35 - ok
01:16:54.0837 4528 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
01:16:54.0847 4528 UBHelper - ok
01:16:54.0893 4528 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:16:54.0947 4528 udfs - ok
01:16:54.0977 4528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:16:54.0989 4528 uliagpkx - ok
01:16:55.0027 4528 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:16:55.0056 4528 umbus - ok
01:16:55.0078 4528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:16:55.0097 4528 UmPass - ok
01:16:55.0135 4528 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys
01:16:55.0165 4528 usbccgp - ok
01:16:55.0199 4528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:16:55.0229 4528 usbcir - ok
01:16:55.0252 4528 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
01:16:55.0282 4528 usbehci - ok
01:16:55.0303 4528 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
01:16:55.0323 4528 usbhub - ok
01:16:55.0343 4528 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
01:16:55.0371 4528 usbohci - ok
01:16:55.0399 4528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:16:55.0431 4528 usbprint - ok
01:16:55.0459 4528 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:16:55.0477 4528 usbscan - ok
01:16:55.0515 4528 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:55.0542 4528 USBSTOR - ok
01:16:55.0558 4528 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
01:16:55.0573 4528 usbuhci - ok
01:16:55.0613 4528 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:16:55.0634 4528 usbvideo - ok
01:16:55.0672 4528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:16:55.0685 4528 vdrvroot - ok
01:16:55.0707 4528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:16:55.0726 4528 vga - ok
01:16:55.0739 4528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:16:55.0789 4528 VgaSave - ok
01:16:55.0808 4528 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:16:55.0824 4528 vhdmp - ok
01:16:55.0846 4528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:16:55.0862 4528 viaide - ok
01:16:55.0893 4528 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:16:55.0907 4528 volmgr - ok
01:16:55.0938 4528 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:16:55.0955 4528 volmgrx - ok
01:16:55.0981 4528 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:16:55.0999 4528 volsnap - ok
01:16:56.0014 4528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:16:56.0030 4528 vsmraid - ok
01:16:56.0050 4528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:16:56.0068 4528 vwifibus - ok
01:16:56.0097 4528 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:16:56.0131 4528 vwififlt - ok
01:16:56.0172 4528 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
01:16:56.0192 4528 vwifimp - ok
01:16:56.0228 4528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:16:56.0258 4528 WacomPen - ok
01:16:56.0310 4528 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:16:56.0346 4528 WANARP - ok
01:16:56.0370 4528 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:16:56.0406 4528 Wanarpv6 - ok
01:16:56.0428 4528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:16:56.0441 4528 Wd - ok
01:16:56.0482 4528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:16:56.0514 4528 Wdf01000 - ok
01:16:56.0598 4528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:16:56.0649 4528 WfpLwf - ok
01:16:56.0673 4528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:16:56.0687 4528 WIMMount - ok
01:16:56.0735 4528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:16:56.0764 4528 WmiAcpi - ok
01:16:56.0836 4528 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
01:16:56.0879 4528 WN111v2 - ok
01:16:56.0916 4528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:16:56.0963 4528 ws2ifsl - ok
01:16:57.0010 4528 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:16:57.0051 4528 WudfPf - ok
01:16:57.0084 4528 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:16:57.0127 4528 WUDFRd - ok
01:16:57.0179 4528 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:16:57.0295 4528 \Device\Harddisk0\DR0 - ok
01:16:57.0298 4528 Boot (0x1200) (1202520b58b411807894ab8796c1f840) \Device\Harddisk0\DR0\Partition0
01:16:57.0299 4528 \Device\Harddisk0\DR0\Partition0 - ok
01:16:57.0313 4528 Boot (0x1200) (dfa13266bd1235f331a3b139957c44ea) \Device\Harddisk0\DR0\Partition1
01:16:57.0315 4528 \Device\Harddisk0\DR0\Partition1 - ok
01:16:57.0328 4528 Boot (0x1200) (1e449187bcc0dddeb69e3aebab92bdf3) \Device\Harddisk0\DR0\Partition2
01:16:57.0329 4528 \Device\Harddisk0\DR0\Partition2 - ok
01:16:57.0329 4528 ============================================================
01:16:57.0329 4528 Scan finished
01:16:57.0329 4528 ============================================================
01:16:57.0342 3956 Detected object count: 1
01:16:57.0342 3956 Actual detected object count: 1
01:17:06.0713 3956 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:17:06.0713 3956 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:17:19.0854 5236 ============================================================
01:17:19.0854 5236 Scan started
01:17:19.0854 5236 Mode: Manual; SigCheck; TDLFS;
01:17:19.0854 5236 ============================================================
01:17:20.0086 5236 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:17:20.0117 5236 1394ohci - ok
01:17:20.0148 5236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:17:20.0164 5236 ACPI - ok
01:17:20.0189 5236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:17:20.0206 5236 AcpiPmi - ok
01:17:20.0246 5236 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:17:20.0264 5236 adp94xx - ok
01:17:20.0286 5236 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:17:20.0303 5236 adpahci - ok
01:17:20.0321 5236 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:17:20.0335 5236 adpu320 - ok
01:17:20.0381 5236 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:17:20.0402 5236 AFD - ok
01:17:20.0424 5236 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:17:20.0436 5236 agp440 - ok
01:17:20.0460 5236 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:17:20.0471 5236 aliide - ok
01:17:20.0502 5236 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:17:20.0513 5236 amdide - ok
01:17:20.0536 5236 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:17:20.0551 5236 AmdK8 - ok
01:17:20.0567 5236 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:17:20.0581 5236 AmdPPM - ok
01:17:20.0608 5236 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
01:17:20.0620 5236 amdsata - ok
01:17:20.0646 5236 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:17:20.0660 5236 amdsbs - ok
01:17:20.0695 5236 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
01:17:20.0706 5236 amdxata - ok
01:17:20.0750 5236 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:17:20.0784 5236 AppID - ok
01:17:20.0817 5236 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:17:20.0829 5236 arc - ok
01:17:20.0842 5236 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:17:20.0855 5236 arcsas - ok
01:17:20.0861 5236 ASNDIS4 - ok
01:17:20.0901 5236 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
01:17:20.0914 5236 aswFsBlk - ok
01:17:20.0965 5236 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
01:17:20.0977 5236 aswMonFlt - ok
01:17:20.0996 5236 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
01:17:21.0007 5236 aswRdr - ok
01:17:21.0037 5236 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
01:17:21.0057 5236 aswSnx - ok
01:17:21.0083 5236 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
01:17:21.0098 5236 aswSP - ok
01:17:21.0120 5236 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
01:17:21.0131 5236 aswTdi - ok
01:17:21.0146 5236 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:17:21.0187 5236 AsyncMac - ok
01:17:21.0206 5236 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:17:21.0217 5236 atapi - ok
01:17:21.0241 5236 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
01:17:21.0251 5236 AtiHdmiService - ok
01:17:21.0350 5236 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
01:17:21.0421 5236 atikmdag - ok
01:17:21.0451 5236 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:17:21.0469 5236 b06bdrv - ok
01:17:21.0502 5236 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:17:21.0519 5236 b57nd60a - ok
01:17:21.0555 5236 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:17:21.0588 5236 Beep - ok
01:17:21.0610 5236 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:17:21.0626 5236 blbdrive - ok
01:17:21.0660 5236 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:17:21.0676 5236 bowser - ok
01:17:21.0693 5236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:17:21.0712 5236 BrFiltLo - ok
01:17:21.0729 5236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:17:21.0749 5236 BrFiltUp - ok
01:17:21.0764 5236 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:17:21.0798 5236 BridgeMP - ok
01:17:21.0818 5236 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:17:21.0838 5236 Brserid - ok
01:17:21.0855 5236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:17:21.0874 5236 BrSerWdm - ok
01:17:21.0885 5236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:17:21.0903 5236 BrUsbMdm - ok
01:17:21.0914 5236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:17:21.0929 5236 BrUsbSer - ok
01:17:21.0948 5236 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:17:21.0966 5236 BTHMODEM - ok
01:17:21.0974 5236 catchme - ok
01:17:22.0015 5236 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:17:22.0050 5236 cdfs - ok
01:17:22.0088 5236 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:17:22.0104 5236 cdrom - ok
01:17:22.0126 5236 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:17:22.0143 5236 circlass - ok
01:17:22.0164 5236 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:17:22.0182 5236 CLFS - ok
01:17:22.0197 5236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:17:22.0212 5236 CmBatt - ok
01:17:22.0229 5236 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:17:22.0241 5236 cmdide - ok
01:17:22.0273 5236 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:17:22.0295 5236 CNG - ok
01:17:22.0311 5236 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:17:22.0323 5236 Compbatt - ok
01:17:22.0353 5236 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:17:22.0371 5236 CompositeBus - ok
01:17:22.0390 5236 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:17:22.0402 5236 crcdisk - ok
01:17:22.0448 5236 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:17:22.0489 5236 DfsC - ok
01:17:22.0511 5236 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:17:22.0546 5236 discache - ok
01:17:22.0574 5236 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:17:22.0586 5236 Disk - ok
01:17:22.0593 5236 DNISp50a64 - ok
01:17:22.0621 5236 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:17:22.0643 5236 drmkaud - ok
01:17:22.0684 5236 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:17:22.0710 5236 DXGKrnl - ok
01:17:22.0737 5236 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
01:17:22.0750 5236 e1yexpress - ok
01:17:22.0811 5236 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:17:22.0857 5236 ebdrv - ok
01:17:22.0884 5236 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:17:22.0903 5236 elxstor - ok
01:17:22.0922 5236 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:17:22.0939 5236 ErrDev - ok
01:17:22.0968 5236 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:17:23.0006 5236 exfat - ok
01:17:23.0021 5236 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:17:23.0058 5236 fastfat - ok
01:17:23.0068 5236 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:17:23.0084 5236 fdc - ok
01:17:23.0101 5236 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:17:23.0114 5236 FileInfo - ok
01:17:23.0129 5236 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:17:23.0164 5236 Filetrace - ok
01:17:23.0175 5236 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:17:23.0191 5236 flpydisk - ok
01:17:23.0231 5236 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:17:23.0246 5236 FltMgr - ok
01:17:23.0269 5236 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:17:23.0281 5236 FsDepends - ok
01:17:23.0294 5236 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:17:23.0307 5236 Fs_Rec - ok
01:17:23.0342 5236 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:17:23.0358 5236 fvevol - ok
01:17:23.0376 5236 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:17:23.0388 5236 gagp30kx - ok
01:17:23.0416 5236 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:17:23.0425 5236 GEARAspiWDM - ok
01:17:23.0467 5236 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
01:17:23.0479 5236 hamachi - ok
01:17:23.0496 5236 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:17:23.0511 5236 hcw85cir - ok
01:17:23.0549 5236 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:17:23.0568 5236 HdAudAddService - ok
01:17:23.0588 5236 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:17:23.0607 5236 HDAudBus - ok
01:17:23.0620 5236 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:17:23.0635 5236 HidBatt - ok
01:17:23.0650 5236 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:17:23.0667 5236 HidBth - ok
01:17:23.0675 5236 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:17:23.0693 5236 HidIr - ok
01:17:23.0709 5236 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
01:17:23.0724 5236 HidUsb - ok
01:17:23.0758 5236 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:17:23.0770 5236 HpSAMD - ok
01:17:23.0812 5236 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:17:23.0852 5236 HTTP - ok
01:17:23.0878 5236 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:17:23.0889 5236 hwpolicy - ok
01:17:23.0919 5236 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:17:23.0935 5236 i8042prt - ok
01:17:23.0967 5236 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
01:17:23.0982 5236 iaStor - ok
01:17:24.0008 5236 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
01:17:24.0024 5236 iaStorV - ok
01:17:24.0142 5236 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:17:24.0219 5236 igfx - ok
01:17:24.0237 5236 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:17:24.0249 5236 iirsp - ok
01:17:24.0298 5236 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
01:17:24.0333 5236 IntcAzAudAddService - ok
01:17:24.0352 5236 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:17:24.0364 5236 intelide - ok
01:17:24.0394 5236 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:17:24.0411 5236 intelppm - ok
01:17:24.0447 5236 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:17:24.0488 5236 IpFilterDriver - ok
01:17:24.0522 5236 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:17:24.0537 5236 IPMIDRV - ok
01:17:24.0551 5236 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:17:24.0588 5236 IPNAT - ok
01:17:24.0606 5236 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:17:24.0625 5236 IRENUM - ok
01:17:24.0639 5236 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:17:24.0651 5236 isapnp - ok
01:17:24.0680 5236 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:17:24.0695 5236 iScsiPrt - ok
01:17:24.0724 5236 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
01:17:24.0738 5236 JSWPSLWF - ok
01:17:24.0753 5236 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:17:24.0764 5236 kbdclass - ok
01:17:24.0781 5236 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:17:24.0797 5236 kbdhid - ok
01:17:24.0829 5236 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:17:24.0842 5236 KSecDD - ok
01:17:24.0878 5236 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:17:24.0891 5236 KSecPkg - ok
01:17:24.0905 5236 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:17:24.0940 5236 ksthunk - ok
01:17:24.0959 5236 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:17:24.0994 5236 lltdio - ok
01:17:25.0020 5236 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:17:25.0033 5236 LSI_FC - ok
01:17:25.0051 5236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:17:25.0063 5236 LSI_SAS - ok
01:17:25.0077 5236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:17:25.0089 5236 LSI_SAS2 - ok
01:17:25.0107 5236 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:17:25.0120 5236 LSI_SCSI - ok
01:17:25.0134 5236 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:17:25.0170 5236 luafv - ok
01:17:25.0188 5236 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
01:17:25.0198 5236 MBAMProtector - ok
01:17:25.0219 5236 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:17:25.0231 5236 megasas - ok
01:17:25.0249 5236 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:17:25.0264 5236 MegaSR - ok
01:17:25.0279 5236 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:17:25.0316 5236 Modem - ok
01:17:25.0334 5236 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:17:25.0351 5236 monitor - ok
01:17:25.0385 5236 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:17:25.0397 5236 mouclass - ok
01:17:25.0419 5236 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:17:25.0434 5236 mouhid - ok
01:17:25.0465 5236 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:17:25.0478 5236 mountmgr - ok
01:17:25.0509 5236 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:17:25.0523 5236 mpio - ok
01:17:25.0546 5236 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:17:25.0580 5236 mpsdrv - ok
01:17:25.0616 5236 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:17:25.0636 5236 MRxDAV - ok
01:17:25.0668 5236 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:17:25.0683 5236 mrxsmb - ok
01:17:25.0719 5236 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:17:25.0738 5236 mrxsmb10 - ok
01:17:25.0759 5236 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:17:25.0775 5236 mrxsmb20 - ok
01:17:25.0792 5236 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:17:25.0804 5236 msahci - ok
01:17:25.0825 5236 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:17:25.0839 5236 msdsm - ok
01:17:25.0867 5236 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:17:25.0902 5236 Msfs - ok
01:17:25.0918 5236 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:17:25.0953 5236 mshidkmdf - ok
01:17:25.0968 5236 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:17:25.0979 5236 msisadrv - ok
01:17:26.0000 5236 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:17:26.0038 5236 MSKSSRV - ok
01:17:26.0046 5236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:17:26.0082 5236 MSPCLOCK - ok
01:17:26.0091 5236 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:17:26.0128 5236 MSPQM - ok
01:17:26.0165 5236 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:17:26.0181 5236 MsRPC - ok
01:17:26.0198 5236 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:17:26.0212 5236 mssmbios - ok
01:17:26.0224 5236 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:17:26.0260 5236 MSTEE - ok
01:17:26.0268 5236 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:17:26.0283 5236 MTConfig - ok
01:17:26.0296 5236 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:17:26.0309 5236 Mup - ok
01:17:26.0349 5236 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:17:26.0361 5236 mwlPSDFilter - ok
01:17:26.0391 5236 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:17:26.0403 5236 mwlPSDNServ - ok
01:17:26.0418 5236 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:17:26.0428 5236 mwlPSDVDisk - ok
01:17:26.0455 5236 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:17:26.0479 5236 NativeWifiP - ok
01:17:26.0519 5236 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:17:26.0543 5236 NDIS - ok
01:17:26.0584 5236 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:17:26.0620 5236 NdisCap - ok
01:17:26.0640 5236 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:17:26.0675 5236 NdisTapi - ok
01:17:26.0716 5236 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:17:26.0751 5236 Ndisuio - ok
01:17:26.0782 5236 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:17:26.0818 5236 NdisWan - ok
01:17:26.0849 5236 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:17:26.0884 5236 NDProxy - ok
01:17:26.0909 5236 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:17:26.0944 5236 NetBIOS - ok
01:17:26.0985 5236 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:17:27.0024 5236 NetBT - ok
01:17:27.0054 5236 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:17:27.0066 5236 nfrd960 - ok
01:17:27.0087 5236 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:17:27.0125 5236 Npfs - ok
01:17:27.0145 5236 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:17:27.0182 5236 nsiproxy - ok
01:17:27.0224 5236 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
01:17:27.0258 5236 Ntfs - ok
01:17:27.0278 5236 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
01:17:27.0288 5236 NTIDrvr - ok
01:17:27.0305 5236 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:17:27.0340 5236 Null - ok
01:17:27.0369 5236 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
01:17:27.0382 5236 nvraid - ok
01:17:27.0409 5236 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
01:17:27.0423 5236 nvstor - ok
01:17:27.0459 5236 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:17:27.0475 5236 nv_agp - ok
01:17:27.0497 5236 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:17:27.0514 5236 ohci1394 - ok
01:17:27.0542 5236 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:17:27.0558 5236 Parport - ok
01:17:27.0570 5236 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:17:27.0583 5236 partmgr - ok
01:17:27.0615 5236 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
01:17:27.0628 5236 PCAMp50a64 - ok
01:17:27.0645 5236 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
01:17:27.0657 5236 PCASp50a64 - ok
01:17:27.0696 5236 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:17:27.0711 5236 pci - ok
01:17:27.0728 5236 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:17:27.0741 5236 pciide - ok
01:17:27.0758 5236 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:17:27.0772 5236 pcmcia - ok
01:17:27.0791 5236 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:17:27.0803 5236 pcw - ok
01:17:27.0825 5236 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:17:27.0870 5236 PEAUTH - ok
01:17:27.0946 5236 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:17:27.0982 5236 PptpMiniport - ok
01:17:28.0001 5236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:17:28.0017 5236 Processor - ok
01:17:28.0062 5236 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:17:28.0098 5236 Psched - ok
01:17:28.0136 5236 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:17:28.0170 5236 ql2300 - ok
01:17:28.0179 5236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:17:28.0194 5236 ql40xx - ok
01:17:28.0217 5236 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:17:28.0239 5236 QWAVEdrv - ok
01:17:28.0253 5236 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:17:28.0288 5236 RasAcd - ok
01:17:28.0305 5236 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:17:28.0342 5236 RasAgileVpn - ok
01:17:28.0372 5236 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:17:28.0409 5236 Rasl2tp - ok
01:17:28.0433 5236 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:17:28.0471 5236 RasPppoe - ok
01:17:28.0484 5236 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:17:28.0524 5236 RasSstp - ok
01:17:28.0562 5236 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:17:28.0601 5236 rdbss - ok
01:17:28.0622 5236 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:17:28.0641 5236 rdpbus - ok
01:17:28.0654 5236 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:17:28.0691 5236 RDPCDD - ok
01:17:28.0712 5236 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:17:28.0747 5236 RDPENCDD - ok
01:17:28.0761 5236 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:17:28.0798 5236 RDPREFMP - ok
01:17:28.0828 5236 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:17:28.0864 5236 RDPWD - ok
01:17:28.0903 5236 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:17:28.0918 5236 rdyboost - ok
01:17:28.0950 5236 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:17:28.0965 5236 RimUsb - ok
01:17:28.0995 5236 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:17:29.0010 5236 RimVSerPort - ok
01:17:29.0019 5236 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
01:17:29.0057 5236 ROOTMODEM - ok
01:17:29.0079 5236 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:17:29.0117 5236 rspndr - ok
01:17:29.0153 5236 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:17:29.0166 5236 sbp2port - ok
01:17:29.0206 5236 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:17:29.0242 5236 scfilter - ok
01:17:29.0259 5236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:17:29.0297 5236 secdrv - ok
01:17:29.0321 5236 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:17:29.0337 5236 Serenum - ok
01:17:29.0346 5236 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:17:29.0362 5236 Serial - ok
01:17:29.0380 5236 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:17:29.0396 5236 sermouse - ok
01:17:29.0428 5236 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:17:29.0446 5236 sffdisk - ok
01:17:29.0460 5236 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:17:29.0478 5236 sffp_mmc - ok
01:17:29.0485 5236 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:17:29.0504 5236 sffp_sd - ok
01:17:29.0522 5236 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:17:29.0538 5236 sfloppy - ok
01:17:29.0559 5236 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:17:29.0572 5236 SiSRaid2 - ok
01:17:29.0592 5236 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:17:29.0606 5236 SiSRaid4 - ok
01:17:29.0626 5236 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:17:29.0668 5236 Smb - ok
01:17:29.0692 5236 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:17:29.0705 5236 spldr - ok
01:17:29.0750 5236 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
01:17:29.0750 5236 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
01:17:29.0752 5236 sptd ( LockedFile.Multi.Generic ) - warning
01:17:29.0752 5236 sptd - detected LockedFile.Multi.Generic (1)
01:17:29.0785 5236 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:17:29.0806 5236 srv - ok
01:17:29.0825 5236 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:17:29.0844 5236 srv2 - ok
01:17:29.0861 5236 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:17:29.0880 5236 srvnet - ok
01:17:29.0904 5236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:17:29.0917 5236 stexstor - ok
01:17:29.0938 5236 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:17:29.0950 5236 swenum - ok
01:17:30.0027 5236 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:17:30.0066 5236 Tcpip - ok
01:17:30.0109 5236 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:17:30.0150 5236 TCPIP6 - ok
01:17:30.0187 5236 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:17:30.0224 5236 tcpipreg - ok
01:17:30.0242 5236 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:17:30.0278 5236 TDPIPE - ok
01:17:30.0296 5236 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:17:30.0333 5236 TDTCP - ok
01:17:30.0367 5236 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:17:30.0409 5236 tdx - ok
01:17:30.0426 5236 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:17:30.0439 5236 TermDD - ok
01:17:30.0484 5236 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:17:30.0520 5236 tssecsrv - ok
01:17:30.0548 5236 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:17:30.0564 5236 TsUsbFlt - ok
01:17:30.0590 5236 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:17:30.0628 5236 tunnel - ok
01:17:30.0651 5236 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:17:30.0664 5236 uagp35 - ok
01:17:30.0686 5236 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
01:17:30.0696 5236 UBHelper - ok
01:17:30.0733 5236 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:17:30.0770 5236 udfs - ok
01:17:30.0792 5236 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:17:30.0805 5236 uliagpkx - ok
01:17:30.0826 5236 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:17:30.0843 5236 umbus - ok
01:17:30.0860 5236 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:17:30.0876 5236 UmPass - ok
01:17:30.0900 5236 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys
01:17:30.0917 5236 usbccgp - ok
01:17:30.0948 5236 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:17:30.0967 5236 usbcir - ok
01:17:30.0993 5236 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
01:17:31.0010 5236 usbehci - ok
01:17:31.0035 5236 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
01:17:31.0056 5236 usbhub - ok
01:17:31.0076 5236 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
01:17:31.0092 5236 usbohci - ok
01:17:31.0115 5236 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:17:31.0134 5236 usbprint - ok
01:17:31.0158 5236 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:17:31.0177 5236 usbscan - ok
01:17:31.0213 5236 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:17:31.0230 5236 USBSTOR - ok
01:17:31.0248 5236 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
01:17:31.0265 5236 usbuhci - ok
01:17:31.0287 5236 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:17:31.0309 5236 usbvideo - ok
01:17:31.0329 5236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:17:31.0343 5236 vdrvroot - ok
01:17:31.0365 5236 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:17:31.0384 5236 vga - ok
01:17:31.0404 5236 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:17:31.0442 5236 VgaSave - ok
01:17:31.0465 5236 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:17:31.0481 5236 vhdmp - ok
01:17:31.0512 5236 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:17:31.0524 5236 viaide - ok
01:17:31.0542 5236 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:17:31.0555 5236 volmgr - ok
01:17:31.0587 5236 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:17:31.0604 5236 volmgrx - ok
01:17:31.0630 5236 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:17:31.0646 5236 volsnap - ok
01:17:31.0663 5236 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:17:31.0677 5236 vsmraid - ok
01:17:31.0699 5236 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:17:31.0717 5236 vwifibus - ok
01:17:31.0729 5236 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:17:31.0750 5236 vwififlt - ok
01:17:31.0759 5236 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
01:17:31.0779 5236 vwifimp - ok
01:17:31.0796 5236 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:17:31.0814 5236 WacomPen - ok
01:17:31.0834 5236 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:17:31.0873 5236 WANARP - ok
01:17:31.0878 5236 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:17:31.0917 5236 Wanarpv6 - ok
01:17:31.0942 5236 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:17:31.0955 5236 Wd - ok
01:17:31.0989 5236 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:17:32.0011 5236 Wdf01000 - ok
01:17:32.0056 5236 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:17:32.0095 5236 WfpLwf - ok
01:17:32.0122 5236 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:17:32.0135 5236 WIMMount - ok
01:17:32.0176 5236 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:17:32.0192 5236 WmiAcpi - ok
01:17:32.0251 5236 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
01:17:32.0272 5236 WN111v2 - ok
01:17:32.0306 5236 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:17:32.0343 5236 ws2ifsl - ok
01:17:32.0392 5236 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:17:32.0432 5236 WudfPf - ok
01:17:32.0458 5236 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:17:32.0496 5236 WUDFRd - ok
01:17:32.0536 5236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:17:32.0644 5236 \Device\Harddisk0\DR0 - ok
01:17:32.0647 5236 Boot (0x1200) (1202520b58b411807894ab8796c1f840) \Device\Harddisk0\DR0\Partition0
01:17:32.0648 5236 \Device\Harddisk0\DR0\Partition0 - ok
01:17:32.0662 5236 Boot (0x1200) (dfa13266bd1235f331a3b139957c44ea) \Device\Harddisk0\DR0\Partition1
01:17:32.0663 5236 \Device\Harddisk0\DR0\Partition1 - ok
01:17:32.0677 5236 Boot (0x1200) (1e449187bcc0dddeb69e3aebab92bdf3) \Device\Harddisk0\DR0\Partition2
01:17:32.0678 5236 \Device\Harddisk0\DR0\Partition2 - ok
01:17:32.0678 5236 ============================================================
01:17:32.0678 5236 Scan finished
01:17:32.0678 5236 ============================================================
01:17:32.0689 3480 Detected object count: 1
01:17:32.0689 3480 Actual detected object count: 1
01:17:43.0637 3480 C:\Windows\System32\Drivers\sptd.sys - copied to quarantine
01:17:43.0660 3480 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
01:18:00.0405 4472 ============================================================
01:18:00.0405 4472 Scan started
01:18:00.0405 4472 Mode: Manual; SigCheck; TDLFS;
01:18:00.0405 4472 ============================================================
01:18:01.0642 4472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:18:01.0660 4472 1394ohci - ok
01:18:01.0713 4472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:18:01.0729 4472 ACPI - ok
01:18:01.0779 4472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:18:01.0797 4472 AcpiPmi - ok
01:18:01.0836 4472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:18:01.0855 4472 adp94xx - ok
01:18:01.0876 4472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:18:01.0892 4472 adpahci - ok
01:18:01.0910 4472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:18:01.0925 4472 adpu320 - ok
01:18:01.0971 4472 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:18:01.0991 4472 AFD - ok
01:18:02.0022 4472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:18:02.0036 4472 agp440 - ok
01:18:02.0066 4472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:18:02.0080 4472 aliide - ok
01:18:02.0100 4472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:18:02.0114 4472 amdide - ok
01:18:02.0192 4472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:18:02.0208 4472 AmdK8 - ok
01:18:02.0223 4472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:18:02.0239 4472 AmdPPM - ok
01:18:02.0273 4472 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
01:18:02.0286 4472 amdsata - ok
01:18:02.0336 4472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:18:02.0353 4472 amdsbs - ok
01:18:02.0376 4472 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
01:18:02.0389 4472 amdxata - ok
01:18:02.0431 4472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:18:02.0467 4472 AppID - ok
01:18:02.0498 4472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:18:02.0511 4472 arc - ok
01:18:02.0532 4472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:18:02.0546 4472 arcsas - ok
01:18:02.0567 4472 ASNDIS4 - ok
01:18:02.0615 4472 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
01:18:02.0628 4472 aswFsBlk - ok
01:18:02.0672 4472 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
01:18:02.0683 4472 aswMonFlt - ok
01:18:02.0719 4472 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
01:18:02.0729 4472 aswRdr - ok
01:18:02.0760 4472 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
01:18:02.0777 4472 aswSnx - ok
01:18:02.0806 4472 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
01:18:02.0820 4472 aswSP - ok
01:18:02.0851 4472 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
01:18:02.0862 4472 aswTdi - ok
01:18:02.0886 4472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:18:02.0921 4472 AsyncMac - ok
01:18:02.0962 4472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:18:02.0974 4472 atapi - ok
01:18:03.0005 4472 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
01:18:03.0017 4472 AtiHdmiService - ok
01:18:03.0124 4472 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
01:18:03.0198 4472 atikmdag - ok
01:18:03.0241 4472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:18:03.0259 4472 b06bdrv - ok
01:18:03.0283 4472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:18:03.0300 4472 b57nd60a - ok
01:18:03.0319 4472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:18:03.0356 4472 Beep - ok
01:18:03.0375 4472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:18:03.0393 4472 blbdrive - ok
01:18:03.0433 4472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:18:03.0450 4472 bowser - ok
01:18:03.0466 4472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:18:03.0486 4472 BrFiltLo - ok
01:18:03.0503 4472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:18:03.0524 4472 BrFiltUp - ok
01:18:03.0537 4472 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:18:03.0579 4472 BridgeMP - ok
01:18:03.0604 4472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:18:03.0625 4472 Brserid - ok
01:18:03.0644 4472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:18:03.0663 4472 BrSerWdm - ok
01:18:03.0675 4472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:18:03.0693 4472 BrUsbMdm - ok
01:18:03.0704 4472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:18:03.0719 4472 BrUsbSer - ok
01:18:03.0737 4472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:18:03.0755 4472 BTHMODEM - ok
01:18:03.0763 4472 catchme - ok
01:18:03.0780 4472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:18:03.0817 4472 cdfs - ok
01:18:03.0853 4472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:18:03.0870 4472 cdrom - ok
01:18:03.0891 4472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:18:03.0909 4472 circlass - ok
01:18:03.0937 4472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:18:03.0955 4472 CLFS - ok
01:18:03.0969 4472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:18:03.0987 4472 CmBatt - ok
01:18:04.0002 4472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:18:04.0015 4472 cmdide - ok
01:18:04.0055 4472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:18:04.0079 4472 CNG - ok
01:18:04.0092 4472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:18:04.0105 4472 Compbatt - ok
01:18:04.0134 4472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:18:04.0153 4472 CompositeBus - ok
01:18:04.0171 4472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:18:04.0184 4472 crcdisk - ok
01:18:04.0230 4472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:18:04.0267 4472 DfsC - ok
01:18:04.0293 4472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:18:04.0332 4472 discache - ok
01:18:04.0364 4472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:18:04.0379 4472 Disk - ok
01:18:04.0386 4472 DNISp50a64 - ok
01:18:04.0411 4472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:18:04.0431 4472 drmkaud - ok
01:18:04.0473 4472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:18:04.0499 4472 DXGKrnl - ok
01:18:04.0527 4472 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
01:18:04.0541 4472 e1yexpress - ok
01:18:04.0602 4472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:18:04.0651 4472 ebdrv - ok
01:18:04.0682 4472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:18:04.0702 4472 elxstor - ok
01:18:04.0729 4472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:18:04.0746 4472 ErrDev - ok
01:18:04.0774 4472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:18:04.0814 4472 exfat - ok
01:18:04.0828 4472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:18:04.0864 4472 fastfat - ok
01:18:04.0874 4472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:18:04.0889 4472 fdc - ok
01:18:04.0908 4472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:18:04.0921 4472 FileInfo - ok
01:18:04.0935 4472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:18:04.0974 4472 Filetrace - ok
01:18:04.0990 4472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:18:05.0006 4472 flpydisk - ok
01:18:05.0046 4472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:18:05.0063 4472 FltMgr - ok
01:18:05.0084 4472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:18:05.0097 4472 FsDepends - ok
01:18:05.0109 4472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:18:05.0122 4472 Fs_Rec - ok
01:18:05.0156 4472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:18:05.0175 4472 fvevol - ok
01:18:05.0199 4472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:18:05.0212 4472 gagp30kx - ok
01:18:05.0237 4472 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:18:05.0247 4472 GEARAspiWDM - ok
01:18:05.0298 4472 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
01:18:05.0310 4472 hamachi - ok
01:18:05.0327 4472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:18:05.0344 4472 hcw85cir - ok
01:18:05.0380 4472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:18:05.0402 4472 HdAudAddService - ok
01:18:05.0420 4472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:18:05.0439 4472 HDAudBus - ok
01:18:05.0460 4472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:18:05.0477 4472 HidBatt - ok
01:18:05.0498 4472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:18:05.0516 4472 HidBth - ok
01:18:05.0525 4472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:18:05.0545 4472 HidIr - ok
01:18:05.0565 4472 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
01:18:05.0582 4472 HidUsb - ok
01:18:05.0614 4472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:18:05.0628 4472 HpSAMD - ok
01:18:05.0669 4472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:18:05.0714 4472 HTTP - ok
01:18:05.0742 4472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:18:05.0755 4472 hwpolicy - ok
01:18:05.0792 4472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:18:05.0809 4472 i8042prt - ok
01:18:05.0840 4472 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
01:18:05.0857 4472 iaStor - ok
01:18:05.0881 4472 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
01:18:05.0900 4472 iaStorV - ok
01:18:06.0013 4472 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:18:06.0096 4472 igfx - ok
01:18:06.0119 4472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:18:06.0132 4472 iirsp - ok
01:18:06.0189 4472 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
01:18:06.0225 4472 IntcAzAudAddService - ok
01:18:06.0242 4472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:18:06.0254 4472 intelide - ok
01:18:06.0275 4472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:18:06.0292 4472 intelppm - ok
01:18:06.0345 4472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:18:06.0380 4472 IpFilterDriver - ok
01:18:06.0420 4472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:18:06.0435 4472 IPMIDRV - ok
01:18:06.0449 4472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:18:06.0484 4472 IPNAT - ok
01:18:06.0496 4472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:18:06.0514 4472 IRENUM - ok
01:18:06.0529 4472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:18:06.0542 4472 isapnp - ok
01:18:06.0569 4472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:18:06.0584 4472 iScsiPrt - ok
01:18:06.0614 4472 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
01:18:06.0628 4472 JSWPSLWF - ok
01:18:06.0642 4472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:18:06.0655 4472 kbdclass - ok
01:18:06.0671 4472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:18:06.0686 4472 kbdhid - ok
01:18:06.0719 4472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:18:06.0732 4472 KSecDD - ok
01:18:06.0767 4472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:18:06.0781 4472 KSecPkg - ok
01:18:06.0795 4472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:18:06.0830 4472 ksthunk - ok
01:18:06.0858 4472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:18:06.0892 4472 lltdio - ok
01:18:06.0918 4472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:18:06.0931 4472 LSI_FC - ok
01:18:06.0949 4472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:18:06.0962 4472 LSI_SAS - ok
01:18:06.0975 4472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:18:06.0988 4472 LSI_SAS2 - ok
01:18:07.0005 4472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:18:07.0018 4472 LSI_SCSI - ok
01:18:07.0032 4472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:18:07.0068 4472 luafv - ok
01:18:07.0086 4472 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
01:18:07.0096 4472 MBAMProtector - ok
01:18:07.0117 4472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:18:07.0130 4472 megasas - ok
01:18:07.0164 4472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:18:07.0180 4472 MegaSR - ok
01:18:07.0210 4472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:18:07.0246 4472 Modem - ok
01:18:07.0273 4472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:18:07.0290 4472 monitor - ok
01:18:07.0324 4472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:18:07.0337 4472 mouclass - ok
01:18:07.0359 4472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:18:07.0374 4472 mouhid - ok
01:18:07.0405 4472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:18:07.0418 4472 mountmgr - ok
01:18:07.0449 4472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:18:07.0463 4472 mpio - ok
01:18:07.0485 4472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:18:07.0520 4472 mpsdrv - ok
01:18:07.0556 4472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:18:07.0576 4472 MRxDAV - ok
01:18:07.0608 4472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:18:07.0624 4472 mrxsmb - ok
01:18:07.0659 4472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:18:07.0679 4472 mrxsmb10 - ok
01:18:07.0699 4472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:18:07.0714 4472 mrxsmb20 - ok
01:18:07.0732 4472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:18:07.0745 4472 msahci - ok
01:18:07.0765 4472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:18:07.0778 4472 msdsm - ok
01:18:07.0807 4472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:18:07.0842 4472 Msfs - ok
01:18:07.0858 4472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:18:07.0894 4472 mshidkmdf - ok
01:18:07.0917 4472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:18:07.0929 4472 msisadrv - ok
01:18:07.0949 4472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:18:07.0984 4472 MSKSSRV - ok
01:18:07.0991 4472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:18:08.0026 4472 MSPCLOCK - ok
01:18:08.0033 4472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:18:08.0068 4472 MSPQM - ok
01:18:08.0106 4472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:18:08.0122 4472 MsRPC - ok
01:18:08.0139 4472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:18:08.0151 4472 mssmbios - ok
01:18:08.0165 4472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:18:08.0200 4472 MSTEE - ok
01:18:08.0207 4472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:18:08.0222 4472 MTConfig - ok
01:18:08.0236 4472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:18:08.0249 4472 Mup - ok
01:18:08.0273 4472 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:18:08.0283 4472 mwlPSDFilter - ok
01:18:08.0298 4472 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:18:08.0308 4472 mwlPSDNServ - ok
01:18:08.0325 4472 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:18:08.0335 4472 mwlPSDVDisk - ok
01:18:08.0346 4472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:18:08.0366 4472 NativeWifiP - ok
01:18:08.0416 4472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:18:08.0441 4472 NDIS - ok
01:18:08.0458 4472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:18:08.0493 4472 NdisCap - ok
01:18:08.0505 4472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:18:08.0540 4472 NdisTapi - ok
01:18:08.0573 4472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:18:08.0607 4472 Ndisuio - ok
01:18:08.0639 4472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:18:08.0674 4472 NdisWan - ok
01:18:08.0698 4472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:18:08.0732 4472 NDProxy - ok
01:18:08.0758 4472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:18:08.0792 4472 NetBIOS - ok
01:18:08.0825 4472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:18:08.0860 4472 NetBT - ok
01:18:08.0886 4472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:18:08.0899 4472 nfrd960 - ok
01:18:08.0919 4472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:18:08.0955 4472 Npfs - ok
01:18:08.0970 4472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:18:09.0005 4472 nsiproxy - ok
01:18:09.0048 4472 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
01:18:09.0081 4472 Ntfs - ok
01:18:09.0102 4472 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
01:18:09.0111 4472 NTIDrvr - ok
01:18:09.0121 4472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:18:09.0155 4472 Null - ok
01:18:09.0184 4472 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
01:18:09.0198 4472 nvraid - ok
01:18:09.0225 4472 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
01:18:09.0238 4472 nvstor - ok
01:18:09.0258 4472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:18:09.0271 4472 nv_agp - ok
01:18:09.0296 4472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:18:09.0312 4472 ohci1394 - ok
01:18:09.0341 4472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:18:09.0356 4472 Parport - ok
01:18:09.0365 4472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:18:09.0378 4472 partmgr - ok
01:18:09.0406 4472 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
01:18:09.0416 4472 PCAMp50a64 - ok
01:18:09.0436 4472 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
01:18:09.0446 4472 PCASp50a64 - ok
01:18:09.0470 4472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:18:09.0484 4472 pci - ok
01:18:09.0494 4472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:18:09.0506 4472 pciide - ok
01:18:09.0524 4472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:18:09.0538 4472 pcmcia - ok
01:18:09.0557 4472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:18:09.0569 4472 pcw - ok
01:18:09.0591 4472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:18:09.0631 4472 PEAUTH - ok
01:18:09.0696 4472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:18:09.0730 4472 PptpMiniport - ok
01:18:09.0750 4472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:18:09.0765 4472 Processor - ok
01:18:09.0803 4472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:18:09.0837 4472 Psched - ok
01:18:09.0877 4472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:18:09.0908 4472 ql2300 - ok
01:18:09.0918 4472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:18:09.0931 4472 ql40xx - ok
01:18:09.0949 4472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:18:09.0969 4472 QWAVEdrv - ok
01:18:09.0985 4472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:18:10.0020 4472 RasAcd - ok
01:18:10.0037 4472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:18:10.0072 4472 RasAgileVpn - ok
01:18:10.0105 4472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:18:10.0139 4472 Rasl2tp - ok
01:18:10.0157 4472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:18:10.0193 4472 RasPppoe - ok
01:18:10.0209 4472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:18:10.0245 4472 RasSstp - ok
01:18:10.0277 4472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:18:10.0317 4472 rdbss - ok
01:18:10.0338 4472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:18:10.0355 4472 rdpbus - ok
01:18:10.0369 4472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:18:10.0405 4472 RDPCDD - ok
01:18:10.0444 4472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:18:10.0480 4472 RDPENCDD - ok
01:18:10.0510 4472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:18:10.0545 4472 RDPREFMP - ok
01:18:10.0577 4472 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:18:10.0614 4472 RDPWD - ok
01:18:10.0652 4472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:18:10.0667 4472 rdyboost - ok
01:18:10.0700 4472 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:18:10.0713 4472 RimUsb - ok
01:18:10.0744 4472 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:18:10.0755 4472 RimVSerPort - ok
01:18:10.0768 4472 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
01:18:10.0804 4472 ROOTMODEM - ok
01:18:10.0828 4472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:18:10.0863 4472 rspndr - ok
01:18:10.0902 4472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:18:10.0917 4472 sbp2port - ok
01:18:10.0955 4472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:18:10.0989 4472 scfilter - ok
01:18:11.0005 4472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:18:11.0039 4472 secdrv - ok
01:18:11.0062 4472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:18:11.0077 4472 Serenum - ok
01:18:11.0085 4472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:18:11.0101 4472 Serial - ok
01:18:11.0113 4472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:18:11.0128 4472 sermouse - ok
01:18:11.0161 4472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:18:11.0178 4472 sffdisk - ok
01:18:11.0193 4472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:18:11.0210 4472 sffp_mmc - ok
01:18:11.0218 4472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:18:11.0236 4472 sffp_sd - ok
01:18:11.0255 4472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:18:11.0271 4472 sfloppy - ok
01:18:11.0291 4472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:18:11.0304 4472 SiSRaid2 - ok
01:18:11.0316 4472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:18:11.0329 4472 SiSRaid4 - ok
01:18:11.0349 4472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:18:11.0386 4472 Smb - ok
01:18:11.0408 4472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:18:11.0420 4472 spldr - ok
01:18:11.0457 4472 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
01:18:11.0457 4472 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
01:18:11.0467 4472 sptd ( LockedFile.Multi.Generic ) - warning
01:18:11.0467 4472 sptd - detected LockedFile.Multi.Generic (1)
01:18:11.0497 4472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:18:11.0517 4472 srv - ok
01:18:11.0537 4472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:18:11.0557 4472 srv2 - ok
01:18:11.0577 4472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:18:11.0587 4472 srvnet - ok
01:18:11.0617 4472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:18:11.0627 4472 stexstor - ok
01:18:11.0647 4472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:18:11.0657 4472 swenum - ok
01:18:11.0737 4472 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:18:11.0777 4472 Tcpip - ok
01:18:11.0817 4472 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:18:11.0847 4472 TCPIP6 - ok
01:18:11.0877 4472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:18:11.0917 4472 tcpipreg - ok
01:18:11.0941 4472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:18:11.0978 4472 TDPIPE - ok
01:18:11.0995 4472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:18:12.0031 4472 TDTCP - ok
01:18:12.0066 4472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:18:12.0104 4472 tdx - ok
01:18:12.0125 4472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:18:12.0139 4472 TermDD - ok
01:18:12.0200 4472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:18:12.0235 4472 tssecsrv - ok
01:18:12.0264 4472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:18:12.0279 4472 TsUsbFlt - ok
01:18:12.0306 4472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:18:12.0342 4472 tunnel - ok
01:18:12.0358 4472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:18:12.0371 4472 uagp35 - ok
01:18:12.0393 4472 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
01:18:12.0403 4472 UBHelper - ok
01:18:12.0441 4472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:18:12.0478 4472 udfs - ok
01:18:12.0500 4472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:18:12.0513 4472 uliagpkx - ok
01:18:12.0533 4472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:18:12.0549 4472 umbus - ok
01:18:12.0568 4472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:18:12.0585 4472 UmPass - ok
01:18:12.0608 4472 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys
01:18:12.0623 4472 usbccgp - ok
01:18:12.0655 4472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:18:12.0674 4472 usbcir - ok
01:18:12.0700 4472 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
01:18:12.0717 4472 usbehci - ok
01:18:12.0743 4472 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
01:18:12.0761 4472 usbhub - ok
01:18:12.0783 4472 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
01:18:12.0799 4472 usbohci - ok
01:18:12.0814 4472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:18:12.0831 4472 usbprint - ok
01:18:12.0857 4472 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:18:12.0875 4472 usbscan - ok
01:18:12.0913 4472 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:18:12.0933 4472 USBSTOR - ok
01:18:12.0941 4472 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
01:18:12.0961 4472 usbuhci - ok
01:18:12.0981 4472 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:18:13.0001 4472 usbvideo - ok
01:18:13.0021 4472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:18:13.0041 4472 vdrvroot - ok
01:18:13.0061 4472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:18:13.0081 4472 vga - ok
01:18:13.0091 4472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:18:13.0131 4472 VgaSave - ok
01:18:13.0141 4472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:18:13.0161 4472 vhdmp - ok
01:18:13.0171 4472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:18:13.0181 4472 viaide - ok
01:18:13.0201 4472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:18:13.0221 4472 volmgr - ok
01:18:13.0251 4472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:18:13.0261 4472 volmgrx - ok
01:18:13.0281 4472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:18:13.0301 4472 volsnap - ok
01:18:13.0331 4472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:18:13.0352 4472 vsmraid - ok
01:18:13.0373 4472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:18:13.0392 4472 vwifibus - ok
01:18:13.0403 4472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:18:13.0423 4472 vwififlt - ok
01:18:13.0436 4472 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
01:18:13.0456 4472 vwifimp - ok
01:18:13.0472 4472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:18:13.0488 4472 WacomPen - ok
01:18:13.0517 4472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:18:13.0553 4472 WANARP - ok
01:18:13.0557 4472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:18:13.0592 4472 Wanarpv6 - ok
01:18:13.0618 4472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:18:13.0632 4472 Wd - ok
01:18:13.0664 4472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:18:13.0686 4472 Wdf01000 - ok
01:18:13.0721 4472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:18:13.0759 4472 WfpLwf - ok
01:18:13.0779 4472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:18:13.0793 4472 WIMMount - ok
01:18:13.0833 4472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:18:13.0848 4472 WmiAcpi - ok
01:18:13.0900 4472 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
01:18:13.0920 4472 WN111v2 - ok
01:18:13.0939 4472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:18:13.0975 4472 ws2ifsl - ok
01:18:14.0016 4472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:18:14.0051 4472 WudfPf - ok
01:18:14.0066 4472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:18:14.0103 4472 WUDFRd - ok
01:18:14.0135 4472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:18:14.0243 4472 \Device\Harddisk0\DR0 - ok
01:18:14.0246 4472 Boot (0x1200) (1202520b58b411807894ab8796c1f840) \Device\Harddisk0\DR0\Partition0
01:18:14.0247 4472 \Device\Harddisk0\DR0\Partition0 - ok
01:18:14.0262 4472 Boot (0x1200) (dfa13266bd1235f331a3b139957c44ea) \Device\Harddisk0\DR0\Partition1
01:18:14.0263 4472 \Device\Harddisk0\DR0\Partition1 - ok
01:18:14.0284 4472 Boot (0x1200) (1e449187bcc0dddeb69e3aebab92bdf3) \Device\Harddisk0\DR0\Partition2
01:18:14.0285 4472 \Device\Harddisk0\DR0\Partition2 - ok
01:18:14.0286 4472 ============================================================
01:18:14.0286 4472 Scan finished
01:18:14.0286 4472 ============================================================
01:18:14.0297 5720 Detected object count: 1
01:18:14.0297 5720 Actual detected object count: 1
01:18:29.0450 5720 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:18:29.0450 5720 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:20:01.0798 5796 ============================================================
01:20:01.0798 5796 Scan started
01:20:01.0798 5796 Mode: Manual; SigCheck; TDLFS;
01:20:01.0798 5796 ============================================================
01:20:02.0034 5796 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:20:02.0054 5796 1394ohci - ok
01:20:02.0084 5796 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:20:02.0104 5796 ACPI - ok
01:20:02.0134 5796 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:20:02.0154 5796 AcpiPmi - ok
01:20:02.0184 5796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:20:02.0204 5796 adp94xx - ok
01:20:02.0234 5796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:20:02.0254 5796 adpahci - ok
01:20:02.0264 5796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:20:02.0284 5796 adpu320 - ok
01:20:02.0324 5796 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:20:02.0344 5796 AFD - ok
01:20:02.0354 5796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:20:02.0364 5796 agp440 - ok
01:20:02.0404 5796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:20:02.0424 5796 aliide - ok
01:20:02.0444 5796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:20:02.0454 5796 amdide - ok
01:20:02.0464 5796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:20:02.0484 5796 AmdK8 - ok
01:20:02.0494 5796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:20:02.0514 5796 AmdPPM - ok
01:20:02.0534 5796 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
01:20:02.0544 5796 amdsata - ok
01:20:02.0574 5796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:20:02.0588 5796 amdsbs - ok
01:20:02.0606 5796 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
01:20:02.0618 5796 amdxata - ok
01:20:02.0653 5796 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:20:02.0687 5796 AppID - ok
01:20:02.0720 5796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:20:02.0732 5796 arc - ok
01:20:02.0745 5796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:20:02.0758 5796 arcsas - ok
01:20:02.0764 5796 ASNDIS4 - ok
01:20:02.0804 5796 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
01:20:02.0817 5796 aswFsBlk - ok
01:20:02.0860 5796 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
01:20:02.0870 5796 aswMonFlt - ok
01:20:02.0891 5796 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
01:20:02.0901 5796 aswRdr - ok
01:20:02.0932 5796 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
01:20:02.0949 5796 aswSnx - ok
01:20:02.0977 5796 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
01:20:02.0991 5796 aswSP - ok
01:20:03.0015 5796 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
01:20:03.0025 5796 aswTdi - ok
01:20:03.0041 5796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:20:03.0076 5796 AsyncMac - ok
01:20:03.0092 5796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:20:03.0104 5796 atapi - ok
01:20:03.0127 5796 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
01:20:03.0137 5796 AtiHdmiService - ok
01:20:03.0241 5796 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
01:20:03.0316 5796 atikmdag - ok
01:20:03.0346 5796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:20:03.0363 5796 b06bdrv - ok
01:20:03.0380 5796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:20:03.0396 5796 b57nd60a - ok
01:20:03.0416 5796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:20:03.0450 5796 Beep - ok
01:20:03.0463 5796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:20:03.0478 5796 blbdrive - ok
01:20:03.0513 5796 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:20:03.0530 5796 bowser - ok
01:20:03.0546 5796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:20:03.0565 5796 BrFiltLo - ok
01:20:03.0582 5796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:20:03.0602 5796 BrFiltUp - ok
01:20:03.0614 5796 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:20:03.0654 5796 BridgeMP - ok
01:20:03.0674 5796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:20:03.0694 5796 Brserid - ok
01:20:03.0704 5796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:20:03.0724 5796 BrSerWdm - ok
01:20:03.0734 5796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:20:03.0754 5796 BrUsbMdm - ok
01:20:03.0764 5796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:20:03.0774 5796 BrUsbSer - ok
01:20:03.0784 5796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:20:03.0804 5796 BTHMODEM - ok
01:20:03.0814 5796 catchme - ok
01:20:03.0834 5796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:20:03.0864 5796 cdfs - ok
01:20:03.0904 5796 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:20:03.0924 5796 cdrom - ok
01:20:03.0944 5796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:20:03.0954 5796 circlass - ok
01:20:03.0984 5796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:20:03.0994 5796 CLFS - ok
01:20:04.0004 5796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:20:04.0024 5796 CmBatt - ok
01:20:04.0034 5796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:20:04.0044 5796 cmdide - ok
01:20:04.0084 5796 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:20:04.0104 5796 CNG - ok
01:20:04.0114 5796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:20:04.0134 5796 Compbatt - ok
01:20:04.0164 5796 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:20:04.0174 5796 CompositeBus - ok
01:20:04.0194 5796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:20:04.0204 5796 crcdisk - ok
01:20:04.0244 5796 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:20:04.0284 5796 DfsC - ok
01:20:04.0304 5796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:20:04.0334 5796 discache - ok
01:20:04.0364 5796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:20:04.0374 5796 Disk - ok
01:20:04.0384 5796 DNISp50a64 - ok
01:20:04.0404 5796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:20:04.0424 5796 drmkaud - ok
01:20:04.0464 5796 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:20:04.0484 5796 DXGKrnl - ok
01:20:04.0514 5796 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
01:20:04.0534 5796 e1yexpress - ok
01:20:04.0594 5796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:20:04.0634 5796 ebdrv - ok
01:20:04.0664 5796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:20:04.0684 5796 elxstor - ok
01:20:04.0704 5796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:20:04.0714 5796 ErrDev - ok
01:20:04.0744 5796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:20:04.0774 5796 exfat - ok
01:20:04.0794 5796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:20:04.0834 5796 fastfat - ok
01:20:04.0844 5796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:20:04.0854 5796 fdc - ok
01:20:04.0874 5796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:20:04.0884 5796 FileInfo - ok
01:20:04.0904 5796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:20:04.0934 5796 Filetrace - ok
01:20:04.0944 5796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:20:04.0964 5796 flpydisk - ok
01:20:04.0994 5796 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:20:05.0014 5796 FltMgr - ok
01:20:05.0034 5796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:20:05.0044 5796 FsDepends - ok
01:20:05.0064 5796 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:20:05.0074 5796 Fs_Rec - ok
01:20:05.0104 5796 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:20:05.0124 5796 fvevol - ok
01:20:05.0144 5796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:20:05.0154 5796 gagp30kx - ok
01:20:05.0184 5796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:20:05.0194 5796 GEARAspiWDM - ok
01:20:05.0244 5796 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
01:20:05.0254 5796 hamachi - ok
01:20:05.0274 5796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:20:05.0284 5796 hcw85cir - ok
01:20:05.0324 5796 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:20:05.0344 5796 HdAudAddService - ok
01:20:05.0364 5796 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:20:05.0384 5796 HDAudBus - ok
01:20:05.0404 5796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:20:05.0424 5796 HidBatt - ok
01:20:05.0434 5796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:20:05.0454 5796 HidBth - ok
01:20:05.0454 5796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:20:05.0474 5796 HidIr - ok
01:20:05.0494 5796 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
01:20:05.0504 5796 HidUsb - ok
01:20:05.0534 5796 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:20:05.0544 5796 HpSAMD - ok
01:20:05.0584 5796 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:20:05.0624 5796 HTTP - ok
01:20:05.0654 5796 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:20:05.0664 5796 hwpolicy - ok
01:20:05.0694 5796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:20:05.0704 5796 i8042prt - ok
01:20:05.0744 5796 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
01:20:05.0754 5796 iaStor - ok
01:20:05.0784 5796 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
01:20:05.0794 5796 iaStorV - ok
01:20:05.0924 5796 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:20:06.0004 5796 igfx - ok
01:20:06.0024 5796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:20:06.0034 5796 iirsp - ok
01:20:06.0084 5796 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
01:20:06.0114 5796 IntcAzAudAddService - ok
01:20:06.0134 5796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:20:06.0144 5796 intelide - ok
01:20:06.0164 5796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:20:06.0184 5796 intelppm - ok
01:20:06.0214 5796 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:20:06.0244 5796 IpFilterDriver - ok
01:20:06.0274 5796 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:20:06.0294 5796 IPMIDRV - ok
01:20:06.0304 5796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:20:06.0344 5796 IPNAT - ok
01:20:06.0364 5796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:20:06.0384 5796 IRENUM - ok
01:20:06.0394 5796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:20:06.0404 5796 isapnp - ok
01:20:06.0434 5796 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:20:06.0454 5796 iScsiPrt - ok
01:20:06.0484 5796 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
01:20:06.0494 5796 JSWPSLWF - ok
01:20:06.0514 5796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:20:06.0524 5796 kbdclass - ok
01:20:06.0534 5796 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:20:06.0554 5796 kbdhid - ok
01:20:06.0584 5796 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:20:06.0604 5796 KSecDD - ok
01:20:06.0634 5796 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:20:06.0644 5796 KSecPkg - ok
01:20:06.0664 5796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:20:06.0694 5796 ksthunk - ok
01:20:06.0754 5796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:20:06.0784 5796 lltdio - ok
01:20:06.0814 5796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:20:06.0824 5796 LSI_FC - ok
01:20:06.0844 5796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:20:06.0854 5796 LSI_SAS - ok
01:20:06.0864 5796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:20:06.0884 5796 LSI_SAS2 - ok
01:20:06.0894 5796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:20:06.0914 5796 LSI_SCSI - ok
01:20:06.0924 5796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:20:06.0964 5796 luafv - ok
01:20:06.0974 5796 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
01:20:06.0984 5796 MBAMProtector - ok
01:20:07.0014 5796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:20:07.0024 5796 megasas - ok
01:20:07.0044 5796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:20:07.0054 5796 MegaSR - ok
01:20:07.0074 5796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:20:07.0104 5796 Modem - ok
01:20:07.0114 5796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:20:07.0134 5796 monitor - ok
01:20:07.0164 5796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:20:07.0184 5796 mouclass - ok
01:20:07.0204 5796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:20:07.0214 5796 mouhid - ok
01:20:07.0244 5796 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:20:07.0264 5796 mountmgr - ok
01:20:07.0294 5796 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:20:07.0304 5796 mpio - ok
01:20:07.0324 5796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:20:07.0367 5796 mpsdrv - ok
01:20:07.0403 5796 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:20:07.0423 5796 MRxDAV - ok
01:20:07.0455 5796 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:20:07.0470 5796 mrxsmb - ok
01:20:07.0506 5796 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:20:07.0523 5796 mrxsmb10 - ok
01:20:07.0546 5796 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:20:07.0561 5796 mrxsmb20 - ok
01:20:07.0578 5796 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:20:07.0590 5796 msahci - ok
01:20:07.0611 5796 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:20:07.0624 5796 msdsm - ok
01:20:07.0653 5796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:20:07.0688 5796 Msfs - ok
01:20:07.0704 5796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:20:07.0739 5796 mshidkmdf - ok
01:20:07.0762 5796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:20:07.0774 5796 msisadrv - ok
01:20:07.0803 5796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:20:07.0838 5796 MSKSSRV - ok
01:20:07.0848 5796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:20:07.0883 5796 MSPCLOCK - ok
01:20:07.0890 5796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:20:07.0925 5796 MSPQM - ok
01:20:07.0960 5796 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:20:07.0980 5796 MsRPC - ok
01:20:08.0002 5796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:20:08.0014 5796 mssmbios - ok
01:20:08.0027 5796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:20:08.0063 5796 MSTEE - ok
01:20:08.0070 5796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:20:08.0087 5796 MTConfig - ok
01:20:08.0099 5796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:20:08.0112 5796 Mup - ok
01:20:08.0136 5796 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:20:08.0146 5796 mwlPSDFilter - ok
01:20:08.0161 5796 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:20:08.0171 5796 mwlPSDNServ - ok
01:20:08.0188 5796 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:20:08.0198 5796 mwlPSDVDisk - ok
01:20:08.0224 5796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:20:08.0247 5796 NativeWifiP - ok
01:20:08.0296 5796 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:20:08.0325 5796 NDIS - ok
01:20:08.0346 5796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:20:08.0382 5796 NdisCap - ok
01:20:08.0393 5796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:20:08.0429 5796 NdisTapi - ok
01:20:08.0469 5796 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:20:08.0508 5796 Ndisuio - ok
01:20:08.0543 5796 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:20:08.0583 5796 NdisWan - ok
01:20:08.0610 5796 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:20:08.0645 5796 NDProxy - ok
01:20:08.0662 5796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:20:08.0697 5796 NetBIOS - ok
01:20:08.0737 5796 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:20:08.0774 5796 NetBT - ok
01:20:08.0799 5796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:20:08.0812 5796 nfrd960 - ok
01:20:08.0832 5796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:20:08.0868 5796 Npfs - ok
01:20:08.0882 5796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:20:08.0917 5796 nsiproxy - ok
01:20:08.0961 5796 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
01:20:08.0995 5796 Ntfs - ok
01:20:09.0015 5796 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
01:20:09.0024 5796 NTIDrvr - ok
01:20:09.0041 5796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:20:09.0077 5796 Null - ok
01:20:09.0105 5796 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
01:20:09.0119 5796 nvraid - ok
01:20:09.0146 5796 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
01:20:09.0160 5796 nvstor - ok
01:20:09.0179 5796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:20:09.0193 5796 nv_agp - ok
01:20:09.0217 5796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:20:09.0232 5796 ohci1394 - ok
01:20:09.0262 5796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:20:09.0277 5796 Parport - ok
01:20:09.0286 5796 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:20:09.0301 5796 partmgr - ok
01:20:09.0327 5796 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
01:20:09.0338 5796 PCAMp50a64 - ok
01:20:09.0357 5796 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
01:20:09.0368 5796 PCASp50a64 - ok
01:20:09.0390 5796 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:20:09.0405 5796 pci - ok
01:20:09.0415 5796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:20:09.0427 5796 pciide - ok
01:20:09.0445 5796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:20:09.0459 5796 pcmcia - ok
01:20:09.0477 5796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:20:09.0490 5796 pcw - ok
01:20:09.0512 5796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:20:09.0554 5796 PEAUTH - ok
01:20:09.0625 5796 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:20:09.0660 5796 PptpMiniport - ok
01:20:09.0679 5796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:20:09.0695 5796 Processor - ok
01:20:09.0732 5796 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:20:09.0766 5796 Psched - ok
01:20:09.0807 5796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:20:09.0839 5796 ql2300 - ok
01:20:09.0848 5796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:20:09.0863 5796 ql40xx - ok
01:20:09.0887 5796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:20:09.0905 5796 QWAVEdrv - ok
01:20:09.0923 5796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:20:09.0958 5796 RasAcd - ok
01:20:09.0975 5796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:20:10.0011 5796 RasAgileVpn - ok
01:20:10.0042 5796 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:20:10.0077 5796 Rasl2tp - ok
01:20:10.0103 5796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:20:10.0139 5796 RasPppoe - ok
01:20:10.0154 5796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:20:10.0191 5796 RasSstp - ok
01:20:10.0231 5796 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:20:10.0268 5796 rdbss - ok
01:20:10.0284 5796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:20:10.0304 5796 rdpbus - ok
01:20:10.0323 5796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:20:10.0359 5796 RDPCDD - ok
01:20:10.0398 5796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:20:10.0434 5796 RDPENCDD - ok
01:20:10.0472 5796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:20:10.0508 5796 RDPREFMP - ok
01:20:10.0523 5796 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:20:10.0559 5796 RDPWD - ok
01:20:10.0598 5796 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:20:10.0613 5796 rdyboost - ok
01:20:10.0645 5796 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:20:10.0659 5796 RimUsb - ok
01:20:10.0689 5796 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:20:10.0701 5796 RimVSerPort - ok
01:20:10.0714 5796 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
01:20:10.0750 5796 ROOTMODEM - ok
01:20:10.0774 5796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:20:10.0811 5796 rspndr - ok
01:20:10.0848 5796 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:20:10.0860 5796 sbp2port - ok
01:20:10.0893 5796 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:20:10.0926 5796 scfilter - ok
01:20:10.0941 5796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:20:10.0977 5796 secdrv - ok
01:20:10.0999 5796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:20:11.0014 5796 Serenum - ok
01:20:11.0024 5796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:20:11.0040 5796 Serial - ok
01:20:11.0059 5796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:20:11.0074 5796 sermouse - ok
01:20:11.0107 5796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:20:11.0124 5796 sffdisk - ok
01:20:11.0139 5796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:20:11.0156 5796 sffp_mmc - ok
01:20:11.0166 5796 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:20:11.0183 5796 sffp_sd - ok
01:20:11.0200 5796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:20:11.0216 5796 sfloppy - ok
01:20:11.0237 5796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:20:11.0250 5796 SiSRaid2 - ok
01:20:11.0262 5796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:20:11.0275 5796 SiSRaid4 - ok
01:20:11.0295 5796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:20:11.0333 5796 Smb - ok
01:20:11.0354 5796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:20:11.0366 5796 spldr - ok
01:20:11.0420 5796 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
01:20:11.0421 5796 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
01:20:11.0422 5796 sptd ( LockedFile.Multi.Generic ) - warning
01:20:11.0422 5796 sptd - detected LockedFile.Multi.Generic (1)
01:20:11.0456 5796 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:20:11.0476 5796 srv - ok
01:20:11.0503 5796 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:20:11.0521 5796 srv2 - ok
01:20:11.0539 5796 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:20:11.0555 5796 srvnet - ok
01:20:11.0583 5796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:20:11.0595 5796 stexstor - ok
01:20:11.0616 5796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:20:11.0628 5796 swenum - ok
01:20:11.0704 5796 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:20:11.0741 5796 Tcpip - ok
01:20:11.0779 5796 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:20:11.0816 5796 TCPIP6 - ok
01:20:11.0849 5796 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:20:11.0883 5796 tcpipreg - ok
01:20:11.0903 5796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:20:11.0940 5796 TDPIPE - ok
01:20:11.0958 5796 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:20:11.0993 5796 TDTCP - ok
01:20:12.0029 5796 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:20:12.0064 5796 tdx - ok
01:20:12.0079 5796 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:20:12.0092 5796 TermDD - ok
01:20:12.0138 5796 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:20:12.0172 5796 tssecsrv - ok
01:20:12.0202 5796 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:20:12.0217 5796 TsUsbFlt - ok
01:20:12.0243 5796 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:20:12.0278 5796 tunnel - ok
01:20:12.0296 5796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:20:12.0310 5796 uagp35 - ok
01:20:12.0331 5796 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
01:20:12.0341 5796 UBHelper - ok
01:20:12.0378 5796 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:20:12.0415 5796 udfs - ok
01:20:12.0437 5796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:20:12.0451 5796 uliagpkx - ok
01:20:12.0470 5796 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:20:12.0486 5796 umbus - ok
01:20:12.0497 5796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:20:12.0512 5796 UmPass - ok
01:20:12.0537 5796 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys
01:20:12.0552 5796 usbccgp - ok
01:20:12.0584 5796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:20:12.0602 5796 usbcir - ok
01:20:12.0621 5796 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
01:20:12.0637 5796 usbehci - ok
01:20:12.0663 5796 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
01:20:12.0681 5796 usbhub - ok
01:20:12.0695 5796 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
01:20:12.0711 5796 usbohci - ok
01:20:12.0726 5796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:20:12.0744 5796 usbprint - ok
01:20:12.0770 5796 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:20:12.0787 5796 usbscan - ok
01:20:12.0825 5796 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:20:12.0841 5796 USBSTOR - ok
01:20:12.0860 5796 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
01:20:12.0876 5796 usbuhci - ok
01:20:12.0898 5796 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:20:12.0917 5796 usbvideo - ok
01:20:12.0941 5796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:20:12.0954 5796 vdrvroot - ok
01:20:12.0976 5796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:20:12.0994 5796 vga - ok
01:20:13.0007 5796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:20:13.0043 5796 VgaSave - ok
01:20:13.0060 5796 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:20:13.0075 5796 vhdmp - ok
01:20:13.0090 5796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:20:13.0098 5796 viaide - ok
01:20:13.0118 5796 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:20:13.0133 5796 volmgr - ok
01:20:13.0163 5796 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:20:13.0178 5796 volmgrx - ok
01:20:13.0208 5796 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:20:13.0223 5796 volsnap - ok
01:20:13.0258 5796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:20:13.0268 5796 vsmraid - ok
01:20:13.0283 5796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:20:13.0303 5796 vwifibus - ok
01:20:13.0323 5796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:20:13.0343 5796 vwififlt - ok
01:20:13.0348 5796 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
01:20:13.0368 5796 vwifimp - ok
01:20:13.0383 5796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:20:13.0398 5796 WacomPen - ok
01:20:13.0418 5796 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:20:13.0453 5796 WANARP - ok
01:20:13.0458 5796 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:20:13.0493 5796 Wanarpv6 - ok
01:20:13.0513 5796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:20:13.0523 5796 Wd - ok
01:20:13.0548 5796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:20:13.0568 5796 Wdf01000 - ok
01:20:13.0598 5796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:20:13.0636 5796 WfpLwf - ok
01:20:13.0650 5796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:20:13.0662 5796 WIMMount - ok
01:20:13.0704 5796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:20:13.0719 5796 WmiAcpi - ok
01:20:13.0770 5796 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
01:20:13.0790 5796 WN111v2 - ok
01:20:13.0809 5796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:20:13.0845 5796 ws2ifsl - ok
01:20:13.0887 5796 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:20:13.0922 5796 WudfPf - ok
01:20:13.0942 5796 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:20:13.0977 5796 WUDFRd - ok
01:20:14.0006 5796 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:20:14.0114 5796 \Device\Harddisk0\DR0 - ok
01:20:14.0117 5796 Boot (0x1200) (1202520b58b411807894ab8796c1f840) \Device\Harddisk0\DR0\Partition0
01:20:14.0119 5796 \Device\Harddisk0\DR0\Partition0 - ok
01:20:14.0132 5796 Boot (0x1200) (dfa13266bd1235f331a3b139957c44ea) \Device\Harddisk0\DR0\Partition1
01:20:14.0134 5796 \Device\Harddisk0\DR0\Partition1 - ok
01:20:14.0155 5796 Boot (0x1200) (1e449187bcc0dddeb69e3aebab92bdf3) \Device\Harddisk0\DR0\Partition2
01:20:14.0156 5796 \Device\Harddisk0\DR0\Partition2 - ok
01:20:14.0156 5796 ============================================================
01:20:14.0156 5796 Scan finished
01:20:14.0156 5796 ============================================================
01:20:14.0168 5900 Detected object count: 1
01:20:14.0168 5900 Actual detected object count: 1
01:20:16.0175 5900 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:20:16.0175 5900 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Now here is the Aswmbr log you told me to post.



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 01:24:33
-----------------------------
01:24:33.620 OS Version: Windows x64 6.1.7601 Service Pack 1
01:24:33.620 Number of processors: 4 586 0x170A
01:24:33.630 ComputerName: ALVARADO-PC UserName: Alvarado
01:24:34.439 Initialize success
01:24:37.205 AVAST engine defs: 12030200
01:24:45.616 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:24:45.618 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
01:24:45.632 Disk 0 MBR read successfully
01:24:45.635 Disk 0 MBR scan
01:24:45.638 Disk 0 Windows 7 default MBR code
01:24:45.647 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
01:24:45.663 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
01:24:45.675 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 298958 MB offset 25372672
01:24:45.689 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 299132 MB offset 637638656
01:24:45.695 Disk 0 scanning C:\Windows\system32\drivers
01:24:51.225 Service scanning
01:25:00.779 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:25:05.086 Modules scanning
01:25:05.426 Disk 0 trace - called modules:
01:25:05.439 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
01:25:05.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058ee060]
01:25:05.449 3 CLASSPNP.SYS[fffff88001b8443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004aaa050]
01:25:06.164 AVAST engine scan C:\Windows
01:25:08.388 AVAST engine scan C:\Windows\system32
01:25:54.612 File: C:\Windows\system32\trz21F3.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
01:25:54.669 File: C:\Windows\system32\trz2922.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
01:25:54.709 File: C:\Windows\system32\trz6BCD.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
01:25:54.762 File: C:\Windows\system32\trzA61D.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
01:26:37.894 AVAST engine scan C:\Windows\system32\drivers
01:26:45.623 AVAST engine scan C:\Users\Alvarado
01:28:48.308 Disk 0 MBR has been saved successfully to "C:\Users\Alvarado\Desktop\MBR.dat"
01:28:48.317 The log file has been saved successfully to "C:\Users\Alvarado\Desktop\aswMBR.txt"

Edited by cashkingb, 02 March 2012 - 09:36 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 02 March 2012 - 02:21 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Windows\system32\trz21F3.tmp
C:\Windows\system32\trz2922.tmp
C:\Windows\system32\trz6BCD.tmp
C:\Windows\system32\trzA61D.tmp
c:\windows\system32\dds_trash_log.cmd

Folder::
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cashkingb

cashkingb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 March 2012 - 06:17 PM

Hello Gringo here's my log you wanted.

I had no problems running combo fix nothing went wrong.

And the computer seems to be running fine.

ComboFix 12-03-02.01 - Alvarado 03/03/2012 9:40.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4095.2559 [GMT 11:00]
Running from: c:\users\Alvarado\Desktop\ComboFix.exe
Command switches used :: c:\users\Alvarado\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\system32\trz21F3.tmp"
"c:\windows\system32\trz2922.tmp"
"c:\windows\system32\trz6BCD.tmp"
"c:\windows\system32\trzA61D.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_e16a.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 22:57 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trzE6A6.tmp
2012-03-02 22:54 . 2012-03-02 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 22:30 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz14D3.tmp
2012-03-02 22:11 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trzEC6B.tmp
2012-03-02 21:55 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz3674.tmp
2012-03-02 21:39 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz807C.tmp
2012-03-02 21:23 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trzCA85.tmp
2012-03-02 21:07 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz147E.tmp
2012-03-02 20:51 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz5DDC.tmp
2012-03-02 20:35 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trzA7F4.tmp
2012-03-02 20:19 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trzF170.tmp
2012-03-02 20:03 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz317B.tmp
2012-03-02 14:33 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trzD896.tmp
2012-03-02 14:17 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz21F3.tmp
2012-03-02 14:17 . 2012-03-02 14:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 14:01 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz6BCD.tmp
2012-03-02 13:45 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trzA61D.tmp
2012-03-02 13:29 . 2009-07-14 01:39 51712 ----a-w- c:\windows\system32\trz2922.tmp
2012-02-29 22:55 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-29 22:55 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-02-29 22:55 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-29 22:52 . 2012-02-29 22:52 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-29 04:34 . 2012-02-29 04:34 -------- d-----w- c:\program files (x86)\PC Tools
2012-02-29 04:29 . 2012-03-01 04:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-02-29 04:25 . 2012-02-29 04:25 -------- d-----w- c:\users\Alvarado\AppData\Roaming\TestApp
2012-02-28 21:20 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-28 21:20 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-28 21:20 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-28 11:11 . 2012-02-28 11:11 -------- d-----w- c:\users\Alvarado\AppData\Roaming\SUPERAntiSpyware.com
2012-02-28 11:10 . 2012-02-29 15:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-28 11:10 . 2012-02-28 11:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-28 10:58 . 2012-02-29 15:59 -------- d-----w- c:\users\Alvarado\AppData\Roaming\GetRightToGo
2012-02-28 08:50 . 2012-03-01 04:10 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-02-28 04:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-24 04:20 . 2012-02-29 15:59 -------- d-----w- c:\program files (x86)\express-files
2012-02-22 21:19 . 2011-12-10 04:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 04:24 . 2012-03-01 04:10 -------- d-----w- c:\users\Alvarado\Command and Conquer Generals
2012-02-10 21:40 . 2012-02-10 21:46 -------- d-----w- c:\program files (x86)\Dead Sane
2012-02-09 11:06 . 2012-02-09 11:06 -------- d-----w- c:\programdata\Lionhead Studios
2012-02-09 05:25 . 2012-02-09 05:26 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-02-07 10:38 . 2012-02-09 11:08 -------- d-----w- c:\users\Alvarado\AppData\Roaming\Lionhead Studios
2012-02-07 10:19 . 2012-03-01 04:10 -------- d-----w- c:\program files (x86)\Lionhead Studios Ltd
2012-02-07 08:04 . 2012-03-02 22:03 -------- d-----w- c:\users\Alvarado\AppData\Roaming\ExpressFiles
2012-02-07 05:12 . 2012-02-07 05:12 -------- d-----w- c:\program files (x86)\MyTools
2012-02-07 05:11 . 2012-02-07 05:11 -------- d-----w- c:\programdata\Premium
2012-02-07 05:11 . 2012-02-09 05:41 -------- d-----w- c:\programdata\InstallMate
2012-02-05 20:55 . 2012-03-02 06:56 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 09:56 . 2012-02-04 09:56 -------- d-----w- c:\windows\lhsp
2012-02-04 09:56 . 2012-02-04 09:56 -------- d-----w- c:\program files (x86)\CFS-Technologies
2012-02-04 02:00 . 2012-02-04 02:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-03 20:29 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-03 20:29 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-03 20:29 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-03 20:29 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-02-03 20:29 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-02-03 20:29 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-03 20:29 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-02-03 20:29 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-02-03 20:29 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-02-03 20:29 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-02-03 20:29 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-02-03 20:29 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 05:39 . 2011-08-14 04:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-01 06:47 . 2010-03-07 05:39 215104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-01 06:47 . 2010-03-07 00:33 215104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-01 06:44 . 2010-03-07 00:33 215104 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-25 01:34 . 2010-03-07 00:33 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2008-10-17 02:12 . 2011-11-18 04:15 888832 ----a-r- c:\program files (x86)\Core.dll
2008-10-03 10:56 . 2008-10-03 10:56 495616 ----a-w- c:\program files (x86)\ModelConverter.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-02_13.29.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 02:53 . 2012-03-02 20:03 97910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-02 20:03 27916 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-23 02:11 . 2012-03-02 20:03 22540 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1399964892-3006388939-483463863-1000_UserData.bin
+ 2009-10-13 03:16 . 2009-02-26 16:42 66440 c:\windows\system32\spool\drivers\x64\msonpui.dll
+ 2009-12-17 02:07 . 2012-03-02 13:32 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 02:07 . 2012-03-02 13:12 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 02:07 . 2012-03-02 13:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 02:07 . 2012-03-02 13:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 13:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-02 13:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-14 11:49 . 2011-12-14 11:49 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-03-02 14:38 . 2012-03-02 14:38 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-13 03:16 . 2012-03-02 14:40 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-13 03:16 . 2012-03-02 14:40 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-10-13 03:16 . 2012-03-02 14:40 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-03-02 14:41 . 2012-03-02 14:41 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-14 11:49 . 2011-12-14 11:49 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-02-26 02:06 . 2009-02-26 02:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 02:06 . 2009-02-26 02:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-26 02:09 . 2009-02-26 02:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 07:43 . 2009-02-26 07:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 06:45 . 2009-02-26 06:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 05:24 . 2009-02-26 05:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 05:24 . 2009-02-26 05:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-04-02 19:01 . 2009-04-02 19:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
+ 2009-04-04 01:46 . 2009-04-04 01:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 02:09 . 2009-02-26 02:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 07:43 . 2009-02-26 07:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 06:45 . 2009-02-26 06:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2011-05-31 05:31 . 2011-05-31 05:31 32128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VPREVIEW.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2011-07-19 18:17 . 2011-07-19 18:17 33152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SETLANG.EXE
+ 2011-07-26 17:53 . 2011-07-26 17:53 39464 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\REFIEBAR.DLL
+ 2009-02-26 08:21 . 2009-02-26 08:21 38224 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\REFEDIT.DLL
+ 2009-02-26 01:09 . 2009-02-26 01:09 43352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OUTLRPC.DLL
+ 2011-07-26 18:17 . 2011-07-26 18:17 22432 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISCTRL.DLL
+ 2011-07-26 18:25 . 2011-07-26 18:25 53728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OFFRHD.DLL
+ 2011-07-26 17:53 . 2011-07-26 17:53 64872 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\NAME.DLL
+ 2009-02-26 06:07 . 2009-02-26 06:07 67440 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOHTMED.EXE
+ 2009-02-26 06:07 . 2009-02-26 06:07 75120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOHEV.DLL
+ 2009-02-26 08:21 . 2009-02-26 08:21 25968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOEURO.DLL
+ 2011-07-26 17:34 . 2011-07-26 17:34 13712 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOCFU.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-02-26 01:09 . 2009-02-26 01:09 20352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MLSHEXT.DLL
+ 2011-05-31 05:26 . 2011-05-31 05:26 88448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\METCONV.DLL
+ 2011-07-27 06:49 . 2011-07-27 06:49 56696 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\EXP_XPS.DLL
+ 2011-07-27 06:49 . 2011-07-27 06:49 95608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\EXP_PDF.DLL
+ 2009-02-26 06:07 . 2009-02-26 06:07 53120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\AUTHZAX.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 55168 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACERCLR.DLL
+ 2009-02-26 00:18 . 2009-02-26 00:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODTXT.DLL
+ 2009-02-26 00:18 . 2009-02-26 00:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODPDX.DLL
+ 2009-02-26 00:18 . 2009-02-26 00:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODEXL.DLL
+ 2009-02-26 00:18 . 2009-02-26 00:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODDBS.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 47024 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEERR.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 55240 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECNFLT.EXE
+ 2010-01-23 22:42 . 2010-01-23 22:42 35648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OLCTLPIA.DLL
+ 2009-04-02 19:01 . 2009-04-02 19:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
+ 2009-04-04 01:46 . 2009-04-04 01:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
+ 2009-03-06 09:48 . 2009-03-06 09:48 55152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 07:43 . 2009-02-26 07:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 06:45 . 2009-02-26 06:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 02:06 . 2009-02-26 02:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 02:06 . 2009-02-26 02:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-03-02 14:39 . 2012-03-02 14:39 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
- 2009-10-13 03:17 . 2009-10-13 03:17 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-02 14:39 . 2012-03-02 14:39 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-02 14:40 . 2012-03-02 14:40 34696 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2010-01-25 10:50 . 2012-03-02 13:41 5662 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-02 22:55 . 2012-03-02 22:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-02 13:27 . 2012-03-02 13:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-02 22:55 . 2012-03-02 22:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-02 13:27 . 2012-03-02 13:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-03-02 22:55 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-02 13:27 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-13 03:16 . 2009-02-26 16:42 863128 c:\windows\system32\spool\drivers\x64\msonpdrv.dll
- 2009-07-14 05:01 . 2012-03-02 13:26 785812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-02 22:54 785812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-10-13 03:16 . 2012-03-02 14:40 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-13 03:16 . 2012-03-02 14:40 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-13 03:16 . 2012-03-02 14:40 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-13 03:16 . 2012-03-02 14:40 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-13 03:16 . 2009-10-13 03:16 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-03-02 14:38 . 2012-03-02 14:38 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2007-06-08 02:51 . 2007-06-08 02:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 13:27 . 2008-03-19 13:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2009-02-26 06:45 . 2009-02-26 06:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2011-09-15 09:41 . 2011-09-15 09:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2007-06-07 08:51 . 2007-06-07 08:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2011-07-26 17:58 . 2011-07-26 17:58 439160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SETUP.EXE
+ 2011-07-26 17:54 . 2011-07-26 17:54 503184 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SELFCERT.EXE
+ 2011-05-26 10:13 . 2011-05-26 10:13 368520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\PPSLAX.DLL
+ 2011-07-26 17:36 . 2011-07-26 17:36 481640 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\PORTCONN.DLL
+ 2007-06-08 02:51 . 2007-06-08 02:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2011-07-26 18:17 . 2011-07-26 18:17 284560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISGRAPH.DLL
+ 2011-07-26 18:16 . 2011-07-26 18:16 997768 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISAPP.DLL
+ 2011-07-26 18:16 . 2011-07-26 18:16 273792 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OIS.EXE
+ 2008-03-19 13:27 . 2008-03-19 13:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2009-02-26 04:24 . 2009-02-26 04:24 231864 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ODEPLOY.EXE
+ 2011-07-19 18:22 . 2011-07-19 18:22 538968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORES.DLL
+ 2011-07-19 18:22 . 2011-07-19 18:22 144728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORE.EXE
+ 2011-07-19 18:22 . 2011-07-19 18:22 832360 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORDB.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2009-02-25 11:02 . 2009-02-25 11:02 504176 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSSOAP30.DLL
+ 2011-07-26 19:10 . 2011-07-26 19:10 670560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSQRY32.EXE
+ 2011-05-31 06:19 . 2011-05-31 06:19 732000 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSPROOF6.DLL
+ 2009-02-25 10:46 . 2009-02-25 10:46 435568 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSORUN.DLL
+ 2011-07-26 17:53 . 2011-07-26 17:53 427856 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSODCW.DLL
+ 2011-07-26 17:34 . 2011-07-26 17:34 160632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOCF.DLL
+ 2011-06-22 22:54 . 2011-06-22 22:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2011-07-19 18:22 . 2011-07-19 18:22 828264 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MEDCAT.DLL
+ 2011-07-27 06:49 . 2011-07-27 06:49 177536 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IETAG.DLL
+ 2009-02-26 04:24 . 2009-02-26 04:24 970128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FPWEC.DLL
+ 2009-02-26 01:09 . 2009-02-26 01:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2011-07-26 18:13 . 2011-07-26 18:13 434080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\DWTRIG20.EXE
+ 2011-07-26 17:53 . 2011-07-26 17:53 105872 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\DSSM.EXE
+ 2011-07-26 17:53 . 2011-07-26 17:53 188800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CONTACTPICKER.DLL
+ 2011-07-26 19:13 . 2011-07-26 19:13 204664 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CLVIEW.EXE
+ 2011-07-26 19:20 . 2011-07-26 19:20 400216 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CDLMSO.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 370608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEXBE.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 223152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACETXT.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 550840 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEREP.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 288688 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACER3X.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 255920 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACER2X.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 391096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEPDE.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 378808 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEOLEDB.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 278912 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODBC.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 206776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACELTS.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 632752 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEEXCL.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 337848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEEXCH.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 186304 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEES.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 571320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEDAO.DLL
+ 2011-07-26 17:41 . 2011-07-26 17:41 763848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECNF.DLL
+ 2006-10-27 04:35 . 2006-10-27 04:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2009-02-26 06:45 . 2009-02-26 06:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2012-03-02 14:39 . 2012-03-02 14:39 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2009-10-13 03:17 . 2009-10-13 03:17 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-02 14:39 . 2012-03-02 14:39 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2011-07-06 15:28 . 2011-07-06 15:28 1193320 c:\windows\SysWOW64\FM20.DLL
+ 2009-07-14 04:54 . 2012-03-02 22:55 2867200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-02 13:27 2867200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 22:55 7733248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-02 13:27 7733248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-23 03:19 . 2012-03-02 22:30 1217996 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-09-15 07:40 . 2011-09-15 07:40 7959552 c:\windows\Installer\339302.msp
+ 2011-09-15 07:34 . 2011-09-15 07:34 8499712 c:\windows\Installer\3392e1.msp
+ 2011-09-15 07:35 . 2011-09-15 07:35 1411072 c:\windows\Installer\339036.msp
+ 2009-10-13 03:16 . 2012-03-02 14:40 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-10-13 03:16 . 2011-12-14 11:49 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-23 22:42 . 2012-02-29 22:57 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-01-23 22:42 . 2012-03-02 14:41 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-09 13:10 . 2009-10-09 13:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-06 15:58 . 2011-07-06 15:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-02 13:14 . 2011-08-02 13:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2006-10-27 03:25 . 2006-10-27 03:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2011-08-16 22:49 . 2011-08-16 22:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-19 21:12 . 2011-07-19 21:12 3750776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VVIEWER.DLL
+ 2011-06-28 20:02 . 2011-06-28 20:02 1846656 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VVIEWDWG.DLL
+ 2009-10-09 13:10 . 2009-10-09 13:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-27 07:15 . 2011-07-27 07:15 2335648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\STSLIST.DLL
+ 2011-07-26 17:59 . 2011-07-26 17:59 6540136 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OSETUP.DLL
+ 2011-07-06 15:58 . 2011-07-06 15:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-07-26 18:51 . 2011-07-26 18:51 7040896 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OFFOWC.DLL
+ 2011-08-02 13:14 . 2011-08-02 13:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2011-07-19 18:31 . 2011-07-19 18:31 1523632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\NLSD0000.DLL
+ 2011-05-26 08:28 . 2011-05-26 08:28 6637952 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSORES.DLL
+ 2011-07-26 18:09 . 2011-07-26 18:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-06-21 21:16 . 2011-06-21 21:16 1681784 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FPSRVUTL.DLL
+ 2011-07-06 15:28 . 2011-07-06 15:28 1193320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FM20.DLL
+ 2011-08-03 07:27 . 2011-08-03 07:27 1415072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECORE.DLL
+ 2011-08-16 22:49 . 2011-08-16 22:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-06 15:58 . 2011-07-06 15:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-02 13:14 . 2011-08-02 13:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-03-02 14:39 . 2012-03-02 14:39 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2010-05-01 00:50 . 2012-03-02 13:26 23825260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1399964892-3006388939-483463863-1000-8192.dat
+ 2010-05-01 00:50 . 2012-03-02 22:54 23825260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1399964892-3006388939-483463863-1000-8192.dat
+ 2011-09-15 07:37 . 2011-09-15 07:37 38176256 c:\windows\Installer\33931b.msp
+ 2011-09-15 07:39 . 2011-09-15 07:39 11163136 c:\windows\Installer\3392f8.msp
+ 2011-09-15 07:38 . 2011-09-15 07:38 10838528 c:\windows\Installer\3392ec.msp
+ 2011-09-15 07:37 . 2011-09-15 07:37 16691712 c:\windows\Installer\33903e.msp
+ 2011-09-15 07:37 . 2011-09-15 07:37 34428416 c:\windows\Installer\339037.msp
+ 2011-09-15 07:37 . 2011-09-15 07:37 37148160 c:\windows\Installer\33902a.msp
+ 2011-08-16 23:01 . 2011-08-16 23:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-03 08:53 . 2011-08-03 08:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-09-15 09:42 . 2011-09-15 09:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-16 23:01 . 2011-08-16 23:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-03 08:53 . 2011-08-03 08:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-08-03 08:53 . 2011-08-03 08:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-09-15 07:34 . 2011-09-15 07:34 428804608 c:\windows\Installer\3391a7.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRun2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\RuneScape\prxtbRun2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}]
2011-12-30 19:40 167936 ----a-w- c:\program files (x86)\MyTools\mytools.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRun2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-29 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-09-29 181480]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 64000]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-08 57344]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Control Center"="c:\program files (x86)\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-02-28 443000]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\Alvarado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3 Registration.lnk - c:\users\Alvarado\AppData\Local\Temp\{BCCD338A-0090-41AC-A8AE-D2EDAD60E700}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files (x86)\PrintMaster Platinum 18\Remind.exe [2007-9-9 344064]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-28 942080]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-22 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-09-22 150928]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 21:21]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 21:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-12 23:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"combofix"="c:\combofix\CF3637.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
KMWDFilter
mf
Si3114r5
PSDNServ
PolarUSB
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/au/plugin/DFusionWeb.Installer.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Alvarado\AppData\Roaming\Mozilla\Firefox\Profiles\bq64bscn.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
FF - prefs.js: browser.search.selectedEngine - MyTools
FF - prefs.js: keyword.URL - hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASWLSVC.exe
c:\windows\SysWOW64\ASWL2K.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\ExpressFiles\EFupdater.exe
.
**************************************************************************
.
Completion time: 2012-03-03 10:09:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 23:09
ComboFix2.txt 2012-03-02 13:39
.
Pre-Run: 80,750,993,408 bytes free
Post-Run: 80,587,649,024 bytes free
.
- - End Of File - - 2E650CEF5F872FF719AC76E7F97D7318

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 02 March 2012 - 08:51 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cashkingb

cashkingb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 March 2012 - 08:56 PM

Here's that report.


Update for Microsoft Office 2007 (KB2508958)
1ClickDownload
Acer Arcade Deluxe
Acer Backup Manager
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
ActivePerl 5.10.1 Build 1007
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 4.0
Adobe Reader 9.4.5 MUI
Adobe Shockwave Player 11.5
Advertising Center
Alice Greenfingers
Alpha Project - Demo
Amazonia
Apple Application Support
Apple Software Update
ArcSoft Software Suite
ArmA 2 Free Uninstall
Ask Toolbar
ASUS WLAN Card Utilities/Driver
Audacity 1.3.14 (Unicode)
avast! Free Antivirus
Backup Manager Advance
Battlefield 2™
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
BattlEye (A2Free) Uninstall
Belkin F5D8053 N Wireless USB Adapter
BitTorrent
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BuildAR Pro
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Camera RAW Plug-In for EPSON Creativity Suite
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 2
Co7090LM
CoderTools TotalEdit
Command & Conquer Generals
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Costume Editor 0.2.1
CRI-Squad-Alpha-0.9.3.5
DAEMON Tools Lite
DAEMON Tools Toolbar
Dairy Dash
Dll-Files.com Fixer
Dream Day First Home
Empire Earth II
Epic Generals Version 1.0
Epic Generals Version 1.02 Patch
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200_SX400_TX200_TX400 Manual
ESN Sonar
eSobi v2
ExpressFiles
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.13.21
Farm Frenzy 2
First Class Flurry
FPS Creator Free
FPS Creator Model Pack
FPS Creator Model Pack - 10
FPS Creator Model Pack - 22
FPS Creator Model Pack - 36
Free CD to MP3 Converter
FreeMind
GamezAdmin
Garry's Mod
Global Agenda Live
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Groove Games\Land Of The Dead
Guild Wars
Half-Life 2: Episode Two
Half-Life Dedicated Server Update Tool
Half-Life: Opposing Force Demo
Half-Life: Source
Heroes of Hellas
Hi-Rez Studios Authenticate and Update Service
Hotkey Utility
HyperCam 2
Identity Card
ImagXpress
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Lernout & Hauspie TruVoice American English TTS Engine
Lightning Bolt Studios 'Super Pack"
Livestream Procaster
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.60.1.1000
Merriam Websters Spell Jam
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Moyea FLV Player version: 2.0.2.96
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTools
MyWinLocker
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NodeXL Excel Template
Oblivion
OpenAL
Origin
paw·ned² v1.3
Pivot Stickfigure Animator version 2.2.6
Pivot Stickfigure Toolbar
Portal
PrintMaster Platinum 18
PrintMaster Scrapbook Creator
Project64 1.6
PunkBuster Services
QuickTime
RangeMax Wireless-N USB Adapter WN111v2
RAR Password Cracker 4.12
Real Threat Mod
Realtek High Definition Audio Driver
Reborn Mod V 1.0
RollerCoaster Tycoon 3
RuneScape Launcher 1.1
RuneScape Toolbar
SecondLifeViewer (remove only)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Serif WebPlus X4
Skype Click to Call
Skype™ 5.8
Smrf.NodeXL.ExcelTemplate
Source SDK Base 2006
Source SDK Base 2007
Speakonia
StarCraft II
Starship Troopers
Steam
Stop Motion Animator 1.1.XP
TeamSpeak 3 Client
Terror Lab (Sample)
The Movies™
The Movies™ 1.1 Patch
The Movies™ Demo
The Movies™ Stunts & Effects
Total Immersion D'Fusion Web Plugin
TVUPlayer 2.5.3.1
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WampServer 2.0
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
WinRAR archiver
WN111v2
XBMC
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! SiteBuilder
Zombie Apocalypse for FPS Creator
ZombieMod v0.2

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 02 March 2012 - 09:24 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.5 MUI
Advertising Center
Ask Toolbar
BitTorrent
DAEMON Tools Toolbar
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 02 March 2012 - 09:25 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cashkingb

cashkingb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 03 March 2012 - 12:09 AM

By the way I got rid of bit torrent, daemon tools toolbar,ask toolbar and updated/installed java and adobe.


Here's the malware bytes log and the hijack this one is further down.

I had no problems besides from having to run hijack this in administrator but I followed your instructions and it was fine.

my computer seems to be running fine nothing slow.

MALWAREBYTES LOG
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alvarado :: ALVARADO-PC [administrator]

Protection: Enabled

3/03/2012 4:03:57 PM
mbam-log-2012-03-03 (16-03-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202839
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:02:34 PM, on 3/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\ExpressFiles\EFupdater.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RuneScape - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MyTools - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\MyTools.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = Alvarado\AppData\Local\Temp\{BCCD338A-0090-41AC-A8AE-D2EDAD60E700}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files (x86)\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} (CDFusionActiveXCtl Object) - http://www.weareautobots.com/au/plugin/DFusionWeb.Installer.exe
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Forefront UAG client components) - https://webmail.bupa.com.au/InternalSite/WhlCompMgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ASWLSVC - Unknown owner - C:\Windows\SysWOW64\ASWLSVC.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16257 bytes

Edited by cashkingb, 03 March 2012 - 12:18 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 03 March 2012 - 12:13 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
      O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = Alvarado\AppData\Local\Temp\{BCCD338A-0090-41AC-A8AE-D2EDAD60E700}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
      O4 - Global Startup: Event Reminder.lnk = C:\Program Files (x86)\PrintMaster Platinum 18\Remind.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cashkingb

cashkingb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 03 March 2012 - 12:54 AM

Never mind this I got it to work I'll post the report soon.

Hello Gringo I seem to be having a problem with ESET online scanner.
When I load it up it doesn't load it and there's a icon on the top left side of the screen indicating it didn't load.
I've tried adding both sites to trusted and enabling the controls in the internet options, and running as administrator but none of them worked.

Edited by cashkingb, 03 March 2012 - 12:59 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 03 March 2012 - 01:39 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cashkingb

cashkingb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 03 March 2012 - 04:22 AM

Because I had to download the online scan so it would run in another window i'm not sure if this would effect it but when it finished there was no log but then there was a log in the main folder for it so this might be it.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f94ec8a1d7bf0c4e80746cef36e6ed4c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-03 09:08:15
# local_time=2012-03-03 08:08:15 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 60593985 60593985 0 0
# compatibility_mode=5893 16776573 100 94 0 82390514 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=538215
# found=0
# cleaned=0
# scan_time=8631
ESETSmartInstaller@High as downloader log:
all ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users