Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q


  • This topic is locked This topic is locked
14 replies to this topic

#1 sebamobile

sebamobile

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 19 March 2012 - 03:50 PM

After start the laptop, (hidden) host.exe is consuming a lot of resources until crash. I can see and kill it with procesexplorer from Sysinternals.
I can't activate Windows Firewall, Malwarebytes show an error at coomputer start up and more...

When I start GMER it shows an error, it is attached.



Here the logs of DDS and GMER:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by sebastian at 16:41:18 on 2012-03-19
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.54.1033.18.2925.1107 [GMT -3:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\KTS\daemon.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\WireLessDesigner\WS_Bin\WSServerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\WireLessDesigner\WS_Bin_V4\WSServerSvcV4.exe
C:\Program Files\WireLessDesigner\WS_Bin\WSStarterSvc.exe
C:\Program Files\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\sebastian\AppData\Roaming\DEDD03\DEDD03.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\sebastian\cvquksm6th.exe
C:\Users\sebastian\AppData\Roaming\regsrv64.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=101810&l=dis
uInternet Settings,ProxyOverride = 127.0.0.1:9421
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [Akamai NetSession Interface] "c:\users\sebastian\appdata\local\akamai\netsession_win.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [CADECB6E12FC] c:\users\sebastian\appdata\roaming\cadecb6e12fc\CADECB6E12FC.exe
uRun: [DEDD03] c:\users\sebastian\appdata\roaming\dedd03\DEDD03.exe
uRun: [cvquksm6th] c:\users\sebastian\cvquksm6th.exe
uRun: [Facebook Update] "c:\users\sebastian\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Microsoft DLL Registration] c:\users\sebastian\appdata\roaming\regsrv64.exe
uRun: [AdobeBridge]
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CnxDslTaskBar] "CnxDslTb.exe" "Conexant\AccessRunner ADSL"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CADECB6E12FC] c:\users\sebastian\appdata\roaming\cadecb6e12fc\CADECB6E12FC.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DEDD03] c:\users\sebastian\appdata\roaming\dedd03\DEDD03.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Regedit32] c:\windows\system32\regedit.exe
StartupFolder: c:\users\sebastian\appdata\roaming\microsoft\windows\start menu\programs\startup\CADECB6E12FC.exe
StartupFolder: c:\users\sebastian\appdata\roaming\microsoft\windows\start menu\programs\startup\DEDD03.exe
StartupFolder: c:\users\sebast~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{2b81872b-a054-48da-be3b-fa5c164c303a}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\srspre~1.lnk - c:\windows\installer\{e5cf6b9c-3abe-43c9-9413-ad5ffc98f049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 200.69.193.1 200.69.193.2
TCP: Interfaces\{B54A018C-2919-4F35-A715-1EDDF3545B6F} : DhcpNameServer = 200.69.193.1 200.69.193.2
TCP: Interfaces\{F7C516CD-44F7-48C0-80DB-40A6812CEB5A} : DhcpNameServer = 200.69.193.1 200.69.193.2
TCP: Interfaces\{F7C516CD-44F7-48C0-80DB-40A6812CEB5A}\130313269637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7C516CD-44F7-48C0-80DB-40A6812CEB5A}\35075656469775966496 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7C516CD-44F7-48C0-80DB-40A6812CEB5A}\641627D6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F7C516CD-44F7-48C0-80DB-40A6812CEB5A}\759464948424 : DhcpNameServer = 192.168.5.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sebastian\appdata\roaming\mozilla\firefox\profiles\up878yan.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.entrepreneur.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sebastian\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\sebastian\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2011-1-27 20040]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-12-22 303744]
R2 KpyM Telnet SSH Server v1.19c;KpyM Telnet SSH Server v1.19c;c:\program files\kts\daemon.exe [2011-7-27 369664]
R2 msftesql$WASPDBEXPRESS;SQL Server FullText Search (WASPDBEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$WASPDBEXPRESS;SQL Server (WASPDBEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2010-12-21 1997416]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2011-5-12 2025336]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-12-21 2314240]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-5-20 539184]
R2 WireLessTelNetProxyServer;WireLessTelNetProxyServer;c:\program files\wirelesstelnet\wirelesstelnetproxyserver\WireLessTelNetProxyServer.exe [2010-6-22 516096]
R2 WSServerSvc;WireLess Studio Server Service NT;c:\program files\wirelessdesigner\ws_bin\WSServerSvc.exe [2006-3-23 86016]
R2 WSServerSvcV4;WireLess Studio Server service V4;c:\program files\wirelessdesigner\ws_bin_v4\WSServerSvcV4.exe [2009-4-13 155648]
R2 WSStarterSvc;WireLess Studio Starter Server Service NT;c:\program files\wirelessdesigner\ws_bin\WSStarterSvc.exe [2006-3-23 24576]
R2 WSStarterSvcV4;WireLess Studio Starter Server Service V4;c:\program files\wirelessdesigner\ws_bin_v4\WSStarterSvcV4.exe [2008-1-17 40960]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-12-21 109960]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-12-21 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-12-21 232960]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-12-21 119408]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2010-12-21 98928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-3 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-12 652360]
S2 mcafeeframework;Evteng;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 SpnAgent;Spn Agent Service by SofToGo;c:\softogo\spn\agent\spnagent.exe --> c:\softogo\spn\agent\SpnAgent.exe [?]
S2 Wavelink Client License Server;Wavelink Client License Server;c:\program files\wavelink\licenseserver\LicenseServer.exe [2009-9-25 319488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2011-6-13 130560]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2011-6-13 614016]
S3 CnxTgNL;Conexant AccessRunner ADSL LAN Adapter Driver;c:\windows\system32\drivers\CnxTgNL.sys [2011-6-13 47104]
S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-3 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-12 20464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-25 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-27 1343400]
S3 WireLessDeployerAgent;WireLess Deployer Agent;c:\softogo\wirelessdeployer\WireLessDeployerAgent.exe [2010-10-15 303104]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-03-19 19:40:51 607260 ------r- C:\dds.scr
2012-03-19 18:40:37 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 18:40:37 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-19 12:28:18 -------- d-----w- c:\users\sebastian\appdata\local\{1392EC1C-814E-4DDD-81C8-F67F50BC004E}
2012-03-19 12:26:30 -------- d-----w- c:\users\sebastian\appdata\local\{2B2BABFB-DA72-42EF-992D-D1E7C76F0E83}
2012-03-18 14:17:35 -------- d-----w- c:\users\sebastian\appdata\local\{52F34043-7AEC-45AD-9852-012F5D99A249}
2012-03-18 14:17:23 -------- d-----w- c:\users\sebastian\appdata\local\{99A3516B-A420-4331-931F-00A98C63D965}
2012-03-18 02:17:01 -------- d-----w- c:\users\sebastian\appdata\local\{5F24D9A0-3591-4FA2-BA68-B5AEA238618A}
2012-03-18 02:16:47 -------- d-----w- c:\users\sebastian\appdata\local\{865418E0-F8BA-4809-AAFB-94960D461B23}
2012-03-17 13:51:33 -------- d-----w- c:\users\sebastian\appdata\local\{76A793F7-C22F-4A10-AF71-18CC8394579E}
2012-03-17 13:51:19 -------- d-----w- c:\users\sebastian\appdata\local\{1216C44C-0B9D-4448-9260-298DE9CEDEBB}
2012-03-17 00:52:10 -------- d-----w- c:\users\sebastian\appdata\local\{1569902B-D783-482E-AE49-B994C6CCFD66}
2012-03-16 12:04:53 -------- d-----w- c:\users\sebastian\appdata\local\{5E489B3F-3F77-4D8F-9100-98F4F4D10E1E}
2012-03-16 12:03:39 -------- d-----w- c:\users\sebastian\appdata\local\{14882188-9278-40C1-9D6A-2C0EF80D23F3}
2012-03-15 12:41:46 -------- d-----w- c:\users\sebastian\appdata\local\{DD6B5A93-EDF5-4DD9-8236-7FB00EADB045}
2012-03-15 12:41:03 -------- d-----w- c:\users\sebastian\appdata\local\{331687C4-F001-4BF1-AEAB-76DFC6A8893E}
2012-03-15 00:40:40 -------- d-----w- c:\users\sebastian\appdata\local\{59BF58C5-AAA3-420F-B85C-C5799129C729}
2012-03-15 00:40:15 -------- d-----w- c:\users\sebastian\appdata\local\{E4555913-9A14-4898-BE81-86A4577F7AAD}
2012-03-14 12:35:36 -------- d-----w- c:\users\sebastian\appdata\local\{C717DD29-B92F-4054-841F-AA6577D068B6}
2012-03-14 12:34:22 -------- d-----w- c:\users\sebastian\appdata\local\{7CB6EE0C-0652-416D-A219-BE1E92357E5C}
2012-03-13 19:28:48 -------- d-----w- c:\windows\system32\BestPractices
2012-03-13 19:28:45 -------- d-----w- C:\inetpub
2012-03-13 13:54:32 -------- d-----w- c:\users\sebastian\appdata\local\{47076C78-E67D-4222-BC7E-AFB5A8F4CC8F}
2012-03-13 01:54:17 -------- d-----w- c:\users\sebastian\appdata\local\{417F4FF1-4311-46A1-9642-A2260B12AE41}
2012-03-13 01:54:06 -------- d-----w- c:\users\sebastian\appdata\local\{19C4AC68-0D10-4906-8E2F-4652C933140E}
2012-03-09 12:30:46 -------- d-----w- c:\users\sebastian\appdata\local\{B2FA199E-9B20-4DF6-A42B-9D29E6BDB5B9}
2012-03-09 12:29:16 -------- d-----w- c:\users\sebastian\appdata\local\{2C07004E-AE26-433B-B656-A1E73B812280}
2012-03-08 14:44:40 -------- d-----w- c:\users\sebastian\appdata\local\{CE56D4EC-2998-4BA8-9D34-684500D97A74}
2012-03-08 14:42:22 -------- d-----w- c:\users\sebastian\appdata\local\{01246199-73B9-4267-9FDD-4EC51614A655}
2012-03-08 02:42:00 -------- d-----w- c:\users\sebastian\appdata\local\{B5BE9F4C-EBBC-483D-A4D5-E7920343A344}
2012-03-08 02:41:48 -------- d-----w- c:\users\sebastian\appdata\local\{DC1B96B7-9B69-498C-AA35-0B6753FB29F4}
2012-03-07 20:30:13 -------- d-----w- c:\users\sebastian\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-07 14:26:30 -------- d-----w- c:\users\sebastian\appdata\local\{27032521-FC3E-421F-AF72-14D154D87D62}
2012-03-07 14:25:46 -------- d-----w- c:\users\sebastian\appdata\local\{F9F8CA49-8D78-422F-88A4-E89BD56026BA}
2012-03-07 02:25:22 -------- d-----w- c:\users\sebastian\appdata\local\{2738DED6-FF10-43D3-B674-FC62B7C02548}
2012-03-06 12:05:08 -------- d-----w- c:\users\sebastian\appdata\local\{38B12F4D-65EF-434E-935E-06C9C81D93A9}
2012-03-06 12:04:24 -------- d-----w- c:\users\sebastian\appdata\local\{70269D2D-5E6A-44D0-926F-0EF2E47E3192}
2012-03-05 12:21:57 -------- d-----w- c:\users\sebastian\appdata\local\{B751A476-E475-4ABD-8DD4-26A4058351D0}
2012-03-05 12:19:56 -------- d-----w- c:\users\sebastian\appdata\local\{4BB759CC-51AB-4CBC-B8D7-85A093AE6D03}
2012-03-04 16:55:47 -------- d-----w- c:\users\sebastian\appdata\local\{125372F4-0BD9-4920-86CB-0AE522C4C12E}
2012-03-04 16:55:35 -------- d-----w- c:\users\sebastian\appdata\local\{38FF46C9-EE79-4DBA-B262-0ABDB5091E24}
2012-03-03 15:34:18 -------- d-----w- c:\users\sebastian\appdata\local\{E91BA566-30D6-41A8-A5F8-E4A010AEDE9D}
2012-03-03 15:34:07 -------- d-----w- c:\users\sebastian\appdata\local\{3D4569AE-87C0-40B5-B682-10E069117EF6}
2012-03-03 02:50:09 -------- d-----w- c:\users\sebastian\appdata\local\{EEF77D59-ED2E-4AE3-8A91-9800F4B506B8}
2012-03-03 02:49:20 -------- d-----w- c:\users\sebastian\appdata\local\{78ECFF42-09EB-444B-98A7-23405A0D5849}
2012-03-02 12:37:47 -------- d-----w- c:\users\sebastian\appdata\local\{7210CFBD-55E2-44D5-A016-6DEAF14AC1C0}
2012-03-02 12:37:05 -------- d-----w- c:\users\sebastian\appdata\local\{D714F6CE-7FA0-4A06-856B-F4E956A02F91}
2012-02-29 16:11:17 -------- d-----w- c:\users\sebastian\appdata\local\{39B25593-8D45-46AD-A11A-DE56E3EA97B4}
2012-02-29 15:47:21 -------- d-----w- c:\users\sebastian\appdata\local\{78A11BF9-CB1F-4C41-AE10-661FF2345539}
2012-02-29 15:33:10 -------- d-----w- c:\users\sebastian\appdata\local\{22110E4F-0B9F-48EB-8097-8629503B4289}
2012-02-29 14:32:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-29 13:32:57 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-29 03:15:32 -------- d-----w- c:\program files\CCleaner
2012-02-29 02:50:30 -------- d-----w- c:\users\sebastian\appdata\local\{DFD4ADB3-0CC8-4579-97F7-7791249CB45F}
2012-02-29 02:50:18 -------- d-----w- c:\users\sebastian\appdata\local\{ADD55935-3BAC-4DF4-80BA-2D6B5F0AC5DC}
2012-02-28 19:25:47 22528 ----a-w- c:\users\sebastian\appdata\roaming\regsrv64.exe
2012-02-28 12:32:04 -------- d-----w- c:\users\sebastian\appdata\local\{E56BC1AB-6A10-449D-8654-C0F837B14F3D}
2012-02-28 12:31:18 -------- d-----w- c:\users\sebastian\appdata\local\{12C7D967-3D5F-4241-8F23-E71EE70C5D86}
2012-02-28 01:23:31 -------- d-----w- c:\users\sebastian\appdata\local\Facebook
2012-02-27 19:03:38 -------- d-----w- c:\users\sebastian\appdata\local\{BD7846AE-E9AB-47C9-9A45-2BACFD81740F}
2012-02-27 19:03:26 -------- d-----w- c:\users\sebastian\appdata\local\{8250718E-9E30-4C5D-A746-DE50107BAEED}
2012-02-27 02:38:54 -------- d-----w- c:\users\sebastian\appdata\local\{4580A1C8-4BF5-4020-9D2C-0E5AECF94A53}
2012-02-27 02:38:41 -------- d-----w- c:\users\sebastian\appdata\local\{0038B31E-9FE8-4AB1-973E-F771CDCEB00B}
2012-02-26 14:38:26 -------- d-----w- c:\users\sebastian\appdata\local\{82856DDB-8AE8-41D5-A210-7839A080B534}
2012-02-26 14:38:15 -------- d-----w- c:\users\sebastian\appdata\local\{8B14C1E9-88E7-4351-A758-4DECC17B0C4F}
2012-02-26 02:27:50 -------- d-----w- c:\users\sebastian\appdata\local\{6F553B70-DAA9-4A3E-9881-D56407D5F363}
2012-02-26 02:27:36 -------- d-----w- c:\users\sebastian\appdata\local\{70FC9ECA-1D77-434B-AE65-830AFD57E633}
2012-02-25 05:33:53 -------- d-----w- c:\users\sebastian\appdata\local\{117D5015-9B47-486C-AA98-CA6A6E3F3E7D}
2012-02-25 05:33:00 -------- d-----w- c:\users\sebastian\appdata\local\{A8DA0DB8-D0ED-43D9-B6E6-3C43961BD937}
2012-02-24 12:48:23 -------- d-----w- c:\users\sebastian\appdata\local\{3BE72702-7D4C-4109-ADF5-F4F3FFC4B035}
2012-02-24 12:47:39 -------- d-----w- c:\users\sebastian\appdata\local\{327AA078-628B-48D5-B84F-CFA606553ECC}
2012-02-23 15:22:42 -------- d-----w- c:\users\sebastian\appdata\local\{AF794495-40A2-4F49-A41E-14AF6DC527B2}
2012-02-23 15:21:59 -------- d-----w- c:\users\sebastian\appdata\local\{BB33CA7E-05BB-47A6-A190-A4DB1DEB4540}
2012-02-19 17:25:14 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-19 16:23:04 -------- d-----w- c:\users\sebastian\appdata\local\{8B26D506-1F5C-4B85-A48B-B3CCBD519512}
2012-02-19 16:22:53 -------- d-----w- c:\users\sebastian\appdata\local\{701CD295-5863-4E19-98C9-4740BE90766D}
2012-02-19 03:14:06 98816 ----a-w- c:\windows\sed.exe
2012-02-19 03:14:06 518144 ----a-w- c:\windows\SWREG.exe
2012-02-19 03:14:06 256000 ----a-w- c:\windows\PEV.exe
2012-02-19 03:14:06 208896 ----a-w- c:\windows\MBR.exe
2012-02-19 03:10:44 4406994 ------r- C:\sebas.exe
2012-02-19 02:57:20 -------- d-----w- C:\xampp
2012-02-19 02:50:25 -------- d-----w- C:\wamp2
2012-02-19 02:29:53 -------- d-----w- C:\www.wamp.bkp
.
==================== Find3M ====================
.
2012-03-19 18:33:14 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-02-26 05:08:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-18 18:19:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-18 18:17:18 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2011-12-27 04:31:07 25476564 ----a-w- C:\WampServer2.2a-x32.exe
.
============= FINISH: 16:43:54,40 ===============


-------------------------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 22/12/2010 07:10:33 a.m.
System Uptime: 19/03/2012 03:32:12 p.m. (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K52Jc
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz | Socket 989 | 2533/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 5,271 GiB free.
D: is FIXED (FAT32) - 279 GiB total, 136,871 GiB free.
E: is CDROM ()
Z: is NetworkDisk (NTFS) - 201 GiB total, 11,047 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP234: 12/03/2012 12:20:54 a.m. - Scheduled Checkpoint
RP235: 13/03/2012 04:24:41 p.m. - Installed Symphony Web Console
RP236: 13/03/2012 04:28:06 p.m. - Windows Modules Installer
RP237: 13/03/2012 04:31:01 p.m. - Installed Symphony Web Console
RP238: 13/03/2012 04:32:00 p.m. - Windows Modules Installer
RP239: 13/03/2012 04:32:52 p.m. - Installed Symphony Web Console
RP240: 13/03/2012 04:45:54 p.m. - Installed Symphony Web Console
RP241: 13/03/2012 04:50:53 p.m. - Installed Symphony Web Console
RP242: 13/03/2012 04:53:01 p.m. - Installed Symphony Web Console
RP243: 13/03/2012 05:09:30 p.m. - Installed Symphony Web Console
RP244: 13/03/2012 05:11:49 p.m. - Installed Symphony Web Console
RP245: 13/03/2012 05:12:54 p.m. - Installed Symphony Web Console
RP246: 13/03/2012 05:13:53 p.m. - Installed Symphony Web Console
RP247: 16/03/2012 09:33:12 a.m. - Sony PC Companion
RP248: 16/03/2012 11:37:47 a.m. - Removed Corel DESIGNER® Technical Suite 12
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
4500_G510af_Help
4500G510af
4500G510af_Software_Min
Acrobat.com
Adobe AIR
Adobe AIR Settings Manager
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 Plugin
Adobe Illustrator CS5.1
Adobe Photoshop CS
Adobe Reader X (10.1.2) - Español
Adobe Shockwave Player 11.5
Apple Software Update
Ask Toolbar
Assassin's Creed
ASUS AI Recovery
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ATK Package
BufferChm
Business Plan Pro 2007
Cabinet Planner V4.01
Camtasia Studio 7
COD MW2 v1.0
Company of Heroes
Company of Heroes - FAKEMSI
Compresor WinRAR
Conexant HD Audio
Contents
ControlDeck
ConvertXtoDVD 4.0.3.313
Corel Graphics - Windows Shell Extension
Corel VideoStudio Pro X3
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
Crystal Reports Basic Runtime for Visual Studio 2008
CutList Plus 2009
CutMaster 2D Professional 1.3.3.1
D3DX10
Destinations
DeviceDiscovery
DeviceIO
DHTML Editing Component
Digsby
DocMgr
DocProc
DWG TrueView 2012
Easy GIF Animator 5.21
ETDWare PS/2-x86 7.0.5.11_WHQL
Facebook Video Calling 1.1.1.1
Fast Boot
Fax
FileZilla Client 3.5.3
FLV.com FLV PLayer V 1.1
Galería fotográfica de Windows Live
Google Chrome
Google Earth
Google SketchUp Pro 7
Google SketchUp Pro 8
Google Update Helper
GoToMeeting 5.0.0.799
GPBaseService2
Hattrick Organizer (remove only)
High-Definition Video Playback 10
Homeworld
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510a-f
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
ICA
IniEditor Multilingual
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
InventoryControl
iPDA
IPM_VS_Pro
IsoBuster 2.5
Java Auto Updater
Java™ 6 Update 23
JDownloader
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
KpyM Telnet/SSH Server v1.19c
Labeler
Licence_Generator_Deploy
Limbo Full
Macromedia Dreamweaver 8
Macromedia Extension Manager
Mail Bomber
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (WASPDBEXPRESS)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - ESN
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - ESN
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mindjet MindManager 9
MLE
MockFlow Desktop
Mozilla Firefox 11.0 (x86 es-ES)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NB Probe
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Net4Switch
Notepad++
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA Optimus 1.0.11
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update Components
NVIDIA Updatus
OCR Software by I.R.I.S. 13.0
OpenProj
OptiCoupe 5.03a
PandoraRecovery (Remove Only)
PDF-XChange Pro 4.0
PDF Settings CS5
PE Builder 3.1.10a
PolyBoard 2.69b
Pro Evolution Soccer 2009
PureHD
Python 2.6
QuickTime
Revisión para Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SendBlaster 2
Sentinel Protection Installer 7.3.0
Setup
Share
Shop for HP Supplies
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Warlords
Skype Click to Call
Skype™ 5.5
SmartSound Common Data
SmartSound Quicktracks 5
SmartWebPrinting
Solid 4.1
SolutionCenter
SOTI Pocket Controller-Pro
Status
TeamViewer 5
Toolbox
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TrayApp
Unity Web Player
Unlocker 1.8.9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
USB 2.0 VGA UVC WebCam
V-Ray for SketchUp
VIO
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual Basic for Applications ® Core - Spanish
VLC media player 1.1.11
VMware Workstation
VNC 4.0
VSClassic
VSPro
Vuze
WampServer 2.2
Warcraft III
Wavelink Client License Server
Web Forum Reader version 3.0
WebReg
WinCvs 1.3 (Bare)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinFlash
Wireless Console 3
WireLess Deployer Clients
WireLess Deployer Console
WireLess Deployer Remote Control Console
WireLess Designer V5
WireLess Studio WinCE Clients V4
WireLess TelNet WCE VT SSH
WireLess voiXtreme 2 libraries WM (ES Español)
WireLess voiXtreme libraries CE (ES Español)
WireLess voiXtreme libraries Generic WM (ES Español)
WireLess voiXtreme libraries WM (ES Español)
WireLessTelNetProxyServer
ZyXEL ADSL USB Modem
.
==== Event Viewer Messages From Past Week ========
.
19/03/2012 04:23:22 p.m., Error: Service Control Manager [7000] - The lvupdtio service failed to start due to the following error: A device attached to the system is not functioning.
19/03/2012 03:35:07 p.m., Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
19/03/2012 03:35:07 p.m., Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
19/03/2012 03:33:10 p.m., Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
19/03/2012 03:33:06 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DfsC sptd
19/03/2012 03:32:53 p.m., Error: Service Control Manager [7023] - The Mctaskmanager service terminated with the following error: The specified module could not be found.
19/03/2012 03:32:53 p.m., Error: Service Control Manager [7023] - The Evteng service terminated with the following error: The specified module could not be found.
19/03/2012 03:32:53 p.m., Error: Service Control Manager [7023] - The APLMp50 service terminated with the following error: The specified module could not be found.
19/03/2012 03:32:53 p.m., Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
19/03/2012 03:32:53 p.m., Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
19/03/2012 03:32:53 p.m., Error: Service Control Manager [7000] - The Spn Agent Service by SofToGo service failed to start due to the following error: The system cannot find the file specified.
19/03/2012 03:32:34 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume1.
19/03/2012 02:17:00 p.m., Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
17/03/2012 10:51:45 a.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
16/03/2012 11:38:43 a.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy15.
16/03/2012 09:34:49 a.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy14.
15/03/2012 02:01:16 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.
15/03/2012 01:42:54 a.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
13/03/2012 05:14:23 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy16.
13/03/2012 05:09:58 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy13.
13/03/2012 04:53:35 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy12.
13/03/2012 04:51:29 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy11.
13/03/2012 04:46:29 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy10.
13/03/2012 04:33:34 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy9.
13/03/2012 04:32:28 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.
13/03/2012 04:31:37 p.m., Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.
13/03/2012 04:29:22 p.m., Error: Microsoft-Windows-IIS-W3SVC [1004] - The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.
13/03/2012 04:29:22 p.m., Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
12/03/2012 10:49:50 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (WASPDBEXPRESS) service to connect.
12/03/2012 10:49:50 p.m., Error: Service Control Manager [7000] - The SQL Server (WASPDBEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/03/2012 10:49:31 p.m., Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0xd1795000, 0xd1795408, 0x0a810600). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031212-118326-01.
12/03/2012 10:29:21 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================


---------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-19 17:42:00
Windows 6.1.7601 Service Pack 1
Running: fc26762l.exe


---- Processes - GMER 1.0.15 ----

Process explorer.exe (*** hidden *** ) 3572
Process explorer.exe (*** hidden *** ) 4732

---- Services - GMER 1.0.15 ----

Service C:\SystemRoot\System32\Drivers\c5d2dd462033b36b.sys (*** hidden *** ) [BOOT] c5d2dd462033b36b <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 19 March 2012 - 06:01 PM

Hello sebamobile,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 sebamobile

sebamobile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 20 March 2012 - 08:43 AM

Thanks Fireman, I will be waiting!

Regards,
Seba

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 20 March 2012 - 08:10 PM

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 23 March 2012 - 12:57 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 sebamobile

sebamobile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 23 March 2012 - 01:22 PM

Sorry for the delay, I will do it today.
However I have to tell you, I have already run that tools some weeks ago, and they doesn't run.
Combofix just keep runing hours....

I will try again and post results or errors mesages.

Regards,
Seba

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 25 March 2012 - 09:20 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 26 March 2012 - 05:02 PM

This topic has been re-opened at the request of the person who originally posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 sebamobile

sebamobile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 26 March 2012 - 06:33 PM

http://tinypic.com/r/15hg22h/5

14:14:01.0552 6680 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:14:02.0367 6680 ============================================================
14:14:02.0367 6680 Current date / time: 2012/03/26 14:14:02.0367
14:14:02.0367 6680 SystemInfo:
14:14:02.0367 6680
14:14:02.0367 6680 OS Version: 6.1.7601 ServicePack: 1.0
14:14:02.0367 6680 Product type: Workstation
14:14:02.0368 6680 ComputerName: BARBOL
14:14:02.0368 6680 UserName: sebastian
14:14:02.0368 6680 Windows directory: C:\Windows
14:14:02.0368 6680 System windows directory: C:\Windows
14:14:02.0368 6680 Processor architecture: Intel x86
14:14:02.0368 6680 Number of processors: 4
14:14:02.0368 6680 Page size: 0x1000
14:14:02.0368 6680 Boot type: Normal boot
14:14:02.0368 6680 ============================================================
14:14:06.0270 6680 !crdlk
14:14:06.0325 6680 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:14:06.0327 6680 \Device\Harddisk0\DR0:
14:14:06.0329 6680 MBR used
14:14:06.0329 6680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
14:14:06.0329 6680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1749DDC1, BlocksNum 0x22EE6E80
14:14:06.0385 6680 Initialize success
14:14:06.0385 6680 ============================================================
14:14:47.0035 7208 ============================================================
14:14:47.0035 7208 Scan started
14:14:47.0035 7208 Mode: Manual;
14:14:47.0035 7208 ============================================================
14:14:47.0342 7208 .afd - ok
14:14:47.0378 7208 .cdrom - ok
14:14:47.0408 7208 .csc - ok
14:14:47.0608 7208 .netbt - ok
14:14:47.0659 7208 .tdx - ok
14:14:47.0790 7208 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:14:47.0795 7208 1394ohci - ok
14:14:47.0947 7208 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:14:47.0956 7208 ACPI - ok
14:14:48.0101 7208 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:14:48.0112 7208 AcpiPmi - ok
14:14:48.0252 7208 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:14:48.0254 7208 Adobe LM Service - ok
14:14:48.0406 7208 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:14:48.0409 7208 AdobeARMservice - ok
14:14:48.0541 7208 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:14:48.0552 7208 adp94xx - ok
14:14:48.0698 7208 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:14:48.0707 7208 adpahci - ok
14:14:48.0864 7208 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:14:48.0870 7208 adpu320 - ok
14:14:49.0022 7208 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
14:14:49.0029 7208 ADSMService - ok
14:14:49.0155 7208 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:14:49.0167 7208 AeLookupSvc - ok
14:14:49.0276 7208 AFBAgent (7b4c96f1ce7b6336a5c2d30bf4fb1f76) C:\Windows\system32\FBAgent.exe
14:14:49.0330 7208 AFBAgent - ok
14:14:49.0507 7208 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:14:49.0521 7208 AFD - ok
14:14:49.0646 7208 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:14:49.0650 7208 agp440 - ok
14:14:49.0804 7208 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:14:49.0808 7208 aic78xx - ok
14:14:49.0914 7208 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:14:49.0917 7208 ALG - ok
14:14:50.0005 7208 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:14:50.0008 7208 aliide - ok
14:14:50.0094 7208 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:14:50.0099 7208 amdagp - ok
14:14:50.0248 7208 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:14:50.0251 7208 amdide - ok
14:14:50.0350 7208 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:14:50.0354 7208 AmdK8 - ok
14:14:50.0449 7208 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:14:50.0452 7208 AmdPPM - ok
14:14:50.0539 7208 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:14:50.0542 7208 amdsata - ok
14:14:50.0689 7208 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:14:50.0693 7208 amdsbs - ok
14:14:50.0770 7208 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:14:50.0773 7208 amdxata - ok
14:14:50.0973 7208 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
14:14:51.0014 7208 AppHostSvc - ok
14:14:51.0156 7208 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:14:51.0159 7208 AppID - ok
14:14:51.0275 7208 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:14:51.0279 7208 AppIDSvc - ok
14:14:51.0360 7208 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
14:14:51.0364 7208 Appinfo - ok
14:14:51.0464 7208 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
14:14:51.0470 7208 AppMgmt - ok
14:14:51.0564 7208 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:14:51.0567 7208 arc - ok
14:14:51.0695 7208 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:14:51.0698 7208 arcsas - ok
14:14:51.0804 7208 AsDsm (104db777372411c55850c4a2ae6877ef) C:\Windows\system32\drivers\AsDsm.sys
14:14:51.0806 7208 AsDsm - ok
14:14:51.0921 7208 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:14:51.0926 7208 ASLDRService - ok
14:14:52.0002 7208 ASMMAP (b9fdfa552eba5b4bf377f7ccec9b8bc7) C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
14:14:52.0005 7208 ASMMAP - ok
14:14:52.0228 7208 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:14:52.0263 7208 aspnet_state - ok
14:14:52.0412 7208 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:14:52.0414 7208 AsyncMac - ok
14:14:52.0510 7208 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:14:52.0513 7208 atapi - ok
14:14:52.0633 7208 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys
14:14:52.0674 7208 athr - ok
14:14:52.0786 7208 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:14:52.0790 7208 ATKGFNEXSrv - ok
14:14:52.0935 7208 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:14:52.0948 7208 AudioEndpointBuilder - ok
14:14:52.0999 7208 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:14:53.0003 7208 Audiosrv - ok
14:14:53.0154 7208 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
14:14:53.0158 7208 AxInstSV - ok
14:14:53.0235 7208 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:14:53.0243 7208 b06bdrv - ok
14:14:53.0297 7208 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:14:53.0302 7208 b57nd60x - ok
14:14:53.0414 7208 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:14:53.0418 7208 BDESVC - ok
14:14:53.0491 7208 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:14:53.0493 7208 Beep - ok
14:14:53.0592 7208 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
14:14:53.0658 7208 BITS - ok
14:14:53.0823 7208 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:53.0826 7208 blbdrive - ok
14:14:53.0981 7208 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:14:53.0985 7208 bowser - ok
14:14:54.0063 7208 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:14:54.0066 7208 BrFiltLo - ok
14:14:54.0133 7208 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:14:54.0135 7208 BrFiltUp - ok
14:14:54.0196 7208 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:14:54.0200 7208 BridgeMP - ok
14:14:54.0302 7208 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
14:14:54.0306 7208 Browser - ok
14:14:54.0387 7208 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:14:54.0395 7208 Brserid - ok
14:14:54.0520 7208 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:54.0524 7208 BrSerWdm - ok
14:14:54.0606 7208 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:54.0608 7208 BrUsbMdm - ok
14:14:54.0650 7208 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:54.0652 7208 BrUsbSer - ok
14:14:54.0690 7208 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:14:54.0692 7208 BTHMODEM - ok
14:14:54.0791 7208 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:14:54.0795 7208 bthserv - ok
14:14:54.0817 7208 Suspicious service (NoAccess): c5d2dd462033b36b
14:14:54.0885 7208 c5d2dd462033b36b (9024665f8f9fe5152724fca5b65bf6f5) C:\Windows\System32\Drivers\c5d2dd462033b36b.sys
14:14:54.0886 7208 Suspicious file (NoAccess): C:\Windows\System32\Drivers\c5d2dd462033b36b.sys. md5: 9024665f8f9fe5152724fca5b65bf6f5
14:14:54.0924 7208 c5d2dd462033b36b ( LockedService.Multi.Generic ) - warning
14:14:54.0926 7208 c5d2dd462033b36b - detected LockedService.Multi.Generic (1)
14:14:55.0064 7208 catchme - ok
14:14:55.0193 7208 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:14:55.0197 7208 cdfs - ok
14:14:55.0294 7208 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
14:14:55.0298 7208 cdrom - ok
14:14:55.0392 7208 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:14:55.0395 7208 CertPropSvc - ok
14:14:55.0483 7208 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:14:55.0487 7208 circlass - ok
14:14:55.0611 7208 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:14:55.0619 7208 CLFS - ok
14:14:55.0737 7208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:55.0807 7208 clr_optimization_v2.0.50727_32 - ok
14:14:55.0994 7208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:56.0127 7208 clr_optimization_v4.0.30319_32 - ok
14:14:56.0254 7208 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:14:56.0257 7208 CmBatt - ok
14:14:56.0335 7208 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:14:56.0338 7208 cmdide - ok
14:14:56.0430 7208 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:14:56.0439 7208 CNG - ok
14:14:56.0517 7208 CnxEtP (bfdf22287e4fc3fbd08cae9d783331d8) C:\Windows\system32\DRIVERS\CnxEtP.sys
14:14:56.0521 7208 CnxEtP - ok
14:14:56.0593 7208 CnxEtU (1e71eed6784708c30cfee36c5439dc62) C:\Windows\system32\DRIVERS\CnxEtU.sys
14:14:56.0614 7208 CnxEtU - ok
14:14:56.0779 7208 CnxTgNL (a4129ec2b33dd619d5bee95549bb570e) C:\Windows\system32\DRIVERS\CnxTgNL.sys
14:14:56.0782 7208 CnxTgNL - ok
14:14:56.0885 7208 CnxtHdAudService (38b2b74dd1515cf70e8e33ab3a16ca07) C:\Windows\system32\drivers\CHDRT32.sys
14:14:56.0908 7208 CnxtHdAudService - ok
14:14:57.0037 7208 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:14:57.0040 7208 Compbatt - ok
14:14:57.0184 7208 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:14:57.0187 7208 CompositeBus - ok
14:14:57.0247 7208 COMSysApp - ok
14:14:57.0353 7208 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:14:57.0355 7208 crcdisk - ok
14:14:57.0476 7208 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
14:14:57.0481 7208 CryptSvc - ok
14:14:57.0586 7208 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:14:57.0595 7208 CSC - ok
14:14:57.0716 7208 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
14:14:57.0744 7208 CscService - ok
14:14:57.0924 7208 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:14:57.0954 7208 DcomLaunch - ok
14:14:58.0024 7208 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:14:58.0033 7208 defragsvc - ok
14:14:58.0117 7208 DfsC (431633f898d3b4136835d42d10dd71c7) C:\Windows\system32\Drivers\dfsc.sys
14:14:58.0120 7208 DfsC ( Virus.Win32.ZAccess.g ) - infected
14:14:58.0120 7208 DfsC - detected Virus.Win32.ZAccess.g (0)
14:14:58.0193 7208 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
14:14:58.0202 7208 Dhcp - ok
14:14:58.0260 7208 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:14:58.0263 7208 discache - ok
14:14:58.0335 7208 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:14:58.0339 7208 Disk - ok
14:14:58.0442 7208 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
14:14:58.0448 7208 Dnscache - ok
14:14:58.0531 7208 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
14:14:58.0539 7208 dot3svc - ok
14:14:58.0625 7208 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
14:14:58.0629 7208 Dot4 - ok
14:14:58.0787 7208 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:14:58.0790 7208 Dot4Print - ok
14:14:58.0878 7208 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
14:14:58.0881 7208 dot4usb - ok
14:14:58.0995 7208 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
14:14:59.0003 7208 DPS - ok
14:14:59.0123 7208 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:14:59.0147 7208 drmkaud - ok
14:14:59.0329 7208 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:14:59.0364 7208 DXGKrnl - ok
14:14:59.0498 7208 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:14:59.0503 7208 EapHost - ok
14:14:59.0699 7208 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:14:59.0797 7208 ebdrv - ok
14:14:59.0887 7208 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
14:14:59.0893 7208 EFS - ok
14:15:00.0008 7208 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
14:15:00.0059 7208 ehRecvr - ok
14:15:00.0135 7208 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:15:00.0139 7208 ehSched - ok
14:15:00.0293 7208 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:15:00.0302 7208 elxstor - ok
14:15:00.0403 7208 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:15:00.0405 7208 ErrDev - ok
14:15:00.0561 7208 ETD (7c87df14552a5e0270dbd906baff85fb) C:\Windows\system32\DRIVERS\ETD.sys
14:15:00.0565 7208 ETD - ok
14:15:00.0720 7208 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:15:00.0730 7208 EventSystem - ok
14:15:00.0857 7208 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:15:00.0862 7208 exfat - ok
14:15:00.0998 7208 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:15:01.0004 7208 fastfat - ok
14:15:01.0108 7208 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
14:15:01.0131 7208 Fax - ok
14:15:01.0207 7208 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:15:01.0209 7208 fdc - ok
14:15:01.0282 7208 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:15:01.0286 7208 fdPHost - ok
14:15:01.0343 7208 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:15:01.0349 7208 FDResPub - ok
14:15:01.0421 7208 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:15:01.0425 7208 FileInfo - ok
14:15:01.0480 7208 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:15:01.0484 7208 Filetrace - ok
14:15:01.0532 7208 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:15:01.0535 7208 flpydisk - ok
14:15:01.0598 7208 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:15:01.0602 7208 FltMgr - ok
14:15:01.0713 7208 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
14:15:01.0747 7208 FontCache - ok
14:15:01.0865 7208 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:15:01.0868 7208 FontCache3.0.0.0 - ok
14:15:01.0970 7208 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:15:01.0974 7208 FsDepends - ok
14:15:02.0145 7208 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:15:02.0148 7208 Fs_Rec - ok
14:15:02.0258 7208 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:15:02.0265 7208 fvevol - ok
14:15:02.0376 7208 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:15:02.0380 7208 gagp30kx - ok
14:15:02.0533 7208 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
14:15:02.0538 7208 ghaio - ok
14:15:02.0701 7208 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
14:15:02.0735 7208 gpsvc - ok
14:15:02.0879 7208 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:15:02.0890 7208 gupdate - ok
14:15:03.0021 7208 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:15:03.0024 7208 gupdatem - ok
14:15:03.0143 7208 hcmon (fef4c8cb7412c644c36074cd7596df2a) C:\Windows\system32\drivers\hcmon.sys
14:15:03.0147 7208 hcmon - ok
14:15:03.0211 7208 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:15:03.0215 7208 hcw85cir - ok
14:15:03.0346 7208 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:15:03.0357 7208 HdAudAddService - ok
14:15:03.0543 7208 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:15:03.0548 7208 HDAudBus - ok
14:15:03.0692 7208 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
14:15:03.0696 7208 HECI - ok
14:15:03.0793 7208 hibernation - ok
14:15:03.0959 7208 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:15:03.0962 7208 HidBatt - ok
14:15:04.0113 7208 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:15:04.0118 7208 HidBth - ok
14:15:04.0194 7208 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:15:04.0197 7208 HidIr - ok
14:15:04.0340 7208 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:15:04.0347 7208 hidserv - ok
14:15:04.0432 7208 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:15:04.0443 7208 HidUsb - ok
14:15:04.0568 7208 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
14:15:04.0582 7208 hkmsvc - ok
14:15:04.0729 7208 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
14:15:04.0751 7208 HomeGroupListener - ok
14:15:04.0957 7208 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
14:15:04.0979 7208 HomeGroupProvider - ok
14:15:05.0167 7208 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:15:05.0204 7208 hpqcxs08 - ok
14:15:05.0414 7208 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:15:05.0419 7208 hpqddsvc - ok
14:15:05.0592 7208 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:15:05.0596 7208 HpSAMD - ok
14:15:05.0706 7208 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:15:05.0729 7208 HTTP - ok
14:15:05.0834 7208 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:15:05.0838 7208 hwpolicy - ok
14:15:05.0970 7208 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:15:05.0975 7208 i8042prt - ok
14:15:06.0150 7208 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
14:15:06.0161 7208 iaStor - ok
14:15:06.0333 7208 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:15:06.0343 7208 iaStorV - ok
14:15:06.0510 7208 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:15:06.0515 7208 IDriverT - ok
14:15:06.0678 7208 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:15:06.0721 7208 idsvc - ok
14:15:07.0037 7208 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:15:07.0251 7208 igfx - ok
14:15:07.0431 7208 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:15:07.0435 7208 iirsp - ok
14:15:07.0553 7208 IISADMIN (fc9735b66850cf8aebbc1e207ecb2ad8) C:\Windows\system32\inetsrv\inetinfo.exe
14:15:07.0585 7208 IISADMIN - ok
14:15:07.0778 7208 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
14:15:07.0813 7208 IKEEXT - ok
14:15:07.0930 7208 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
14:15:07.0935 7208 Impcd - ok
14:15:08.0137 7208 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:15:08.0144 7208 IntcDAud - ok
14:15:08.0320 7208 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:15:08.0323 7208 intelide - ok
14:15:08.0466 7208 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:15:08.0470 7208 intelppm - ok
14:15:08.0638 7208 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:15:08.0647 7208 IPBusEnum - ok
14:15:08.0757 7208 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:08.0761 7208 IpFilterDriver - ok
14:15:08.0843 7208 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:15:08.0848 7208 IPMIDRV - ok
14:15:08.0974 7208 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:15:08.0979 7208 IPNAT - ok
14:15:09.0043 7208 ipswuio - ok
14:15:09.0111 7208 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:15:09.0113 7208 IRENUM - ok
14:15:09.0228 7208 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:15:09.0232 7208 isapnp - ok
14:15:09.0318 7208 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:15:09.0325 7208 iScsiPrt - ok
14:15:09.0410 7208 JMCR (2254a5e78c55fd8f68f9676590468531) C:\Windows\system32\DRIVERS\jmcr.sys
14:15:09.0415 7208 JMCR - ok
14:15:09.0519 7208 JME (36220002d044fe2da969cb6406bbc0e5) C:\Windows\system32\DRIVERS\JME.sys
14:15:09.0523 7208 JME - ok
14:15:09.0630 7208 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
14:15:09.0633 7208 kbdclass - ok
14:15:09.0732 7208 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:15:09.0735 7208 kbdhid - ok
14:15:09.0822 7208 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
14:15:09.0825 7208 kbfiltr - ok
14:15:09.0913 7208 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:09.0920 7208 KeyIso - ok
14:15:10.0057 7208 KpyM Telnet SSH Server v1.19c (8c8983d282e9d6d3609988b0a2dee242) C:\Program Files\KTS\daemon.exe
14:15:10.0106 7208 KpyM Telnet SSH Server v1.19c - ok
14:15:10.0274 7208 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:15:10.0278 7208 KSecDD - ok
14:15:10.0363 7208 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:15:10.0368 7208 KSecPkg - ok
14:15:10.0562 7208 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:15:10.0573 7208 KtmRm - ok
14:15:10.0686 7208 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
14:15:10.0719 7208 LanmanServer - ok
14:15:10.0901 7208 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
14:15:10.0945 7208 LanmanWorkstation - ok
14:15:11.0133 7208 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:15:11.0136 7208 lltdio - ok
14:15:11.0241 7208 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:15:11.0262 7208 lltdsvc - ok
14:15:11.0380 7208 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:15:11.0389 7208 lmhosts - ok
14:15:11.0508 7208 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:15:11.0515 7208 LMS - ok
14:15:11.0655 7208 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:15:11.0659 7208 LSI_FC - ok
14:15:11.0705 7208 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:15:11.0710 7208 LSI_SAS - ok
14:15:11.0750 7208 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:15:11.0752 7208 LSI_SAS2 - ok
14:15:11.0790 7208 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:15:11.0793 7208 LSI_SCSI - ok
14:15:11.0872 7208 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:15:11.0874 7208 luafv - ok
14:15:12.0004 7208 lvupdtio (fed822e9149e9159251cdc37dedf3ca8) C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys
14:15:12.0008 7208 lvupdtio - ok
14:15:12.0140 7208 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
14:15:12.0144 7208 MBAMProtector - ok
14:15:12.0305 7208 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:15:12.0377 7208 MBAMService - ok
14:15:12.0489 7208 mcafeeframework - ok
14:15:12.0607 7208 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
14:15:12.0615 7208 Mcx2Svc - ok
14:15:12.0721 7208 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:15:12.0724 7208 megasas - ok
14:15:12.0793 7208 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:15:12.0798 7208 MegaSR - ok
14:15:12.0936 7208 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:15:12.0939 7208 Microsoft Office Groove Audit Service - ok
14:15:13.0064 7208 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:15:13.0071 7208 MMCSS - ok
14:15:13.0161 7208 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:15:13.0164 7208 Modem - ok
14:15:13.0218 7208 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:15:13.0220 7208 monitor - ok
14:15:13.0319 7208 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:15:13.0323 7208 mouclass - ok
14:15:13.0419 7208 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:15:13.0422 7208 mouhid - ok
14:15:13.0521 7208 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:15:13.0524 7208 mountmgr - ok
14:15:13.0644 7208 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:15:13.0650 7208 mpio - ok
14:15:13.0732 7208 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:15:13.0736 7208 mpsdrv - ok
14:15:13.0895 7208 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:15:13.0900 7208 MRxDAV - ok
14:15:14.0033 7208 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:14.0037 7208 mrxsmb - ok
14:15:14.0143 7208 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:14.0150 7208 mrxsmb10 - ok
14:15:14.0267 7208 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:14.0272 7208 mrxsmb20 - ok
14:15:14.0401 7208 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:15:14.0406 7208 msahci - ok
14:15:14.0492 7208 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:15:14.0496 7208 msdsm - ok
14:15:14.0613 7208 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:15:14.0623 7208 MSDTC - ok
14:15:14.0740 7208 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:15:14.0743 7208 Msfs - ok
14:15:14.0884 7208 msftesql$WASPDBEXPRESS (54819fc5c79e4b2c6e896f9de440494d) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
14:15:14.0887 7208 msftesql$WASPDBEXPRESS - ok
14:15:15.0038 7208 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:15:15.0040 7208 mshidkmdf - ok
14:15:15.0114 7208 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:15:15.0117 7208 msisadrv - ok
14:15:15.0207 7208 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:15:15.0218 7208 MSiSCSI - ok
14:15:15.0257 7208 msiserver - ok
14:15:15.0336 7208 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:15:15.0340 7208 MSKSSRV - ok
14:15:15.0407 7208 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:15.0411 7208 MSPCLOCK - ok
14:15:15.0456 7208 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:15:15.0458 7208 MSPQM - ok
14:15:15.0511 7208 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:15:15.0516 7208 MsRPC - ok
14:15:15.0625 7208 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:15:15.0628 7208 mssmbios - ok
14:15:15.0733 7208 MSSQL$WASPDBEXPRESS - ok
14:15:15.0818 7208 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:15:15.0824 7208 MSSQLServerADHelper - ok
14:15:15.0946 7208 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:15:15.0948 7208 MSTEE - ok
14:15:16.0031 7208 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:15:16.0034 7208 MTConfig - ok
14:15:16.0170 7208 MTsensor (2e71504a74be4e3d4ea94568eff7556e) C:\Windows\system32\DRIVERS\ATKACPI.sys
14:15:16.0173 7208 MTsensor - ok
14:15:16.0319 7208 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:15:16.0323 7208 Mup - ok
14:15:16.0438 7208 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
14:15:16.0460 7208 napagent - ok
14:15:16.0538 7208 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:15:16.0545 7208 NativeWifiP - ok
14:15:16.0655 7208 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files\Nero\Update\NASvc.exe
14:15:16.0689 7208 NAUpdate - ok
14:15:16.0820 7208 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:15:16.0860 7208 NDIS - ok
14:15:16.0959 7208 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:16.0964 7208 NdisCap - ok
14:15:17.0060 7208 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:17.0063 7208 NdisTapi - ok
14:15:17.0160 7208 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:17.0163 7208 Ndisuio - ok
14:15:17.0246 7208 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:17.0250 7208 NdisWan - ok
14:15:17.0366 7208 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:15:17.0370 7208 NDProxy - ok
14:15:17.0520 7208 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
14:15:17.0527 7208 Net Driver HPZ12 - ok
14:15:17.0604 7208 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:15:17.0607 7208 NetBIOS - ok
14:15:17.0707 7208 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:15:17.0712 7208 NetBT - ok
14:15:17.0782 7208 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:17.0786 7208 Netlogon - ok
14:15:17.0875 7208 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:15:17.0886 7208 Netman - ok
14:15:18.0022 7208 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:18.0032 7208 NetMsmqActivator - ok
14:15:18.0058 7208 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:18.0059 7208 NetPipeActivator - ok
14:15:18.0189 7208 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:15:18.0199 7208 netprofm - ok
14:15:18.0341 7208 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:18.0344 7208 NetTcpActivator - ok
14:15:18.0402 7208 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:15:18.0405 7208 NetTcpPortSharing - ok
14:15:18.0578 7208 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:15:18.0580 7208 nfrd960 - ok
14:15:18.0731 7208 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
14:15:18.0738 7208 NlaSvc - ok
14:15:18.0794 7208 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:15:18.0797 7208 Npfs - ok
14:15:18.0862 7208 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:15:18.0869 7208 nsi - ok
14:15:18.0922 7208 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:15:18.0925 7208 nsiproxy - ok
14:15:19.0048 7208 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:15:19.0083 7208 Ntfs - ok
14:15:19.0161 7208 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:15:19.0163 7208 Null - ok
14:15:19.0466 7208 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:15:19.0695 7208 nvlddmkm - ok
14:15:19.0784 7208 nvpciflt (c438849c81bb7353512646a2cac5d041) C:\Windows\system32\DRIVERS\nvpciflt.sys
14:15:19.0788 7208 nvpciflt - ok
14:15:19.0883 7208 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:15:19.0887 7208 nvraid - ok
14:15:19.0994 7208 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:15:19.0999 7208 nvstor - ok
14:15:20.0110 7208 nvsvc (538a52e480c816d1990579a8faaffa20) C:\Windows\system32\nvvsvc.exe
14:15:20.0141 7208 nvsvc - ok
14:15:20.0270 7208 nvUpdatusService (3e0898db7cac9f8e5595e5e7c801fd1e) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:15:20.0322 7208 nvUpdatusService - ok
14:15:20.0465 7208 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:15:20.0470 7208 nv_agp - ok
14:15:20.0594 7208 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:15:20.0618 7208 odserv - ok
14:15:20.0756 7208 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:15:20.0761 7208 ohci1394 - ok
14:15:20.0862 7208 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:15:20.0869 7208 ose - ok
14:15:21.0009 7208 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:15:21.0031 7208 p2pimsvc - ok
14:15:21.0205 7208 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:15:21.0227 7208 p2psvc - ok
14:15:21.0319 7208 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:15:21.0323 7208 Parport - ok
14:15:21.0413 7208 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:15:21.0416 7208 partmgr - ok
14:15:21.0484 7208 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:15:21.0487 7208 Parvdm - ok
14:15:21.0625 7208 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:15:21.0647 7208 PcaSvc - ok
14:15:21.0752 7208 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:15:21.0756 7208 pci - ok
14:15:21.0822 7208 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:15:21.0824 7208 pciide - ok
14:15:21.0894 7208 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:15:21.0899 7208 pcmcia - ok
14:15:22.0088 7208 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
14:15:22.0093 7208 pcouffin - ok
14:15:22.0200 7208 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:15:22.0235 7208 pcw - ok
14:15:22.0352 7208 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:15:22.0376 7208 PEAUTH - ok
14:15:22.0490 7208 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
14:15:22.0525 7208 PeerDistSvc - ok
14:15:22.0780 7208 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
14:15:22.0832 7208 pla - ok
14:15:22.0957 7208 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
14:15:22.0990 7208 PlugPlay - ok
14:15:23.0197 7208 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
14:15:23.0203 7208 Pml Driver HPZ12 - ok
14:15:23.0305 7208 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:15:23.0316 7208 PNRPAutoReg - ok
14:15:23.0398 7208 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:15:23.0406 7208 PNRPsvc - ok
14:15:23.0515 7208 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
14:15:23.0526 7208 PolicyAgent - ok
14:15:23.0643 7208 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
14:15:23.0655 7208 Power - ok
14:15:23.0732 7208 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:15:23.0735 7208 PptpMiniport - ok
14:15:23.0809 7208 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:15:23.0812 7208 Processor - ok
14:15:23.0913 7208 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
14:15:23.0922 7208 ProfSvc - ok
14:15:24.0000 7208 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:24.0005 7208 ProtectedStorage - ok
14:15:24.0075 7208 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:15:24.0079 7208 Psched - ok
14:15:24.0246 7208 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
14:15:24.0251 7208 PSI_SVC_2 - ok
14:15:24.0342 7208 ql2100 - ok
14:15:24.0447 7208 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:15:24.0479 7208 ql2300 - ok
14:15:24.0590 7208 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:24.0594 7208 ql40xx - ok
14:15:24.0705 7208 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:15:24.0728 7208 QWAVE - ok
14:15:24.0837 7208 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:15:24.0842 7208 QWAVEdrv - ok
14:15:24.0980 7208 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
14:15:25.0234 7208 RapiMgr - ok
14:15:25.0383 7208 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:15:25.0386 7208 RasAcd - ok
14:15:25.0533 7208 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:25.0536 7208 RasAgileVpn - ok
14:15:25.0675 7208 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:15:25.0681 7208 RasAuto - ok
14:15:25.0764 7208 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:25.0767 7208 Rasl2tp - ok
14:15:25.0881 7208 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
14:15:25.0903 7208 RasMan - ok
14:15:25.0963 7208 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:25.0966 7208 RasPppoe - ok
14:15:26.0025 7208 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:15:26.0029 7208 RasSstp - ok
14:15:26.0134 7208 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:15:26.0142 7208 rdbss - ok
14:15:26.0221 7208 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:26.0224 7208 rdpbus - ok
14:15:26.0294 7208 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:26.0296 7208 RDPCDD - ok
14:15:26.0381 7208 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:15:26.0386 7208 RDPDR - ok
14:15:26.0449 7208 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:15:26.0452 7208 RDPENCDD - ok
14:15:26.0523 7208 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:15:26.0527 7208 RDPREFMP - ok
14:15:26.0650 7208 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:15:26.0654 7208 RdpVideoMiniport - ok
14:15:26.0755 7208 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:15:26.0761 7208 RDPWD - ok
14:15:26.0870 7208 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:15:26.0877 7208 rdyboost - ok
14:15:26.0975 7208 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:15:26.0986 7208 RemoteAccess - ok
14:15:27.0075 7208 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:15:27.0097 7208 RemoteRegistry - ok
14:15:27.0239 7208 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:15:27.0251 7208 RpcEptMapper - ok
14:15:27.0306 7208 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:15:27.0312 7208 RpcLocator - ok
14:15:27.0408 7208 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:15:27.0424 7208 RpcSs - ok
14:15:27.0571 7208 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:15:27.0575 7208 rspndr - ok
14:15:27.0675 7208 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
14:15:27.0680 7208 s125bus - ok
14:15:27.0742 7208 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
14:15:27.0746 7208 s125mdfl - ok
14:15:27.0843 7208 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
14:15:27.0846 7208 s125mdm - ok
14:15:27.0900 7208 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys
14:15:27.0903 7208 s125mgmt - ok
14:15:27.0971 7208 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys
14:15:27.0976 7208 s125obex - ok
14:15:28.0087 7208 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:15:28.0106 7208 s3cap - ok
14:15:28.0237 7208 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:28.0245 7208 SamSs - ok
14:15:28.0322 7208 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:15:28.0326 7208 sbp2port - ok
14:15:28.0422 7208 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:15:28.0444 7208 SCardSvr - ok
14:15:28.0553 7208 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:15:28.0557 7208 scfilter - ok
14:15:28.0678 7208 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
14:15:28.0713 7208 Schedule - ok
14:15:28.0794 7208 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:15:28.0796 7208 SCPolicySvc - ok
14:15:28.0907 7208 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
14:15:28.0911 7208 sdbus - ok
14:15:29.0031 7208 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
14:15:29.0053 7208 SDRSVC - ok
14:15:29.0138 7208 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:15:29.0142 7208 secdrv - ok
14:15:29.0224 7208 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:15:29.0237 7208 seclogon - ok
14:15:29.0317 7208 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
14:15:29.0325 7208 SENS - ok
14:15:29.0438 7208 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:15:29.0448 7208 SensrSvc - ok
14:15:29.0575 7208 Sentinel (7e5c2c58fc4e3862e7bf88bfb809a9b0) C:\Windows\System32\Drivers\SENTINEL.SYS
14:15:29.0579 7208 Sentinel - ok
14:15:29.0741 7208 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:15:29.0743 7208 Serenum - ok
14:15:29.0838 7208 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:15:29.0843 7208 Serial - ok
14:15:29.0924 7208 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:15:29.0928 7208 sermouse - ok
14:15:30.0139 7208 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
14:15:30.0161 7208 SessionEnv - ok
14:15:30.0303 7208 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:15:30.0307 7208 sffdisk - ok
14:15:30.0416 7208 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:15:30.0419 7208 sffp_mmc - ok
14:15:30.0541 7208 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:15:30.0545 7208 sffp_sd - ok
14:15:30.0613 7208 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:30.0616 7208 sfloppy - ok
14:15:30.0843 7208 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:15:30.0866 7208 SharedAccess - ok
14:15:30.0952 7208 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
14:15:30.0964 7208 ShellHWDetection - ok
14:15:31.0055 7208 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:15:31.0059 7208 sisagp - ok
14:15:31.0219 7208 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:31.0224 7208 SiSRaid2 - ok
14:15:31.0260 7208 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:31.0263 7208 SiSRaid4 - ok
14:15:31.0303 7208 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:15:31.0305 7208 Smb - ok
14:15:31.0466 7208 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:15:31.0475 7208 SNMPTRAP - ok
14:15:31.0669 7208 SNP2UVC (03210c439d0c1224eb36865c8010dab6) C:\Windows\system32\DRIVERS\snp2uvc.sys
14:15:31.0725 7208 SNP2UVC - ok
14:15:31.0861 7208 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:15:31.0864 7208 spldr - ok
14:15:31.0979 7208 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
14:15:31.0984 7208 spmgr - ok
14:15:32.0069 7208 SpnAgent - ok
14:15:32.0234 7208 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
14:15:32.0265 7208 Spooler - ok
14:15:32.0465 7208 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
14:15:32.0546 7208 sppsvc - ok
14:15:32.0645 7208 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
14:15:32.0654 7208 sppuinotify - ok
14:15:32.0807 7208 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
14:15:32.0841 7208 sptd - ok
14:15:32.0987 7208 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:15:32.0992 7208 SQLBrowser - ok
14:15:33.0163 7208 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:15:33.0167 7208 SQLWriter - ok
14:15:33.0292 7208 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:15:33.0302 7208 srv - ok
14:15:33.0390 7208 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:15:33.0399 7208 srv2 - ok
14:15:33.0480 7208 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:15:33.0484 7208 srvnet - ok
14:15:33.0602 7208 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:15:33.0625 7208 SSDPSRV - ok
14:15:33.0708 7208 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:15:33.0747 7208 SstpSvc - ok
14:15:33.0829 7208 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:15:33.0834 7208 stexstor - ok
14:15:33.0949 7208 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
14:15:33.0980 7208 StiSvc - ok
14:15:34.0078 7208 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:15:34.0082 7208 storflt - ok
14:15:34.0156 7208 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
14:15:34.0168 7208 StorSvc - ok
14:15:34.0256 7208 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:15:34.0261 7208 storvsc - ok
14:15:34.0340 7208 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:15:34.0344 7208 swenum - ok
14:15:34.0428 7208 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:15:34.0450 7208 swprv - ok
14:15:34.0512 7208 Synth3dVsc - ok
14:15:34.0639 7208 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
14:15:34.0685 7208 SysMain - ok
14:15:34.0764 7208 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
14:15:34.0776 7208 TabletInputService - ok
14:15:34.0866 7208 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
14:15:34.0889 7208 TapiSrv - ok
14:15:34.0973 7208 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:15:34.0984 7208 TBS - ok
14:15:35.0128 7208 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:15:35.0170 7208 Tcpip - ok
14:15:35.0365 7208 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:15:35.0375 7208 TCPIP6 - ok
14:15:35.0560 7208 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:15:35.0565 7208 tcpipreg - ok
14:15:35.0668 7208 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:15:35.0671 7208 TDPIPE - ok
14:15:35.0711 7208 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:15:35.0714 7208 TDTCP - ok
14:15:35.0816 7208 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:15:35.0821 7208 tdx - ok
14:15:35.0986 7208 TeamViewer5 (e4a5a883a311c5ee7fd1ef3fda762b5b) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
14:15:36.0049 7208 TeamViewer5 - ok
14:15:36.0198 7208 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:15:36.0204 7208 TermDD - ok
14:15:36.0291 7208 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
14:15:36.0324 7208 TermService - ok
14:15:36.0421 7208 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:15:36.0433 7208 Themes - ok
14:15:36.0518 7208 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:15:36.0525 7208 THREADORDER - ok
14:15:36.0689 7208 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:15:36.0711 7208 TrkWks - ok
14:15:36.0841 7208 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
14:15:36.0892 7208 TrustedInstaller - ok
14:15:37.0071 7208 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:37.0076 7208 tssecsrv - ok
14:15:37.0185 7208 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:15:37.0190 7208 TsUsbFlt - ok
14:15:37.0254 7208 tsusbhub - ok
14:15:37.0333 7208 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:15:37.0338 7208 tunnel - ok
14:15:37.0397 7208 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:15:37.0401 7208 uagp35 - ok
14:15:37.0496 7208 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:15:37.0504 7208 udfs - ok
14:15:37.0624 7208 ufad-ws60 (27fedeaf9d646b9d001a5e27a18bd437) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
14:15:37.0834 7208 ufad-ws60 - ok
14:15:38.0007 7208 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:15:38.0029 7208 UI0Detect - ok
14:15:38.0181 7208 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:15:38.0186 7208 uliagpkx - ok
14:15:38.0295 7208 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:15:38.0299 7208 umbus - ok
14:15:38.0387 7208 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:15:38.0391 7208 UmPass - ok
14:15:38.0499 7208 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
14:15:38.0521 7208 UmRdpService - ok
14:15:38.0643 7208 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Program Files\Unlocker\UnlockerDriver5.sys
14:15:38.0645 7208 UnlockerDriver5 - ok
14:15:38.0794 7208 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:15:38.0885 7208 UNS - ok
14:15:39.0035 7208 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:15:39.0065 7208 upnphost - ok
14:15:39.0170 7208 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
14:15:39.0176 7208 usbaudio - ok
14:15:39.0321 7208 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:39.0327 7208 usbccgp - ok
14:15:39.0423 7208 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:15:39.0428 7208 usbcir - ok
14:15:39.0504 7208 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
14:15:39.0509 7208 usbehci - ok
14:15:39.0606 7208 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:15:39.0607 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8dc94aec6a7e644a06135ae7506dc2e9
14:15:39.0657 7208 usbhub ( LockedFile.Multi.Generic ) - warning
14:15:39.0657 7208 usbhub - detected LockedFile.Multi.Generic (1)
14:15:39.0793 7208 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:15:39.0794 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: e185d44fac515a18d9deddc23c2cdf44
14:15:39.0851 7208 usbohci ( LockedFile.Multi.Generic ) - warning
14:15:39.0851 7208 usbohci - detected LockedFile.Multi.Generic (1)
14:15:39.0978 7208 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:15:39.0979 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 797d862fe0875e75c7cc4c1ad7b30252
14:15:40.0016 7208 usbprint ( LockedFile.Multi.Generic ) - warning
14:15:40.0016 7208 usbprint - detected LockedFile.Multi.Generic (1)
14:15:40.0162 7208 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:15:40.0163 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: 576096ccbc07e7c4ea4f5e6686d6888f
14:15:40.0207 7208 usbscan ( LockedFile.Multi.Generic ) - warning
14:15:40.0207 7208 usbscan - detected LockedFile.Multi.Generic (1)
14:15:40.0349 7208 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:40.0350 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: f991ab9cc6b908db552166768176896a
14:15:40.0399 7208 USBSTOR ( LockedFile.Multi.Generic ) - warning
14:15:40.0399 7208 USBSTOR - detected LockedFile.Multi.Generic (1)
14:15:40.0531 7208 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:15:40.0533 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 68df884cf41cdada664beb01daf67e3d
14:15:40.0676 7208 usbuhci ( LockedFile.Multi.Generic ) - warning
14:15:40.0677 7208 usbuhci - detected LockedFile.Multi.Generic (1)
14:15:40.0821 7208 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
14:15:40.0822 7208 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvideo.sys. md5: 45f4e7bf43db40a6c6b4d92c76cbc3f2
14:15:40.0861 7208 usbvideo ( LockedFile.Multi.Generic ) - warning
14:15:40.0861 7208 usbvideo - detected LockedFile.Multi.Generic (1)
14:15:40.0991 7208 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
14:15:40.0992 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usb8023x.sys. md5: d82f43d15fdaa666856c0190cb73e7c9
14:15:41.0018 7208 usb_rndisx ( LockedFile.Multi.Generic ) - warning
14:15:41.0018 7208 usb_rndisx - detected LockedFile.Multi.Generic (1)
14:15:41.0159 7208 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:15:41.0181 7208 UxSms - ok
14:15:41.0258 7208 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:41.0264 7208 VaultSvc - ok
14:15:41.0379 7208 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:15:41.0380 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: a059c4c3edb09e07d21a8e5c0aabd3cb
14:15:41.0424 7208 vdrvroot ( LockedFile.Multi.Generic ) - warning
14:15:41.0425 7208 vdrvroot - detected LockedFile.Multi.Generic (1)
14:15:41.0555 7208 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
14:15:41.0588 7208 vds - ok
14:15:41.0673 7208 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:41.0674 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 17c408214ea61696cec9c66e388b14f3
14:15:41.0714 7208 vga ( LockedFile.Multi.Generic ) - warning
14:15:41.0714 7208 vga - detected LockedFile.Multi.Generic (1)
14:15:41.0802 7208 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:15:41.0804 7208 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 8e38096ad5c8570a6f1570a61e251561
14:15:41.0829 7208 VgaSave ( LockedFile.Multi.Generic ) - warning
14:15:41.0829 7208 VgaSave - detected LockedFile.Multi.Generic (1)
14:15:41.0953 7208 VGPU - ok
14:15:42.0052 7208 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:15:42.0053 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 5461686cca2fda57b024547733ab42e3
14:15:42.0095 7208 vhdmp ( LockedFile.Multi.Generic ) - warning
14:15:42.0095 7208 vhdmp - detected LockedFile.Multi.Generic (1)
14:15:42.0205 7208 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:15:42.0206 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaagp.sys. md5: c829317a37b4bea8f39735d4b076e923
14:15:42.0217 7208 viaagp ( LockedFile.Multi.Generic ) - warning
14:15:42.0217 7208 viaagp - detected LockedFile.Multi.Generic (1)
14:15:42.0348 7208 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:15:42.0349 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\viac7.sys. md5: e02f079a6aa107f06b16549c6e5c7b74
14:15:42.0437 7208 ViaC7 ( LockedFile.Multi.Generic ) - warning
14:15:42.0437 7208 ViaC7 - detected LockedFile.Multi.Generic (1)
14:15:42.0577 7208 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:15:42.0578 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e43574f6a56a0ee11809b48c09e4fd3c
14:15:42.0637 7208 viaide ( LockedFile.Multi.Generic ) - warning
14:15:42.0637 7208 viaide - detected LockedFile.Multi.Generic (1)
14:15:42.0759 7208 VMAuthdService (4d45f1f1637e53455e407dfcb4e0d459) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
14:15:42.0764 7208 VMAuthdService - ok
14:15:42.0871 7208 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:15:42.0873 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmbus.sys. md5: c2f2911156fdc7817c52829c86da494e
14:15:42.0896 7208 vmbus ( LockedFile.Multi.Generic ) - warning
14:15:42.0897 7208 vmbus - detected LockedFile.Multi.Generic (1)
14:15:42.0949 7208 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:15:42.0951 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMBusHID.sys. md5: d4d77455211e204f370d08f4963063ce
14:15:42.0962 7208 VMBusHID ( LockedFile.Multi.Generic ) - warning
14:15:42.0962 7208 VMBusHID - detected LockedFile.Multi.Generic (1)
14:15:43.0093 7208 vmci (a032c61cf37f5ec1e254348686a1b9f7) C:\Windows\system32\Drivers\vmci.sys
14:15:43.0094 7208 Suspicious file (NoAccess): C:\Windows\system32\Drivers\vmci.sys. md5: a032c61cf37f5ec1e254348686a1b9f7
14:15:43.0118 7208 vmci ( LockedFile.Multi.Generic ) - warning
14:15:43.0118 7208 vmci - detected LockedFile.Multi.Generic (1)
14:15:43.0192 7208 vmkbd (0ff56144a95abe14c87a20bcc63d6ae1) C:\Windows\system32\drivers\VMkbd.sys
14:15:43.0193 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMkbd.sys. md5: 0ff56144a95abe14c87a20bcc63d6ae1
14:15:43.0237 7208 vmkbd ( LockedFile.Multi.Generic ) - warning
14:15:43.0238 7208 vmkbd - detected LockedFile.Multi.Generic (1)
14:15:43.0289 7208 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
14:15:43.0290 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vmnetadapter.sys. md5: e41704d8149992107b333cc7a52c07cc
14:15:43.0327 7208 VMnetAdapter ( LockedFile.Multi.Generic ) - warning
14:15:43.0327 7208 VMnetAdapter - detected LockedFile.Multi.Generic (1)
14:15:43.0393 7208 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
14:15:43.0394 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vmnetbridge.sys. md5: 462f2a31ea8b87a28962aca998df1869
14:15:43.0469 7208 VMnetBridge ( LockedFile.Multi.Generic ) - warning
14:15:43.0469 7208 VMnetBridge - detected LockedFile.Multi.Generic (1)
14:15:43.0605 7208 VMnetDHCP (3231287f43eac069dd5a635250820eb6) C:\Windows\system32\vmnetdhcp.exe
14:15:43.0638 7208 VMnetDHCP - ok
14:15:43.0762 7208 VMnetuserif (b26da84d8d5c654b107972397a89fb46) C:\Windows\system32\drivers\vmnetuserif.sys
14:15:43.0763 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmnetuserif.sys. md5: b26da84d8d5c654b107972397a89fb46
14:15:43.0811 7208 VMnetuserif ( LockedFile.Multi.Generic ) - warning
14:15:43.0811 7208 VMnetuserif - detected LockedFile.Multi.Generic (1)
14:15:43.0950 7208 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
14:15:43.0952 7208 Suspicious file (NoAccess): C:\Windows\system32\Drivers\vmusb.sys. md5: afb10ad9aa91d2f70c9f0e6bda0d119b
14:15:44.0016 7208 vmusb ( LockedFile.Multi.Generic ) - warning
14:15:44.0016 7208 vmusb - detected LockedFile.Multi.Generic (1)
14:15:44.0127 7208 VMUSBArbService (26bd025b6d74d1c345d13ff9c509e893) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
14:15:44.0150 7208 VMUSBArbService - ok
14:15:44.0312 7208 VMware NAT Service (96dd61e7e665c35d2d22c2ff280e71d9) C:\Windows\system32\vmnat.exe
14:15:44.0344 7208 VMware NAT Service - ok
14:15:44.0514 7208 vmx86 (97c1f1803e208d5e95a60e789a7e070a) C:\Windows\system32\Drivers\vmx86.sys
14:15:44.0516 7208 Suspicious file (NoAccess): C:\Windows\system32\Drivers\vmx86.sys. md5: 97c1f1803e208d5e95a60e789a7e070a
14:15:44.0606 7208 vmx86 ( LockedFile.Multi.Generic ) - warning
14:15:44.0606 7208 vmx86 - detected LockedFile.Multi.Generic (1)
14:15:44.0727 7208 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:15:44.0729 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: 4c63e00f2f4b5f86ab48a58cd990f212
14:15:44.0770 7208 volmgr ( LockedFile.Multi.Generic ) - warning
14:15:44.0770 7208 volmgr - detected LockedFile.Multi.Generic (1)
14:15:44.0883 7208 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:15:44.0884 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: b5bb72067ddddbbfb04b2f89ff8c3c87
14:15:44.0921 7208 volmgrx ( LockedFile.Multi.Generic ) - warning
14:15:44.0921 7208 volmgrx - detected LockedFile.Multi.Generic (1)
14:15:45.0058 7208 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:15:45.0059 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: f497f67932c6fa693d7de2780631cfe7
14:15:45.0111 7208 volsnap ( LockedFile.Multi.Generic ) - warning
14:15:45.0111 7208 volsnap - detected LockedFile.Multi.Generic (1)
14:15:45.0237 7208 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:15:45.0238 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 9dfa0cc2f8855a04816729651175b631
14:15:45.0291 7208 vsmraid ( LockedFile.Multi.Generic ) - warning
14:15:45.0291 7208 vsmraid - detected LockedFile.Multi.Generic (1)
14:15:45.0452 7208 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
14:15:45.0487 7208 VSS - ok
14:15:45.0613 7208 vstor2-ws60 (c40598b7708c6af55a629a4d349e33bb) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
14:15:45.0615 7208 Suspicious file (NoAccess): C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys. md5: c40598b7708c6af55a629a4d349e33bb
14:15:45.0640 7208 vstor2-ws60 ( LockedFile.Multi.Generic ) - warning
14:15:45.0640 7208 vstor2-ws60 - detected LockedFile.Multi.Generic (1)
14:15:45.0783 7208 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:45.0785 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 90567b1e658001e79d7c8bbd3dde5aa6
14:15:45.0794 7208 vwifibus ( LockedFile.Multi.Generic ) - warning
14:15:45.0794 7208 vwifibus - detected LockedFile.Multi.Generic (1)
14:15:45.0910 7208 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:45.0911 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 7090d3436eeb4e7da3373090a23448f7
14:15:45.0956 7208 vwififlt ( LockedFile.Multi.Generic ) - warning
14:15:45.0956 7208 vwififlt - detected LockedFile.Multi.Generic (1)
14:15:46.0101 7208 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:15:46.0134 7208 W32Time - ok
14:15:46.0323 7208 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
14:15:46.0333 7208 W3SVC - ok
14:15:46.0458 7208 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:15:46.0459 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: de3721e89c653aa281428c8a69745d90
14:15:46.0510 7208 WacomPen ( LockedFile.Multi.Generic ) - warning
14:15:46.0510 7208 WacomPen - detected LockedFile.Multi.Generic (1)
14:15:46.0715 7208 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
14:15:46.0739 7208 wampapache - ok
14:15:46.0928 7208 wampmysqld - ok
14:15:47.0077 7208 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:47.0078 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3c3c78515f5ab448b022bdf5b8ffdd2e
14:15:47.0144 7208 WANARP ( LockedFile.Multi.Generic ) - warning
14:15:47.0144 7208 WANARP - detected LockedFile.Multi.Generic (1)
14:15:47.0172 7208 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:47.0173 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3c3c78515f5ab448b022bdf5b8ffdd2e
14:15:47.0185 7208 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
14:15:47.0185 7208 Wanarpv6 - detected LockedFile.Multi.Generic (1)
14:15:47.0446 7208 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
14:15:47.0451 7208 WAS - ok
14:15:47.0616 7208 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
14:15:47.0663 7208 WatAdminSvc - ok
14:15:47.0765 7208 Wavelink Client License Server (b8931c920d40e95053f87b4bbfc2ce5a) C:\Program Files\Wavelink\LicenseServer\LicenseServer.exe
14:15:47.0773 7208 Wavelink Client License Server - ok
14:15:47.0922 7208 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
14:15:47.0962 7208 wbengine - ok
14:15:48.0119 7208 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:15:48.0141 7208 WbioSrvc - ok
14:15:48.0262 7208 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
14:15:48.0361 7208 WcesComm - ok
14:15:48.0529 7208 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
14:15:48.0562 7208 wcncsvc - ok
14:15:48.0739 7208 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:15:48.0761 7208 WcsPlugInService - ok
14:15:48.0858 7208 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:15:48.0860 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 1112a9badacb47b7c0bb0392e3158dff
14:15:48.0898 7208 Wd ( LockedFile.Multi.Generic ) - warning
14:15:48.0898 7208 Wd - detected LockedFile.Multi.Generic (1)
14:15:49.0015 7208 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:15:49.0016 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 9950e3d0f08141c7e89e64456ae7dc73
14:15:49.0026 7208 Wdf01000 ( LockedFile.Multi.Generic ) - warning
14:15:49.0026 7208 Wdf01000 - detected LockedFile.Multi.Generic (1)
14:15:49.0137 7208 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:15:49.0160 7208 WdiServiceHost - ok
14:15:49.0225 7208 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:15:49.0231 7208 WdiSystemHost - ok
14:15:49.0358 7208 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
14:15:49.0380 7208 WebClient - ok
14:15:49.0468 7208 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:15:49.0490 7208 Wecsvc - ok
14:15:49.0569 7208 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:15:49.0613 7208 wercplsupport - ok
14:15:49.0776 7208 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:15:49.0799 7208 WerSvc - ok
14:15:49.0878 7208 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:49.0879 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8b9a943f3b53861f2bfaf6c186168f79
14:15:49.0915 7208 WfpLwf ( LockedFile.Multi.Generic ) - warning
14:15:49.0916 7208 WfpLwf - detected LockedFile.Multi.Generic (1)
14:15:50.0075 7208 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:15:50.0077 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wimfltr.sys. md5: 090a2b8f055343815556a01f725f6c35
14:15:50.0124 7208 WimFltr ( LockedFile.Multi.Generic ) - warning
14:15:50.0124 7208 WimFltr - detected LockedFile.Multi.Generic (1)
14:15:50.0245 7208 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:15:50.0247 7208 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 5cf95b35e59e2a38023836fff31be64c
14:15:50.0277 7208 WIMMount ( LockedFile.Multi.Generic ) - warning
14:15:50.0278 7208 WIMMount - detected LockedFile.Multi.Generic (1)
14:15:50.0505 7208 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:15:50.0623 7208 Winmgmt - ok
14:15:50.0802 7208 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
14:15:50.0844 7208 WinRM - ok
14:15:51.0070 7208 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.SYS
14:15:51.0071 7208 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUSB.SYS. md5: a67e5f9a400f3bd1be3d80613b45f708
14:15:51.0112 7208 WINUSB ( LockedFile.Multi.Generic ) - warning
14:15:51.0112 7208 WINUSB - detected LockedFile.Multi.Generic (1)
14:15:51.0251 7208 WireLessDeployerAgent (905ef87dc4ea6e6681c6e960aaf9e821) C:\SofToGo\WireLessDeployer\WireLessDeployerAgent.exe
14:15:51.0405 7208 WireLessDeployerAgent - ok
14:15:51.0601 7208 WireLessTelNetProxyServer (59d2248a5810729a6ec4bb360cf43fc5) C:\Program Files\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe
14:15:51.0688 7208 WireLessTelNetProxyServer - ok
14:15:51.0873 7208 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:15:51.0915 7208 Wlansvc - ok
14:15:52.0101 7208 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:15:52.0154 7208 wlidsvc - ok
14:15:52.0314 7208 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:15:52.0318 7208 WmiAcpi - ok
14:15:52.0462 7208 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:15:52.0469 7208 wmiApSrv - ok
14:15:52.0602 7208 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:15:52.0628 7208 WMPNetworkSvc - ok
14:15:52.0753 7208 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:15:52.0765 7208 WPCSvc - ok
14:15:52.0847 7208 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
14:15:52.0869 7208 WPDBusEnum - ok
14:15:52.0944 7208 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:15:52.0948 7208 ws2ifsl - ok
14:15:53.0092 7208 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
14:15:53.0105 7208 wscsvc - ok
14:15:53.0153 7208 WSearch - ok
14:15:53.0294 7208 WSServerSvc (cfbfecb5001e7d15a0a1ee316edc5af7) C:\Program Files\WireLessDesigner\WS_Bin\WSServerSvc.exe
14:15:53.0340 7208 WSServerSvc - ok
14:15:53.0388 7208 WSServerSvcV4 (4a07fa75bf475d7f5c028febc41ff167) C:\Program Files\WireLessDesigner\WS_Bin_V4\WSServerSvcV4.exe
14:15:53.0470 7208 WSServerSvcV4 - ok
14:15:53.0596 7208 WSStarterSvc (866680f57cebf5e8fefbed002aec0d6d) C:\Program Files\WireLessDesigner\WS_Bin\WSStarterSvc.exe
14:15:53.0606 7208 WSStarterSvc - ok
14:15:53.0777 7208 WSStarterSvcV4 (c820147d0a6731e1f9e93857d6a2630f) C:\Program Files\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe
14:15:53.0780 7208 WSStarterSvcV4 - ok
14:15:53.0981 7208 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
14:15:54.0051 7208 wuauserv - ok
14:15:54.0201 7208 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:15:54.0206 7208 WudfPf - ok
14:15:54.0285 7208 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:54.0290 7208 WUDFRd - ok
14:15:54.0373 7208 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
14:15:54.0387 7208 wudfsvc - ok
14:15:54.0511 7208 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:15:54.0555 7208 WwanSvc - ok
14:15:54.0828 7208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:15:54.0865 7208 \Device\Harddisk0\DR0 - ok
14:15:54.0870 7208 Boot (0x1200) (25d4a3c8eaa23e0dee5ad7378caa7736) \Device\Harddisk0\DR0\Partition0
14:15:54.0873 7208 \Device\Harddisk0\DR0\Partition0 - ok
14:15:54.0898 7208 Boot (0x1200) (600ea4678f5ed8295c3091cea340033f) \Device\Harddisk0\DR0\Partition1
14:15:54.0899 7208 \Device\Harddisk0\DR0\Partition1 - ok
14:15:54.0902 7208 ============================================================
14:15:54.0902 7208 Scan finished
14:15:54.0902 7208 ============================================================
14:15:54.0913 6412 Detected object count: 42
14:15:54.0913 6412 Actual detected object count: 42
14:16:48.0714 6412 c5d2dd462033b36b ( LockedService.Multi.Generic ) - skipped by user
14:16:48.0714 6412 c5d2dd462033b36b ( LockedService.Multi.Generic ) - User select action: Skip
14:16:48.0884 6412 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
14:16:48.0924 6412 C:\Windows\assembly\GAC_MSIL\desktop.ini - copied to quarantine
14:16:48.0946 6412 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
14:17:02.0772 6412 Backup copy not found, trying to cure infected file..
14:17:02.0775 6412 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
14:17:02.0775 6412 C:\Windows\system32\Drivers\dfsc.sys - processing error
14:17:04.0966 6412 C:\Windows\assembly\GAC_MSIL\desktop.ini - will be deleted on reboot
14:17:04.0967 6412 DfsC ( Virus.Win32.ZAccess.g ) - User select action: Cure
14:17:04.0968 6412 usbhub ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0968 6412 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0971 6412 usbohci ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0971 6412 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0974 6412 usbprint ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0974 6412 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0978 6412 usbscan ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0978 6412 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0980 6412 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0980 6412 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0982 6412 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0982 6412 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0983 6412 usbvideo ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0983 6412 usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0985 6412 usb_rndisx ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0985 6412 usb_rndisx ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0987 6412 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0987 6412 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0991 6412 vga ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0991 6412 vga ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0993 6412 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0993 6412 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0995 6412 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0995 6412 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0998 6412 viaagp ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0998 6412 viaagp ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:04.0999 6412 ViaC7 ( LockedFile.Multi.Generic ) - skipped by user
14:17:04.0999 6412 ViaC7 ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0001 6412 viaide ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0001 6412 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0003 6412 vmbus ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0003 6412 vmbus ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0004 6412 VMBusHID ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0004 6412 VMBusHID ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0006 6412 vmci ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0006 6412 vmci ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0008 6412 vmkbd ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0008 6412 vmkbd ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0009 6412 VMnetAdapter ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0011 6412 VMnetAdapter ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0012 6412 VMnetBridge ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0012 6412 VMnetBridge ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0014 6412 VMnetuserif ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0014 6412 VMnetuserif ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0015 6412 vmusb ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0015 6412 vmusb ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0016 6412 vmx86 ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0016 6412 vmx86 ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0018 6412 volmgr ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0018 6412 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0019 6412 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0019 6412 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0020 6412 volsnap ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0020 6412 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0022 6412 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0022 6412 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0023 6412 vstor2-ws60 ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0023 6412 vstor2-ws60 ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0024 6412 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0024 6412 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0025 6412 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0025 6412 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0027 6412 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0027 6412 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0028 6412 WANARP ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0029 6412 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0030 6412 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0030 6412 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0031 6412 Wd ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0031 6412 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0032 6412 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0032 6412 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0034 6412 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0034 6412 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0035 6412 WimFltr ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0035 6412 WimFltr ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0036 6412 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0036 6412 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
14:17:05.0038 6412 WINUSB ( LockedFile.Multi.Generic ) - skipped by user
14:17:05.0038 6412 WINUSB ( LockedFile.Multi.Generic ) - User select action: Skip
17:23:42.0708 6996 Deinitialize success

#10 sebamobile

sebamobile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 29 March 2012 - 12:57 PM

Here Combofix log:



ComboFix 12-03-29.02 - sebastian 29/03/2012 14:26:49.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.54.1033.18.2925.1954 [GMT -3:00]
Running from: c:\users\sebastian\Desktop\Virus\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\juegos
c:\juegos\Limbo\app.id
c:\juegos\Limbo\D3DX9_43.dll
c:\juegos\Limbo\data\audio\pc\145441027.ogg
c:\juegos\Limbo\data\audio\pc\217485067.wav
c:\juegos\Limbo\data\audio\pc\288041556.ogg
c:\juegos\Limbo\data\audio\pc\351312017.ogg
c:\juegos\Limbo\data\audio\pc\36509593.ogg
c:\juegos\Limbo\data\audio\pc\386678257.ogg
c:\juegos\Limbo\data\audio\pc\410947880.ogg
c:\juegos\Limbo\data\audio\pc\54189208.ogg
c:\juegos\Limbo\data\audio\pc\574929999.ogg
c:\juegos\Limbo\data\audio\pc\58923886.ogg
c:\juegos\Limbo\data\audio\pc\66327209.wav
c:\juegos\Limbo\data\audio\pc\714585267.ogg
c:\juegos\Limbo\data\audio\pc\721828432.wav
c:\juegos\Limbo\data\audio\pc\744911790.ogg
c:\juegos\Limbo\data\audio\pc\77911966.ogg
c:\juegos\Limbo\data\audio\pc\932068112.ogg
c:\juegos\Limbo\data\audio\pc\Init.bnk
c:\juegos\Limbo\data\audio\pc\l_default.bnk
c:\juegos\Limbo\data\audio\pc\l_intro.bnk
c:\juegos\Limbo\dxwebsetup.exe
c:\juegos\Limbo\gamelanguage.txt
c:\juegos\Limbo\limbo.exe
c:\juegos\Limbo\limbo_boot.pkg
c:\juegos\Limbo\limbo_runtime.pkg
c:\juegos\Limbo\misty_api.dll
c:\juegos\Limbo\playername.txt
c:\juegos\Limbo\sebastian_swarm\savegame.txt
c:\juegos\Limbo\sebastian_swarm\vuid
c:\juegos\Limbo\sebastian_swarm\wins\ACH_1
c:\juegos\Limbo\sebastian_swarm\wins\ACH_11
c:\juegos\Limbo\sebastian_swarm\wins\ACH_5
c:\juegos\Limbo\sebastian_swarm\wins\ACH_8
c:\juegos\Limbo\sebastian_swarm\wins\ACH_9
c:\juegos\Limbo\settings.txt
c:\juegos\Limbo\titledata\bootscreen\dot.png
c:\juegos\Limbo\titledata\bootscreen\limbo_title.png
c:\juegos\Limbo\titledata\bootscreen\loading_de.png
c:\juegos\Limbo\titledata\bootscreen\loading_es.png
c:\juegos\Limbo\titledata\bootscreen\loading_fr.png
c:\juegos\Limbo\titledata\bootscreen\loading_it.png
c:\juegos\Limbo\titledata\bootscreen\loading_ja.png
c:\juegos\Limbo\titledata\bootscreen\loading_ko.png
c:\juegos\Limbo\titledata\bootscreen\loading_pt.png
c:\juegos\Limbo\titledata\bootscreen\loading_uk.png
c:\juegos\Limbo\titledata\bootscreen\loading_zh.png
c:\juegos\Limbo\titledata\bootscreen\pc_logo.png
c:\juegos\Limbo\Uninstall.exe
c:\juegos\Limbo\Uninstall.ini
c:\juegos\Limbo\xinput1_3.dll
c:\program files\Common Files\Net4Switch.ico
c:\program files\Mail Bomber
c:\program files\Mail Bomber\alternat.txt
c:\program files\Mail Bomber\discounts.txt
c:\program files\Mail Bomber\freegift.txt
c:\program files\Mail Bomber\license.txt
c:\program files\Mail Bomber\mailsend.cnt
c:\program files\Mail Bomber\mailsend.dat
c:\program files\Mail Bomber\mailsend.exe
c:\program files\Mail Bomber\mailsend.hlp
c:\program files\Mail Bomber\mailsend.opt
c:\program files\Mail Bomber\readme.txt
c:\program files\Mail Bomber\unins000.dat
c:\program files\Mail Bomber\unins000.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber
c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Mail Bomber Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Mail Bomber.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Readme.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Uninstall Mail Bomber.lnk
c:\users\sebastian\AppData\Local\8fa1a0ae\U
c:\users\sebastian\AppData\Local\8fa1a0ae\U\80000000.@
c:\users\sebastian\AppData\Local\8fa1a0ae\U\800000cb.@
c:\users\sebastian\AppData\Local\8fa1a0ae\U\800000cf.@
c:\users\sebastian\AppData\Roaming\CADECB6E12FC\CADECB6E12FC.exe
c:\users\sebastian\AppData\Roaming\DEDD03\DEDD03.exe
c:\users\sebastian\AppData\Roaming\regsrv64.exe
c:\users\sebastian\cvquksm6th.exe
c:\users\sebastian\g2mdlhlpx.exe
c:\users\sebastian\GoToAssistDownloadHelper.exe
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\drivers\c5d2dd462033b36b.sys
D:\install.exe
.
Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!AGP440.sys
Infected copy of c:\windows\system32\drivers\asyncmac.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_.cdrom
-------\Service_.netbt
-------\Legacy_c5d2dd462033b36b
-------\Service_c5d2dd462033b36b
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 17:43 . 2012-03-29 17:48 -------- d-----w- c:\users\sebastian\AppData\Local\temp
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\users\es\AppData\Local\temp
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-25 03:41 . 2012-03-25 03:54 -------- d-----w- C:\combosebaexe
2012-03-19 19:40 . 2012-03-07 12:48 607260 ------r- C:\dds.scr
2012-03-19 18:40 . 2012-03-19 18:40 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 18:40 . 2012-03-19 18:40 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-15 22:01 . 2012-03-15 22:01 -------- d-----w- c:\users\DefaultAppPool
2012-03-13 19:30 . 2012-03-13 19:30 -------- d-----w- c:\users\Classic .NET AppPool
2012-03-13 19:28 . 2012-03-13 19:28 -------- d-----w- c:\windows\system32\BestPractices
2012-03-13 19:28 . 2012-03-13 19:28 -------- d-----w- C:\inetpub
2012-03-07 20:30 . 2012-03-07 20:30 -------- d-----w- c:\users\sebastian\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-29 14:32 . 2012-03-26 17:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-29 13:32 . 2012-02-29 13:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-29 03:15 . 2012-02-29 20:29 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-25 03:37 . 2011-09-13 20:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-02-26 05:08 . 2011-06-10 19:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 03:11 . 2012-02-19 03:10 4406994 ------r- C:\sebas.exe
2012-02-18 18:19 . 2012-02-18 18:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-25 03:05 . 2012-02-14 17:48 27648 ----a-w- c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\DEDD03.exe
2012-01-25 03:05 . 2012-02-14 17:48 27648 ----a-w- c:\users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DEDD03.exe
2012-01-25 03:05 . 2012-02-14 17:48 27648 ----a-w- c:\users\es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DEDD03.exe
2012-01-25 03:05 . 2012-02-14 17:48 27648 ----a-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DEDD03.exe
2012-01-25 03:05 . 2012-01-25 03:05 27648 ----a-w- c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\CADECB6E12FC.exe
2012-01-25 03:05 . 2012-01-25 03:05 27648 ----a-w- c:\users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CADECB6E12FC.exe
2012-01-25 03:05 . 2012-01-25 03:05 27648 ----a-w- c:\users\es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CADECB6E12FC.exe
2012-01-25 03:05 . 2012-01-25 03:05 27648 ----a-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CADECB6E12FC.exe
2012-03-19 18:40 . 2011-04-25 13:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-15 15:59 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DEDD03"="c:\users\sebastian\AppData\Roaming\DEDD03\DEDD03.exe" [2012-01-25 27648]
"Facebook Update"="c:\users\sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-28 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="CnxDslTb.exe Conexant\AccessRunner ADSL" [X]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DEDD03"="c:\users\sebastian\AppData\Roaming\DEDD03\DEDD03.exe" [2012-01-25 27648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CADECB6E12FC.exe [2012-1-25 27648]
DEDD03.exe [2012-1-25 27648]
.
c:\users\es\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CADECB6E12FC.exe [2012-1-25 27648]
DEDD03.exe [2012-1-25 27648]
.
c:\users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CADECB6E12FC.exe [2012-1-25 27648]
DEDD03.exe [2012-1-25 27648]
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
.
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
CADECB6E12FC.exe [2012-1-25 27648]
DEDD03.exe [2012-1-25 27648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-12-22 12862]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2010-12-21 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=c:\users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=c:\windows\pss\Microsoft Office Groove.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 15:30 272952 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2010-05-03 17:41 170624 ----a-w- c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2010-06-24 20:50 6806144 ----a-w- c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-06-19 13:29 105016 ----a-w- c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 303744]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
mcafeeframework
toscosrv
avidstartup
oracleorahomehttpserver
smwdm
SiSGbeXP
oracle_load_balancer_60_server-forms6ip14
pinger
tvtfilter
btwrchid
megamonitorsrv
ssisvr32
ql2100
TMMEmu
downloadmanagerlite
vzcdbsvc
siside
StMp3Rec
euq_monitor
ScFBPNT2
ksthunk
curtainssyssvc
webupdate
usbsermpt
sthda
CE3
imaservice
msftpsvc
xaudioservice
ZuneWlanCfgSvc
tsmservice
awhost32
awlegacy
DKbFltr
snare
avg7rsw
DSI_SiUSBXp_3_1
hibernation
bthusb
symmpi
schscnt
pserve
hwdatacard
maya70docserver
artourservice
MREMP50a64
tme3srv
lxcgcustomerconnect
mcafeeantispyware
pdlnepkt
whoisd32
sscdmdm
telnet
tiumfwl
W8100PCI
wintrust
VX1000
pdreli
USB28xxBGA
SABSVC
3dkeybd
lmimaint
dntus26
akshhl
license
meiudf
fastuserswitchingcompatibility
mbmiodrvr
dtsagntsvc
atinevxx
RESMGR
aslm75
pilogsrv
amsint
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-519758297-2965550130-3683416914-1000Core.job
- c:\users\sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 01:23]
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-519758297-2965550130-3683416914-1000UA.job
- c:\users\sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 01:23]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 21:07]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 21:07]
.
2012-02-29 c:\windows\Tasks\Net4Switch.job
- c:\program files\ASUS\Net4Switch\Net4Switch.exe [2010-12-22 13:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101810&l=dis
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 200.69.193.1 200.69.193.2
FF - ProfilePath - c:\users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\up878yan.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.entrepreneur.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\sebastian\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-CADECB6E12FC - c:\users\sebastian\AppData\Roaming\CADECB6E12FC\CADECB6E12FC.exe
HKCU-Run-cvquksm6th - c:\users\sebastian\cvquksm6th.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-CADECB6E12FC - c:\users\sebastian\AppData\Roaming\CADECB6E12FC\CADECB6E12FC.exe
SafeBoot-10631043.sys
AddRemove-Limbo Full - c:\juegos\Limbo\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql$WASPDBEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:WASPDBEXPRESS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(556)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.DLL
.
- - - - - - - > 'Explorer.exe'(188)
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\KTS\daemon.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\windows\system32\taskhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe
c:\windows\system32\conhost.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\WireLessDesigner\WS_Bin\WSServerSvc.exe
c:\program files\WireLessDesigner\WS_Bin_V4\WSServerSvcV4.exe
c:\program files\WireLessDesigner\WS_Bin\WSStarterSvc.exe
c:\program files\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Elantech\ETDCtrlHelper.exe
c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\ASUS\ControlDeck\ControlDeck.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Nero\Update\NASvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-03-29 14:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 17:53
.
Pre-Run: 21.774.655.488 bytes free
Post-Run: 22.029.160.448 bytes free
.
- - End Of File - - 5C6844207BB54AFE591F97380545144E

#11 sebamobile

sebamobile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 29 March 2012 - 03:17 PM

I had run the tdss again and this was the log:


17:12:39.0831 7824 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:12:40.0551 7824 ============================================================
17:12:40.0551 7824 Current date / time: 2012/03/29 17:12:40.0551
17:12:40.0551 7824 SystemInfo:
17:12:40.0551 7824
17:12:40.0551 7824 OS Version: 6.1.7601 ServicePack: 1.0
17:12:40.0551 7824 Product type: Workstation
17:12:40.0551 7824 ComputerName: BARBOL
17:12:40.0551 7824 UserName: sebastian
17:12:40.0551 7824 Windows directory: C:\Windows
17:12:40.0551 7824 System windows directory: C:\Windows
17:12:40.0551 7824 Processor architecture: Intel x86
17:12:40.0552 7824 Number of processors: 4
17:12:40.0552 7824 Page size: 0x1000
17:12:40.0552 7824 Boot type: Normal boot
17:12:40.0552 7824 ============================================================
17:12:41.0250 7824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:12:41.0253 7824 \Device\Harddisk0\DR0:
17:12:41.0253 7824 MBR used
17:12:41.0253 7824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
17:12:41.0253 7824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1749DDC1, BlocksNum 0x22EE6E80
17:12:41.0310 7824 Initialize success
17:12:41.0310 7824 ============================================================
17:12:56.0042 7392 ============================================================
17:12:56.0042 7392 Scan started
17:12:56.0042 7392 Mode: Manual;
17:12:56.0042 7392 ============================================================
17:13:00.0871 7392 .csc - ok
17:13:00.0931 7392 .tdx - ok
17:13:01.0072 7392 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:13:01.0093 7392 1394ohci - ok
17:13:01.0271 7392 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:13:01.0278 7392 ACPI - ok
17:13:01.0394 7392 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:13:01.0397 7392 AcpiPmi - ok
17:13:01.0490 7392 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:13:01.0494 7392 Adobe LM Service - ok
17:13:01.0644 7392 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:13:01.0647 7392 AdobeARMservice - ok
17:13:01.0791 7392 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:01.0799 7392 adp94xx - ok
17:13:01.0968 7392 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:13:01.0989 7392 adpahci - ok
17:13:02.0157 7392 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:13:02.0167 7392 adpu320 - ok
17:13:02.0293 7392 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
17:13:02.0304 7392 ADSMService - ok
17:13:02.0635 7392 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:13:02.0637 7392 AeLookupSvc - ok
17:13:02.0759 7392 AFBAgent (7b4c96f1ce7b6336a5c2d30bf4fb1f76) C:\Windows\system32\FBAgent.exe
17:13:02.0767 7392 AFBAgent - ok
17:13:02.0888 7392 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:13:02.0895 7392 AFD - ok
17:13:03.0005 7392 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:13:03.0008 7392 agp440 - ok
17:13:03.0064 7392 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:13:03.0067 7392 aic78xx - ok
17:13:03.0118 7392 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:13:03.0122 7392 ALG - ok
17:13:03.0221 7392 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:13:03.0224 7392 aliide - ok
17:13:03.0288 7392 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:13:03.0291 7392 amdagp - ok
17:13:03.0419 7392 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:13:03.0422 7392 amdide - ok
17:13:03.0488 7392 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:13:03.0491 7392 AmdK8 - ok
17:13:03.0544 7392 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:13:03.0555 7392 AmdPPM - ok
17:13:03.0788 7392 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:13:03.0792 7392 amdsata - ok
17:13:03.0840 7392 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:03.0845 7392 amdsbs - ok
17:13:03.0886 7392 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:13:03.0889 7392 amdxata - ok
17:13:04.0023 7392 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
17:13:04.0082 7392 AppHostSvc - ok
17:13:04.0206 7392 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:13:04.0209 7392 AppID - ok
17:13:04.0270 7392 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:13:04.0273 7392 AppIDSvc - ok
17:13:04.0345 7392 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:13:04.0348 7392 Appinfo - ok
17:13:04.0417 7392 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:13:04.0421 7392 AppMgmt - ok
17:13:04.0549 7392 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:13:04.0553 7392 arc - ok
17:13:04.0589 7392 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:13:04.0602 7392 arcsas - ok
17:13:04.0832 7392 AsDsm (104db777372411c55850c4a2ae6877ef) C:\Windows\system32\drivers\AsDsm.sys
17:13:04.0834 7392 AsDsm - ok
17:13:04.0939 7392 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
17:13:04.0942 7392 ASLDRService - ok
17:13:04.0954 7392 ASMMAP (b9fdfa552eba5b4bf377f7ccec9b8bc7) C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
17:13:04.0957 7392 ASMMAP - ok
17:13:05.0113 7392 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:13:05.0170 7392 aspnet_state - ok
17:13:05.0303 7392 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:05.0305 7392 AsyncMac - ok
17:13:05.0384 7392 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:13:05.0387 7392 atapi - ok
17:13:05.0539 7392 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys
17:13:05.0571 7392 athr - ok
17:13:05.0705 7392 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
17:13:05.0707 7392 ATKGFNEXSrv - ok
17:13:05.0831 7392 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:13:05.0842 7392 AudioEndpointBuilder - ok
17:13:05.0853 7392 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:13:05.0858 7392 Audiosrv - ok
17:13:05.0929 7392 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:13:05.0936 7392 AxInstSV - ok
17:13:06.0023 7392 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:13:06.0032 7392 b06bdrv - ok
17:13:06.0085 7392 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:13:06.0091 7392 b57nd60x - ok
17:13:06.0179 7392 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:13:06.0182 7392 BDESVC - ok
17:13:06.0245 7392 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:13:06.0247 7392 Beep - ok
17:13:06.0384 7392 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:13:06.0391 7392 BFE - ok
17:13:06.0578 7392 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:13:06.0612 7392 BITS - ok
17:13:06.0719 7392 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:06.0734 7392 blbdrive - ok
17:13:06.0862 7392 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:13:06.0865 7392 bowser - ok
17:13:06.0893 7392 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:06.0896 7392 BrFiltLo - ok
17:13:06.0915 7392 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:06.0918 7392 BrFiltUp - ok
17:13:06.0972 7392 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:13:06.0974 7392 BridgeMP - ok
17:13:07.0099 7392 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:13:07.0103 7392 Browser - ok
17:13:07.0162 7392 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:13:07.0169 7392 Brserid - ok
17:13:07.0219 7392 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:07.0222 7392 BrSerWdm - ok
17:13:07.0261 7392 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:07.0263 7392 BrUsbMdm - ok
17:13:07.0293 7392 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:07.0295 7392 BrUsbSer - ok
17:13:07.0322 7392 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:07.0324 7392 BTHMODEM - ok
17:13:07.0380 7392 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:13:07.0385 7392 bthserv - ok
17:13:07.0520 7392 catchme - ok
17:13:07.0637 7392 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:13:07.0641 7392 cdfs - ok
17:13:07.0773 7392 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
17:13:07.0791 7392 cdrom - ok
17:13:07.0902 7392 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:13:07.0906 7392 CertPropSvc - ok
17:13:07.0972 7392 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:13:07.0975 7392 circlass - ok
17:13:08.0010 7392 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:13:08.0017 7392 CLFS - ok
17:13:08.0115 7392 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:08.0171 7392 clr_optimization_v2.0.50727_32 - ok
17:13:08.0295 7392 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:08.0427 7392 clr_optimization_v4.0.30319_32 - ok
17:13:08.0533 7392 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:08.0541 7392 CmBatt - ok
17:13:08.0724 7392 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:13:08.0727 7392 cmdide - ok
17:13:08.0830 7392 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
17:13:08.0840 7392 CNG - ok
17:13:09.0071 7392 CnxEtP (bfdf22287e4fc3fbd08cae9d783331d8) C:\Windows\system32\DRIVERS\CnxEtP.sys
17:13:09.0074 7392 CnxEtP - ok
17:13:09.0136 7392 CnxEtU (1e71eed6784708c30cfee36c5439dc62) C:\Windows\system32\DRIVERS\CnxEtU.sys
17:13:09.0160 7392 CnxEtU - ok
17:13:09.0300 7392 CnxTgNL (a4129ec2b33dd619d5bee95549bb570e) C:\Windows\system32\DRIVERS\CnxTgNL.sys
17:13:09.0304 7392 CnxTgNL - ok
17:13:09.0340 7392 CnxtHdAudService (38b2b74dd1515cf70e8e33ab3a16ca07) C:\Windows\system32\drivers\CHDRT32.sys
17:13:09.0351 7392 CnxtHdAudService - ok
17:13:09.0438 7392 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:13:09.0440 7392 Compbatt - ok
17:13:09.0551 7392 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:13:09.0554 7392 CompositeBus - ok
17:13:09.0583 7392 COMSysApp - ok
17:13:09.0633 7392 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:09.0635 7392 crcdisk - ok
17:13:09.0744 7392 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
17:13:09.0749 7392 CryptSvc - ok
17:13:09.0810 7392 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:13:09.0819 7392 CSC - ok
17:13:09.0850 7392 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:13:09.0873 7392 CscService - ok
17:13:09.0949 7392 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:13:09.0972 7392 DcomLaunch - ok
17:13:10.0017 7392 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:13:10.0027 7392 defragsvc - ok
17:13:10.0110 7392 DfsC (431633f898d3b4136835d42d10dd71c7) C:\Windows\system32\Drivers\dfsc.sys
17:13:10.0122 7392 DfsC ( Virus.Win32.ZAccess.g ) - infected
17:13:10.0122 7392 DfsC - detected Virus.Win32.ZAccess.g (0)
17:13:10.0318 7392 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:13:10.0325 7392 Dhcp - ok
17:13:10.0396 7392 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:13:10.0416 7392 discache - ok
17:13:10.0537 7392 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:13:10.0539 7392 Disk - ok
17:13:10.0578 7392 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:13:10.0584 7392 Dnscache - ok
17:13:10.0623 7392 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:13:10.0630 7392 dot3svc - ok
17:13:10.0739 7392 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
17:13:10.0743 7392 Dot4 - ok
17:13:10.0879 7392 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:13:10.0882 7392 Dot4Print - ok
17:13:10.0937 7392 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
17:13:10.0940 7392 dot4usb - ok
17:13:10.0988 7392 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:13:10.0995 7392 DPS - ok
17:13:11.0083 7392 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:13:11.0117 7392 drmkaud - ok
17:13:11.0388 7392 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:13:11.0416 7392 DXGKrnl - ok
17:13:11.0480 7392 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:13:11.0485 7392 EapHost - ok
17:13:11.0635 7392 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:13:11.0713 7392 ebdrv - ok
17:13:11.0803 7392 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
17:13:11.0809 7392 EFS - ok
17:13:11.0879 7392 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:13:11.0931 7392 ehRecvr - ok
17:13:11.0963 7392 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:13:11.0966 7392 ehSched - ok
17:13:12.0077 7392 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:13:12.0087 7392 elxstor - ok
17:13:12.0121 7392 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:13:12.0123 7392 ErrDev - ok
17:13:12.0180 7392 ETD (7c87df14552a5e0270dbd906baff85fb) C:\Windows\system32\DRIVERS\ETD.sys
17:13:12.0183 7392 ETD - ok
17:13:12.0217 7392 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:13:12.0225 7392 EventSystem - ok
17:13:12.0256 7392 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:13:12.0261 7392 exfat - ok
17:13:12.0288 7392 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:13:12.0293 7392 fastfat - ok
17:13:12.0352 7392 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:13:12.0375 7392 Fax - ok
17:13:12.0419 7392 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:13:12.0421 7392 fdc - ok
17:13:12.0449 7392 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:13:12.0454 7392 fdPHost - ok
17:13:12.0478 7392 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:13:12.0483 7392 FDResPub - ok
17:13:12.0566 7392 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:13:12.0570 7392 FileInfo - ok
17:13:12.0604 7392 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:13:12.0606 7392 Filetrace - ok
17:13:12.0645 7392 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:13:12.0648 7392 flpydisk - ok
17:13:12.0711 7392 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:13:12.0717 7392 FltMgr - ok
17:13:12.0861 7392 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:13:12.0893 7392 FontCache - ok
17:13:13.0021 7392 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:13:13.0025 7392 FontCache3.0.0.0 - ok
17:13:13.0105 7392 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:13:13.0107 7392 FsDepends - ok
17:13:13.0137 7392 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:13:13.0139 7392 Fs_Rec - ok
17:13:13.0239 7392 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:13:13.0245 7392 fvevol - ok
17:13:13.0345 7392 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:13:13.0349 7392 gagp30kx - ok
17:13:13.0481 7392 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
17:13:13.0486 7392 ghaio - ok
17:13:13.0582 7392 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:13:13.0605 7392 gpsvc - ok
17:13:13.0684 7392 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:13:13.0687 7392 gupdate - ok
17:13:13.0737 7392 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:13:13.0740 7392 gupdatem - ok
17:13:13.0882 7392 hcmon (fef4c8cb7412c644c36074cd7596df2a) C:\Windows\system32\drivers\hcmon.sys
17:13:13.0889 7392 hcmon - ok
17:13:14.0071 7392 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:13:14.0074 7392 hcw85cir - ok
17:13:14.0149 7392 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:13:14.0157 7392 HdAudAddService - ok
17:13:14.0226 7392 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:13:14.0230 7392 HDAudBus - ok
17:13:14.0288 7392 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
17:13:14.0291 7392 HECI - ok
17:13:14.0329 7392 hibernation - ok
17:13:14.0368 7392 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:13:14.0370 7392 HidBatt - ok
17:13:14.0389 7392 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:13:14.0393 7392 HidBth - ok
17:13:14.0448 7392 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:13:14.0452 7392 HidIr - ok
17:13:14.0495 7392 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:13:14.0501 7392 hidserv - ok
17:13:14.0576 7392 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:13:14.0579 7392 HidUsb - ok
17:13:14.0624 7392 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:13:14.0635 7392 hkmsvc - ok
17:13:14.0697 7392 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:13:14.0707 7392 HomeGroupListener - ok
17:13:14.0764 7392 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:13:14.0777 7392 HomeGroupProvider - ok
17:13:14.0969 7392 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:13:15.0017 7392 hpqcxs08 - ok
17:13:15.0239 7392 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:13:15.0244 7392 hpqddsvc - ok
17:13:15.0361 7392 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:13:15.0365 7392 HpSAMD - ok
17:13:15.0441 7392 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:13:15.0465 7392 HTTP - ok
17:13:15.0571 7392 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:13:15.0574 7392 hwpolicy - ok
17:13:15.0717 7392 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:13:15.0722 7392 i8042prt - ok
17:13:15.0810 7392 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
17:13:15.0816 7392 iaStor - ok
17:13:15.0993 7392 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:13:16.0000 7392 iaStorV - ok
17:13:16.0126 7392 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:13:16.0130 7392 IDriverT - ok
17:13:16.0217 7392 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:13:16.0263 7392 idsvc - ok
17:13:16.0525 7392 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:13:16.0726 7392 igfx - ok
17:13:16.0916 7392 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:13:16.0920 7392 iirsp - ok
17:13:17.0093 7392 IISADMIN (fc9735b66850cf8aebbc1e207ecb2ad8) C:\Windows\system32\inetsrv\inetinfo.exe
17:13:17.0125 7392 IISADMIN - ok
17:13:17.0252 7392 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:13:17.0286 7392 IKEEXT - ok
17:13:17.0372 7392 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
17:13:17.0377 7392 Impcd - ok
17:13:17.0479 7392 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:13:17.0486 7392 IntcDAud - ok
17:13:17.0530 7392 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:13:17.0533 7392 intelide - ok
17:13:17.0598 7392 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:13:17.0602 7392 intelppm - ok
17:13:17.0738 7392 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:13:17.0744 7392 IPBusEnum - ok
17:13:17.0846 7392 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:13:17.0850 7392 IpFilterDriver - ok
17:13:17.0998 7392 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:13:18.0022 7392 iphlpsvc - ok
17:13:18.0075 7392 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:13:18.0079 7392 IPMIDRV - ok
17:13:18.0118 7392 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:13:18.0122 7392 IPNAT - ok
17:13:18.0133 7392 ipswuio - ok
17:13:18.0178 7392 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:13:18.0180 7392 IRENUM - ok
17:13:18.0218 7392 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:13:18.0221 7392 isapnp - ok
17:13:18.0263 7392 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:13:18.0270 7392 iScsiPrt - ok
17:13:18.0367 7392 JMCR (2254a5e78c55fd8f68f9676590468531) C:\Windows\system32\DRIVERS\jmcr.sys
17:13:18.0370 7392 JMCR - ok
17:13:18.0398 7392 JME (36220002d044fe2da969cb6406bbc0e5) C:\Windows\system32\DRIVERS\JME.sys
17:13:18.0402 7392 JME - ok
17:13:18.0465 7392 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
17:13:18.0469 7392 kbdclass - ok
17:13:18.0568 7392 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:13:18.0571 7392 kbdhid - ok
17:13:18.0658 7392 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:13:18.0661 7392 kbfiltr - ok
17:13:18.0693 7392 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
17:13:18.0699 7392 KeyIso - ok
17:13:18.0837 7392 KpyM Telnet SSH Server v1.19c (8c8983d282e9d6d3609988b0a2dee242) C:\Program Files\KTS\daemon.exe
17:13:18.0884 7392 KpyM Telnet SSH Server v1.19c - ok
17:13:18.0966 7392 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
17:13:18.0970 7392 KSecDD - ok
17:13:19.0012 7392 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
17:13:19.0017 7392 KSecPkg - ok
17:13:19.0046 7392 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:13:19.0068 7392 KtmRm - ok
17:13:19.0126 7392 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:13:19.0148 7392 LanmanServer - ok
17:13:19.0230 7392 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:13:19.0252 7392 LanmanWorkstation - ok
17:13:19.0385 7392 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:13:19.0388 7392 lltdio - ok
17:13:19.0493 7392 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:13:19.0503 7392 lltdsvc - ok
17:13:19.0522 7392 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:13:19.0528 7392 lmhosts - ok
17:13:19.0628 7392 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:13:19.0634 7392 LMS - ok
17:13:19.0720 7392 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:13:19.0723 7392 LSI_FC - ok
17:13:19.0760 7392 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:13:19.0765 7392 LSI_SAS - ok
17:13:19.0808 7392 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:13:19.0810 7392 LSI_SAS2 - ok
17:13:19.0842 7392 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:13:19.0845 7392 LSI_SCSI - ok
17:13:19.0902 7392 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:13:19.0905 7392 luafv - ok
17:13:20.0058 7392 lvupdtio (fed822e9149e9159251cdc37dedf3ca8) C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys
17:13:20.0061 7392 lvupdtio - ok
17:13:20.0194 7392 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
17:13:20.0197 7392 MBAMProtector - ok
17:13:20.0356 7392 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:13:20.0428 7392 MBAMService - ok
17:13:20.0641 7392 mcafeeframework - ok
17:13:20.0694 7392 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:13:20.0703 7392 Mcx2Svc - ok
17:13:20.0752 7392 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:13:20.0755 7392 megasas - ok
17:13:20.0802 7392 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:13:20.0808 7392 MegaSR - ok
17:13:20.0923 7392 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:13:20.0927 7392 Microsoft Office Groove Audit Service - ok
17:13:20.0997 7392 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:13:21.0005 7392 MMCSS - ok
17:13:21.0049 7392 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:13:21.0052 7392 Modem - ok
17:13:21.0095 7392 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:13:21.0097 7392 monitor - ok
17:13:21.0218 7392 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:13:21.0221 7392 mouclass - ok
17:13:21.0297 7392 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:13:21.0299 7392 mouhid - ok
17:13:21.0497 7392 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:13:21.0500 7392 mountmgr - ok
17:13:21.0576 7392 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:13:21.0581 7392 mpio - ok
17:13:21.0653 7392 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:13:21.0656 7392 mpsdrv - ok
17:13:21.0803 7392 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:13:21.0835 7392 MpsSvc - ok
17:13:21.0894 7392 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:13:21.0898 7392 MRxDAV - ok
17:13:22.0010 7392 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:13:22.0014 7392 mrxsmb - ok
17:13:22.0054 7392 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:13:22.0060 7392 mrxsmb10 - ok
17:13:22.0111 7392 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:13:22.0115 7392 mrxsmb20 - ok
17:13:22.0202 7392 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:13:22.0205 7392 msahci - ok
17:13:22.0314 7392 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:13:22.0318 7392 msdsm - ok
17:13:22.0370 7392 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:13:22.0379 7392 MSDTC - ok
17:13:22.0419 7392 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:13:22.0422 7392 Msfs - ok
17:13:22.0552 7392 msftesql$WASPDBEXPRESS (54819fc5c79e4b2c6e896f9de440494d) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
17:13:22.0556 7392 msftesql$WASPDBEXPRESS - ok
17:13:22.0629 7392 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:13:22.0630 7392 mshidkmdf - ok
17:13:22.0672 7392 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:13:22.0675 7392 msisadrv - ok
17:13:22.0743 7392 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:13:22.0752 7392 MSiSCSI - ok
17:13:22.0762 7392 msiserver - ok
17:13:22.0839 7392 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:13:22.0842 7392 MSKSSRV - ok
17:13:22.0866 7392 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:13:22.0869 7392 MSPCLOCK - ok
17:13:22.0893 7392 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:13:22.0904 7392 MSPQM - ok
17:13:22.0949 7392 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:13:22.0955 7392 MsRPC - ok
17:13:23.0007 7392 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:13:23.0010 7392 mssmbios - ok
17:13:23.0094 7392 MSSQL$WASPDBEXPRESS - ok
17:13:23.0156 7392 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:13:23.0164 7392 MSSQLServerADHelper - ok
17:13:23.0350 7392 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:13:23.0353 7392 MSTEE - ok
17:13:23.0375 7392 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:13:23.0378 7392 MTConfig - ok
17:13:23.0430 7392 MTsensor (2e71504a74be4e3d4ea94568eff7556e) C:\Windows\system32\DRIVERS\ATKACPI.sys
17:13:23.0433 7392 MTsensor - ok
17:13:23.0459 7392 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:13:23.0463 7392 Mup - ok
17:13:23.0512 7392 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:13:23.0534 7392 napagent - ok
17:13:23.0600 7392 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:13:23.0607 7392 NativeWifiP - ok
17:13:23.0706 7392 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files\Nero\Update\NASvc.exe
17:13:23.0735 7392 NAUpdate - ok
17:13:23.0827 7392 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:13:23.0852 7392 NDIS - ok
17:13:23.0956 7392 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:13:23.0959 7392 NdisCap - ok
17:13:24.0035 7392 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:13:24.0038 7392 NdisTapi - ok
17:13:24.0113 7392 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:13:24.0116 7392 Ndisuio - ok
17:13:24.0166 7392 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:13:24.0170 7392 NdisWan - ok
17:13:24.0187 7392 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:13:24.0190 7392 NDProxy - ok
17:13:24.0340 7392 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
17:13:24.0346 7392 Net Driver HPZ12 - ok
17:13:24.0413 7392 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:13:24.0416 7392 NetBIOS - ok
17:13:24.0463 7392 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:13:24.0469 7392 NetBT - ok
17:13:24.0504 7392 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
17:13:24.0510 7392 Netlogon - ok
17:13:24.0608 7392 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:13:24.0631 7392 Netman - ok
17:13:24.0754 7392 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:13:24.0765 7392 NetMsmqActivator - ok
17:13:24.0772 7392 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:13:24.0774 7392 NetPipeActivator - ok
17:13:24.0922 7392 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:13:24.0945 7392 netprofm - ok
17:13:25.0118 7392 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:13:25.0120 7392 NetTcpActivator - ok
17:13:25.0126 7392 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:13:25.0129 7392 NetTcpPortSharing - ok
17:13:25.0233 7392 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:13:25.0236 7392 nfrd960 - ok
17:13:25.0277 7392 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:13:25.0289 7392 NlaSvc - ok
17:13:25.0307 7392 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:13:25.0309 7392 Npfs - ok
17:13:25.0341 7392 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:13:25.0350 7392 nsi - ok
17:13:25.0369 7392 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:13:25.0371 7392 nsiproxy - ok
17:13:25.0446 7392 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:13:25.0483 7392 Ntfs - ok
17:13:25.0508 7392 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:13:25.0510 7392 Null - ok
17:13:25.0880 7392 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:13:26.0156 7392 nvlddmkm - ok
17:13:26.0285 7392 nvpciflt (c438849c81bb7353512646a2cac5d041) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:13:26.0288 7392 nvpciflt - ok
17:13:26.0351 7392 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:13:26.0356 7392 nvraid - ok
17:13:26.0451 7392 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:13:26.0456 7392 nvstor - ok
17:13:26.0534 7392 nvsvc (538a52e480c816d1990579a8faaffa20) C:\Windows\system32\nvvsvc.exe
17:13:26.0569 7392 nvsvc - ok
17:13:26.0695 7392 nvUpdatusService (3e0898db7cac9f8e5595e5e7c801fd1e) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:13:26.0761 7392 nvUpdatusService - ok
17:13:26.0845 7392 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:13:26.0849 7392 nv_agp - ok
17:13:26.0952 7392 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:13:26.0963 7392 odserv - ok
17:13:27.0071 7392 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:13:27.0075 7392 ohci1394 - ok
17:13:27.0209 7392 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:13:27.0213 7392 ose - ok
17:13:27.0401 7392 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:13:27.0442 7392 p2pimsvc - ok
17:13:27.0509 7392 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:13:27.0532 7392 p2psvc - ok
17:13:27.0622 7392 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:13:27.0626 7392 Parport - ok
17:13:27.0683 7392 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
17:13:27.0687 7392 partmgr - ok
17:13:27.0711 7392 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:13:27.0714 7392 Parvdm - ok
17:13:27.0753 7392 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:13:27.0774 7392 PcaSvc - ok
17:13:27.0902 7392 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:13:27.0906 7392 pci - ok
17:13:27.0949 7392 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:13:27.0952 7392 pciide - ok
17:13:28.0012 7392 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:13:28.0017 7392 pcmcia - ok
17:13:28.0171 7392 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
17:13:28.0180 7392 pcouffin - ok
17:13:28.0261 7392 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:13:28.0264 7392 pcw - ok
17:13:28.0313 7392 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:13:28.0370 7392 PEAUTH - ok
17:13:28.0445 7392 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
17:13:28.0488 7392 PeerDistSvc - ok
17:13:28.0576 7392 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:13:28.0659 7392 pla - ok
17:13:28.0721 7392 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:13:28.0750 7392 PlugPlay - ok
17:13:28.0874 7392 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
17:13:28.0880 7392 Pml Driver HPZ12 - ok
17:13:28.0915 7392 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:13:28.0925 7392 PNRPAutoReg - ok
17:13:28.0952 7392 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:13:28.0961 7392 PNRPsvc - ok
17:13:29.0016 7392 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:13:29.0026 7392 PolicyAgent - ok
17:13:29.0121 7392 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:13:29.0143 7392 Power - ok
17:13:29.0221 7392 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:13:29.0225 7392 PptpMiniport - ok
17:13:29.0376 7392 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:13:29.0379 7392 Processor - ok
17:13:29.0424 7392 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
17:13:29.0436 7392 ProfSvc - ok
17:13:29.0467 7392 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
17:13:29.0472 7392 ProtectedStorage - ok
17:13:29.0542 7392 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:13:29.0545 7392 Psched - ok
17:13:29.0669 7392 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:13:29.0674 7392 PSI_SVC_2 - ok
17:13:29.0754 7392 ql2100 - ok
17:13:29.0887 7392 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:13:29.0925 7392 ql2300 - ok
17:13:30.0050 7392 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:13:30.0054 7392 ql40xx - ok
17:13:30.0106 7392 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:13:30.0114 7392 QWAVE - ok
17:13:30.0150 7392 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:13:30.0153 7392 QWAVEdrv - ok
17:13:30.0249 7392 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
17:13:30.0513 7392 RapiMgr - ok
17:13:30.0597 7392 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:13:30.0603 7392 RasAcd - ok
17:13:30.0658 7392 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:13:30.0661 7392 RasAgileVpn - ok
17:13:30.0779 7392 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:13:30.0784 7392 RasAuto - ok
17:13:30.0978 7392 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:13:30.0981 7392 Rasl2tp - ok
17:13:31.0061 7392 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:13:31.0069 7392 RasMan - ok
17:13:31.0177 7392 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:13:31.0180 7392 RasPppoe - ok
17:13:31.0206 7392 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:13:31.0209 7392 RasSstp - ok
17:13:31.0259 7392 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:13:31.0265 7392 rdbss - ok
17:13:31.0303 7392 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:13:31.0306 7392 rdpbus - ok
17:13:31.0365 7392 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:13:31.0367 7392 RDPCDD - ok
17:13:31.0430 7392 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:13:31.0435 7392 RDPDR - ok
17:13:31.0487 7392 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:13:31.0489 7392 RDPENCDD - ok
17:13:31.0506 7392 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:13:31.0510 7392 RDPREFMP - ok
17:13:31.0567 7392 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
17:13:31.0570 7392 RdpVideoMiniport - ok
17:13:31.0627 7392 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
17:13:31.0633 7392 RDPWD - ok
17:13:31.0688 7392 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:13:31.0693 7392 rdyboost - ok
17:13:31.0792 7392 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:13:31.0801 7392 RemoteAccess - ok
17:13:31.0826 7392 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:13:31.0838 7392 RemoteRegistry - ok
17:13:31.0869 7392 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:13:31.0880 7392 RpcEptMapper - ok
17:13:31.0904 7392 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:13:31.0910 7392 RpcLocator - ok
17:13:31.0961 7392 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:13:31.0974 7392 RpcSs - ok
17:13:32.0036 7392 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:13:32.0040 7392 rspndr - ok
17:13:32.0107 7392 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
17:13:32.0111 7392 s125bus - ok
17:13:32.0152 7392 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
17:13:32.0155 7392 s125mdfl - ok
17:13:32.0177 7392 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
17:13:32.0181 7392 s125mdm - ok
17:13:32.0233 7392 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys
17:13:32.0237 7392 s125mgmt - ok
17:13:32.0304 7392 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys
17:13:32.0308 7392 s125obex - ok
17:13:32.0344 7392 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:13:32.0347 7392 s3cap - ok
17:13:32.0384 7392 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
17:13:32.0388 7392 SamSs - ok
17:13:32.0447 7392 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:13:32.0450 7392 sbp2port - ok
17:13:32.0513 7392 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:13:32.0537 7392 SCardSvr - ok
17:13:32.0633 7392 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:13:32.0642 7392 scfilter - ok
17:13:32.0726 7392 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:13:32.0761 7392 Schedule - ok
17:13:32.0808 7392 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:13:32.0810 7392 SCPolicySvc - ok
17:13:32.0899 7392 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
17:13:32.0903 7392 sdbus - ok
17:13:32.0946 7392 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:13:32.0956 7392 SDRSVC - ok
17:13:33.0020 7392 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:13:33.0024 7392 secdrv - ok
17:13:33.0051 7392 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:13:33.0061 7392 seclogon - ok
17:13:33.0177 7392 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:13:33.0188 7392 SENS - ok
17:13:33.0232 7392 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:13:33.0244 7392 SensrSvc - ok
17:13:33.0314 7392 Sentinel (7e5c2c58fc4e3862e7bf88bfb809a9b0) C:\Windows\System32\Drivers\SENTINEL.SYS
17:13:33.0321 7392 Sentinel - ok
17:13:33.0370 7392 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:13:33.0373 7392 Serenum - ok
17:13:33.0387 7392 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:13:33.0391 7392 Serial - ok
17:13:33.0444 7392 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:13:33.0447 7392 sermouse - ok
17:13:33.0513 7392 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:13:33.0529 7392 SessionEnv - ok
17:13:33.0623 7392 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:13:33.0626 7392 sffdisk - ok
17:13:33.0648 7392 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:13:33.0651 7392 sffp_mmc - ok
17:13:33.0675 7392 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:13:33.0679 7392 sffp_sd - ok
17:13:33.0714 7392 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:13:33.0716 7392 sfloppy - ok
17:13:33.0767 7392 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:13:33.0779 7392 SharedAccess - ok
17:13:33.0823 7392 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:13:33.0846 7392 ShellHWDetection - ok
17:13:33.0902 7392 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:13:33.0905 7392 sisagp - ok
17:13:34.0001 7392 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:13:34.0004 7392 SiSRaid2 - ok
17:13:34.0029 7392 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:13:34.0032 7392 SiSRaid4 - ok
17:13:34.0113 7392 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:13:34.0116 7392 Smb - ok
17:13:34.0501 7392 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:13:34.0514 7392 SNMPTRAP - ok
17:13:34.0680 7392 SNP2UVC (03210c439d0c1224eb36865c8010dab6) C:\Windows\system32\DRIVERS\snp2uvc.sys
17:13:34.0753 7392 SNP2UVC - ok
17:13:34.0786 7392 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:13:34.0789 7392 spldr - ok
17:13:34.0882 7392 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
17:13:34.0885 7392 spmgr - ok
17:13:34.0939 7392 SpnAgent - ok
17:13:35.0059 7392 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:13:35.0082 7392 Spooler - ok
17:13:35.0211 7392 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:13:35.0336 7392 sppsvc - ok
17:13:35.0427 7392 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:13:35.0442 7392 sppuinotify - ok
17:13:35.0533 7392 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:13:35.0561 7392 sptd - ok
17:13:35.0693 7392 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:13:35.0698 7392 SQLBrowser - ok
17:13:35.0758 7392 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:13:35.0761 7392 SQLWriter - ok
17:13:35.0853 7392 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:13:35.0861 7392 srv - ok
17:13:35.0885 7392 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:13:35.0893 7392 srv2 - ok
17:13:35.0920 7392 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:13:35.0924 7392 srvnet - ok
17:13:35.0966 7392 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:13:35.0988 7392 SSDPSRV - ok
17:13:36.0011 7392 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:13:36.0023 7392 SstpSvc - ok
17:13:36.0094 7392 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:13:36.0098 7392 stexstor - ok
17:13:36.0146 7392 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:13:36.0180 7392 StiSvc - ok
17:13:36.0232 7392 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:13:36.0235 7392 storflt - ok
17:13:36.0266 7392 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
17:13:36.0277 7392 StorSvc - ok
17:13:36.0322 7392 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:13:36.0326 7392 storvsc - ok
17:13:36.0363 7392 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:13:36.0366 7392 swenum - ok
17:13:36.0407 7392 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:13:36.0429 7392 swprv - ok
17:13:36.0446 7392 Synth3dVsc - ok
17:13:36.0506 7392 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:13:36.0554 7392 SysMain - ok
17:13:36.0599 7392 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:13:36.0614 7392 TabletInputService - ok
17:13:36.0668 7392 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:13:36.0691 7392 TapiSrv - ok
17:13:36.0720 7392 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:13:36.0732 7392 TBS - ok
17:13:36.0818 7392 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
17:13:36.0860 7392 Tcpip - ok
17:13:36.0931 7392 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
17:13:36.0951 7392 TCPIP6 - ok
17:13:37.0076 7392 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:13:37.0081 7392 tcpipreg - ok
17:13:37.0151 7392 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:13:37.0155 7392 TDPIPE - ok
17:13:37.0170 7392 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
17:13:37.0172 7392 TDTCP - ok
17:13:37.0211 7392 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:13:37.0214 7392 tdx - ok
17:13:37.0345 7392 TeamViewer5 (e4a5a883a311c5ee7fd1ef3fda762b5b) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
17:13:37.0435 7392 TeamViewer5 - ok
17:13:37.0516 7392 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:13:37.0520 7392 TermDD - ok
17:13:37.0617 7392 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:13:37.0641 7392 TermService - ok
17:13:37.0695 7392 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:13:37.0703 7392 Themes - ok
17:13:37.0770 7392 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:13:37.0773 7392 THREADORDER - ok
17:13:37.0831 7392 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:13:37.0853 7392 TrkWks - ok
17:13:37.0940 7392 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:13:37.0991 7392 TrustedInstaller - ok
17:13:38.0136 7392 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:13:38.0140 7392 tssecsrv - ok
17:13:38.0239 7392 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:13:38.0243 7392 TsUsbFlt - ok
17:13:38.0254 7392 tsusbhub - ok
17:13:38.0299 7392 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:13:38.0304 7392 tunnel - ok
17:13:38.0341 7392 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:13:38.0344 7392 uagp35 - ok
17:13:38.0396 7392 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:13:38.0403 7392 udfs - ok
17:13:38.0502 7392 ufad-ws60 (27fedeaf9d646b9d001a5e27a18bd437) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
17:13:38.0700 7392 ufad-ws60 - ok
17:13:38.0786 7392 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:13:38.0805 7392 UI0Detect - ok
17:13:38.0883 7392 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:13:38.0886 7392 uliagpkx - ok
17:13:38.0953 7392 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:13:38.0956 7392 umbus - ok
17:13:39.0056 7392 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:13:39.0059 7392 UmPass - ok
17:13:39.0112 7392 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:13:39.0119 7392 UmRdpService - ok
17:13:39.0329 7392 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:13:39.0426 7392 UNS - ok
17:13:39.0505 7392 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:13:39.0528 7392 upnphost - ok
17:13:39.0652 7392 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:13:39.0656 7392 usbaudio - ok
17:13:39.0704 7392 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:13:39.0707 7392 usbccgp - ok
17:13:39.0817 7392 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:13:39.0820 7392 usbcir - ok
17:13:39.0864 7392 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
17:13:39.0868 7392 usbehci - ok
17:13:39.0956 7392 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:13:39.0964 7392 usbhub - ok
17:13:40.0032 7392 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:13:40.0035 7392 usbohci - ok
17:13:40.0085 7392 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:13:40.0089 7392 usbprint - ok
17:13:40.0181 7392 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:13:40.0184 7392 usbscan - ok
17:13:40.0236 7392 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:13:40.0238 7392 USBSTOR - ok
17:13:40.0309 7392 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:13:40.0312 7392 usbuhci - ok
17:13:40.0400 7392 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
17:13:40.0405 7392 usbvideo - ok
17:13:40.0449 7392 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
17:13:40.0453 7392 usb_rndisx - ok
17:13:40.0485 7392 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:13:40.0496 7392 UxSms - ok
17:13:40.0529 7392 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
17:13:40.0534 7392 VaultSvc - ok
17:13:40.0705 7392 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:13:40.0708 7392 vdrvroot - ok
17:13:40.0760 7392 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:13:40.0789 7392 vds - ok
17:13:40.0845 7392 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:13:40.0855 7392 vga - ok
17:13:40.0908 7392 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:13:40.0912 7392 VgaSave - ok
17:13:40.0938 7392 VGPU - ok
17:13:40.0982 7392 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:13:40.0988 7392 vhdmp - ok
17:13:41.0080 7392 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:13:41.0087 7392 viaagp - ok
17:13:41.0211 7392 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:13:41.0215 7392 ViaC7 - ok
17:13:41.0286 7392 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:13:41.0290 7392 viaide - ok
17:13:41.0380 7392 VMAuthdService (4d45f1f1637e53455e407dfcb4e0d459) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
17:13:41.0384 7392 VMAuthdService - ok
17:13:41.0471 7392 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:13:41.0476 7392 vmbus - ok
17:13:41.0505 7392 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:13:41.0508 7392 VMBusHID - ok
17:13:41.0539 7392 vmci (a032c61cf37f5ec1e254348686a1b9f7) C:\Windows\system32\Drivers\vmci.sys
17:13:41.0543 7392 vmci - ok
17:13:41.0583 7392 vmkbd (0ff56144a95abe14c87a20bcc63d6ae1) C:\Windows\system32\drivers\VMkbd.sys
17:13:41.0585 7392 vmkbd - ok
17:13:41.0603 7392 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
17:13:41.0606 7392 VMnetAdapter - ok
17:13:41.0630 7392 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
17:13:41.0633 7392 VMnetBridge - ok
17:13:41.0664 7392 VMnetDHCP (3231287f43eac069dd5a635250820eb6) C:\Windows\system32\vmnetdhcp.exe
17:13:41.0687 7392 VMnetDHCP - ok
17:13:41.0724 7392 VMnetuserif (b26da84d8d5c654b107972397a89fb46) C:\Windows\system32\drivers\vmnetuserif.sys
17:13:41.0727 7392 VMnetuserif - ok
17:13:41.0868 7392 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
17:13:41.0871 7392 vmusb - ok
17:13:41.0988 7392 VMUSBArbService (26bd025b6d74d1c345d13ff9c509e893) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
17:13:42.0012 7392 VMUSBArbService - ok
17:13:42.0174 7392 VMware NAT Service (96dd61e7e665c35d2d22c2ff280e71d9) C:\Windows\system32\vmnat.exe
17:13:42.0202 7392 VMware NAT Service - ok
17:13:42.0309 7392 vmx86 (97c1f1803e208d5e95a60e789a7e070a) C:\Windows\system32\Drivers\vmx86.sys
17:13:42.0345 7392 vmx86 - ok
17:13:42.0392 7392 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:13:42.0395 7392 volmgr - ok
17:13:42.0436 7392 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:13:42.0444 7392 volmgrx - ok
17:13:42.0490 7392 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:13:42.0497 7392 volsnap - ok
17:13:42.0550 7392 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:13:42.0555 7392 vsmraid - ok
17:13:42.0622 7392 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:13:42.0668 7392 VSS - ok
17:13:42.0771 7392 vstor2-ws60 (c40598b7708c6af55a629a4d349e33bb) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
17:13:42.0775 7392 vstor2-ws60 - ok
17:13:42.0852 7392 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:13:42.0855 7392 vwifibus - ok
17:13:42.0903 7392 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:13:42.0906 7392 vwififlt - ok
17:13:42.0950 7392 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:13:42.0973 7392 W32Time - ok
17:13:43.0150 7392 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
17:13:43.0160 7392 W3SVC - ok
17:13:43.0209 7392 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:13:43.0211 7392 WacomPen - ok
17:13:43.0389 7392 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
17:13:43.0411 7392 wampapache - ok
17:13:43.0557 7392 wampmysqld - ok
17:13:43.0871 7392 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:13:43.0875 7392 WANARP - ok
17:13:43.0879 7392 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:13:43.0881 7392 Wanarpv6 - ok
17:13:44.0086 7392 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
17:13:44.0092 7392 WAS - ok
17:13:44.0201 7392 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:13:44.0248 7392 WatAdminSvc - ok
17:13:44.0339 7392 Wavelink Client License Server (b8931c920d40e95053f87b4bbfc2ce5a) C:\Program Files\Wavelink\LicenseServer\LicenseServer.exe
17:13:44.0344 7392 Wavelink Client License Server - ok
17:13:44.0460 7392 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:13:44.0507 7392 wbengine - ok
17:13:44.0561 7392 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:13:44.0583 7392 WbioSrvc - ok
17:13:44.0694 7392 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
17:13:44.0769 7392 WcesComm - ok
17:13:44.0893 7392 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:13:44.0906 7392 wcncsvc - ok
17:13:44.0972 7392 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:13:44.0984 7392 WcsPlugInService - ok
17:13:45.0036 7392 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:13:45.0039 7392 Wd - ok
17:13:45.0074 7392 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:13:45.0084 7392 Wdf01000 - ok
17:13:45.0117 7392 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:13:45.0129 7392 WdiServiceHost - ok
17:13:45.0133 7392 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:13:45.0142 7392 WdiSystemHost - ok
17:13:45.0207 7392 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:13:45.0228 7392 WebClient - ok
17:13:45.0271 7392 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:13:45.0281 7392 Wecsvc - ok
17:13:45.0306 7392 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:13:45.0314 7392 wercplsupport - ok
17:13:45.0360 7392 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:13:45.0373 7392 WerSvc - ok
17:13:45.0461 7392 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:13:45.0464 7392 WfpLwf - ok
17:13:45.0581 7392 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:13:45.0605 7392 WimFltr - ok
17:13:45.0663 7392 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:13:45.0666 7392 WIMMount - ok
17:13:45.0863 7392 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:13:45.0877 7392 WinDefend - ok
17:13:45.0922 7392 WinHttpAutoProxySvc - ok
17:13:46.0033 7392 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:13:46.0125 7392 Winmgmt - ok
17:13:46.0242 7392 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:13:46.0311 7392 WinRM - ok
17:13:46.0445 7392 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.SYS
17:13:46.0448 7392 WINUSB - ok
17:13:46.0525 7392 WireLessDeployerAgent (905ef87dc4ea6e6681c6e960aaf9e821) C:\SofToGo\WireLessDeployer\WireLessDeployerAgent.exe
17:13:46.0680 7392 WireLessDeployerAgent - ok
17:13:46.0844 7392 WireLessTelNetProxyServer (59d2248a5810729a6ec4bb360cf43fc5) C:\Program Files\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe
17:13:46.0953 7392 WireLessTelNetProxyServer - ok
17:13:47.0049 7392 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:13:47.0092 7392 Wlansvc - ok
17:13:47.0248 7392 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:13:47.0305 7392 wlidsvc - ok
17:13:47.0501 7392 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:13:47.0504 7392 WmiAcpi - ok
17:13:47.0661 7392 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:13:47.0666 7392 wmiApSrv - ok
17:13:47.0762 7392 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:13:47.0797 7392 WMPNetworkSvc - ok
17:13:47.0863 7392 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:13:47.0885 7392 WPCSvc - ok
17:13:47.0935 7392 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:13:47.0948 7392 WPDBusEnum - ok
17:13:48.0010 7392 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:13:48.0013 7392 ws2ifsl - ok
17:13:48.0037 7392 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:13:48.0060 7392 wscsvc - ok
17:13:48.0071 7392 WSearch - ok
17:13:48.0195 7392 WSServerSvc (cfbfecb5001e7d15a0a1ee316edc5af7) C:\Program Files\WireLessDesigner\WS_Bin\WSServerSvc.exe
17:13:48.0245 7392 WSServerSvc - ok
17:13:48.0255 7392 WSServerSvcV4 (4a07fa75bf475d7f5c028febc41ff167) C:\Program Files\WireLessDesigner\WS_Bin_V4\WSServerSvcV4.exe
17:13:48.0317 7392 WSServerSvcV4 - ok
17:13:48.0453 7392 WSStarterSvc (866680f57cebf5e8fefbed002aec0d6d) C:\Program Files\WireLessDesigner\WS_Bin\WSStarterSvc.exe
17:13:48.0456 7392 WSStarterSvc - ok
17:13:48.0469 7392 WSStarterSvcV4 (c820147d0a6731e1f9e93857d6a2630f) C:\Program Files\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe
17:13:48.0472 7392 WSStarterSvcV4 - ok
17:13:48.0639 7392 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
17:13:48.0732 7392 wuauserv - ok
17:13:48.0860 7392 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:13:48.0863 7392 WudfPf - ok
17:13:48.0911 7392 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:13:48.0914 7392 WUDFRd - ok
17:13:49.0020 7392 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:13:49.0034 7392 wudfsvc - ok
17:13:49.0094 7392 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:13:49.0116 7392 WwanSvc - ok
17:13:49.0234 7392 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:13:49.0270 7392 \Device\Harddisk0\DR0 - ok
17:13:49.0272 7392 Boot (0x1200) (25d4a3c8eaa23e0dee5ad7378caa7736) \Device\Harddisk0\DR0\Partition0
17:13:49.0275 7392 \Device\Harddisk0\DR0\Partition0 - ok
17:13:49.0326 7392 Boot (0x1200) (119d94d2abb9c4c66e04d62f5a74f446) \Device\Harddisk0\DR0\Partition1
17:13:49.0327 7392 \Device\Harddisk0\DR0\Partition1 - ok
17:13:49.0328 7392 ============================================================
17:13:49.0328 7392 Scan finished
17:13:49.0328 7392 ============================================================
17:13:49.0333 7952 Detected object count: 1
17:13:49.0333 7952 Actual detected object count: 1
17:14:02.0495 7952 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
17:14:02.0536 7952 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
17:14:15.0306 7952 Backup copy not found, trying to cure infected file..
17:14:15.0308 7952 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
17:14:15.0308 7952 C:\Windows\system32\Drivers\dfsc.sys - processing error
17:14:17.0501 7952 DfsC ( Virus.Win32.ZAccess.g ) - User select action: Cure
17:15:17.0393 4744 Deinitialize success

#12 sebamobile

sebamobile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 01 April 2012 - 03:06 PM

Hi, Could you see the logs?

Thanks!

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 04 April 2012 - 07:22 PM

Hello,


Please run the following.

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 07 April 2012 - 11:52 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 AM

Posted 09 April 2012 - 05:47 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users