Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dealing with ZeroAccess Rootkit


  • This topic is locked This topic is locked
18 replies to this topic

#1 hypnotyk

hypnotyk

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 10 April 2012 - 07:46 AM

Hey there,
So here I'm dealing with the ZeroAccess virus, and I need help; but first here's some background history:

A few nights ago I was relaxing on the PC, then I get a Adobe Flash update notifier, which I have been denying for a while as I couldn't be bothered updating. I decide to update, everything looks professional and legit, as something from Adobe should be, just after the update I get a notification from McAfee saying it has blocked and deleted the ZeroAccess.e trojan horse rootkit, for which I blame the downloads I did earlier that day. I get a notification from Windwos saying that Adobe Flash was not installed correctly; without suspecting anything I reinstalled the update, everything went fine, I finished what I was doing, turned off the computer and went to sleep. The next day upon turning on the computer I get a notification from McAfee saying the Firewall was disabled, I activated it, and a second later it turned off again, alarmed I scanned the computer, restared it, but the Firewall still wouldn't turn on. After some research I found that the ZeroAccess that I had was caused by the Adobe Flash Update I installed; I than did some more scans with antimalware programs raccomended by McAfee, but they found nothing. Yesterday I decided to do a system configuration restore to when I haven't done the Flash update; so I went into Safe Mode, restored the configuration, restarted into normal mode, and everything was fine; I then virus scanned the machine, it found nothing, and I uninstalled Adobe Flash, Adobe Reader and Java (I found that the ZeroAccess virus could hide in these program updaters), and here I am now, with a computer that apparently is working fine but I'm sure that it's infected.
So, could someone help me, this is really annoying me, and I'm too scared to do anything as I heard it's a backdoor virus that steals my personal information, please help?
Below I've posted the DDS log.

PS
I know I already posted, but the post was too vague and didn't include the DDS log, so, I'm sorry.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Evgeny at 14:23:06 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8191.6522 [GMT 2:00]
.
AV: McAfee Antivirus e Antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus e Antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228105115.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [AdobeBridge]
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29EC7D21-E32B-498B-B42A-06401DF8D6A0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5D26911-7979-4BE9-9934-854415751F14} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8dcb7100-df86-4384-8842-8fa844297b3f}
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [(Predefinito)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;Servizio AMD Fusion Utility;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-8-8 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-8-8 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-8 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-8-8 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-3-22 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-09 12:25:02 -------- d-----w- C:\Windows\pss
2012-04-07 15:21:19 -------- d-----w- C:\Users\Evgeny\AppData\Roaming\RWBYTE
2012-04-07 15:16:33 -------- d-----w- C:\7ce3031ea821e032fba97e5520
2012-03-18 00:56:55 -------- d-----w- C:\ProgramData\The Foundry
2012-03-18 00:56:55 -------- d-----w- C:\Program Files\The Foundry
2012-03-17 01:13:30 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-17 01:13:30 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-17 01:13:30 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-16 12:50:51 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-16 12:50:48 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-16 12:50:48 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-16 12:50:35 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-16 12:50:34 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-16 12:50:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-16 12:50:17 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-16 12:50:17 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-16 12:50:17 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-16 12:50:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-04-07 12:45:59 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-07 12:45:59 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-07 12:03:11 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-04 19:28:12 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-02-29 19:21:24 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-02-29 19:21:24 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-02-26 21:09:29 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 14:24:16,04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 11 April 2012 - 04:47 PM

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic449464.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 12 April 2012 - 01:49 PM

Yes it is, here I just added the logs.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 PM

Posted 13 April 2012 - 07:52 PM

Hi,

Please do the following:


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 14 April 2012 - 02:45 PM

Hey CatByte,

Thanks for the reply, here's the FRST log:


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 14-04-2012 21:34:43
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italian Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9608224 2009-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()
HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [75064 2011-07-07] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] ()
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKU\Evgeny\...\Run: [AdobeBridge] [x]
HKU\Evgeny\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 0050631334431038mcinstcleanup; C:\Windows\TEMP\005063~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [42 2012-04-14] ()
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-10] (Adobe Systems Incorporated)
2 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-03-16] (AMD)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [501768 2011-03-17] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
2 mi-raysat_3dsmax2010_32; "C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" [86016 2009-03-12] ()
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-26] ()
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 AMDFusionSVC; c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [x]
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

3 ahcix64s; C:\Windows\System32\Drivers\ahcix64s.sys [264856 2010-04-23] (Advanced Micro Devices, Inc)
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10720256 2011-12-06] (Advanced Micro Devices, Inc.)
3 AmdLLD64; C:\Windows\System32\Drivers\AmdLLD64.sys [47672 2009-04-22] (Advanced Micro Devices)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-21] (Microsoft Corporation)
3 VX1000; C:\Windows\System32\Drivers\VX1000.sys [2060144 2010-05-20] (Microsoft Corporation)
3 mfeavfk01; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-14 21:34 - 2012-04-14 21:34 - 0000000 ____D C:\FRST
2012-04-10 19:34 - 2012-04-14 21:08 - 0000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-10 19:34 - 2012-04-10 19:34 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-10 19:34 - 2012-04-10 19:34 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-10 14:25 - 2012-04-10 14:25 - 0020393 ____A C:\Users\Evgeny\Desktop\DDS.txt
2012-04-10 14:25 - 2012-04-10 14:25 - 0006161 ____A C:\Users\Evgeny\Desktop\Attach.txt
2012-04-10 14:20 - 2012-04-10 14:20 - 0607260 ____R (Swearware) C:\Users\Evgeny\Desktop\dds.scr
2012-04-09 14:25 - 2012-04-09 14:25 - 0000000 ____D C:\Windows\pss
2012-04-07 17:21 - 2012-04-07 17:21 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\RWBYTE
2012-04-07 17:16 - 2012-04-09 14:22 - 0000000 ____D C:\7ce3031ea821e032fba97e5520
2012-04-06 16:48 - 2012-04-14 21:17 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-04-06 16:48 - 2012-04-07 11:05 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-03-29 18:37 - 2012-03-29 19:40 - 1548774080 ____A C:\Users\Evgeny\Downloads\Pulp Fiction 1994 DVDRip XviD AC3-DiVERSiTY.[UsaBit.com].avi
2012-03-18 02:56 - 2012-03-18 02:59 - 0000000 ____D C:\Program Files\The Foundry
2012-03-18 02:56 - 2012-03-18 02:56 - 0000000 ____D C:\Users\All Users\The Foundry
2012-03-18 02:56 - 2012-03-18 02:56 - 0000000 ____D C:\Users\All Users\Application Data\The Foundry
2012-03-18 02:56 - 2012-03-18 02:56 - 0000000 ____D C:\ProgramData\The Foundry
2012-03-17 19:38 - 2012-03-17 19:38 - 0000000 __SHD C:\Users\Evgeny\Desktop\%APPDATA%
2012-03-17 03:13 - 2011-11-19 17:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-17 03:13 - 2011-11-19 16:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-17 03:13 - 2011-11-19 16:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-16 15:17 - 2012-03-16 16:47 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-03-16 14:50 - 2012-02-17 08:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-16 14:50 - 2012-02-17 07:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-16 14:50 - 2012-02-17 06:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-16 14:50 - 2012-02-17 06:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-16 14:50 - 2012-02-10 08:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-16 14:50 - 2012-02-10 07:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-16 14:50 - 2012-02-03 06:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-16 14:50 - 2012-01-25 08:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-16 14:50 - 2012-01-25 08:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-16 14:50 - 2012-01-25 08:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

============ 3 Months Modified Files and Folders =============

2012-04-14 21:34 - 2012-04-14 21:34 - 0000000 ____D C:\FRST
2012-04-14 21:26 - 2011-08-08 13:28 - 1158786 ____A C:\Windows\WindowsUpdate.log
2012-04-14 21:24 - 2011-08-11 13:57 - 0000000 ____D C:\Users\Evgeny\AppData\Local\Nero
2012-04-14 21:17 - 2012-04-06 16:48 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-04-14 21:17 - 2011-08-08 14:18 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-14 21:17 - 2009-07-14 06:45 - 0025008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-14 21:17 - 2009-07-14 06:45 - 0025008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-14 21:14 - 2010-11-21 17:30 - 0739668 ____A C:\Windows\System32\perfh010.dat
2012-04-14 21:14 - 2010-11-21 17:30 - 0146482 ____A C:\Windows\System32\perfc010.dat
2012-04-14 21:14 - 2009-07-14 07:13 - 1656214 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-14 21:09 - 2011-08-08 14:27 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-04-14 21:09 - 2011-08-08 14:27 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-04-14 21:09 - 2011-08-08 14:27 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-04-14 21:09 - 2011-08-08 14:27 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-04-14 21:09 - 2011-08-08 14:27 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-04-14 21:09 - 2011-08-08 14:27 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-04-14 21:09 - 2011-08-08 13:49 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-14 21:08 - 2012-04-10 19:34 - 0000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-14 21:08 - 2011-08-08 13:25 - 2146930688 __ASH C:\hiberfil.sys
2012-04-14 21:08 - 2009-07-14 07:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-14 21:08 - 2009-07-14 06:51 - 0059543 ____A C:\Windows\setupact.log
2012-04-10 19:45 - 2011-10-23 16:20 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\Xfire
2012-04-10 19:44 - 2011-08-13 11:39 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-10 19:40 - 2012-02-19 01:24 - 0271200 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-04-10 19:40 - 2011-08-15 20:25 - 0271200 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-04-10 19:39 - 2011-08-15 20:07 - 0271200 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-04-10 19:34 - 2012-04-10 19:34 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-10 19:34 - 2012-04-10 19:34 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-10 14:25 - 2012-04-10 14:25 - 0020393 ____A C:\Users\Evgeny\Desktop\DDS.txt
2012-04-10 14:25 - 2012-04-10 14:25 - 0006161 ____A C:\Users\Evgeny\Desktop\Attach.txt
2012-04-10 14:20 - 2012-04-10 14:20 - 0607260 ____R (Swearware) C:\Users\Evgeny\Desktop\dds.scr
2012-04-09 17:24 - 2009-07-14 05:20 - 0000000 ____D C:\Windows\registration
2012-04-09 17:13 - 2011-08-08 14:12 - 0000000 ____D C:\Users\All Users\Sonic
2012-04-09 17:13 - 2011-08-08 14:12 - 0000000 ____D C:\Users\All Users\Application Data\Sonic
2012-04-09 17:13 - 2011-08-08 14:12 - 0000000 ____D C:\ProgramData\Sonic
2012-04-09 17:11 - 2010-11-21 05:47 - 0037484 ____A C:\Windows\PFRO.log
2012-04-09 17:07 - 2011-08-12 11:50 - 0000000 ____D C:\Users\Evgeny\AppData\Local\Conduit
2012-04-09 17:07 - 2011-08-11 13:09 - 0000000 ____D C:\Users\Evgeny\AppData\LocalLow
2012-04-09 17:05 - 2011-08-08 14:09 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-09 17:04 - 2011-08-08 14:09 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-04-09 17:04 - 2011-08-08 14:09 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-09 17:04 - 2011-08-08 14:09 - 0000000 ____D C:\ProgramData\Adobe
2012-04-09 15:55 - 2011-08-08 14:17 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-09 15:55 - 2011-08-08 14:17 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-04-09 15:55 - 2011-08-08 14:17 - 0000000 ____D C:\ProgramData\McAfee
2012-04-09 14:41 - 2009-07-14 05:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-09 14:25 - 2012-04-09 14:25 - 0000000 ____D C:\Windows\pss
2012-04-09 14:22 - 2012-04-07 17:16 - 0000000 ____D C:\7ce3031ea821e032fba97e5520
2012-04-09 14:22 - 2011-08-11 13:08 - 0000000 ____D C:\users\Evgeny
2012-04-09 14:21 - 2011-12-31 23:04 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-09 14:21 - 2011-10-23 16:20 - 0000000 ____D C:\Users\All Users\Xfire
2012-04-09 14:21 - 2011-10-23 16:20 - 0000000 ____D C:\Users\All Users\Application Data\Xfire
2012-04-09 14:21 - 2011-10-23 16:20 - 0000000 ____D C:\ProgramData\Xfire
2012-04-09 14:21 - 2011-08-14 15:31 - 0000000 ____D C:\Users\Evgeny\Documents\Plug-ins
2012-04-09 14:20 - 2011-08-11 14:05 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\Skype
2012-04-09 14:20 - 2011-08-08 21:58 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-09 14:20 - 2011-08-08 13:35 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-07 17:21 - 2012-04-07 17:21 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\RWBYTE
2012-04-07 11:05 - 2012-04-06 16:48 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-04-06 16:48 - 2011-08-08 14:05 - 0000000 ____D C:\Program Files\Dell Support Center
2012-04-03 22:12 - 2011-02-15 10:46 - 1633392 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-03 18:03 - 2011-08-12 17:20 - 0000000 ____D C:\Users\Evgeny\AppData\Local\ElevatedDiagnostics
2012-03-30 17:39 - 2011-11-11 22:43 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-03-29 23:49 - 2009-07-14 05:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-29 21:11 - 2011-08-12 11:49 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\uTorrent
2012-03-29 19:40 - 2012-03-29 18:37 - 1548774080 ____A C:\Users\Evgeny\Downloads\Pulp Fiction 1994 DVDRip XviD AC3-DiVERSiTY.[UsaBit.com].avi
2012-03-24 00:56 - 2011-11-10 22:54 - 0000000 ____D C:\Program Files (x86)\Origin
2012-03-24 00:38 - 2011-10-10 18:16 - 0000132 ____A C:\Users\Evgeny\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-03-18 02:59 - 2012-03-18 02:56 - 0000000 ____D C:\Program Files\The Foundry
2012-03-18 02:59 - 2011-08-12 15:25 - 0001313 ____A C:\Users\Evgeny\Desktop\Adobe After Effects CS5.5.lnk
2012-03-18 02:56 - 2012-03-18 02:56 - 0000000 ____D C:\Users\All Users\The Foundry
2012-03-18 02:56 - 2012-03-18 02:56 - 0000000 ____D C:\Users\All Users\Application Data\The Foundry
2012-03-18 02:56 - 2012-03-18 02:56 - 0000000 ____D C:\ProgramData\The Foundry
2012-03-17 21:03 - 2011-08-20 17:01 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-17 21:03 - 2011-08-20 17:01 - 0002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-03-17 21:03 - 2011-08-08 13:52 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-17 21:03 - 2011-08-08 13:51 - 0000000 ____D C:\Users\All Users\Skype
2012-03-17 21:03 - 2011-08-08 13:51 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2012-03-17 21:03 - 2011-08-08 13:51 - 0000000 ____D C:\ProgramData\Skype
2012-03-17 19:38 - 2012-03-17 19:38 - 0000000 __SHD C:\Users\Evgeny\Desktop\%APPDATA%
2012-03-17 19:30 - 2009-07-14 06:45 - 7745072 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-17 19:29 - 2009-07-14 07:08 - 0032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-17 03:11 - 2011-10-23 18:56 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-16 16:47 - 2012-03-16 15:17 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-03-10 21:11 - 2012-02-11 03:37 - 0000000 ____D C:\Users\Evgeny\Downloads\The Big Bang Theory Season 3 [Complete Season] -Cyberpiraten-
2012-03-10 11:14 - 2012-03-10 11:04 - 0000024 ____A C:\Users\Evgeny\random.dat
2012-03-10 11:05 - 2012-03-10 11:05 - 0000000 ____D C:\Users\Evgeny\AppData\Local\{CA2A1644-C3B0-4C58-BDAB-F4B9939C0F3E}
2012-03-10 11:05 - 2012-03-10 11:05 - 0000000 ____D C:\Users\Evgeny\AppData\Local\{71462A2B-CBFD-4130-8F71-483EEA107DB5}
2012-03-10 11:05 - 2012-03-10 11:04 - 0000000 ____D C:\Users\Evgeny\AppData\Local\Windows Live Writer
2012-03-10 11:05 - 2011-10-05 19:44 - 0000000 ____D C:\Users\Evgeny\AppData\Local\Windows Live
2012-03-10 11:04 - 2012-03-10 11:04 - 0000045 ____A C:\Users\Evgeny\jagex_cl_runescape_LIVE.dat
2012-03-10 11:04 - 2012-03-10 11:04 - 0000000 ____D C:\Users\Evgeny\jagexcache
2012-03-10 11:04 - 2012-03-10 11:04 - 0000000 ____D C:\Users\Evgeny\Documents\My Weblog Posts
2012-03-10 11:04 - 2012-03-10 11:04 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\Windows Live Writer
2012-03-04 21:55 - 2012-03-04 21:38 - 0000000 ____D C:\Users\Evgeny\AppData\Local\Rockstar Games
2012-03-04 21:46 - 2012-03-04 21:46 - 0000000 ____D C:\Users\Evgeny\Documents\Rockstar Games
2012-03-04 21:42 - 2012-03-04 21:40 - 0002733 ____A C:\Users\Evgeny\Desktop\GTA IV.lnk
2012-03-04 21:29 - 2012-03-04 20:51 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-03-04 21:29 - 2011-08-08 13:43 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-04 21:28 - 2012-03-04 21:28 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-03-04 21:11 - 2011-08-08 14:00 - 0480337 ____A C:\Windows\DirectX.log
2012-03-04 20:08 - 2012-03-04 20:08 - 0000000 __RHD C:\Users\Evgeny\AppData\Roaming\SecuROM
2012-03-04 20:05 - 2012-03-04 20:05 - 0000000 ____D C:\Windows\SysWOW64\xlive
2012-03-04 20:05 - 2012-03-04 20:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-03-04 02:28 - 2012-02-18 23:12 - 0000000 ____D C:\Users\All Users\EA Logs
2012-03-04 02:28 - 2012-02-18 23:12 - 0000000 ____D C:\Users\All Users\Application Data\EA Logs
2012-03-04 02:28 - 2012-02-18 23:12 - 0000000 ____D C:\ProgramData\EA Logs
2012-03-03 23:27 - 2012-02-16 18:17 - 0000000 ____D C:\Users\Evgeny\Downloads\Two Door Cinema Club Full Discography
2012-03-03 23:27 - 2012-01-07 15:53 - 0000000 ____D C:\Users\Evgeny\Downloads\Skrillex - Bangarang (2011)-Sebastian[Ub3r]
2012-03-03 19:20 - 2011-10-23 16:20 - 0000000 ____D C:\Program Files (x86)\Xfire
2012-03-02 18:16 - 2011-09-30 14:22 - 0002030 ____A C:\Windows\KB893803v2.log
2012-02-29 21:21 - 2012-02-29 21:21 - 0042392 ____A C:\Windows\SysWOW64\xfcodec.dll
2012-02-29 21:21 - 2012-02-29 21:21 - 0028056 ____A C:\Windows\System32\xfcodec64.dll
2012-02-26 23:09 - 2011-08-15 20:07 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-02-25 21:06 - 2012-02-25 21:06 - 0003057 ____A C:\Users\Evgeny\Desktop\VirtualDub.lnk
2012-02-24 18:25 - 2012-02-24 18:25 - 0000000 ____D C:\Users\Evgeny\Documents\VirtualDub
2012-02-19 02:39 - 2012-02-19 02:39 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\MathWorks
2012-02-19 02:36 - 2012-02-19 02:36 - 0000000 ____D C:\Program Files (x86)\MATLAB
2012-02-19 01:12 - 2011-08-14 15:17 - 0000000 ____D C:\Users\Evgeny\Documents\CoD 4 PC
2012-02-18 23:12 - 2011-11-11 19:41 - 0001172 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2012-02-18 23:12 - 2011-11-11 19:41 - 0001172 ____A C:\Users\All Users\Desktop\Battlefield 3.lnk
2012-02-17 17:10 - 2011-08-11 13:14 - 0000174 ___SH C:\Users\Evgeny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 08:38 - 2012-03-16 14:50 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 07:34 - 2012-03-16 14:50 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-17 06:58 - 2012-03-16 14:50 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 06:57 - 2012-03-16 14:50 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 22:58 - 2011-08-14 15:14 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-16 22:58 - 2011-08-08 13:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 19:12 - 2012-02-16 19:12 - 0000000 ____D C:\Users\Evgeny\Downloads\100% No Modern Talking - EP
2012-02-16 18:05 - 2012-02-16 18:05 - 0000000 ____D C:\Users\Evgeny\Downloads\Zomboy - Game Time EP
2012-02-12 03:30 - 2011-08-18 13:20 - 0000000 ____D C:\Fraps
2012-02-11 22:34 - 2011-08-11 13:09 - 0147496 ____A C:\Users\Evgeny\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-10 08:36 - 2012-03-16 14:50 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 07:38 - 2012-03-16 14:50 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 23:06 - 2012-02-09 22:56 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\DivX
2012-02-09 22:56 - 2012-02-09 22:56 - 0001114 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-02-09 22:56 - 2012-02-09 22:56 - 0001114 ____A C:\Users\All Users\Desktop\DivX Plus Player.lnk
2012-02-09 22:56 - 2012-02-09 22:54 - 0000000 ____D C:\Program Files (x86)\DivX
2012-02-09 22:56 - 2012-02-09 22:51 - 0000000 ____D C:\Users\All Users\DivX
2012-02-09 22:56 - 2012-02-09 22:51 - 0000000 ____D C:\Users\All Users\Application Data\DivX
2012-02-09 22:56 - 2012-02-09 22:51 - 0000000 ____D C:\ProgramData\DivX
2012-02-09 22:55 - 2012-02-09 22:55 - 0000000 ____D C:\Program Files\DivX
2012-02-06 22:48 - 2011-08-14 15:15 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\SoftGrid Client
2012-02-03 22:56 - 2011-12-31 18:42 - 0000000 ____D C:\Users\Evgeny\Documents\Newyear's CD
2012-02-03 17:25 - 2012-02-03 17:25 - 0000000 ____D C:\Users\All Users\ATI
2012-02-03 17:25 - 2012-02-03 17:25 - 0000000 ____D C:\Users\All Users\Application Data\ATI
2012-02-03 17:25 - 2012-02-03 17:25 - 0000000 ____D C:\ProgramData\ATI
2012-02-03 17:25 - 2012-02-03 17:25 - 0000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-02-03 17:25 - 2012-02-03 17:25 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-02-03 17:24 - 2012-02-03 17:23 - 0000000 ____D C:\Program Files\ATI Technologies
2012-02-03 17:24 - 2011-08-08 13:48 - 0000000 ____D C:\Users\All Users\Application Data\AMD
2012-02-03 17:24 - 2011-08-08 13:48 - 0000000 ____D C:\Users\All Users\AMD
2012-02-03 17:24 - 2011-08-08 13:48 - 0000000 ____D C:\ProgramData\AMD
2012-02-03 17:23 - 2011-08-08 13:43 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-02-03 16:10 - 2011-08-18 13:35 - 0000000 ____D C:\AMD
2012-02-03 06:34 - 2012-03-16 14:50 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-28 21:51 - 2011-08-11 14:01 - 0000000 ____D C:\Users\Evgeny\AppData\Roaming\Adobe
2012-01-25 08:38 - 2012-03-16 14:50 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 08:38 - 2012-03-16 14:50 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 08:33 - 2012-03-16 14:50 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8191.3 MB
Available physical RAM: 7410.95 MB
Total Pagefile: 8189.5 MB
Available Pagefile: 7400.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:1383.85 GB) (Free:1067.61 GB) NTFS
7 Drive i: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (USB DRIVE) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 1397 Gbytes 0 byte
Disco 1 Online 983 Mbytes 0 byte
Disco 2 Nessun suppor 0 byte 0 byte
Disco 3 Nessun suppor 0 byte 0 byte
Disco 4 Nessun suppor 0 byte 0 byte
Disco 5 Nessun suppor 0 byte 0 byte

Partitions of Disk 0:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 OEM 164 Mb 31 Kb
Partizione 2 Primario 13 Gb 165 Mb Partizione 3 Primario 1383 Gb 13 Gb

======================================================================================================

Disk: 0
La partizione attualmente selezionata Š la partizione 1.

Partizione 1
Tipo : DE
Nascosta: SŤ
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partizione 164 Mb Integro Nascosto

======================================================================================================

Disk: 0
La partizione attualmente selezionata Š la partizione 2.

Partizione 2
Tipo : 07
Nascosta: No
Attiva: SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 I RECOVERY NTFS Partizione 13 Gb Integro

======================================================================================================

Disk: 0
La partizione attualmente selezionata Š la partizione 3.

Partizione 3
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partizione 1383 Gb Integro

======================================================================================================

Partitions of Disk 1:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 982 Mb 31 Kb

======================================================================================================

Disk: 1
La partizione attualmente selezionata Š la partizione 1.

Partizione 1
Tipo : 06
Nascosta: No
Attiva: SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 J USB DRIVE FAT Rimovibile 982 Mb Integro

======================================================================================================

==========================================================

Last Boot: 2012-04-09 16:18

======================= End Of Log ==========================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 PM

Posted 14 April 2012 - 03:37 PM

Hi,

Please do the following


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • If the TDLFS File system is found then ensure delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 14 April 2012 - 05:24 PM

Hey,
Here is the TDSSKiller log, I will post the ComboFix log in a sec. I've wanted to ask this, in (:C) I've got this wierd folder (7ce3031ea821e032fba97e5520) with files like globdata.ini, instal.res.1028.dll and vc_red.msi, I've done some research and that it's some remains from an update or something, is it safe to delete it or do I need it; and another thing, after looking at the log I noticed it says "Processor architecture: Intel x64", but I'm running an AMD machine, is it how it's supposed to be or is it something else?

Anyway here's the log:

00:12:30.0302 8880 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
00:12:31.0379 8880 ============================================================
00:12:31.0379 8880 Current date / time: 2012/04/15 00:12:31.0379
00:12:31.0379 8880 SystemInfo:
00:12:31.0379 8880
00:12:31.0379 8880 OS Version: 6.1.7601 ServicePack: 1.0
00:12:31.0379 8880 Product type: Workstation
00:12:31.0379 8880 ComputerName: EVGENY-PC
00:12:31.0379 8880 UserName: Evgeny
00:12:31.0379 8880 Windows directory: C:\Windows
00:12:31.0379 8880 System windows directory: C:\Windows
00:12:31.0379 8880 Running under WOW64
00:12:31.0379 8880 Processor architecture: Intel x64
00:12:31.0379 8880 Number of processors: 6
00:12:31.0379 8880 Page size: 0x1000
00:12:31.0379 8880 Boot type: Normal boot
00:12:31.0379 8880 ============================================================
00:12:32.0876 8880 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:12:32.0892 8880 \Device\Harddisk0\DR0:
00:12:32.0892 8880 MBR used
00:12:32.0892 8880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x52800, BlocksNum 0x1A7F000
00:12:32.0892 8880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1AD1800, BlocksNum 0xACFB5800
00:12:32.0923 8880 Initialize success
00:12:32.0923 8880 ============================================================
00:13:25.0090 8212 ============================================================
00:13:25.0090 8212 Scan started
00:13:25.0090 8212 Mode: Manual; TDLFS;
00:13:25.0090 8212 ============================================================
00:13:27.0196 8212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:13:27.0274 8212 1394ohci - ok
00:13:27.0305 8212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:13:27.0320 8212 ACPI - ok
00:13:27.0320 8212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:13:27.0367 8212 AcpiPmi - ok
00:13:27.0492 8212 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:13:27.0508 8212 AdobeFlashPlayerUpdateSvc - ok
00:13:27.0523 8212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:13:27.0554 8212 adp94xx - ok
00:13:27.0586 8212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:13:27.0601 8212 adpahci - ok
00:13:27.0632 8212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:13:27.0648 8212 adpu320 - ok
00:13:27.0679 8212 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:13:27.0679 8212 AeLookupSvc - ok
00:13:27.0742 8212 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:13:27.0757 8212 AFD - ok
00:13:27.0788 8212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:13:27.0788 8212 agp440 - ok
00:13:27.0835 8212 ahcix64s (37fa0f874ba8ecd5851d44a7f1c9700e) C:\Windows\system32\drivers\ahcix64s.sys
00:13:27.0929 8212 ahcix64s - ok
00:13:27.0960 8212 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:13:27.0960 8212 ALG - ok
00:13:27.0976 8212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:13:27.0976 8212 aliide - ok
00:13:28.0022 8212 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
00:13:28.0100 8212 AMD External Events Utility - ok
00:13:28.0210 8212 AMD FUEL Service - ok
00:13:28.0350 8212 AMDFusionSVC (b2b7d8f695b5d97a63eda789e9d237e1) c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
00:13:28.0475 8212 AMDFusionSVC - ok
00:13:28.0490 8212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:13:28.0490 8212 amdide - ok
00:13:28.0522 8212 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
00:13:28.0568 8212 amdiox64 - ok
00:13:28.0568 8212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:13:28.0568 8212 AmdK8 - ok
00:13:28.0818 8212 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
00:13:29.0192 8212 amdkmdag - ok
00:13:29.0224 8212 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
00:13:29.0317 8212 amdkmdap - ok
00:13:29.0364 8212 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
00:13:29.0411 8212 AmdLLD64 - ok
00:13:29.0426 8212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:13:29.0426 8212 AmdPPM - ok
00:13:29.0473 8212 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\drivers\amdsata.sys
00:13:29.0473 8212 amdsata - ok
00:13:29.0504 8212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:13:29.0520 8212 amdsbs - ok
00:13:29.0551 8212 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\drivers\amdxata.sys
00:13:29.0629 8212 amdxata - ok
00:13:29.0738 8212 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
00:13:29.0816 8212 AMD_RAIDXpert - ok
00:13:29.0941 8212 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
00:13:30.0035 8212 AODDriver4.01 - ok
00:13:30.0082 8212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:13:30.0113 8212 AppID - ok
00:13:30.0144 8212 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:13:30.0160 8212 AppIDSvc - ok
00:13:30.0160 8212 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:13:30.0160 8212 Appinfo - ok
00:13:30.0269 8212 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:13:30.0347 8212 Apple Mobile Device - ok
00:13:30.0362 8212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:13:30.0362 8212 arc - ok
00:13:30.0362 8212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:13:30.0378 8212 arcsas - ok
00:13:30.0425 8212 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:13:30.0518 8212 aspnet_state - ok
00:13:30.0581 8212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:13:30.0581 8212 AsyncMac - ok
00:13:30.0643 8212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:13:30.0659 8212 atapi - ok
00:13:30.0752 8212 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
00:13:30.0893 8212 athr - ok
00:13:30.0955 8212 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
00:13:31.0049 8212 AtiHDAudioService - ok
00:13:31.0080 8212 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
00:13:31.0127 8212 AtiHdmiService - ok
00:13:31.0158 8212 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:13:31.0205 8212 AtiPcie - ok
00:13:31.0267 8212 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:13:31.0361 8212 AudioEndpointBuilder - ok
00:13:31.0361 8212 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:13:31.0361 8212 AudioSrv - ok
00:13:31.0392 8212 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:13:31.0454 8212 AxInstSV - ok
00:13:31.0486 8212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:13:31.0486 8212 b06bdrv - ok
00:13:31.0517 8212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:13:31.0532 8212 b57nd60a - ok
00:13:31.0564 8212 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:13:31.0579 8212 BDESVC - ok
00:13:31.0595 8212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:13:31.0595 8212 Beep - ok
00:13:31.0673 8212 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:13:31.0766 8212 BFE - ok
00:13:31.0798 8212 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:13:31.0922 8212 BITS - ok
00:13:31.0938 8212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:13:31.0954 8212 blbdrive - ok
00:13:32.0032 8212 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:13:32.0156 8212 Bonjour Service - ok
00:13:32.0188 8212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:13:32.0219 8212 bowser - ok
00:13:32.0234 8212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:13:32.0234 8212 BrFiltLo - ok
00:13:32.0250 8212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:13:32.0250 8212 BrFiltUp - ok
00:13:32.0266 8212 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:13:32.0344 8212 Browser - ok
00:13:32.0375 8212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:13:32.0375 8212 Brserid - ok
00:13:32.0390 8212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:13:32.0390 8212 BrSerWdm - ok
00:13:32.0406 8212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:13:32.0406 8212 BrUsbMdm - ok
00:13:32.0422 8212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:13:32.0422 8212 BrUsbSer - ok
00:13:32.0437 8212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:13:32.0453 8212 BTHMODEM - ok
00:13:32.0484 8212 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:13:32.0500 8212 bthserv - ok
00:13:32.0515 8212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:13:32.0515 8212 cdfs - ok
00:13:32.0531 8212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:13:32.0609 8212 cdrom - ok
00:13:32.0640 8212 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:13:32.0671 8212 CertPropSvc - ok
00:13:32.0734 8212 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
00:13:32.0796 8212 cfwids - ok
00:13:32.0812 8212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:13:32.0812 8212 circlass - ok
00:13:32.0843 8212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:13:32.0843 8212 CLFS - ok
00:13:32.0905 8212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:13:32.0905 8212 clr_optimization_v2.0.50727_32 - ok
00:13:32.0936 8212 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:13:32.0952 8212 clr_optimization_v2.0.50727_64 - ok
00:13:33.0014 8212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:13:33.0155 8212 clr_optimization_v4.0.30319_32 - ok
00:13:33.0186 8212 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:13:33.0280 8212 clr_optimization_v4.0.30319_64 - ok
00:13:33.0295 8212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
00:13:33.0295 8212 CmBatt - ok
00:13:33.0311 8212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:13:33.0326 8212 cmdide - ok
00:13:33.0389 8212 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:13:33.0498 8212 CNG - ok
00:13:33.0514 8212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
00:13:33.0514 8212 Compbatt - ok
00:13:33.0560 8212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:13:33.0638 8212 CompositeBus - ok
00:13:33.0654 8212 COMSysApp - ok
00:13:33.0670 8212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:13:33.0670 8212 crcdisk - ok
00:13:33.0685 8212 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:13:33.0716 8212 CryptSvc - ok
00:13:33.0872 8212 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:13:33.0888 8212 cvhsvc - ok
00:13:33.0950 8212 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:13:33.0966 8212 DcomLaunch - ok
00:13:34.0028 8212 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:13:34.0060 8212 defragsvc - ok
00:13:34.0075 8212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:13:34.0169 8212 DfsC - ok
00:13:34.0184 8212 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:13:34.0262 8212 Dhcp - ok
00:13:34.0278 8212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:13:34.0278 8212 discache - ok
00:13:34.0294 8212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:13:34.0294 8212 Disk - ok
00:13:34.0325 8212 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:13:34.0403 8212 Dnscache - ok
00:13:34.0418 8212 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:13:34.0465 8212 dot3svc - ok
00:13:34.0481 8212 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:13:34.0481 8212 DPS - ok
00:13:34.0528 8212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:13:34.0543 8212 drmkaud - ok
00:13:34.0590 8212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:13:34.0715 8212 DXGKrnl - ok
00:13:34.0777 8212 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:13:34.0793 8212 EapHost - ok
00:13:34.0886 8212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:13:34.0964 8212 ebdrv - ok
00:13:35.0027 8212 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:13:35.0074 8212 EFS - ok
00:13:35.0120 8212 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:13:35.0214 8212 ehRecvr - ok
00:13:35.0214 8212 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:13:35.0214 8212 ehSched - ok
00:13:35.0245 8212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:13:35.0245 8212 elxstor - ok
00:13:35.0261 8212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:13:35.0261 8212 ErrDev - ok
00:13:35.0292 8212 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:13:35.0292 8212 EventSystem - ok
00:13:35.0308 8212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:13:35.0323 8212 exfat - ok
00:13:35.0339 8212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:13:35.0370 8212 fastfat - ok
00:13:35.0448 8212 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:13:35.0557 8212 Fax - ok
00:13:35.0573 8212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:13:35.0588 8212 fdc - ok
00:13:35.0620 8212 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:13:35.0635 8212 fdPHost - ok
00:13:35.0651 8212 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:13:35.0666 8212 FDResPub - ok
00:13:35.0666 8212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:13:35.0682 8212 FileInfo - ok
00:13:35.0698 8212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:13:35.0698 8212 Filetrace - ok
00:13:35.0807 8212 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:13:36.0041 8212 FLEXnet Licensing Service - ok
00:13:36.0041 8212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:13:36.0041 8212 flpydisk - ok
00:13:36.0056 8212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:13:36.0134 8212 FltMgr - ok
00:13:36.0181 8212 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:13:36.0322 8212 FontCache - ok
00:13:36.0368 8212 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:13:36.0368 8212 FontCache3.0.0.0 - ok
00:13:36.0384 8212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:13:36.0400 8212 FsDepends - ok
00:13:36.0415 8212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:13:36.0415 8212 Fs_Rec - ok
00:13:36.0431 8212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:13:36.0446 8212 fvevol - ok
00:13:36.0493 8212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:13:36.0509 8212 gagp30kx - ok
00:13:36.0540 8212 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:13:36.0634 8212 GEARAspiWDM - ok
00:13:36.0665 8212 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:13:36.0696 8212 gpsvc - ok
00:13:36.0712 8212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:13:36.0727 8212 hcw85cir - ok
00:13:36.0774 8212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:13:36.0774 8212 HDAudBus - ok
00:13:36.0774 8212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:13:36.0790 8212 HidBatt - ok
00:13:36.0805 8212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:13:36.0805 8212 HidBth - ok
00:13:36.0836 8212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:13:36.0852 8212 HidIr - ok
00:13:36.0868 8212 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:13:36.0883 8212 hidserv - ok
00:13:36.0930 8212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:13:37.0055 8212 HidUsb - ok
00:13:37.0070 8212 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:13:37.0102 8212 hkmsvc - ok
00:13:37.0117 8212 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:13:37.0164 8212 HomeGroupListener - ok
00:13:37.0195 8212 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:13:37.0195 8212 HomeGroupProvider - ok
00:13:37.0211 8212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:13:37.0289 8212 HpSAMD - ok
00:13:37.0304 8212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:13:37.0320 8212 HTTP - ok
00:13:37.0336 8212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:13:37.0336 8212 hwpolicy - ok
00:13:37.0351 8212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:13:37.0367 8212 i8042prt - ok
00:13:37.0414 8212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:13:37.0492 8212 iaStorV - ok
00:13:37.0554 8212 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:13:37.0663 8212 idsvc - ok
00:13:37.0679 8212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:13:37.0679 8212 iirsp - ok
00:13:37.0726 8212 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:13:37.0757 8212 IKEEXT - ok
00:13:37.0897 8212 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
00:13:38.0038 8212 IntcAzAudAddService - ok
00:13:38.0053 8212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:13:38.0069 8212 intelide - ok
00:13:38.0116 8212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
00:13:38.0131 8212 intelppm - ok
00:13:38.0162 8212 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:13:38.0178 8212 IPBusEnum - ok
00:13:38.0194 8212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:13:38.0303 8212 IpFilterDriver - ok
00:13:38.0334 8212 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:13:38.0334 8212 iphlpsvc - ok
00:13:38.0350 8212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:13:38.0428 8212 IPMIDRV - ok
00:13:38.0443 8212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:13:38.0443 8212 IPNAT - ok
00:13:38.0537 8212 iPod Service (fdf57f795098ab29af780824315c9859) C:\Program Files\iPod\bin\iPodService.exe
00:13:38.0552 8212 iPod Service - ok
00:13:38.0584 8212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:13:38.0584 8212 IRENUM - ok
00:13:38.0599 8212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:13:38.0615 8212 isapnp - ok
00:13:38.0630 8212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys
00:13:38.0646 8212 iScsiPrt - ok
00:13:38.0677 8212 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
00:13:38.0755 8212 k57nd60a - ok
00:13:38.0755 8212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:13:38.0771 8212 kbdclass - ok
00:13:38.0771 8212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:13:38.0818 8212 kbdhid - ok
00:13:38.0880 8212 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:13:38.0880 8212 KeyIso - ok
00:13:38.0911 8212 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:13:39.0020 8212 KSecDD - ok
00:13:39.0052 8212 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:13:39.0098 8212 KSecPkg - ok
00:13:39.0130 8212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:13:39.0130 8212 ksthunk - ok
00:13:39.0145 8212 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:13:39.0161 8212 KtmRm - ok
00:13:39.0223 8212 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:13:39.0317 8212 LanmanServer - ok
00:13:39.0348 8212 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:13:39.0395 8212 LanmanWorkstation - ok
00:13:39.0426 8212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:13:39.0426 8212 lltdio - ok
00:13:39.0473 8212 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:13:39.0488 8212 lltdsvc - ok
00:13:39.0504 8212 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:13:39.0520 8212 lmhosts - ok
00:13:39.0582 8212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:13:39.0582 8212 LSI_FC - ok
00:13:39.0598 8212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:13:39.0613 8212 LSI_SAS - ok
00:13:39.0629 8212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:13:39.0629 8212 LSI_SAS2 - ok
00:13:39.0660 8212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:13:39.0676 8212 LSI_SCSI - ok
00:13:39.0691 8212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:13:39.0691 8212 luafv - ok
00:13:39.0800 8212 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
00:13:39.0925 8212 McAWFwk - ok
00:13:39.0972 8212 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:13:39.0972 8212 McMPFSvc - ok
00:13:39.0988 8212 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:13:39.0988 8212 mcmscsvc - ok
00:13:40.0003 8212 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:13:40.0003 8212 McNaiAnn - ok
00:13:40.0019 8212 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:13:40.0019 8212 McNASvc - ok
00:13:40.0050 8212 McODS (c6232488cdbf063ce077fc7f8f8c248c) C:\Program Files\mcafee\VirusScan\mcods.exe
00:13:40.0050 8212 McODS - ok
00:13:40.0066 8212 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:13:40.0066 8212 McOobeSv - ok
00:13:40.0066 8212 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:13:40.0066 8212 McProxy - ok
00:13:40.0112 8212 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
00:13:40.0268 8212 McShield - ok
00:13:40.0315 8212 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:13:40.0378 8212 Mcx2Svc - ok
00:13:40.0393 8212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:13:40.0393 8212 megasas - ok
00:13:40.0440 8212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:13:40.0456 8212 MegaSR - ok
00:13:40.0518 8212 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
00:13:40.0596 8212 mfeapfk - ok
00:13:40.0627 8212 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
00:13:40.0721 8212 mfeavfk - ok
00:13:40.0752 8212 mfeavfk01 - ok
00:13:40.0768 8212 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
00:13:40.0814 8212 mfefire - ok
00:13:40.0846 8212 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
00:13:40.0939 8212 mfefirek - ok
00:13:40.0970 8212 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
00:13:41.0080 8212 mfehidk - ok
00:13:41.0111 8212 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
00:13:41.0158 8212 mfenlfk - ok
00:13:41.0173 8212 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
00:13:41.0173 8212 mferkdet - ok
00:13:41.0220 8212 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe
00:13:41.0298 8212 mfevtp - ok
00:13:41.0329 8212 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
00:13:41.0376 8212 mfewfpk - ok
00:13:41.0516 8212 mi-raysat_3dsmax2010_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
00:13:41.0610 8212 mi-raysat_3dsmax2010_32 - ok
00:13:41.0641 8212 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:13:41.0657 8212 MMCSS - ok
00:13:41.0672 8212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:13:41.0688 8212 Modem - ok
00:13:41.0719 8212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:13:41.0719 8212 monitor - ok
00:13:41.0735 8212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:13:41.0750 8212 mouclass - ok
00:13:41.0797 8212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:13:41.0813 8212 mouhid - ok
00:13:41.0828 8212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:13:41.0844 8212 mountmgr - ok
00:13:41.0860 8212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:13:41.0938 8212 mpio - ok
00:13:41.0938 8212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:13:41.0938 8212 mpsdrv - ok
00:13:41.0984 8212 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:13:42.0016 8212 MpsSvc - ok
00:13:42.0031 8212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:13:42.0078 8212 MRxDAV - ok
00:13:42.0109 8212 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:13:42.0140 8212 mrxsmb - ok
00:13:42.0172 8212 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:13:42.0219 8212 mrxsmb10 - ok
00:13:42.0234 8212 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:13:42.0281 8212 mrxsmb20 - ok
00:13:42.0281 8212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:13:42.0328 8212 msahci - ok
00:13:42.0359 8212 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
00:13:42.0406 8212 MSCamSvc - ok
00:13:42.0406 8212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:13:42.0468 8212 msdsm - ok
00:13:42.0499 8212 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:13:42.0499 8212 MSDTC - ok
00:13:42.0515 8212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:13:42.0515 8212 Msfs - ok
00:13:42.0531 8212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:13:42.0531 8212 mshidkmdf - ok
00:13:42.0531 8212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:13:42.0546 8212 msisadrv - ok
00:13:42.0562 8212 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:13:42.0577 8212 MSiSCSI - ok
00:13:42.0577 8212 msiserver - ok
00:13:42.0671 8212 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:13:42.0671 8212 MSK80Service - ok
00:13:42.0718 8212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:13:42.0733 8212 MSKSSRV - ok
00:13:42.0765 8212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:13:42.0780 8212 MSPCLOCK - ok
00:13:42.0796 8212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:13:42.0796 8212 MSPQM - ok
00:13:42.0843 8212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:13:42.0936 8212 MsRPC - ok
00:13:42.0952 8212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:13:42.0952 8212 mssmbios - ok
00:13:42.0952 8212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:13:42.0967 8212 MSTEE - ok
00:13:42.0967 8212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:13:42.0967 8212 MTConfig - ok
00:13:42.0999 8212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:13:42.0999 8212 Mup - ok
00:13:43.0030 8212 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:13:43.0030 8212 napagent - ok
00:13:43.0092 8212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:13:43.0108 8212 NativeWifiP - ok
00:13:43.0186 8212 NAUpdate (7f79da9e719d0774bdbc3622abd3afd9) C:\Program Files (x86)\Nero\Update\NASvc.exe
00:13:43.0201 8212 NAUpdate - ok
00:13:43.0264 8212 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
00:13:43.0279 8212 NDIS - ok
00:13:43.0311 8212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:13:43.0326 8212 NdisCap - ok
00:13:43.0357 8212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:13:43.0357 8212 NdisTapi - ok
00:13:43.0373 8212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:13:43.0482 8212 Ndisuio - ok
00:13:43.0513 8212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:13:43.0545 8212 NdisWan - ok
00:13:43.0576 8212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:13:43.0607 8212 NDProxy - ok
00:13:43.0623 8212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:13:43.0623 8212 NetBIOS - ok
00:13:43.0638 8212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:13:43.0638 8212 NetBT - ok
00:13:43.0701 8212 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:13:43.0701 8212 Netlogon - ok
00:13:43.0779 8212 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:13:43.0810 8212 Netman - ok
00:13:43.0888 8212 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:13:43.0966 8212 NetMsmqActivator - ok
00:13:43.0966 8212 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:13:43.0966 8212 NetPipeActivator - ok
00:13:43.0997 8212 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:13:44.0013 8212 netprofm - ok
00:13:44.0028 8212 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:13:44.0028 8212 NetTcpActivator - ok
00:13:44.0028 8212 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:13:44.0028 8212 NetTcpPortSharing - ok
00:13:44.0091 8212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:13:44.0091 8212 nfrd960 - ok
00:13:44.0137 8212 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:13:44.0247 8212 NlaSvc - ok
00:13:44.0387 8212 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
00:13:44.0574 8212 NOBU - ok
00:13:44.0574 8212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:13:44.0590 8212 Npfs - ok
00:13:44.0621 8212 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:13:44.0621 8212 nsi - ok
00:13:44.0637 8212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:13:44.0637 8212 nsiproxy - ok
00:13:44.0699 8212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:13:44.0824 8212 Ntfs - ok
00:13:44.0839 8212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:13:44.0839 8212 Null - ok
00:13:44.0855 8212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:13:44.0902 8212 nvraid - ok
00:13:44.0964 8212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:13:45.0042 8212 nvstor - ok
00:13:45.0073 8212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:13:45.0089 8212 nv_agp - ok
00:13:45.0105 8212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:13:45.0105 8212 ohci1394 - ok
00:13:45.0198 8212 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:13:45.0292 8212 ose - ok
00:13:45.0401 8212 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:13:45.0666 8212 osppsvc - ok
00:13:45.0697 8212 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:13:45.0713 8212 p2pimsvc - ok
00:13:45.0729 8212 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:13:45.0744 8212 p2psvc - ok
00:13:45.0775 8212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:13:45.0775 8212 Parport - ok
00:13:45.0791 8212 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:13:45.0869 8212 partmgr - ok
00:13:45.0885 8212 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:13:45.0900 8212 PcaSvc - ok
00:13:46.0009 8212 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
00:13:46.0025 8212 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
00:13:46.0056 8212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:13:46.0056 8212 pci - ok
00:13:46.0119 8212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:13:46.0134 8212 pciide - ok
00:13:46.0150 8212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:13:46.0165 8212 pcmcia - ok
00:13:46.0181 8212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:13:46.0197 8212 pcw - ok
00:13:46.0228 8212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:13:46.0259 8212 PEAUTH - ok
00:13:46.0306 8212 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:13:46.0321 8212 PerfHost - ok
00:13:46.0384 8212 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:13:46.0431 8212 pla - ok
00:13:46.0477 8212 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:13:46.0477 8212 PlugPlay - ok
00:13:46.0524 8212 PnkBstrA - ok
00:13:46.0555 8212 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:13:46.0587 8212 PNRPAutoReg - ok
00:13:46.0602 8212 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:13:46.0602 8212 PNRPsvc - ok
00:13:46.0649 8212 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:13:46.0758 8212 PolicyAgent - ok
00:13:46.0789 8212 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:13:46.0805 8212 Power - ok
00:13:46.0821 8212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:13:46.0899 8212 PptpMiniport - ok
00:13:46.0914 8212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:13:46.0914 8212 Processor - ok
00:13:46.0945 8212 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:13:46.0977 8212 ProfSvc - ok
00:13:47.0023 8212 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:13:47.0039 8212 ProtectedStorage - ok
00:13:47.0086 8212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:13:47.0086 8212 Psched - ok
00:13:47.0117 8212 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:13:47.0195 8212 PxHlpa64 - ok
00:13:47.0242 8212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:13:47.0273 8212 ql2300 - ok
00:13:47.0273 8212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:13:47.0289 8212 ql40xx - ok
00:13:47.0320 8212 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:13:47.0335 8212 QWAVE - ok
00:13:47.0351 8212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:13:47.0351 8212 QWAVEdrv - ok
00:13:47.0367 8212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:13:47.0367 8212 RasAcd - ok
00:13:47.0398 8212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:13:47.0398 8212 RasAgileVpn - ok
00:13:47.0429 8212 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:13:47.0445 8212 RasAuto - ok
00:13:47.0460 8212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:13:47.0601 8212 Rasl2tp - ok
00:13:47.0616 8212 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:13:47.0663 8212 RasMan - ok
00:13:47.0663 8212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:13:47.0679 8212 RasPppoe - ok
00:13:47.0679 8212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:13:47.0694 8212 RasSstp - ok
00:13:47.0710 8212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:13:47.0803 8212 rdbss - ok
00:13:47.0819 8212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:13:47.0819 8212 rdpbus - ok
00:13:47.0850 8212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:13:47.0850 8212 RDPCDD - ok
00:13:47.0850 8212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:13:47.0850 8212 RDPENCDD - ok
00:13:47.0866 8212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:13:47.0866 8212 RDPREFMP - ok
00:13:47.0897 8212 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:13:47.0975 8212 RDPWD - ok
00:13:47.0991 8212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:13:48.0037 8212 rdyboost - ok
00:13:48.0069 8212 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:13:48.0084 8212 RemoteAccess - ok
00:13:48.0100 8212 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:13:48.0115 8212 RemoteRegistry - ok
00:13:48.0271 8212 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
00:13:48.0412 8212 RoxMediaDB12OEM - ok
00:13:48.0443 8212 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
00:13:48.0443 8212 RoxWatch12 - ok
00:13:48.0459 8212 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:13:48.0474 8212 RpcEptMapper - ok
00:13:48.0490 8212 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:13:48.0490 8212 RpcLocator - ok
00:13:48.0537 8212 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:13:48.0552 8212 RpcSs - ok
00:13:48.0568 8212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:13:48.0568 8212 rspndr - ok
00:13:48.0615 8212 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:13:48.0630 8212 SamSs - ok
00:13:48.0646 8212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:13:48.0755 8212 sbp2port - ok
00:13:48.0786 8212 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:13:48.0786 8212 SCardSvr - ok
00:13:48.0802 8212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:13:48.0849 8212 scfilter - ok
00:13:48.0880 8212 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:13:48.0973 8212 Schedule - ok
00:13:48.0989 8212 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:13:48.0989 8212 SCPolicySvc - ok
00:13:49.0005 8212 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:13:49.0098 8212 SDRSVC - ok
00:13:49.0129 8212 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:13:49.0129 8212 SeaPort - ok
00:13:49.0145 8212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:13:49.0161 8212 secdrv - ok
00:13:49.0192 8212 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:13:49.0285 8212 seclogon - ok
00:13:49.0301 8212 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:13:49.0317 8212 SENS - ok
00:13:49.0363 8212 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:13:49.0363 8212 SensrSvc - ok
00:13:49.0410 8212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:13:49.0410 8212 Serenum - ok
00:13:49.0441 8212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:13:49.0441 8212 Serial - ok
00:13:49.0457 8212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:13:49.0473 8212 sermouse - ok
00:13:49.0519 8212 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:13:49.0644 8212 SessionEnv - ok
00:13:49.0644 8212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:13:49.0660 8212 sffdisk - ok
00:13:49.0660 8212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:13:49.0660 8212 sffp_mmc - ok
00:13:49.0675 8212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:13:49.0722 8212 sffp_sd - ok
00:13:49.0738 8212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:13:49.0738 8212 sfloppy - ok
00:13:49.0816 8212 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
00:13:49.0956 8212 Sftfs - ok
00:13:50.0019 8212 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:13:50.0112 8212 sftlist - ok
00:13:50.0143 8212 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:13:50.0190 8212 Sftplay - ok
00:13:50.0206 8212 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:13:50.0253 8212 Sftredir - ok
00:13:50.0331 8212 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:13:50.0455 8212 SftService - ok
00:13:50.0487 8212 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
00:13:50.0533 8212 Sftvol - ok
00:13:50.0565 8212 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:13:50.0611 8212 sftvsa - ok
00:13:50.0674 8212 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:13:50.0674 8212 SharedAccess - ok
00:13:50.0705 8212 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:13:50.0783 8212 ShellHWDetection - ok
00:13:50.0845 8212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:13:50.0861 8212 SiSRaid2 - ok
00:13:50.0877 8212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:13:50.0892 8212 SiSRaid4 - ok
00:13:50.0970 8212 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:13:53.0248 8212 SkypeUpdate - ok
00:13:53.0279 8212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:13:53.0295 8212 Smb - ok
00:13:53.0357 8212 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:13:53.0388 8212 SNMPTRAP - ok
00:13:53.0388 8212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:13:53.0404 8212 spldr - ok
00:13:53.0435 8212 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:13:53.0560 8212 Spooler - ok
00:13:53.0622 8212 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:13:53.0716 8212 sppsvc - ok
00:13:53.0716 8212 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:13:53.0731 8212 sppuinotify - ok
00:13:53.0763 8212 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:13:53.0856 8212 srv - ok
00:13:53.0903 8212 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:13:53.0950 8212 srv2 - ok
00:13:53.0965 8212 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:13:54.0012 8212 srvnet - ok
00:13:54.0059 8212 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:13:54.0075 8212 SSDPSRV - ok
00:13:54.0090 8212 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:13:54.0121 8212 SstpSvc - ok
00:13:54.0215 8212 Steam Client Service - ok
00:13:54.0246 8212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:13:54.0262 8212 stexstor - ok
00:13:54.0340 8212 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:13:54.0433 8212 stisvc - ok
00:13:54.0480 8212 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
00:13:54.0527 8212 stllssvr - ok
00:13:54.0527 8212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:13:54.0543 8212 swenum - ok
00:13:54.0636 8212 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:13:54.0714 8212 SwitchBoard - ok
00:13:54.0745 8212 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:13:54.0745 8212 swprv - ok
00:13:54.0792 8212 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:13:54.0855 8212 SysMain - ok
00:13:54.0870 8212 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:13:54.0948 8212 TabletInputService - ok
00:13:54.0964 8212 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:13:55.0011 8212 TapiSrv - ok
00:13:55.0042 8212 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:13:55.0042 8212 TBS - ok
00:13:55.0089 8212 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:13:55.0245 8212 Tcpip - ok
00:13:55.0291 8212 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:13:55.0323 8212 TCPIP6 - ok
00:13:55.0354 8212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:13:55.0401 8212 tcpipreg - ok
00:13:55.0416 8212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:13:55.0416 8212 TDPIPE - ok
00:13:55.0463 8212 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:13:55.0541 8212 TDTCP - ok
00:13:55.0572 8212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:13:55.0619 8212 tdx - ok
00:13:55.0650 8212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:13:55.0681 8212 TermDD - ok
00:13:55.0713 8212 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:13:55.0759 8212 TermService - ok
00:13:55.0775 8212 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:13:55.0791 8212 Themes - ok
00:13:55.0806 8212 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:13:55.0806 8212 THREADORDER - ok
00:13:55.0837 8212 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:13:55.0853 8212 TrkWks - ok
00:13:55.0900 8212 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:13:55.0915 8212 TrustedInstaller - ok
00:13:55.0931 8212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:13:56.0009 8212 tssecsrv - ok
00:13:56.0025 8212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:13:56.0071 8212 TsUsbFlt - ok
00:13:56.0087 8212 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:13:56.0181 8212 TsUsbGD - ok
00:13:56.0227 8212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:13:56.0321 8212 tunnel - ok
00:13:56.0337 8212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:13:56.0337 8212 uagp35 - ok
00:13:56.0352 8212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:13:56.0399 8212 udfs - ok
00:13:56.0415 8212 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:13:56.0430 8212 UI0Detect - ok
00:13:56.0446 8212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:13:56.0446 8212 uliagpkx - ok
00:13:56.0446 8212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:13:56.0493 8212 umbus - ok
00:13:56.0508 8212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:13:56.0508 8212 UmPass - ok
00:13:56.0539 8212 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:13:56.0539 8212 upnphost - ok
00:13:56.0617 8212 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:13:56.0727 8212 USBAAPL64 - ok
00:13:56.0789 8212 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:13:56.0851 8212 usbaudio - ok
00:13:56.0898 8212 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
00:13:56.0945 8212 usbccgp - ok
00:13:56.0961 8212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:13:56.0961 8212 usbcir - ok
00:13:56.0976 8212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:13:57.0023 8212 usbehci - ok
00:13:57.0039 8212 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
00:13:57.0085 8212 usbhub - ok
00:13:57.0117 8212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:13:57.0148 8212 usbohci - ok
00:13:57.0163 8212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:13:57.0163 8212 usbprint - ok
00:13:57.0179 8212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:13:57.0273 8212 USBSTOR - ok
00:13:57.0288 8212 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:13:57.0319 8212 usbuhci - ok
00:13:57.0351 8212 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:13:57.0351 8212 UxSms - ok
00:13:57.0397 8212 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:13:57.0397 8212 VaultSvc - ok
00:13:57.0429 8212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:13:57.0444 8212 vdrvroot - ok
00:13:57.0475 8212 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:13:57.0491 8212 vds - ok
00:13:57.0507 8212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:13:57.0507 8212 vga - ok
00:13:57.0522 8212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:13:57.0538 8212 VgaSave - ok
00:13:57.0569 8212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:13:57.0647 8212 vhdmp - ok
00:13:57.0647 8212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:13:57.0663 8212 viaide - ok
00:13:57.0663 8212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:13:57.0709 8212 volmgr - ok
00:13:57.0725 8212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:13:57.0725 8212 volmgrx - ok
00:13:57.0741 8212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:13:57.0803 8212 volsnap - ok
00:13:57.0803 8212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:13:57.0819 8212 vsmraid - ok
00:13:57.0881 8212 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:13:57.0928 8212 VSS - ok
00:13:57.0943 8212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:13:57.0943 8212 vwifibus - ok
00:13:57.0975 8212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:13:57.0990 8212 vwififlt - ok
00:13:58.0037 8212 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:13:58.0053 8212 vwifimp - ok
00:13:58.0162 8212 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
00:13:58.0302 8212 VX1000 - ok
00:13:58.0349 8212 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:13:58.0365 8212 W32Time - ok
00:13:58.0396 8212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:13:58.0396 8212 WacomPen - ok
00:13:58.0411 8212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:13:58.0474 8212 WANARP - ok
00:13:58.0474 8212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:13:58.0474 8212 Wanarpv6 - ok
00:13:58.0583 8212 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:13:58.0723 8212 WatAdminSvc - ok
00:13:58.0770 8212 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:13:58.0895 8212 wbengine - ok
00:13:58.0911 8212 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:13:58.0911 8212 WbioSrvc - ok
00:13:58.0926 8212 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:13:58.0973 8212 wcncsvc - ok
00:13:58.0989 8212 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:13:58.0989 8212 WcsPlugInService - ok
00:13:59.0004 8212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:13:59.0004 8212 Wd - ok
00:13:59.0020 8212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:13:59.0035 8212 Wdf01000 - ok
00:13:59.0051 8212 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:13:59.0082 8212 WdiServiceHost - ok
00:13:59.0082 8212 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:13:59.0098 8212 WdiSystemHost - ok
00:13:59.0113 8212 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:13:59.0191 8212 WebClient - ok
00:13:59.0207 8212 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:13:59.0223 8212 Wecsvc - ok
00:13:59.0223 8212 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:13:59.0238 8212 wercplsupport - ok
00:13:59.0254 8212 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:13:59.0254 8212 WerSvc - ok
00:13:59.0269 8212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:13:59.0269 8212 WfpLwf - ok
00:13:59.0301 8212 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
00:13:59.0394 8212 WimFltr - ok
00:13:59.0394 8212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:13:59.0394 8212 WIMMount - ok
00:13:59.0425 8212 WinDefend - ok
00:13:59.0425 8212 WinHttpAutoProxySvc - ok
00:13:59.0488 8212 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:13:59.0503 8212 Winmgmt - ok
00:13:59.0566 8212 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:13:59.0722 8212 WinRM - ok
00:13:59.0800 8212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:13:59.0909 8212 WinUsb - ok
00:13:59.0940 8212 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:13:59.0940 8212 Wlansvc - ok
00:13:59.0971 8212 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:14:00.0018 8212 wlcrasvc - ok
00:14:00.0096 8212 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:14:00.0237 8212 wlidsvc - ok
00:14:00.0268 8212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:14:00.0283 8212 WmiAcpi - ok
00:14:00.0315 8212 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:14:00.0315 8212 wmiApSrv - ok
00:14:00.0346 8212 WMPNetworkSvc - ok
00:14:00.0377 8212 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:14:00.0393 8212 WPCSvc - ok
00:14:00.0408 8212 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:14:00.0502 8212 WPDBusEnum - ok
00:14:00.0517 8212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:14:00.0517 8212 ws2ifsl - ok
00:14:00.0533 8212 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:14:00.0533 8212 wscsvc - ok
00:14:00.0549 8212 WSearch - ok
00:14:00.0611 8212 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:14:00.0673 8212 wuauserv - ok
00:14:00.0689 8212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:14:00.0814 8212 WudfPf - ok
00:14:00.0861 8212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:14:00.0985 8212 WUDFRd - ok
00:14:01.0001 8212 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:14:01.0048 8212 wudfsvc - ok
00:14:01.0063 8212 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:14:01.0063 8212 WwanSvc - ok
00:14:01.0141 8212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:14:01.0329 8212 \Device\Harddisk0\DR0 - ok
00:14:01.0344 8212 Boot (0x1200) (5a1698a3d1dcdc4fc358b04c96ab75cb) \Device\Harddisk0\DR0\Partition0
00:14:01.0344 8212 \Device\Harddisk0\DR0\Partition0 - ok
00:14:01.0375 8212 Boot (0x1200) (92d8b47ed8e618ef42be9013adcee042) \Device\Harddisk0\DR0\Partition1
00:14:01.0391 8212 \Device\Harddisk0\DR0\Partition1 - ok
00:14:01.0391 8212 ============================================================
00:14:01.0391 8212 Scan finished
00:14:01.0391 8212 ============================================================
00:14:01.0407 5552 Detected object count: 0
00:14:01.0407 5552 Actual detected object count: 0
00:14:31.0312 3360 Deinitialize success

#8 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 14 April 2012 - 05:58 PM

And here's the ComboFix Log:

ComboFix 12-04-14.03 - Evgeny 15/04/2012 0:36.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8191.6077 [GMT 2:00]
Eseguito da: c:\users\Evgeny\Desktop\ComboFix.exe
AV: McAfee Antivirus e Antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus e Antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\SysWow64\SET8AD2.tmp
c:\windows\SysWow64\SET8D05.tmp
c:\windows\SysWow64\SET9B73.tmp
c:\windows\SysWow64\SET9F10.tmp
c:\windows\SysWow64\SET9F7F.tmp
c:\windows\SysWow64\SETA39C.tmp
Y:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-14 al 2012-04-14 )))))))))))))))))))))))))))))))))))
.
.
2012-04-14 22:40 . 2012-04-14 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 19:34 . 2012-04-14 19:35 -------- d-----w- C:\FRST
2012-04-10 17:34 . 2012-04-10 17:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 17:34 . 2012-04-10 17:34 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-07 15:21 . 2012-04-07 15:21 -------- d-----w- c:\users\Evgeny\AppData\Roaming\RWBYTE
2012-04-07 15:16 . 2012-04-09 12:22 -------- d-----w- C:\7ce3031ea821e032fba97e5520
2012-03-18 00:56 . 2012-03-18 00:59 -------- d-----w- c:\program files\The Foundry
2012-03-18 00:56 . 2012-03-18 00:56 -------- d-----w- c:\programdata\The Foundry
2012-03-17 19:03 . 2012-03-17 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-17 01:13 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 01:13 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-17 01:13 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-16 12:50 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 12:50 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-16 12:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-16 12:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-16 12:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-16 12:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-16 12:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-16 12:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-16 12:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-16 12:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 17:40 . 2012-02-18 23:24 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-10 17:40 . 2011-08-15 18:25 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-10 17:39 . 2011-08-15 18:07 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-04 19:28 . 2012-03-04 19:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-29 19:21 . 2012-02-29 19:21 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-02-29 19:21 . 2012-02-29 19:21 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-26 21:09 . 2011-08-15 18:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task"="c:\program files (x86)\quicktime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-03-22 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-15 122880]
S2 AMDFusionSVC;Servizio AMD Fusion Utility;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:34]
.
2012-03-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Toolbar-Locked - (no file)
AddRemove-V-Ray for 3dsmax 2010 for x86 - c:\program files (x86)\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\wininstaller.exe-uninstall=c:\program files (x86)\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\install.log
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3800300409-424260607-1738725791-1001\Software\SecuROM\License information*]
"datasecu"=hex:82,c9,16,2e,be,e7,74,94,81,40,3d,d9,9f,e5,4d,04,e5,27,9f,e5,4b,
69,d0,58,d3,b2,32,4d,57,17,89,48,da,55,b3,6c,02,db,af,b6,db,d3,68,ad,30,8e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-15 00:47:54 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2012-04-14 22:47
.
Pre-Run: 1.151.428.210.688 byte disponibili
Post-Run: 1.154.141.847.552 byte disponibili
.
- - End Of File - - 9815F7830DE9F67ECEF92979E928450F

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 PM

Posted 14 April 2012 - 07:47 PM

Hi,

yes it's normal to have that update folder on your machine, I would leave it be, as for the intel reference, that's normal too, it's just remarking on it being a 64bit machine.

the logs look good, just a couple more scans to make sure we have everything now, please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 15 April 2012 - 06:42 AM

Hey CatByte,

Here's the Malwarebytes log, nothing was found, I'll post ESET log in my next reply:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Evgeny :: EVGENY-PC [administrator]

15/04/2012 13:16:20
mbam-log-2012-04-15 (13-16-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199833
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 15 April 2012 - 08:27 AM

Hi,

The computer is running alright I suppose, nothing too suspicious. Here are the ESET Scan results:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 PM

Posted 15 April 2012 - 11:24 AM

go to adobe's official website and update your Adobe Reader, Flash and Shockwave programs

http://www.adobe.com/downloads/


Now go to Java and download and install the latest Java

http://java.com/en/download/index.jsp

now please re-run DDS and post a fresh DDS log and Attach.txt and advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 16 April 2012 - 02:06 PM

Hi CatByte,
I have update eveything, nothing too suspicious, although it lagged a bit whist I was downloading the updates.
What about the two files detected by ESET, they clean?
Here are the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Evgeny at 20:58:03 on 2012-04-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8191.6631 [GMT 2:00]
.
AV: McAfee Antivirus e Antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus e Antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228105115.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29EC7D21-E32B-498B-B42A-06401DF8D6A0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5D26911-7979-4BE9-9934-854415751F14} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8dcb7100-df86-4384-8842-8fa844297b3f}
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;Servizio AMD Fusion Utility;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-8-8 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-8-8 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-8 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-3-22 25072]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
S3 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-8-8 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-16 17:49:59 472808 ----a-w- C:\Windows\SysWow64\RENFC19.tmp
2012-04-16 17:45:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 17:45:30 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-15 11:44:22 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-15 11:14:06 -------- d-----w- C:\Users\Evgeny\AppData\Roaming\Malwarebytes
2012-04-15 11:13:48 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-15 11:13:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-15 11:13:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 11:05:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-15 11:05:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-15 11:05:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-15 11:04:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-15 11:04:59 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-15 11:04:59 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-15 11:04:59 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-14 22:44:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-14 22:34:29 98816 ----a-w- C:\Windows\sed.exe
2012-04-14 22:34:29 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-14 22:34:29 256000 ----a-w- C:\Windows\PEV.exe
2012-04-14 22:34:29 208896 ----a-w- C:\Windows\MBR.exe
2012-04-14 19:34:12 -------- d-----w- C:\FRST
2012-04-09 12:25:02 -------- d-----w- C:\Windows\pss
2012-04-07 15:21:19 -------- d-----w- C:\Users\Evgeny\AppData\Roaming\RWBYTE
2012-04-07 15:16:33 -------- d-----w- C:\7ce3031ea821e032fba97e5520
2012-03-18 00:56:55 -------- d-----w- C:\ProgramData\The Foundry
2012-03-18 00:56:55 -------- d-----w- C:\Program Files\The Foundry
.
==================== Find3M ====================
.
2012-04-16 17:59:16 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-16 17:59:16 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-16 17:55:59 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-04 19:28:12 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-02-29 19:21:24 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-02-29 19:21:24 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-26 21:09:29 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:59:43,99 ===============

Attached Files



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 PM

Posted 16 April 2012 - 05:43 PM

Those detections are just advising the "type" of program that they are, they are fine.

We just have some housekeeping to do now, please do the following:


You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 hypnotyk

hypnotyk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 17 April 2012 - 10:00 AM

Hi,
One more thing, whilst I was uninstalling MalwareBytes a notification from McAfee popped up saying it deleted a Trojan Horse (Artemis!9467CAB03A5E), which happened to be ComboFix, is that normal? Now how should I delete the Qoobox folder?
And I also wanted to know if now the computer is safe and clean to do a backup, so if anything happends I can just reformat and restore the backup.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users