Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/sirefef.p Logs


  • This topic is locked This topic is locked
9 replies to this topic

#1 Monkeyhair

Monkeyhair

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 May 2012 - 05:43 AM

Redirected here from http://www.bleepingcomputer.com/forums/topic451990.html/page__pid__2683892#entry2683892

As i have a 64bit system I haven't done the GMER log.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Tom at 11:37:22 on 2012-05-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.6142.4202 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Tom\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
uRun: [eatwb] rundll32.exe "C:\Users\Tom\AppData\Local\Temp\eatwb.dll",mpegSplitOpenFile
uRun: [sretr] rundll32.exe "C:\Users\Tom\AppData\Local\Temp\sretr.dll",WriteDevParamToRawEx
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SteelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"
mRun: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2B2C3A1A-2ABF-40A9-A0F7-B65750B87C0B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2B2C3A1A-2ABF-40A9-A0F7-B65750B87C0B}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2B2C3A1A-2ABF-40A9-A0F7-B65750B87C0B}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{2B2C3A1A-2ABF-40A9-A0F7-B65750B87C0B}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B2C3A1A-2ABF-40A9-A0F7-B65750B87C0B}\E45445745414250245F4D4 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{2B2C3A1A-2ABF-40A9-A0F7-B65750B87C0B}\E45445745414250245F4D4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B71487C3-CACF-4843-9DD9-788C2C86AB6C} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SteelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"
mRun-x64: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-23 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-26 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2011-3-26 87040]
R3 Mo3Fltr;MMO Mouse;C:\Windows\system32\drivers\Mo3Fltr.sys --> C:\Windows\system32\drivers\Mo3Fltr.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
S2 SkypeUpdate;Skype Updater;"C:\Program Files (x86)\Skype\Updater\Updater.exe" --> C:\Program Files (x86)\Skype\Updater\Updater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13C.sys --> C:\Windows\system32\DRIVERS\MRVW13C.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-30 15:19:27 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-04-30 15:19:27 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-13 23:35:39 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 23:35:39 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-13 23:35:31 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-26 17:56:10 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-26 17:56:10 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-26 17:55:51 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-26 15:33:55 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-07 00:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-07 00:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-07 00:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-07 00:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 12:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:38:06.84 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 02 May 2012 - 01:01 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Monkeyhair

Monkeyhair
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 02 May 2012 - 07:48 AM

Hello Gringo,

Thanks for taking time to help, here are the logs as requested.

On a sidenote, Avast hasn't blocked any malicious URLs since combofix did a reboot, however im still a little sketchy on if its spread etc.

SecurityCheck:


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 32
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````



ComboFix Log:


ComboFix 12-05-01.03 - Tom 02/05/2012 13:27:41.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.6142.4483 [GMT 1:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\Tom\AppData\Local\Temp\eatwb.dll
c:\users\Tom\AppData\Local\Temp\sretr.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 12:34 . 2012-05-02 12:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-02 12:34 . 2012-05-02 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 18:41 . 2012-04-30 18:41 -------- d-----w- c:\program files (x86)\ESET
2012-04-30 15:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-30 15:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-30 15:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-30 15:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-30 15:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-30 15:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-30 15:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-30 15:27 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-30 15:27 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-30 15:27 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-30 15:27 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-30 15:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-30 15:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-30 15:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-30 15:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-30 15:26 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-30 15:26 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-30 15:20 . 2012-04-30 15:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-30 15:19 . 2012-04-30 15:19 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-30 15:12 . 2012-04-30 15:12 -------- d-----w- c:\users\Tom\AppData\Local\{D0E92CC3-92D6-11E1-826D-B8AC6F996F26}
2012-04-30 15:12 . 2012-04-30 15:12 -------- d-----w- c:\users\Tom\AppData\Local\{D0E8EF07-92D6-11E1-826D-B8AC6F996F26}
2012-04-30 13:41 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23244293-7995-4CF7-9BCD-0AD1891793EC}\mpengine.dll
2012-04-30 13:16 . 2012-04-30 13:16 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 13:16 . 2012-04-30 13:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-27 20:55 . 2012-04-27 20:55 -------- d-----w- c:\users\Tom\AppData\Roaming\LolClient
2012-04-27 19:49 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-04-27 19:49 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-04-27 19:49 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-04-13 22:35 . 2012-04-13 23:35 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 15:37 . 2012-04-10 15:37 -------- d-----w- c:\program files (x86)\uTorrentControl3
2012-04-10 15:36 . 2012-04-22 00:48 -------- d-----w- c:\users\Tom\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 15:19 . 2010-09-03 11:04 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 23:35 . 2012-03-30 20:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 23:35 . 2012-03-30 20:32 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 14:56 . 2010-09-04 22:47 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 17:56 . 2010-07-27 16:22 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-26 17:56 . 2010-07-27 15:50 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-26 17:55 . 2010-07-27 15:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-26 15:33 . 2010-07-27 15:50 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-07 00:15 . 2010-07-27 15:42 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-07-27 15:42 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-08-08 11:39 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-08-08 11:39 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2010-07-27 15:42 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 14:23 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2010-07-27 15:42 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-07-27 15:42 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2010-07-27 15:42 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 00:02 . 2012-03-26 15:25 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-03-26 15:25 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-03-26 15:25 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-03-26 15:25 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-03-26 15:25 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-03-26 15:25 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-26 15:25 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-03-26 15:25 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-03-26 15:25 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-03-26 15:25 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-26 15:25 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-03-26 15:25 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2012-03-26 15:25 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-03-26 15:25 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2012-03-26 15:25 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-01 00:02 . 2012-03-26 15:25 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-03-26 15:25 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2011-08-08 11:56 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-01-02 17:33 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2010-07-10 04:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2009-06-10 20:37 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-29 21:00 . 2010-10-16 13:13 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2010-10-16 13:13 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2010-10-16 13:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-10-16 13:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2010-07-09 15:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 09:18 . 2010-07-27 15:50 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\Steam.exe" [2012-03-30 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SteelSeries World of Warcraft MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe" [2011-01-31 1650688]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2011-03-26 87040]
S3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:35]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 01:58]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 01:58]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2022580411-3154823147-2638298378-1001Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-13 16:10]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2022580411-3154823147-2638298378-1001UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-13 16:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2B2C3A1A-2ABF-40A9-A0F7-B65750B87C0B}\E45445745414250245F4D4: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-Skype - c:\program files (x86)\Skype\Phone\Skype.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-Fraps - d:\games\Fraps\uninstall.exe
AddRemove-Neffy - c:\program files (x86)\Neffy\uninst.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
AddRemove-SimCity 3000 UK Edition - d:\games\DeIsL1.isu
AddRemove-World of Warcraft Public Test - c:\program files (x86)\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe
AddRemove-{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1 - d:\program files\BRS\unins000.exe
AddRemove-World of Logs Client (4.2) - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-05-02 13:41:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 12:41
.
Pre-Run: 20,665,864,192 bytes free
Post-Run: 23,278,321,664 bytes free
.
- - End Of File - - 5E060497AD285C8E63570453DD61589B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 02 May 2012 - 08:10 AM

Greetings Monkeyhair

OK, I am going to do some more checking just keep informed if you get any more warnings.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Monkeyhair

Monkeyhair
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 02 May 2012 - 09:03 AM

Hi Gringo,

here are the logs:


14:23:06.0901 1604 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:23:07.0021 1604 ============================================================
14:23:07.0021 1604 Current date / time: 2012/05/02 14:23:07.0021
14:23:07.0021 1604 SystemInfo:
14:23:07.0021 1604
14:23:07.0021 1604 OS Version: 6.1.7601 ServicePack: 1.0
14:23:07.0021 1604 Product type: Workstation
14:23:07.0021 1604 ComputerName: TOM-PC
14:23:07.0021 1604 UserName: Tom
14:23:07.0021 1604 Windows directory: C:\Windows
14:23:07.0021 1604 System windows directory: C:\Windows
14:23:07.0021 1604 Running under WOW64
14:23:07.0021 1604 Processor architecture: Intel x64
14:23:07.0021 1604 Number of processors: 2
14:23:07.0021 1604 Page size: 0x1000
14:23:07.0021 1604 Boot type: Normal boot
14:23:07.0021 1604 ============================================================
14:23:07.0497 1604 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:23:07.0501 1604 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:23:07.0508 1604 ============================================================
14:23:07.0508 1604 \Device\Harddisk0\DR0:
14:23:07.0513 1604 MBR partitions:
14:23:07.0513 1604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:23:07.0513 1604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
14:23:07.0513 1604 \Device\Harddisk1\DR1:
14:23:07.0518 1604 MBR partitions:
14:23:07.0518 1604 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
14:23:07.0518 1604 ============================================================
14:23:07.0542 1604 C: <-> \Device\Harddisk0\DR0\Partition1
14:23:07.0561 1604 D: <-> \Device\Harddisk1\DR1\Partition0
14:23:07.0561 1604 ============================================================
14:23:07.0561 1604 Initialize success
14:23:07.0561 1604 ============================================================
14:23:18.0349 1892 ============================================================
14:23:18.0349 1892 Scan started
14:23:18.0349 1892 Mode: Manual;
14:23:18.0349 1892 ============================================================
14:23:18.0944 1892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:23:18.0948 1892 1394ohci - ok
14:23:18.0998 1892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:23:19.0009 1892 ACPI - ok
14:23:19.0035 1892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:23:19.0036 1892 AcpiPmi - ok
14:23:19.0157 1892 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:23:19.0159 1892 AdobeFlashPlayerUpdateSvc - ok
14:23:19.0206 1892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:23:19.0223 1892 adp94xx - ok
14:23:19.0260 1892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:23:19.0276 1892 adpahci - ok
14:23:19.0307 1892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:23:19.0307 1892 adpu320 - ok
14:23:19.0338 1892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:23:19.0338 1892 AeLookupSvc - ok
14:23:19.0408 1892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:23:19.0424 1892 AFD - ok
14:23:19.0465 1892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:23:19.0466 1892 agp440 - ok
14:23:19.0481 1892 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:23:19.0483 1892 ALG - ok
14:23:19.0501 1892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:23:19.0502 1892 aliide - ok
14:23:19.0545 1892 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
14:23:19.0546 1892 Alpham1 - ok
14:23:19.0583 1892 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
14:23:19.0585 1892 Alpham2 - ok
14:23:19.0596 1892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:23:19.0597 1892 amdide - ok
14:23:19.0635 1892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:23:19.0636 1892 AmdK8 - ok
14:23:19.0654 1892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:23:19.0655 1892 AmdPPM - ok
14:23:19.0686 1892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:23:19.0693 1892 amdsata - ok
14:23:19.0707 1892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:23:19.0712 1892 amdsbs - ok
14:23:19.0730 1892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:23:19.0731 1892 amdxata - ok
14:23:19.0793 1892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:23:19.0795 1892 AppID - ok
14:23:19.0829 1892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:23:19.0830 1892 AppIDSvc - ok
14:23:19.0875 1892 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:23:19.0876 1892 Appinfo - ok
14:23:19.0975 1892 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:23:19.0977 1892 Apple Mobile Device - ok
14:23:20.0020 1892 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:23:20.0026 1892 AppMgmt - ok
14:23:20.0062 1892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:23:20.0069 1892 arc - ok
14:23:20.0086 1892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:23:20.0094 1892 arcsas - ok
14:23:20.0202 1892 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:23:20.0203 1892 aspnet_state - ok
14:23:20.0239 1892 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
14:23:20.0240 1892 aswFsBlk - ok
14:23:20.0273 1892 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
14:23:20.0273 1892 aswMonFlt - ok
14:23:20.0315 1892 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
14:23:20.0316 1892 aswRdr - ok
14:23:20.0409 1892 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
14:23:20.0409 1892 aswSnx - ok
14:23:20.0424 1892 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
14:23:20.0440 1892 aswSP - ok
14:23:20.0456 1892 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
14:23:20.0456 1892 aswTdi - ok
14:23:20.0487 1892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:23:20.0487 1892 AsyncMac - ok
14:23:20.0502 1892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:23:20.0518 1892 atapi - ok
14:23:20.0565 1892 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:23:20.0565 1892 AudioEndpointBuilder - ok
14:23:20.0581 1892 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:23:20.0581 1892 AudioSrv - ok
14:23:20.0659 1892 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:23:20.0659 1892 avast! Antivirus - ok
14:23:20.0706 1892 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:23:20.0721 1892 AxInstSV - ok
14:23:20.0768 1892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:23:20.0768 1892 b06bdrv - ok
14:23:20.0830 1892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:23:20.0843 1892 b57nd60a - ok
14:23:20.0873 1892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:23:20.0881 1892 BDESVC - ok
14:23:20.0898 1892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:23:20.0899 1892 Beep - ok
14:23:20.0978 1892 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:23:21.0000 1892 BFE - ok
14:23:21.0064 1892 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:23:21.0094 1892 BITS - ok
14:23:21.0151 1892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:23:21.0152 1892 blbdrive - ok
14:23:21.0195 1892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:23:21.0202 1892 bowser - ok
14:23:21.0255 1892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:23:21.0279 1892 BrFiltLo - ok
14:23:21.0338 1892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:23:21.0339 1892 BrFiltUp - ok
14:23:21.0460 1892 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:23:21.0467 1892 BridgeMP - ok
14:23:21.0503 1892 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:23:21.0510 1892 Browser - ok
14:23:21.0544 1892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:23:21.0557 1892 Brserid - ok
14:23:21.0812 1892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:23:21.0813 1892 BrSerWdm - ok
14:23:21.0822 1892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:23:21.0822 1892 BrUsbMdm - ok
14:23:21.0837 1892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:23:21.0837 1892 BrUsbSer - ok
14:23:21.0853 1892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:23:21.0853 1892 BTHMODEM - ok
14:23:21.0884 1892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:23:21.0884 1892 bthserv - ok
14:23:21.0932 1892 catchme - ok
14:23:21.0948 1892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:23:21.0956 1892 cdfs - ok
14:23:22.0010 1892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:23:22.0017 1892 cdrom - ok
14:23:22.0060 1892 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:23:22.0062 1892 CertPropSvc - ok
14:23:22.0091 1892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:23:22.0093 1892 circlass - ok
14:23:22.0133 1892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:23:22.0149 1892 CLFS - ok
14:23:22.0207 1892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:23:22.0208 1892 clr_optimization_v2.0.50727_32 - ok
14:23:22.0252 1892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:23:22.0259 1892 clr_optimization_v2.0.50727_64 - ok
14:23:22.0349 1892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:23:22.0351 1892 clr_optimization_v4.0.30319_32 - ok
14:23:22.0395 1892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:23:22.0396 1892 clr_optimization_v4.0.30319_64 - ok
14:23:22.0431 1892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:23:22.0432 1892 CmBatt - ok
14:23:22.0458 1892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:23:22.0458 1892 cmdide - ok
14:23:22.0506 1892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:23:22.0515 1892 CNG - ok
14:23:22.0530 1892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:23:22.0531 1892 Compbatt - ok
14:23:22.0574 1892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:23:22.0575 1892 CompositeBus - ok
14:23:22.0588 1892 COMSysApp - ok
14:23:22.0618 1892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:23:22.0620 1892 crcdisk - ok
14:23:22.0685 1892 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:23:22.0690 1892 CryptSvc - ok
14:23:22.0740 1892 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:23:22.0757 1892 CSC - ok
14:23:22.0803 1892 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:23:22.0819 1892 CscService - ok
14:23:22.0874 1892 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:23:22.0878 1892 DcomLaunch - ok
14:23:22.0913 1892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:23:22.0922 1892 defragsvc - ok
14:23:22.0985 1892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:23:23.0000 1892 DfsC - ok
14:23:23.0047 1892 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:23:23.0063 1892 Dhcp - ok
14:23:23.0079 1892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:23:23.0079 1892 discache - ok
14:23:23.0110 1892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:23:23.0110 1892 Disk - ok
14:23:23.0157 1892 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:23:23.0172 1892 Dnscache - ok
14:23:23.0204 1892 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:23:23.0219 1892 dot3svc - ok
14:23:23.0266 1892 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:23:23.0266 1892 DPS - ok
14:23:23.0313 1892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:23:23.0313 1892 drmkaud - ok
14:23:23.0376 1892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:23:23.0381 1892 DXGKrnl - ok
14:23:23.0418 1892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:23:23.0425 1892 EapHost - ok
14:23:23.0554 1892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:23:23.0632 1892 ebdrv - ok
14:23:23.0734 1892 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:23:23.0736 1892 EFS - ok
14:23:23.0814 1892 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:23:23.0836 1892 ehRecvr - ok
14:23:23.0868 1892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:23:23.0875 1892 ehSched - ok
14:23:23.0950 1892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:23:23.0969 1892 elxstor - ok
14:23:24.0001 1892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:23:24.0002 1892 ErrDev - ok
14:23:24.0050 1892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:23:24.0061 1892 EventSystem - ok
14:23:24.0081 1892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:23:24.0088 1892 exfat - ok
14:23:24.0102 1892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:23:24.0108 1892 fastfat - ok
14:23:24.0179 1892 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:23:24.0195 1892 Fax - ok
14:23:24.0207 1892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:23:24.0208 1892 fdc - ok
14:23:24.0229 1892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:23:24.0230 1892 fdPHost - ok
14:23:24.0234 1892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:23:24.0237 1892 FDResPub - ok
14:23:24.0247 1892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:23:24.0248 1892 FileInfo - ok
14:23:24.0259 1892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:23:24.0260 1892 Filetrace - ok
14:23:24.0280 1892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:23:24.0281 1892 flpydisk - ok
14:23:24.0315 1892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:23:24.0329 1892 FltMgr - ok
14:23:24.0386 1892 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:23:24.0417 1892 FontCache - ok
14:23:24.0523 1892 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:23:24.0525 1892 FontCache3.0.0.0 - ok
14:23:24.0577 1892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:23:24.0579 1892 FsDepends - ok
14:23:24.0611 1892 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:23:24.0612 1892 Fs_Rec - ok
14:23:24.0658 1892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:23:24.0665 1892 fvevol - ok
14:23:24.0696 1892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:23:24.0698 1892 gagp30kx - ok
14:23:24.0748 1892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:23:24.0749 1892 GEARAspiWDM - ok
14:23:24.0802 1892 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:23:24.0819 1892 gpsvc - ok
14:23:24.0942 1892 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:23:24.0950 1892 gupdate - ok
14:23:24.0973 1892 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:23:24.0974 1892 gupdatem - ok
14:23:25.0018 1892 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:23:25.0020 1892 hamachi - ok
14:23:25.0045 1892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:23:25.0047 1892 hcw85cir - ok
14:23:25.0109 1892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:23:25.0122 1892 HdAudAddService - ok
14:23:25.0144 1892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:23:25.0145 1892 HDAudBus - ok
14:23:25.0159 1892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:23:25.0160 1892 HidBatt - ok
14:23:25.0176 1892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:23:25.0184 1892 HidBth - ok
14:23:25.0202 1892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:23:25.0203 1892 HidIr - ok
14:23:25.0222 1892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:23:25.0224 1892 hidserv - ok
14:23:25.0302 1892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:23:25.0303 1892 HidUsb - ok
14:23:25.0333 1892 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:23:25.0339 1892 hkmsvc - ok
14:23:25.0374 1892 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:23:25.0387 1892 HomeGroupListener - ok
14:23:25.0425 1892 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:23:25.0439 1892 HomeGroupProvider - ok
14:23:25.0469 1892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:23:25.0471 1892 HpSAMD - ok
14:23:25.0534 1892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:23:25.0549 1892 HTTP - ok
14:23:25.0596 1892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:23:25.0596 1892 hwpolicy - ok
14:23:25.0659 1892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:23:25.0674 1892 i8042prt - ok
14:23:25.0706 1892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:23:25.0721 1892 iaStorV - ok
14:23:25.0831 1892 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:23:25.0862 1892 idsvc - ok
14:23:25.0893 1892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:23:25.0893 1892 iirsp - ok
14:23:25.0963 1892 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:23:25.0985 1892 IKEEXT - ok
14:23:26.0012 1892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:23:26.0013 1892 intelide - ok
14:23:26.0038 1892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:23:26.0039 1892 intelppm - ok
14:23:26.0056 1892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:23:26.0064 1892 IPBusEnum - ok
14:23:26.0094 1892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:23:26.0103 1892 IpFilterDriver - ok
14:23:26.0149 1892 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:23:26.0166 1892 iphlpsvc - ok
14:23:26.0202 1892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:23:26.0203 1892 IPMIDRV - ok
14:23:26.0240 1892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:23:26.0247 1892 IPNAT - ok
14:23:26.0353 1892 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
14:23:26.0358 1892 iPod Service - ok
14:23:26.0383 1892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:23:26.0384 1892 IRENUM - ok
14:23:26.0414 1892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:23:26.0415 1892 isapnp - ok
14:23:26.0619 1892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:23:26.0626 1892 iScsiPrt - ok
14:23:26.0672 1892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:23:26.0673 1892 kbdclass - ok
14:23:26.0715 1892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:23:26.0716 1892 kbdhid - ok
14:23:26.0750 1892 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:23:26.0752 1892 KeyIso - ok
14:23:26.0787 1892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:23:26.0793 1892 KSecDD - ok
14:23:26.0810 1892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:23:26.0816 1892 KSecPkg - ok
14:23:26.0837 1892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:23:26.0838 1892 ksthunk - ok
14:23:26.0873 1892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:23:26.0883 1892 KtmRm - ok
14:23:26.0934 1892 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:23:26.0947 1892 LanmanServer - ok
14:23:26.0978 1892 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:23:26.0994 1892 LanmanWorkstation - ok
14:23:27.0049 1892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:23:27.0051 1892 lltdio - ok
14:23:27.0086 1892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:23:27.0099 1892 lltdsvc - ok
14:23:27.0118 1892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:23:27.0120 1892 lmhosts - ok
14:23:27.0146 1892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:23:27.0153 1892 LSI_FC - ok
14:23:27.0169 1892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:23:27.0176 1892 LSI_SAS - ok
14:23:27.0186 1892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:23:27.0188 1892 LSI_SAS2 - ok
14:23:27.0205 1892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:23:27.0213 1892 LSI_SCSI - ok
14:23:27.0239 1892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:23:27.0246 1892 luafv - ok
14:23:27.0273 1892 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:23:27.0281 1892 Mcx2Svc - ok
14:23:27.0292 1892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:23:27.0293 1892 megasas - ok
14:23:27.0319 1892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:23:27.0332 1892 MegaSR - ok
14:23:27.0401 1892 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:23:27.0403 1892 Microsoft Office Groove Audit Service - ok
14:23:27.0439 1892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:23:27.0442 1892 MMCSS - ok
14:23:27.0494 1892 Mo3Fltr (2397380b022384294a3d1e625de98af7) C:\Windows\system32\drivers\Mo3Fltr.sys
14:23:27.0495 1892 Mo3Fltr - ok
14:23:27.0519 1892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:23:27.0520 1892 Modem - ok
14:23:27.0546 1892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:23:27.0547 1892 monitor - ok
14:23:27.0586 1892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:23:27.0587 1892 mouclass - ok
14:23:27.0616 1892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:23:27.0617 1892 mouhid - ok
14:23:27.0649 1892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:23:27.0655 1892 mountmgr - ok
14:23:27.0686 1892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:23:27.0693 1892 mpio - ok
14:23:27.0714 1892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:23:27.0716 1892 mpsdrv - ok
14:23:27.0776 1892 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:23:27.0814 1892 MpsSvc - ok
14:23:27.0862 1892 MRV6X64P (bb56a50c1b9b352b3fc52a0e2931572a) C:\Windows\system32\DRIVERS\MRVW13C.sys
14:23:27.0875 1892 MRV6X64P - ok
14:23:27.0910 1892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:23:27.0916 1892 MRxDAV - ok
14:23:27.0953 1892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:23:27.0958 1892 mrxsmb - ok
14:23:28.0000 1892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:23:28.0012 1892 mrxsmb10 - ok
14:23:28.0048 1892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:23:28.0064 1892 mrxsmb20 - ok
14:23:28.0080 1892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:23:28.0080 1892 msahci - ok
14:23:28.0111 1892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:23:28.0126 1892 msdsm - ok
14:23:28.0142 1892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:23:28.0158 1892 MSDTC - ok
14:23:28.0189 1892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:23:28.0189 1892 Msfs - ok
14:23:28.0189 1892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:23:28.0189 1892 mshidkmdf - ok
14:23:28.0205 1892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:23:28.0205 1892 msisadrv - ok
14:23:28.0251 1892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:23:28.0251 1892 MSiSCSI - ok
14:23:28.0251 1892 msiserver - ok
14:23:28.0283 1892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:23:28.0283 1892 MSKSSRV - ok
14:23:28.0298 1892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:23:28.0298 1892 MSPCLOCK - ok
14:23:28.0314 1892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:23:28.0314 1892 MSPQM - ok
14:23:28.0361 1892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:23:28.0376 1892 MsRPC - ok
14:23:28.0410 1892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:23:28.0410 1892 mssmbios - ok
14:23:28.0425 1892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:23:28.0425 1892 MSTEE - ok
14:23:28.0441 1892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:23:28.0441 1892 MTConfig - ok
14:23:28.0457 1892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:23:28.0457 1892 Mup - ok
14:23:28.0526 1892 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:23:28.0544 1892 napagent - ok
14:23:28.0584 1892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:23:28.0596 1892 NativeWifiP - ok
14:23:28.0648 1892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:23:28.0666 1892 NDIS - ok
14:23:28.0687 1892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:23:28.0689 1892 NdisCap - ok
14:23:28.0713 1892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:23:28.0714 1892 NdisTapi - ok
14:23:28.0755 1892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:23:28.0757 1892 Ndisuio - ok
14:23:28.0794 1892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:23:28.0800 1892 NdisWan - ok
14:23:28.0836 1892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:23:28.0838 1892 NDProxy - ok
14:23:28.0866 1892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:23:28.0868 1892 NetBIOS - ok
14:23:28.0909 1892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:23:28.0921 1892 NetBT - ok
14:23:28.0965 1892 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:23:28.0967 1892 Netlogon - ok
14:23:29.0006 1892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:23:29.0017 1892 Netman - ok
14:23:29.0123 1892 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:29.0129 1892 NetMsmqActivator - ok
14:23:29.0133 1892 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:29.0136 1892 NetPipeActivator - ok
14:23:29.0177 1892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:23:29.0212 1892 netprofm - ok
14:23:29.0216 1892 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:29.0218 1892 NetTcpActivator - ok
14:23:29.0221 1892 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:29.0222 1892 NetTcpPortSharing - ok
14:23:29.0287 1892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:23:29.0288 1892 nfrd960 - ok
14:23:29.0339 1892 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:23:29.0351 1892 NlaSvc - ok
14:23:29.0362 1892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:23:29.0364 1892 Npfs - ok
14:23:29.0387 1892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:23:29.0390 1892 nsi - ok
14:23:29.0400 1892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:23:29.0401 1892 nsiproxy - ok
14:23:29.0493 1892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:23:29.0541 1892 Ntfs - ok
14:23:29.0669 1892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:23:29.0670 1892 Null - ok
14:23:30.0145 1892 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:23:30.0210 1892 nvlddmkm - ok
14:23:30.0346 1892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:23:30.0352 1892 nvraid - ok
14:23:30.0384 1892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:23:30.0390 1892 nvstor - ok
14:23:30.0466 1892 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
14:23:30.0487 1892 nvsvc - ok
14:23:30.0658 1892 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:23:30.0673 1892 nvUpdatusService - ok
14:23:30.0798 1892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:23:30.0814 1892 nv_agp - ok
14:23:30.0908 1892 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:23:30.0923 1892 odserv - ok
14:23:30.0955 1892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:23:30.0955 1892 ohci1394 - ok
14:23:30.0970 1892 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:23:30.0986 1892 ose - ok
14:23:31.0017 1892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:23:31.0033 1892 p2pimsvc - ok
14:23:31.0048 1892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:23:31.0081 1892 p2psvc - ok
14:23:31.0110 1892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:23:31.0117 1892 Parport - ok
14:23:31.0146 1892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:23:31.0148 1892 partmgr - ok
14:23:31.0160 1892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:23:31.0174 1892 PcaSvc - ok
14:23:31.0214 1892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:23:31.0220 1892 pci - ok
14:23:31.0227 1892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:23:31.0228 1892 pciide - ok
14:23:31.0257 1892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:23:31.0271 1892 pcmcia - ok
14:23:31.0288 1892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:23:31.0289 1892 pcw - ok
14:23:31.0324 1892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:23:31.0338 1892 PEAUTH - ok
14:23:31.0409 1892 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:23:31.0457 1892 PeerDistSvc - ok
14:23:31.0526 1892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:23:31.0528 1892 PerfHost - ok
14:23:31.0645 1892 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:23:31.0679 1892 pla - ok
14:23:31.0731 1892 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:23:31.0744 1892 PlugPlay - ok
14:23:31.0778 1892 PnkBstrA - ok
14:23:31.0799 1892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:23:31.0803 1892 PNRPAutoReg - ok
14:23:31.0825 1892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:23:31.0829 1892 PNRPsvc - ok
14:23:31.0875 1892 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:23:31.0894 1892 PolicyAgent - ok
14:23:31.0922 1892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:23:31.0937 1892 Power - ok
14:23:31.0999 1892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:23:32.0005 1892 PptpMiniport - ok
14:23:32.0033 1892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:23:32.0034 1892 Processor - ok
14:23:32.0102 1892 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:23:32.0102 1892 ProfSvc - ok
14:23:32.0149 1892 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:23:32.0149 1892 ProtectedStorage - ok
14:23:32.0195 1892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:23:32.0202 1892 Psched - ok
14:23:32.0235 1892 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:23:32.0237 1892 PxHlpa64 - ok
14:23:32.0295 1892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:23:32.0329 1892 ql2300 - ok
14:23:32.0451 1892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:23:32.0458 1892 ql40xx - ok
14:23:32.0485 1892 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:23:32.0498 1892 QWAVE - ok
14:23:32.0520 1892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:23:32.0521 1892 QWAVEdrv - ok
14:23:32.0538 1892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:23:32.0539 1892 RasAcd - ok
14:23:32.0566 1892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:23:32.0568 1892 RasAgileVpn - ok
14:23:32.0576 1892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:23:32.0583 1892 RasAuto - ok
14:23:32.0623 1892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:23:32.0629 1892 Rasl2tp - ok
14:23:32.0673 1892 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:23:32.0686 1892 RasMan - ok
14:23:32.0711 1892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:23:32.0719 1892 RasPppoe - ok
14:23:32.0728 1892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:23:32.0736 1892 RasSstp - ok
14:23:32.0776 1892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:23:32.0789 1892 rdbss - ok
14:23:32.0802 1892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:23:32.0803 1892 rdpbus - ok
14:23:32.0809 1892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:23:32.0810 1892 RDPCDD - ok
14:23:32.0852 1892 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:23:32.0858 1892 RDPDR - ok
14:23:32.0884 1892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:23:32.0885 1892 RDPENCDD - ok
14:23:32.0892 1892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:23:32.0894 1892 RDPREFMP - ok
14:23:32.0935 1892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:23:32.0950 1892 RDPWD - ok
14:23:32.0998 1892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:23:33.0002 1892 rdyboost - ok
14:23:33.0020 1892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:23:33.0027 1892 RemoteAccess - ok
14:23:33.0054 1892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:23:33.0060 1892 RemoteRegistry - ok
14:23:33.0103 1892 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:23:33.0105 1892 RimUsb - ok
14:23:33.0128 1892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:23:33.0132 1892 RpcEptMapper - ok
14:23:33.0153 1892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:23:33.0156 1892 RpcLocator - ok
14:23:33.0204 1892 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:23:33.0204 1892 RpcSs - ok
14:23:33.0250 1892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:23:33.0250 1892 rspndr - ok
14:23:33.0282 1892 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:23:33.0282 1892 s3cap - ok
14:23:33.0313 1892 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:23:33.0313 1892 SamSs - ok
14:23:33.0344 1892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:23:33.0344 1892 sbp2port - ok
14:23:33.0375 1892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:23:33.0391 1892 SCardSvr - ok
14:23:33.0438 1892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:23:33.0438 1892 scfilter - ok
14:23:33.0501 1892 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:23:33.0533 1892 Schedule - ok
14:23:33.0564 1892 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:23:33.0564 1892 SCPolicySvc - ok
14:23:33.0595 1892 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:23:33.0611 1892 SDRSVC - ok
14:23:33.0679 1892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:23:33.0680 1892 secdrv - ok
14:23:33.0687 1892 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:23:33.0690 1892 seclogon - ok
14:23:33.0718 1892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:23:33.0722 1892 SENS - ok
14:23:33.0740 1892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:23:33.0744 1892 SensrSvc - ok
14:23:33.0760 1892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:23:33.0762 1892 Serenum - ok
14:23:33.0789 1892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:23:33.0796 1892 Serial - ok
14:23:33.0824 1892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:23:33.0825 1892 sermouse - ok
14:23:33.0868 1892 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:23:33.0875 1892 SessionEnv - ok
14:23:33.0903 1892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:23:33.0904 1892 sffdisk - ok
14:23:33.0921 1892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:23:33.0923 1892 sffp_mmc - ok
14:23:33.0942 1892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:23:33.0944 1892 sffp_sd - ok
14:23:33.0953 1892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:23:33.0954 1892 sfloppy - ok
14:23:33.0992 1892 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:23:34.0003 1892 SharedAccess - ok
14:23:34.0047 1892 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:23:34.0060 1892 ShellHWDetection - ok
14:23:34.0083 1892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:23:34.0084 1892 SiSRaid2 - ok
14:23:34.0106 1892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:23:34.0108 1892 SiSRaid4 - ok
14:23:34.0159 1892 SkypeUpdate - ok
14:23:34.0189 1892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:23:34.0197 1892 Smb - ok
14:23:34.0242 1892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:23:34.0246 1892 SNMPTRAP - ok
14:23:34.0252 1892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:23:34.0253 1892 spldr - ok
14:23:34.0308 1892 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:23:34.0326 1892 Spooler - ok
14:23:34.0467 1892 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:23:34.0536 1892 sppsvc - ok
14:23:34.0629 1892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:23:34.0633 1892 sppuinotify - ok
14:23:34.0696 1892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:23:34.0711 1892 srv - ok
14:23:34.0765 1892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:23:34.0778 1892 srv2 - ok
14:23:34.0792 1892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:23:34.0800 1892 srvnet - ok
14:23:34.0820 1892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:23:34.0833 1892 SSDPSRV - ok
14:23:34.0848 1892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:23:34.0852 1892 SstpSvc - ok
14:23:34.0924 1892 Steam Client Service - ok
14:23:35.0039 1892 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:23:35.0041 1892 Stereo Service - ok
14:23:35.0063 1892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:23:35.0064 1892 stexstor - ok
14:23:35.0125 1892 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:23:35.0143 1892 stisvc - ok
14:23:35.0192 1892 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:23:35.0193 1892 storflt - ok
14:23:35.0210 1892 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:23:35.0214 1892 StorSvc - ok
14:23:35.0233 1892 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:23:35.0234 1892 storvsc - ok
14:23:35.0268 1892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:23:35.0268 1892 swenum - ok
14:23:35.0307 1892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:23:35.0327 1892 swprv - ok
14:23:35.0419 1892 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:23:35.0469 1892 SysMain - ok
14:23:35.0577 1892 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:23:35.0584 1892 TabletInputService - ok
14:23:35.0607 1892 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:23:35.0620 1892 TapiSrv - ok
14:23:35.0640 1892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:23:35.0645 1892 TBS - ok
14:23:35.0765 1892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:23:35.0812 1892 Tcpip - ok
14:23:35.0953 1892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:23:35.0968 1892 TCPIP6 - ok
14:23:36.0031 1892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:23:36.0031 1892 tcpipreg - ok
14:23:36.0062 1892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:23:36.0062 1892 TDPIPE - ok
14:23:36.0093 1892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:23:36.0093 1892 TDTCP - ok
14:23:36.0140 1892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:23:36.0140 1892 tdx - ok
14:23:36.0171 1892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:23:36.0171 1892 TermDD - ok
14:23:36.0249 1892 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:23:36.0271 1892 TermService - ok
14:23:36.0297 1892 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:23:36.0301 1892 Themes - ok
14:23:36.0330 1892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:23:36.0332 1892 THREADORDER - ok
14:23:36.0359 1892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:23:36.0366 1892 TrkWks - ok
14:23:36.0415 1892 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:23:36.0419 1892 TrustedInstaller - ok
14:23:36.0456 1892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:23:36.0457 1892 tssecsrv - ok
14:23:36.0509 1892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:23:36.0510 1892 TsUsbFlt - ok
14:23:36.0552 1892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:23:36.0559 1892 tunnel - ok
14:23:36.0590 1892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:23:36.0591 1892 uagp35 - ok
14:23:36.0633 1892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:23:36.0644 1892 udfs - ok
14:23:36.0676 1892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:23:36.0681 1892 UI0Detect - ok
14:23:36.0710 1892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:23:36.0712 1892 uliagpkx - ok
14:23:36.0766 1892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:23:36.0767 1892 umbus - ok
14:23:36.0789 1892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:23:36.0791 1892 UmPass - ok
14:23:36.0826 1892 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:23:36.0840 1892 UmRdpService - ok
14:23:36.0875 1892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:23:36.0903 1892 upnphost - ok
14:23:36.0946 1892 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:23:36.0948 1892 USBAAPL64 - ok
14:23:37.0006 1892 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:23:37.0013 1892 usbaudio - ok
14:23:37.0034 1892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:23:37.0041 1892 usbccgp - ok
14:23:37.0074 1892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:23:37.0082 1892 usbcir - ok
14:23:37.0101 1892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:23:37.0102 1892 usbehci - ok
14:23:37.0137 1892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:23:37.0149 1892 usbhub - ok
14:23:37.0172 1892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:23:37.0173 1892 usbohci - ok
14:23:37.0196 1892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:23:37.0197 1892 usbprint - ok
14:23:37.0245 1892 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:23:37.0245 1892 usbscan - ok
14:23:37.0260 1892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:23:37.0276 1892 USBSTOR - ok
14:23:37.0305 1892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:23:37.0306 1892 usbuhci - ok
14:23:37.0354 1892 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:23:37.0360 1892 usbvideo - ok
14:23:37.0389 1892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:23:37.0393 1892 UxSms - ok
14:23:37.0423 1892 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:23:37.0426 1892 VaultSvc - ok
14:23:37.0468 1892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:23:37.0469 1892 vdrvroot - ok
14:23:37.0533 1892 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:23:37.0557 1892 vds - ok
14:23:37.0588 1892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:23:37.0589 1892 vga - ok
14:23:37.0606 1892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:23:37.0607 1892 VgaSave - ok
14:23:37.0639 1892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:23:37.0644 1892 vhdmp - ok
14:23:37.0670 1892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:23:37.0671 1892 viaide - ok
14:23:37.0714 1892 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:23:37.0719 1892 vmbus - ok
14:23:37.0735 1892 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:23:37.0737 1892 VMBusHID - ok
14:23:37.0754 1892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:23:37.0755 1892 volmgr - ok
14:23:37.0801 1892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:23:37.0811 1892 volmgrx - ok
14:23:37.0847 1892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:23:37.0861 1892 volsnap - ok
14:23:37.0903 1892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:23:37.0909 1892 vsmraid - ok
14:23:37.0990 1892 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:23:38.0042 1892 VSS - ok
14:23:38.0161 1892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:23:38.0162 1892 vwifibus - ok
14:23:38.0195 1892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:23:38.0238 1892 W32Time - ok
14:23:38.0260 1892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:23:38.0261 1892 WacomPen - ok
14:23:38.0314 1892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:23:38.0314 1892 WANARP - ok
14:23:38.0314 1892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:23:38.0330 1892 Wanarpv6 - ok
14:23:38.0408 1892 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:23:38.0439 1892 WatAdminSvc - ok
14:23:38.0517 1892 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:23:38.0548 1892 wbengine - ok
14:23:38.0658 1892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:23:38.0658 1892 WbioSrvc - ok
14:23:38.0705 1892 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:23:38.0720 1892 wcncsvc - ok
14:23:38.0736 1892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:23:38.0736 1892 WcsPlugInService - ok
14:23:38.0794 1892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:23:38.0796 1892 Wd - ok
14:23:38.0832 1892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:23:38.0848 1892 Wdf01000 - ok
14:23:38.0861 1892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:23:38.0868 1892 WdiServiceHost - ok
14:23:38.0871 1892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:23:38.0875 1892 WdiSystemHost - ok
14:23:38.0916 1892 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:23:38.0929 1892 WebClient - ok
14:23:38.0954 1892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:23:38.0967 1892 Wecsvc - ok
14:23:38.0982 1892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:23:38.0989 1892 wercplsupport - ok
14:23:39.0005 1892 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:23:39.0017 1892 WerSvc - ok
14:23:39.0071 1892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:23:39.0072 1892 WfpLwf - ok
14:23:39.0089 1892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:23:39.0091 1892 WIMMount - ok
14:23:39.0131 1892 WinDefend - ok
14:23:39.0138 1892 WinHttpAutoProxySvc - ok
14:23:39.0185 1892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:23:39.0199 1892 Winmgmt - ok
14:23:39.0292 1892 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:23:39.0337 1892 WinRM - ok
14:23:39.0471 1892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:23:39.0473 1892 WinUsb - ok
14:23:39.0523 1892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:23:39.0545 1892 Wlansvc - ok
14:23:39.0726 1892 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:23:39.0764 1892 wlidsvc - ok
14:23:39.0885 1892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:23:39.0886 1892 WmiAcpi - ok
14:23:39.0946 1892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:23:39.0952 1892 wmiApSrv - ok
14:23:40.0010 1892 WMPNetworkSvc - ok
14:23:40.0035 1892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:23:40.0039 1892 WPCSvc - ok
14:23:40.0077 1892 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:23:40.0083 1892 WPDBusEnum - ok
14:23:40.0131 1892 WRfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\WRfiltv.sys
14:23:40.0132 1892 WRfiltv - ok
14:23:40.0156 1892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:23:40.0157 1892 ws2ifsl - ok
14:23:40.0180 1892 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:23:40.0187 1892 wscsvc - ok
14:23:40.0191 1892 WSearch - ok
14:23:40.0290 1892 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:23:40.0341 1892 wuauserv - ok
14:23:40.0465 1892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:23:40.0472 1892 WudfPf - ok
14:23:40.0501 1892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:23:40.0507 1892 WUDFRd - ok
14:23:40.0539 1892 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:23:40.0543 1892 wudfsvc - ok
14:23:40.0581 1892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:23:40.0594 1892 WwanSvc - ok
14:23:40.0670 1892 XMouseButton Launcher (e8de124b8a5c7cf66eab7078a2f6b610) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
14:23:40.0671 1892 XMouseButton Launcher - ok
14:23:40.0713 1892 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:23:40.0726 1892 yukonw7 - ok
14:23:40.0749 1892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:23:40.0810 1892 \Device\Harddisk0\DR0 - ok
14:23:40.0820 1892 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:23:40.0822 1892 \Device\Harddisk1\DR1 - ok
14:23:40.0827 1892 Boot (0x1200) (be676e6955c97f6d7b27a763036ac475) \Device\Harddisk0\DR0\Partition0
14:23:40.0828 1892 \Device\Harddisk0\DR0\Partition0 - ok
14:23:40.0831 1892 Boot (0x1200) (9ff6a1d80011eca61103363b8fada3f4) \Device\Harddisk0\DR0\Partition1
14:23:40.0832 1892 \Device\Harddisk0\DR0\Partition1 - ok
14:23:40.0835 1892 Boot (0x1200) (99be8139ea3efd077570222d035e9301) \Device\Harddisk1\DR1\Partition0
14:23:40.0836 1892 \Device\Harddisk1\DR1\Partition0 - ok
14:23:40.0837 1892 ============================================================
14:23:40.0837 1892 Scan finished
14:23:40.0837 1892 ============================================================
14:23:40.0845 4792 Detected object count: 0
14:23:40.0845 4792 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 14:25:24
-----------------------------
14:25:24.197 OS Version: Windows x64 6.1.7601 Service Pack 1
14:25:24.197 Number of processors: 2 586 0xF0B
14:25:24.198 ComputerName: TOM-PC UserName: Tom
14:25:24.700 Initialize success
14:25:27.762 AVAST engine defs: 12050200
14:25:50.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:25:50.720 Disk 0 Vendor: MAXTOR_STM380815AS 3.AAD Size: 76319MB BusType: 3
14:25:50.723 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
14:25:50.725 Disk 1 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238475MB BusType: 3
14:25:50.738 Disk 0 MBR read successfully
14:25:50.741 Disk 0 MBR scan
14:25:50.743 Disk 0 Windows 7 default MBR code
14:25:50.751 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:25:50.761 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
14:25:50.776 Disk 0 scanning C:\Windows\system32\drivers
14:25:58.034 Service scanning
14:26:13.715 Modules scanning
14:26:13.721 Disk 0 trace - called modules:
14:26:13.735 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:26:13.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061543c0]
14:26:13.745 3 CLASSPNP.SYS[fffff880019ae43f] -> nt!IofCallDriver -> [0xfffffa8005cefd20]
14:26:13.749 5 ACPI.sys[fffff88000f187a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005d14680]
14:26:13.947 AVAST engine scan C:\Windows
14:26:15.874 AVAST engine scan C:\Windows\system32
14:28:16.997 AVAST engine scan C:\Windows\system32\drivers
14:28:27.574 AVAST engine scan C:\Users\Tom
14:40:28.728 AVAST engine scan C:\ProgramData
14:43:31.426 Scan finished successfully
15:02:04.693 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
15:02:04.697 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 02 May 2012 - 08:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 05 May 2012 - 12:32 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 08 May 2012 - 09:50 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 11 May 2012 - 01:22 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 11 May 2012 - 01:22 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users