Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess infection on Win7


  • This topic is locked This topic is locked
8 replies to this topic

#1 Krissie_R

Krissie_R

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 27 May 2012 - 05:33 PM

Following my thread in the 'Am I infected? What do I do?' forum, I have started from step 6 of this guide, as requested. I have run DDS successfully, and did not run GMER as I am using a 64 bit system. The logs follow...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Krissie at 23:17:33 on 2012-05-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3007.954 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\bbc iplayer desktop\bbc iplayer desktop.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krissie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin

\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
StartupFolder: C:\Users\Krissie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC

iPlayer Desktop.exe
StartupFolder: C:\Users\Krissie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program

\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Video on This Page - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: Interfaces\{261B05C0-5369-41AE-A7AD-E85308ED5DEE} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5EA786DE-51FA-4A21-913F-0CCC8443E49D} : NameServer = 8.8.8.8,192.168.0.1
TCP: Interfaces\{5EA786DE-51FA-4A21-913F-0CCC8443E49D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8A3E9957-8F20-42A9-B37A-4C2B569441EC} : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{8A3E9957-8F20-42A9-B37A-4C2B569441EC}\452716E63702D416E6F627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8A3E9957-8F20-42A9-B37A-4C2B569441EC}\6796277696E6D65646961643036303433343 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8A3E9957-8F20-42A9-B37A-4C2B569441EC}\B4279637379656 : DhcpNameServer = 212.139.132.5 212.139.132.6
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin

\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin

\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
IE-X64: {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Krissie\AppData\Roaming\Mozilla\Firefox\Profiles\z6b3g9t8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Users\Krissie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-4-27 108289]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-4-27 185089]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS

\RTL8192cu.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
.
=============== Created Last 30 ================
.
2012-05-12 08:11:08 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 08:11:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 08:11:04 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 08:11:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 08:11:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 08:11:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 08:10:18 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 08:10:06 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 08:10:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 08:10:00 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 08:10:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 08:09:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 08:09:59 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-03-13 22:59:48 850152 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-03-08 03:04:59 89088 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:19:14.18 ===============
Attached File  Attach.zip   2.58KB   1 downloads

Edited by Krissie_R, 27 May 2012 - 05:59 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 27 May 2012 - 10:48 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Krissie_R

Krissie_R
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 28 May 2012 - 12:06 AM

OK. I've run those. I was unable to disable Antivir Desktop, and so I uninstalled it before running combofix. Combofix claimed that it was still running anyway (which is impossible), so I'm assuming it's some cached markers somwhere, and thus proceeded to run it.

The two reports follow...


05:18:03.0998 6064 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
05:18:04.0293 6064 ============================================================
05:18:04.0293 6064 Current date / time: 2012/05/28 05:18:04.0293
05:18:04.0293 6064 SystemInfo:
05:18:04.0293 6064
05:18:04.0293 6064 OS Version: 6.1.7601 ServicePack: 1.0
05:18:04.0293 6064 Product type: Workstation
05:18:04.0294 6064 ComputerName: KRISSIE-DESKTOP
05:18:04.0294 6064 UserName: Krissie
05:18:04.0294 6064 Windows directory: C:\Windows
05:18:04.0294 6064 System windows directory: C:\Windows
05:18:04.0294 6064 Running under WOW64
05:18:04.0294 6064 Processor architecture: Intel x64
05:18:04.0294 6064 Number of processors: 2
05:18:04.0294 6064 Page size: 0x1000
05:18:04.0294 6064 Boot type: Normal boot
05:18:04.0294 6064 ============================================================
05:18:06.0136 6064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:18:06.0189 6064 Drive \Device\Harddisk1\DR1 - Size: 0x1E0FD8000 (7.52 Gb), SectorSize: 0x200, Cylinders: 0x3D5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:18:06.0199 6064 ============================================================
05:18:06.0199 6064 \Device\Harddisk0\DR0:
05:18:06.0243 6064 MBR partitions:
05:18:06.0243 6064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
05:18:06.0243 6064 \Device\Harddisk1\DR1:
05:18:06.0244 6064 MBR partitions:
05:18:06.0244 6064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xF03A95
05:18:06.0244 6064 ============================================================
05:18:06.0486 6064 C: <-> \Device\Harddisk0\DR0\Partition0
05:18:06.0700 6064 ============================================================
05:18:06.0700 6064 Initialize success
05:18:06.0700 6064 ============================================================
05:18:28.0201 7892 ============================================================
05:18:28.0201 7892 Scan started
05:18:28.0201 7892 Mode: Manual; TDLFS;
05:18:28.0201 7892 ============================================================
05:18:32.0280 7892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
05:18:32.0284 7892 1394ohci - ok
05:18:32.0331 7892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
05:18:32.0337 7892 ACPI - ok
05:18:32.0355 7892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
05:18:32.0357 7892 AcpiPmi - ok
05:18:32.0579 7892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
05:18:32.0588 7892 adp94xx - ok
05:18:32.0632 7892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
05:18:32.0637 7892 adpahci - ok
05:18:32.0659 7892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
05:18:32.0662 7892 adpu320 - ok
05:18:32.0687 7892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
05:18:32.0688 7892 AeLookupSvc - ok
05:18:32.0766 7892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
05:18:32.0773 7892 AFD - ok
05:18:32.0802 7892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
05:18:32.0804 7892 agp440 - ok
05:18:32.0826 7892 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
05:18:32.0828 7892 ALG - ok
05:18:32.0856 7892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
05:18:32.0857 7892 aliide - ok
05:18:32.0916 7892 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
05:18:32.0919 7892 AMD External Events Utility - ok
05:18:32.0935 7892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
05:18:32.0937 7892 amdide - ok
05:18:32.0972 7892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
05:18:32.0973 7892 AmdK8 - ok
05:18:33.0385 7892 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
05:18:33.0576 7892 amdkmdag - ok
05:18:33.0768 7892 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
05:18:33.0773 7892 amdkmdap - ok
05:18:33.0797 7892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
05:18:33.0799 7892 AmdPPM - ok
05:18:33.0850 7892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
05:18:33.0853 7892 amdsata - ok
05:18:33.0883 7892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
05:18:33.0886 7892 amdsbs - ok
05:18:33.0906 7892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
05:18:33.0908 7892 amdxata - ok
05:18:33.0992 7892 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
05:18:33.0994 7892 AntiVirSchedulerService - ok
05:18:34.0012 7892 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
05:18:34.0016 7892 AntiVirService - ok
05:18:34.0077 7892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
05:18:34.0079 7892 AppID - ok
05:18:34.0105 7892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
05:18:34.0107 7892 AppIDSvc - ok
05:18:34.0174 7892 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
05:18:34.0175 7892 Appinfo - ok
05:18:34.0214 7892 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
05:18:34.0218 7892 AppMgmt - ok
05:18:34.0234 7892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
05:18:34.0236 7892 arc - ok
05:18:34.0254 7892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
05:18:34.0256 7892 arcsas - ok
05:18:34.0287 7892 aspnet_state - ok
05:18:34.0310 7892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
05:18:34.0311 7892 AsyncMac - ok
05:18:34.0353 7892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
05:18:34.0353 7892 atapi - ok
05:18:34.0494 7892 athur (c24a645aedbdf5fa0a23f7581c6f9c63) C:\Windows\system32\DRIVERS\athurx.sys
05:18:34.0518 7892 athur - ok
05:18:34.0702 7892 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
05:18:34.0705 7892 AtiHDAudioService - ok
05:18:35.0137 7892 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
05:18:35.0204 7892 atikmdag - ok
05:18:35.0350 7892 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
05:18:35.0360 7892 AudioEndpointBuilder - ok
05:18:35.0371 7892 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
05:18:35.0376 7892 AudioSrv - ok
05:18:35.0424 7892 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
05:18:35.0426 7892 avgntflt - ok
05:18:35.0501 7892 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
05:18:35.0504 7892 AxInstSV - ok
05:18:35.0557 7892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
05:18:35.0564 7892 b06bdrv - ok
05:18:35.0604 7892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
05:18:35.0608 7892 b57nd60a - ok
05:18:35.0677 7892 BazisVirtualCDBus (c804993f75ffb480827a2ad40b73200f) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
05:18:35.0680 7892 BazisVirtualCDBus - ok
05:18:35.0713 7892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
05:18:35.0716 7892 BDESVC - ok
05:18:35.0724 7892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
05:18:35.0725 7892 Beep - ok
05:18:35.0807 7892 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
05:18:35.0877 7892 BITS - ok
05:18:35.0913 7892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
05:18:35.0914 7892 blbdrive - ok
05:18:35.0963 7892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
05:18:35.0966 7892 bowser - ok
05:18:35.0982 7892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:18:35.0983 7892 BrFiltLo - ok
05:18:35.0997 7892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:18:35.0999 7892 BrFiltUp - ok
05:18:36.0044 7892 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
05:18:36.0046 7892 Browser - ok
05:18:36.0079 7892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
05:18:36.0085 7892 Brserid - ok
05:18:36.0108 7892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
05:18:36.0109 7892 BrSerWdm - ok
05:18:36.0128 7892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
05:18:36.0130 7892 BrUsbMdm - ok
05:18:36.0135 7892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
05:18:36.0137 7892 BrUsbSer - ok
05:18:36.0159 7892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
05:18:36.0161 7892 BTHMODEM - ok
05:18:36.0189 7892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
05:18:36.0192 7892 bthserv - ok
05:18:36.0206 7892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
05:18:36.0207 7892 cdfs - ok
05:18:36.0272 7892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
05:18:36.0274 7892 cdrom - ok
05:18:36.0336 7892 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
05:18:36.0338 7892 CertPropSvc - ok
05:18:36.0365 7892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
05:18:36.0366 7892 circlass - ok
05:18:36.0398 7892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
05:18:36.0403 7892 CLFS - ok
05:18:36.0463 7892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:18:36.0466 7892 clr_optimization_v2.0.50727_32 - ok
05:18:36.0511 7892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:18:36.0514 7892 clr_optimization_v2.0.50727_64 - ok
05:18:36.0642 7892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:18:36.0676 7892 clr_optimization_v4.0.30319_32 - ok
05:18:36.0716 7892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:18:36.0720 7892 clr_optimization_v4.0.30319_64 - ok
05:18:36.0731 7892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
05:18:36.0733 7892 CmBatt - ok
05:18:36.0775 7892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
05:18:36.0777 7892 cmdide - ok
05:18:36.0838 7892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
05:18:36.0844 7892 CNG - ok
05:18:36.0856 7892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
05:18:36.0858 7892 Compbatt - ok
05:18:36.0904 7892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
05:18:36.0906 7892 CompositeBus - ok
05:18:36.0918 7892 COMSysApp - ok
05:18:36.0973 7892 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
05:18:36.0974 7892 cpuz135 - ok
05:18:36.0994 7892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
05:18:36.0995 7892 crcdisk - ok
05:18:37.0069 7892 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
05:18:37.0072 7892 CryptSvc - ok
05:18:37.0139 7892 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
05:18:37.0147 7892 CSC - ok
05:18:37.0184 7892 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
05:18:37.0193 7892 CscService - ok
05:18:37.0263 7892 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
05:18:37.0271 7892 DcomLaunch - ok
05:18:37.0304 7892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
05:18:37.0309 7892 defragsvc - ok
05:18:37.0421 7892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
05:18:37.0424 7892 DfsC - ok
05:18:37.0507 7892 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
05:18:37.0512 7892 Dhcp - ok
05:18:37.0537 7892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
05:18:37.0538 7892 discache - ok
05:18:37.0586 7892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
05:18:37.0588 7892 Disk - ok
05:18:37.0642 7892 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
05:18:37.0645 7892 Dnscache - ok
05:18:37.0696 7892 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
05:18:37.0701 7892 dot3svc - ok
05:18:37.0772 7892 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
05:18:37.0775 7892 Dot4 - ok
05:18:37.0832 7892 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
05:18:37.0833 7892 Dot4Print - ok
05:18:37.0847 7892 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
05:18:37.0848 7892 dot4usb - ok
05:18:37.0901 7892 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
05:18:37.0904 7892 DPS - ok
05:18:37.0939 7892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
05:18:37.0940 7892 drmkaud - ok
05:18:38.0031 7892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
05:18:38.0043 7892 DXGKrnl - ok
05:18:38.0077 7892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
05:18:38.0079 7892 EapHost - ok
05:18:38.0232 7892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
05:18:38.0273 7892 ebdrv - ok
05:18:38.0399 7892 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
05:18:38.0401 7892 EFS - ok
05:18:38.0456 7892 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
05:18:38.0467 7892 ehRecvr - ok
05:18:38.0493 7892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
05:18:38.0496 7892 ehSched - ok
05:18:38.0604 7892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
05:18:38.0612 7892 elxstor - ok
05:18:38.0657 7892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
05:18:38.0658 7892 ErrDev - ok
05:18:38.0699 7892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
05:18:38.0705 7892 EventSystem - ok
05:18:38.0731 7892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
05:18:38.0735 7892 exfat - ok
05:18:38.0758 7892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
05:18:38.0761 7892 fastfat - ok
05:18:38.0847 7892 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
05:18:38.0859 7892 Fax - ok
05:18:38.0872 7892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
05:18:38.0873 7892 fdc - ok
05:18:38.0893 7892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
05:18:38.0894 7892 fdPHost - ok
05:18:38.0912 7892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
05:18:38.0914 7892 FDResPub - ok
05:18:38.0932 7892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
05:18:38.0934 7892 FileInfo - ok
05:18:38.0955 7892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
05:18:38.0956 7892 Filetrace - ok
05:18:38.0971 7892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
05:18:38.0973 7892 flpydisk - ok
05:18:39.0027 7892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
05:18:39.0032 7892 FltMgr - ok
05:18:39.0126 7892 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
05:18:39.0141 7892 FontCache - ok
05:18:39.0229 7892 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:18:39.0245 7892 FontCache3.0.0.0 - ok
05:18:39.0301 7892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
05:18:39.0303 7892 FsDepends - ok
05:18:39.0353 7892 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
05:18:39.0355 7892 Fs_Rec - ok
05:18:39.0462 7892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
05:18:39.0465 7892 fvevol - ok
05:18:39.0525 7892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
05:18:39.0527 7892 gagp30kx - ok
05:18:39.0604 7892 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
05:18:39.0615 7892 gpsvc - ok
05:18:39.0666 7892 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
05:18:39.0668 7892 hamachi - ok
05:18:39.0872 7892 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
05:18:39.0901 7892 Hamachi2Svc - ok
05:18:40.0107 7892 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
05:18:40.0109 7892 hcmon - ok
05:18:40.0126 7892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
05:18:40.0128 7892 hcw85cir - ok
05:18:40.0198 7892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
05:18:40.0205 7892 HdAudAddService - ok
05:18:40.0224 7892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
05:18:40.0227 7892 HDAudBus - ok
05:18:40.0234 7892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
05:18:40.0236 7892 HidBatt - ok
05:18:40.0304 7892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
05:18:40.0307 7892 HidBth - ok
05:18:40.0327 7892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
05:18:40.0329 7892 HidIr - ok
05:18:40.0350 7892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
05:18:40.0352 7892 hidserv - ok
05:18:40.0384 7892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
05:18:40.0386 7892 HidUsb - ok
05:18:40.0431 7892 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
05:18:40.0433 7892 hkmsvc - ok
05:18:40.0492 7892 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
05:18:40.0496 7892 HomeGroupListener - ok
05:18:40.0552 7892 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
05:18:40.0557 7892 HomeGroupProvider - ok
05:18:40.0771 7892 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
05:18:40.0775 7892 hpqcxs08 - ok
05:18:40.0790 7892 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
05:18:40.0793 7892 hpqddsvc - ok
05:18:40.0819 7892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
05:18:40.0821 7892 HpSAMD - ok
05:18:40.0990 7892 hshld (27cb54c0346efd7b0536b0cb610131ae) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
05:18:40.0996 7892 hshld - ok
05:18:41.0033 7892 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
05:18:41.0048 7892 HssDrv - ok
05:18:41.0092 7892 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
05:18:41.0099 7892 HssSrv - ok
05:18:41.0130 7892 HssTrayService (92b08e09a54485f18959161686e4b65f) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
05:18:41.0132 7892 HssTrayService - ok
05:18:41.0138 7892 HssWd - ok
05:18:41.0211 7892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
05:18:41.0223 7892 HTTP - ok
05:18:41.0269 7892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
05:18:41.0271 7892 hwpolicy - ok
05:18:41.0330 7892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
05:18:41.0333 7892 i8042prt - ok
05:18:41.0408 7892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
05:18:41.0414 7892 iaStorV - ok
05:18:41.0551 7892 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:18:41.0563 7892 idsvc - ok
05:18:41.0596 7892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
05:18:41.0598 7892 iirsp - ok
05:18:41.0684 7892 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
05:18:41.0695 7892 IKEEXT - ok
05:18:41.0712 7892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
05:18:41.0714 7892 intelide - ok
05:18:41.0738 7892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
05:18:41.0740 7892 intelppm - ok
05:18:41.0773 7892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
05:18:41.0775 7892 IPBusEnum - ok
05:18:41.0825 7892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:18:41.0827 7892 IpFilterDriver - ok
05:18:41.0878 7892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
05:18:41.0880 7892 IPMIDRV - ok
05:18:41.0905 7892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
05:18:41.0907 7892 IPNAT - ok
05:18:41.0933 7892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
05:18:41.0934 7892 IRENUM - ok
05:18:41.0976 7892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
05:18:41.0977 7892 isapnp - ok
05:18:42.0007 7892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
05:18:42.0011 7892 iScsiPrt - ok
05:18:42.0181 7892 jswpsapi (81534359f525f7c02b2b56b2653bd779) C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe
05:18:42.0193 7892 jswpsapi - ok
05:18:42.0207 7892 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
05:18:42.0208 7892 JSWPSLWF - ok
05:18:42.0236 7892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
05:18:42.0238 7892 kbdclass - ok
05:18:42.0275 7892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
05:18:42.0277 7892 kbdhid - ok
05:18:42.0322 7892 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:18:42.0323 7892 KeyIso - ok
05:18:42.0375 7892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
05:18:42.0377 7892 KSecDD - ok
05:18:42.0396 7892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
05:18:42.0399 7892 KSecPkg - ok
05:18:42.0412 7892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
05:18:42.0414 7892 ksthunk - ok
05:18:42.0462 7892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
05:18:42.0469 7892 KtmRm - ok
05:18:42.0530 7892 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
05:18:42.0536 7892 LanmanServer - ok
05:18:42.0713 7892 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
05:18:42.0739 7892 LanmanWorkstation - ok
05:18:42.0799 7892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
05:18:42.0801 7892 lltdio - ok
05:18:42.0832 7892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
05:18:42.0838 7892 lltdsvc - ok
05:18:42.0854 7892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
05:18:42.0856 7892 lmhosts - ok
05:18:42.0890 7892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
05:18:42.0893 7892 LSI_FC - ok
05:18:42.0910 7892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
05:18:42.0913 7892 LSI_SAS - ok
05:18:42.0930 7892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:18:42.0932 7892 LSI_SAS2 - ok
05:18:43.0024 7892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:18:43.0026 7892 LSI_SCSI - ok
05:18:43.0075 7892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
05:18:43.0077 7892 luafv - ok
05:18:43.0129 7892 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
05:18:43.0132 7892 Mcx2Svc - ok
05:18:43.0152 7892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
05:18:43.0153 7892 megasas - ok
05:18:43.0176 7892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
05:18:43.0180 7892 MegaSR - ok
05:18:43.0207 7892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
05:18:43.0210 7892 MMCSS - ok
05:18:43.0241 7892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
05:18:43.0242 7892 Modem - ok
05:18:43.0290 7892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
05:18:43.0291 7892 monitor - ok
05:18:43.0352 7892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
05:18:43.0354 7892 mouclass - ok
05:18:43.0388 7892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
05:18:43.0390 7892 mouhid - ok
05:18:43.0439 7892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
05:18:43.0442 7892 mountmgr - ok
05:18:43.0491 7892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
05:18:43.0494 7892 mpio - ok
05:18:43.0523 7892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
05:18:43.0526 7892 mpsdrv - ok
05:18:43.0575 7892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
05:18:43.0578 7892 MRxDAV - ok
05:18:43.0624 7892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:18:43.0627 7892 mrxsmb - ok
05:18:43.0687 7892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:18:43.0692 7892 mrxsmb10 - ok
05:18:43.0707 7892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:18:43.0710 7892 mrxsmb20 - ok
05:18:43.0726 7892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
05:18:43.0728 7892 msahci - ok
05:18:43.0759 7892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
05:18:43.0762 7892 msdsm - ok
05:18:43.0810 7892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
05:18:43.0813 7892 MSDTC - ok
05:18:43.0866 7892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
05:18:43.0868 7892 Msfs - ok
05:18:43.0875 7892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
05:18:43.0876 7892 mshidkmdf - ok
05:18:43.0904 7892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
05:18:43.0906 7892 msisadrv - ok
05:18:43.0947 7892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
05:18:43.0951 7892 MSiSCSI - ok
05:18:43.0957 7892 msiserver - ok
05:18:43.0980 7892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
05:18:43.0981 7892 MSKSSRV - ok
05:18:44.0000 7892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
05:18:44.0001 7892 MSPCLOCK - ok
05:18:44.0009 7892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
05:18:44.0010 7892 MSPQM - ok
05:18:44.0077 7892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
05:18:44.0083 7892 MsRPC - ok
05:18:44.0102 7892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
05:18:44.0104 7892 mssmbios - ok
05:18:44.0110 7892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
05:18:44.0112 7892 MSTEE - ok
05:18:44.0126 7892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
05:18:44.0127 7892 MTConfig - ok
05:18:44.0166 7892 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
05:18:44.0168 7892 MTsensor - ok
05:18:44.0178 7892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
05:18:44.0180 7892 Mup - ok
05:18:44.0250 7892 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
05:18:44.0258 7892 napagent - ok
05:18:44.0297 7892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
05:18:44.0302 7892 NativeWifiP - ok
05:18:44.0370 7892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
05:18:44.0383 7892 NDIS - ok
05:18:44.0404 7892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
05:18:44.0406 7892 NdisCap - ok
05:18:44.0431 7892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
05:18:44.0432 7892 NdisTapi - ok
05:18:44.0480 7892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
05:18:44.0482 7892 Ndisuio - ok
05:18:44.0543 7892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
05:18:44.0546 7892 NdisWan - ok
05:18:44.0593 7892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
05:18:44.0595 7892 NDProxy - ok
05:18:44.0658 7892 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
05:18:44.0661 7892 Net Driver HPZ12 - ok
05:18:44.0673 7892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
05:18:44.0675 7892 NetBIOS - ok
05:18:44.0730 7892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
05:18:44.0735 7892 NetBT - ok
05:18:44.0785 7892 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:18:44.0787 7892 Netlogon - ok
05:18:44.0823 7892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
05:18:44.0830 7892 Netman - ok
05:18:44.0863 7892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
05:18:44.0872 7892 netprofm - ok
05:18:44.0970 7892 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:18:44.0994 7892 NetTcpPortSharing - ok
05:18:45.0047 7892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
05:18:45.0049 7892 nfrd960 - ok
05:18:45.0117 7892 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
05:18:45.0122 7892 NlaSvc - ok
05:18:45.0185 7892 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
05:18:45.0187 7892 NPF - ok
05:18:45.0202 7892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
05:18:45.0204 7892 Npfs - ok
05:18:45.0231 7892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
05:18:45.0233 7892 nsi - ok
05:18:45.0243 7892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
05:18:45.0244 7892 nsiproxy - ok
05:18:45.0367 7892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
05:18:45.0389 7892 Ntfs - ok
05:18:45.0523 7892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
05:18:45.0524 7892 Null - ok
05:18:45.0569 7892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
05:18:45.0572 7892 nvraid - ok
05:18:45.0598 7892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
05:18:45.0602 7892 nvstor - ok
05:18:45.0628 7892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
05:18:45.0631 7892 nv_agp - ok
05:18:45.0676 7892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
05:18:45.0678 7892 ohci1394 - ok
05:18:45.0738 7892 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:18:45.0740 7892 ose - ok
05:18:45.0775 7892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
05:18:45.0780 7892 p2pimsvc - ok
05:18:45.0814 7892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
05:18:45.0823 7892 p2psvc - ok
05:18:45.0859 7892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
05:18:45.0861 7892 Parport - ok
05:18:45.0890 7892 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
05:18:45.0892 7892 partmgr - ok
05:18:45.0931 7892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
05:18:45.0936 7892 PcaSvc - ok
05:18:45.0956 7892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
05:18:45.0960 7892 pci - ok
05:18:45.0976 7892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
05:18:45.0977 7892 pciide - ok
05:18:46.0010 7892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
05:18:46.0014 7892 pcmcia - ok
05:18:46.0044 7892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
05:18:46.0046 7892 pcw - ok
05:18:46.0084 7892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
05:18:46.0094 7892 PEAUTH - ok
05:18:46.0174 7892 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
05:18:46.0193 7892 PeerDistSvc - ok
05:18:46.0257 7892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
05:18:46.0271 7892 PerfHost - ok
05:18:46.0434 7892 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
05:18:46.0455 7892 pla - ok
05:18:46.0539 7892 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
05:18:46.0546 7892 PlugPlay - ok
05:18:46.0615 7892 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
05:18:46.0617 7892 Pml Driver HPZ12 - ok
05:18:46.0631 7892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
05:18:46.0634 7892 PNRPAutoReg - ok
05:18:46.0660 7892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
05:18:46.0663 7892 PNRPsvc - ok
05:18:46.0731 7892 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
05:18:46.0739 7892 PolicyAgent - ok
05:18:46.0776 7892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
05:18:46.0780 7892 Power - ok
05:18:46.0869 7892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
05:18:46.0871 7892 PptpMiniport - ok
05:18:46.0896 7892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
05:18:46.0898 7892 Processor - ok
05:18:46.0948 7892 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
05:18:46.0952 7892 ProfSvc - ok
05:18:46.0999 7892 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:18:47.0001 7892 ProtectedStorage - ok
05:18:47.0068 7892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
05:18:47.0071 7892 Psched - ok
05:18:47.0124 7892 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
05:18:47.0126 7892 PxHlpa64 - ok
05:18:47.0207 7892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
05:18:47.0227 7892 ql2300 - ok
05:18:47.0355 7892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
05:18:47.0357 7892 ql40xx - ok
05:18:47.0388 7892 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
05:18:47.0392 7892 QWAVE - ok
05:18:47.0414 7892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
05:18:47.0416 7892 QWAVEdrv - ok
05:18:47.0433 7892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
05:18:47.0434 7892 RasAcd - ok
05:18:47.0470 7892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
05:18:47.0472 7892 RasAgileVpn - ok
05:18:47.0496 7892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
05:18:47.0500 7892 RasAuto - ok
05:18:47.0554 7892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:18:47.0557 7892 Rasl2tp - ok
05:18:47.0594 7892 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
05:18:47.0600 7892 RasMan - ok
05:18:47.0620 7892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
05:18:47.0623 7892 RasPppoe - ok
05:18:47.0639 7892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
05:18:47.0642 7892 RasSstp - ok
05:18:47.0694 7892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
05:18:47.0698 7892 rdbss - ok
05:18:47.0712 7892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
05:18:47.0721 7892 rdpbus - ok
05:18:47.0725 7892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:18:47.0727 7892 RDPCDD - ok
05:18:47.0790 7892 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
05:18:47.0793 7892 RDPDR - ok
05:18:47.0816 7892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
05:18:47.0818 7892 RDPENCDD - ok
05:18:47.0838 7892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
05:18:47.0839 7892 RDPREFMP - ok
05:18:47.0892 7892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
05:18:47.0895 7892 RDPWD - ok
05:18:47.0947 7892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
05:18:47.0952 7892 rdyboost - ok
05:18:48.0041 7892 Realtek11nCU (ea569d48b2e755af6d96f03f3335d98a) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
05:18:48.0042 7892 Realtek11nCU - ok
05:18:48.0094 7892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
05:18:48.0097 7892 RemoteAccess - ok
05:18:48.0143 7892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
05:18:48.0147 7892 RemoteRegistry - ok
05:18:48.0158 7892 RimUsb - ok
05:18:48.0203 7892 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
05:18:48.0205 7892 RimVSerPort - ok
05:18:48.0227 7892 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
05:18:48.0228 7892 ROOTMODEM - ok
05:18:48.0278 7892 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
05:18:48.0281 7892 rpcapd - ok
05:18:48.0297 7892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
05:18:48.0300 7892 RpcEptMapper - ok
05:18:48.0322 7892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
05:18:48.0324 7892 RpcLocator - ok
05:18:48.0393 7892 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
05:18:48.0398 7892 RpcSs - ok
05:18:48.0423 7892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
05:18:48.0424 7892 rspndr - ok
05:18:48.0473 7892 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
05:18:48.0476 7892 RTL8167 - ok
05:18:48.0560 7892 RTL8192cu (2be8e7d6df63183100f15b27b82ee2ed) C:\Windows\system32\DRIVERS\RTL8192cu.sys
05:18:48.0571 7892 RTL8192cu - ok
05:18:48.0613 7892 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
05:18:48.0614 7892 s3cap - ok
05:18:48.0666 7892 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:18:48.0668 7892 SamSs - ok
05:18:48.0689 7892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
05:18:48.0691 7892 sbp2port - ok
05:18:48.0725 7892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
05:18:48.0729 7892 SCardSvr - ok
05:18:48.0772 7892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
05:18:48.0774 7892 scfilter - ok
05:18:48.0867 7892 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
05:18:48.0882 7892 Schedule - ok
05:18:48.0933 7892 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
05:18:48.0934 7892 SCPolicySvc - ok
05:18:48.0991 7892 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
05:18:48.0995 7892 SDRSVC - ok
05:18:49.0075 7892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
05:18:49.0077 7892 secdrv - ok
05:18:49.0123 7892 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
05:18:49.0126 7892 seclogon - ok
05:18:49.0135 7892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
05:18:49.0139 7892 SENS - ok
05:18:49.0150 7892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
05:18:49.0153 7892 SensrSvc - ok
05:18:49.0179 7892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
05:18:49.0181 7892 Serenum - ok
05:18:49.0214 7892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
05:18:49.0216 7892 Serial - ok
05:18:49.0255 7892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
05:18:49.0257 7892 sermouse - ok
05:18:49.0318 7892 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
05:18:49.0322 7892 SessionEnv - ok
05:18:49.0369 7892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
05:18:49.0371 7892 sffdisk - ok
05:18:49.0381 7892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
05:18:49.0382 7892 sffp_mmc - ok
05:18:49.0398 7892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
05:18:49.0399 7892 sffp_sd - ok
05:18:49.0412 7892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
05:18:49.0414 7892 sfloppy - ok
05:18:49.0467 7892 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
05:18:49.0473 7892 SharedAccess - ok
05:18:49.0531 7892 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
05:18:49.0539 7892 ShellHWDetection - ok
05:18:49.0567 7892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:18:49.0569 7892 SiSRaid2 - ok
05:18:49.0582 7892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
05:18:49.0584 7892 SiSRaid4 - ok
05:18:49.0690 7892 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
05:18:49.0693 7892 SkypeUpdate - ok
05:18:49.0715 7892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
05:18:49.0718 7892 Smb - ok
05:18:49.0754 7892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
05:18:49.0756 7892 SNMPTRAP - ok
05:18:49.0767 7892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
05:18:49.0768 7892 spldr - ok
05:18:49.0814 7892 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
05:18:49.0824 7892 Spooler - ok
05:18:50.0121 7892 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
05:18:50.0166 7892 sppsvc - ok
05:18:50.0259 7892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
05:18:50.0263 7892 sppuinotify - ok
05:18:50.0376 7892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
05:18:50.0383 7892 srv - ok
05:18:50.0803 7892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
05:18:50.0809 7892 srv2 - ok
05:18:50.0830 7892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
05:18:50.0833 7892 srvnet - ok
05:18:50.0851 7892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
05:18:50.0856 7892 SSDPSRV - ok
05:18:50.0871 7892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
05:18:50.0874 7892 SstpSvc - ok
05:18:50.0944 7892 Steam Client Service - ok
05:18:50.0986 7892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
05:18:50.0988 7892 stexstor - ok
05:18:51.0075 7892 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
05:18:51.0085 7892 stisvc - ok
05:18:51.0143 7892 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
05:18:51.0144 7892 storflt - ok
05:18:51.0167 7892 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
05:18:51.0171 7892 StorSvc - ok
05:18:51.0187 7892 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
05:18:51.0188 7892 storvsc - ok
05:18:51.0227 7892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
05:18:51.0229 7892 swenum - ok
05:18:51.0414 7892 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
05:18:51.0423 7892 SwitchBoard - ok
05:18:51.0471 7892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
05:18:51.0480 7892 swprv - ok
05:18:51.0590 7892 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
05:18:51.0613 7892 SysMain - ok
05:18:51.0740 7892 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
05:18:51.0744 7892 TabletInputService - ok
05:18:51.0815 7892 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
05:18:51.0817 7892 taphss - ok
05:18:51.0867 7892 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
05:18:51.0874 7892 TapiSrv - ok
05:18:51.0892 7892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
05:18:51.0895 7892 TBS - ok
05:18:52.0018 7892 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
05:18:52.0043 7892 Tcpip - ok
05:18:52.0163 7892 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
05:18:52.0176 7892 TCPIP6 - ok
05:18:52.0242 7892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
05:18:52.0243 7892 tcpipreg - ok
05:18:52.0275 7892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
05:18:52.0277 7892 TDPIPE - ok
05:18:52.0326 7892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
05:18:52.0328 7892 TDTCP - ok
05:18:52.0384 7892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
05:18:52.0388 7892 tdx - ok
05:18:52.0431 7892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
05:18:52.0433 7892 TermDD - ok
05:18:52.0504 7892 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
05:18:52.0516 7892 TermService - ok
05:18:52.0527 7892 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
05:18:52.0530 7892 Themes - ok
05:18:52.0554 7892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
05:18:52.0556 7892 THREADORDER - ok
05:18:52.0597 7892 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
05:18:52.0600 7892 TlntSvr - ok
05:18:52.0620 7892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
05:18:52.0624 7892 TrkWks - ok
05:18:52.0711 7892 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
05:18:52.0715 7892 TrustedInstaller - ok
05:18:52.0846 7892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:18:52.0879 7892 tssecsrv - ok
05:18:52.0965 7892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
05:18:52.0966 7892 TsUsbFlt - ok
05:18:53.0027 7892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
05:18:53.0029 7892 tunnel - ok
05:18:53.0057 7892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
05:18:53.0059 7892 uagp35 - ok
05:18:53.0116 7892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
05:18:53.0121 7892 udfs - ok
05:18:53.0233 7892 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
05:18:53.0237 7892 ufad-ws60 - ok
05:18:53.0267 7892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
05:18:53.0270 7892 UI0Detect - ok
05:18:53.0311 7892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
05:18:53.0313 7892 uliagpkx - ok
05:18:53.0371 7892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
05:18:53.0372 7892 umbus - ok
05:18:53.0390 7892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
05:18:53.0391 7892 UmPass - ok
05:18:53.0447 7892 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
05:18:53.0452 7892 UmRdpService - ok
05:18:53.0489 7892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
05:18:53.0496 7892 upnphost - ok
05:18:53.0551 7892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
05:18:53.0553 7892 usbccgp - ok
05:18:53.0580 7892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
05:18:53.0583 7892 usbcir - ok
05:18:53.0597 7892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
05:18:53.0599 7892 usbehci - ok
05:18:53.0625 7892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
05:18:53.0630 7892 usbhub - ok
05:18:53.0651 7892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
05:18:53.0653 7892 usbohci - ok
05:18:53.0683 7892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
05:18:53.0684 7892 usbprint - ok
05:18:53.0726 7892 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
05:18:53.0728 7892 usbscan - ok
05:18:53.0748 7892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:18:53.0750 7892 USBSTOR - ok
05:18:53.0766 7892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
05:18:53.0768 7892 usbuhci - ok
05:18:53.0788 7892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
05:18:53.0790 7892 UxSms - ok
05:18:53.0842 7892 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:18:53.0843 7892 VaultSvc - ok
05:18:53.0874 7892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
05:18:53.0875 7892 vdrvroot - ok
05:18:53.0949 7892 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
05:18:53.0997 7892 vds - ok
05:18:54.0063 7892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
05:18:54.0065 7892 vga - ok
05:18:54.0093 7892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
05:18:54.0094 7892 VgaSave - ok
05:18:54.0150 7892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
05:18:54.0154 7892 vhdmp - ok
05:18:54.0167 7892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
05:18:54.0168 7892 viaide - ok
05:18:54.0289 7892 VMAuthdService (11dcd7a2a0b1f8532b80f5aa98f9903e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
05:18:54.0292 7892 VMAuthdService - ok
05:18:54.0322 7892 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
05:18:54.0326 7892 vmbus - ok
05:18:54.0344 7892 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
05:18:54.0346 7892 VMBusHID - ok
05:18:54.0390 7892 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
05:18:54.0392 7892 vmci - ok
05:18:54.0438 7892 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
05:18:54.0439 7892 vmkbd - ok
05:18:54.0454 7892 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
05:18:54.0456 7892 VMnetAdapter - ok
05:18:54.0473 7892 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
05:18:54.0475 7892 VMnetBridge - ok
05:18:54.0480 7892 VMnetDHCP - ok
05:18:54.0495 7892 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
05:18:54.0496 7892 VMnetuserif - ok
05:18:54.0504 7892 VMparport (55e1dc39d985f2b33ebc23cd7fba582e) C:\Windows\system32\drivers\VMparport.sys
05:18:54.0506 7892 VMparport - ok
05:18:54.0553 7892 VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
05:18:54.0562 7892 VMUSBArbService - ok
05:18:54.0570 7892 VMware NAT Service - ok
05:18:54.0625 7892 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
05:18:54.0628 7892 vmx86 - ok
05:18:54.0644 7892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
05:18:54.0646 7892 volmgr - ok
05:18:54.0711 7892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
05:18:54.0717 7892 volmgrx - ok
05:18:54.0773 7892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
05:18:54.0778 7892 volsnap - ok
05:18:54.0822 7892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
05:18:54.0826 7892 vsmraid - ok
05:18:54.0937 7892 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
05:18:54.0960 7892 VSS - ok
05:18:55.0076 7892 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
05:18:55.0078 7892 vstor2-ws60 - ok
05:18:55.0210 7892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
05:18:55.0211 7892 vwifibus - ok
05:18:55.0248 7892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
05:18:55.0250 7892 vwififlt - ok
05:18:55.0283 7892 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
05:18:55.0285 7892 vwifimp - ok
05:18:55.0327 7892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
05:18:55.0334 7892 W32Time - ok
05:18:55.0357 7892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
05:18:55.0358 7892 WacomPen - ok
05:18:55.0413 7892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
05:18:55.0416 7892 WANARP - ok
05:18:55.0428 7892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
05:18:55.0430 7892 Wanarpv6 - ok
05:18:55.0713 7892 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
05:18:55.0731 7892 WatAdminSvc - ok
05:18:55.0854 7892 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
05:18:55.0875 7892 wbengine - ok
05:18:55.0997 7892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
05:18:56.0002 7892 WbioSrvc - ok
05:18:56.0060 7892 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
05:18:56.0067 7892 wcncsvc - ok
05:18:56.0088 7892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
05:18:56.0091 7892 WcsPlugInService - ok
05:18:56.0154 7892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
05:18:56.0156 7892 Wd - ok
05:18:56.0313 7892 WDCS_WNDA3200 (49b50be4c6e61dc378057a09130e0629) C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
05:18:56.0316 7892 WDCS_WNDA3200 - ok
05:18:56.0359 7892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
05:18:56.0370 7892 Wdf01000 - ok
05:18:56.0400 7892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
05:18:56.0404 7892 WdiServiceHost - ok
05:18:56.0409 7892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
05:18:56.0411 7892 WdiSystemHost - ok
05:18:56.0471 7892 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
05:18:56.0477 7892 WebClient - ok
05:18:56.0505 7892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
05:18:56.0511 7892 Wecsvc - ok
05:18:56.0537 7892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
05:18:56.0541 7892 wercplsupport - ok
05:18:56.0595 7892 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
05:18:56.0599 7892 WerSvc - ok
05:18:56.0675 7892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
05:18:56.0676 7892 WfpLwf - ok
05:18:56.0688 7892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
05:18:56.0690 7892 WIMMount - ok
05:18:56.0697 7892 WinHttpAutoProxySvc - ok
05:18:56.0805 7892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
05:18:56.0811 7892 Winmgmt - ok
05:18:56.0950 7892 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
05:18:56.0976 7892 WinRM - ok
05:18:57.0134 7892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
05:18:57.0135 7892 WinUsb - ok
05:18:57.0193 7892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
05:18:57.0206 7892 Wlansvc - ok
05:18:57.0254 7892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
05:18:57.0256 7892 WmiAcpi - ok
05:18:57.0318 7892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
05:18:57.0322 7892 wmiApSrv - ok
05:18:57.0345 7892 WMPNetworkSvc - ok
05:18:57.0363 7892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
05:18:57.0367 7892 WPCSvc - ok
05:18:57.0422 7892 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
05:18:57.0425 7892 WPDBusEnum - ok
05:18:57.0456 7892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
05:18:57.0458 7892 ws2ifsl - ok
05:18:57.0464 7892 WSearch - ok
05:18:57.0613 7892 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
05:18:57.0645 7892 wuauserv - ok
05:18:57.0816 7892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
05:18:57.0819 7892 WudfPf - ok
05:18:57.0857 7892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:18:57.0861 7892 WUDFRd - ok
05:18:57.0982 7892 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
05:18:58.0065 7892 wudfsvc - ok
05:18:58.0135 7892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
05:18:58.0140 7892 WwanSvc - ok
05:18:58.0244 7892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
05:18:58.0531 7892 \Device\Harddisk0\DR0 - ok
05:18:58.0540 7892 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
05:18:58.0698 7892 \Device\Harddisk1\DR1 - ok
05:18:58.0753 7892 Boot (0x1200) (a058b23c8f4b4809b1a6830953be26d5) \Device\Harddisk0\DR0\Partition0
05:18:58.0755 7892 \Device\Harddisk0\DR0\Partition0 - ok
05:18:58.0760 7892 Boot (0x1200) (63f6a9d4945052339c4ad7fba6e81e8f) \Device\Harddisk1\DR1\Partition0
05:18:58.0762 7892 \Device\Harddisk1\DR1\Partition0 - ok
05:18:58.0765 7892 ============================================================
05:18:58.0765 7892 Scan finished
05:18:58.0765 7892 ============================================================
05:18:58.0786 7240 Detected object count: 0
05:18:58.0786 7240 Actual detected object count: 0

ComboFix 12-05-27.03 - Krissie 28/05/2012 5:37.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3007.2069 [GMT 1:00]
Running from: c:\users\Krissie\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\tmp\U
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 04:51 . 2012-05-28 04:51 -------- d-----w- c:\users\Zoë\AppData\Local\temp
2012-05-28 04:51 . 2012-05-28 04:51 -------- d-----w- c:\users\Helen\AppData\Local\temp
2012-05-28 04:51 . 2012-05-28 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 08:11 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 08:11 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 08:11 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 08:11 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 08:11 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 08:11 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 08:10 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 08:10 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 08:10 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 08:10 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 08:10 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 08:09 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 08:09 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 08:46 . 2012-04-25 01:23 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FB611F0-500A-46A8-A968-F335E78DF26A}\mpengine.dll
2012-03-13 22:59 . 2012-03-13 22:58 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-03-08 03:05 . 2012-03-08 03:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 03:05 . 2012-03-08 03:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 03:05 . 2012-03-08 03:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 03:05 . 2012-03-08 03:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 03:05 . 2012-03-08 03:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 03:05 . 2012-03-08 03:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 03:05 . 2012-03-08 03:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 03:05 . 2012-03-08 03:05 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-08 03:05 . 2012-03-08 03:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 03:05 . 2012-03-08 03:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 03:05 . 2012-03-08 03:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 03:05 . 2012-03-08 03:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 03:05 . 2012-03-08 03:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 03:05 . 2012-03-08 03:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 03:05 . 2012-03-08 03:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 03:05 . 2012-03-08 03:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 03:05 . 2012-03-08 03:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-08 03:04 . 2012-03-08 03:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 03:04 . 2012-03-08 03:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 03:04 . 2012-03-08 03:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 03:04 . 2012-03-08 03:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 03:04 . 2012-03-08 03:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 03:04 . 2012-03-08 03:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 03:04 . 2012-03-08 03:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 03:04 . 2012-03-08 03:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 03:04 . 2012-03-08 03:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 03:04 . 2012-03-08 03:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 03:04 . 2012-03-08 03:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 03:04 . 2012-03-08 03:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 03:04 . 2012-03-08 03:04 448512 ----a-w- c:\windows\system32\html.iec
2012-03-08 03:04 . 2012-03-08 03:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 03:04 . 2012-03-08 03:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 03:04 . 2012-03-08 03:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 03:04 . 2012-03-08 03:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 06:46 . 2012-04-13 02:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 02:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 02:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 02:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 02:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 02:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 02:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 02:04 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 02:04 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 02:04 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 02:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
c:\users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Zoë\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2012-2-4 142848]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Krissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2012-2-4 142848]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2009-11-05 954368]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2010-06-23 167936]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3863835069-3995974275-3490115897-1001Core.job
- c:\users\Krissie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 13:07]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3863835069-3995974275-3490115897-1001UA.job
- c:\users\Krissie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 13:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Video on This Page - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
TCP: Interfaces\{5EA786DE-51FA-4A21-913F-0CCC8443E49D}: NameServer = 8.8.8.8,192.168.0.1
TCP: Interfaces\{8A3E9957-8F20-42A9-B37A-4C2B569441EC}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\users\Krissie\AppData\Roaming\Mozilla\Firefox\Profiles\z6b3g9t8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Completion time: 2012-05-28 06:00:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 05:00
.
Pre-Run: 69,016,588,288 bytes free
Post-Run: 78,333,829,120 bytes free
.
- - End Of File - - 3C9F9DE22AA1849B516503C22BD1D7B2

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 28 May 2012 - 08:31 AM

Hi,

Please do this next:

Posted Image Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Please include the following in your next post:
  • FSS log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Krissie_R

Krissie_R
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 28 May 2012 - 09:41 AM

Thank you. I have downloaded and ran this tool with all options checked. The only abnormality of my system setup, by design, is that I changed windows update so that it did not force a reboot after an auto-update, though I don't know if this would affect the scan. The following is the resulting log...

Farbar Service Scanner Version: 27-05-2012
Ran by Krissie (administrator) on 28-05-2012 at 15:39:40
Running from "C:\Users\Krissie\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Krissie_R, 28 May 2012 - 10:10 AM.


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 28 May 2012 - 08:01 PM

What problems or symptoms are you still having with the computer?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Krissie_R

Krissie_R
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 29 May 2012 - 09:22 AM

I have my BFE, Shadow volume, and windows firewall services back. I had no other noticeable symptoms prior to discovering the infection. I ran netstat -ao, and I appear to have some ports listed in high ranges, though checking the PID's in task manager, they seem to be related to chrome.exe, wininit, svchost, lsass, spoolsv, and services.exe in a listening state. I'm presuming these are legit.

Everything seems reasonably fine, and I have taken the actions listed below (with logs enclosed by asterixes) since your message. If all is now clear, I will proceed to uninstall MBAM and re-install AV protection - do you have any recommendations from the current crop of free AV's?

Logs follow...


Ran trend micro housecall - quick scan:

*****************************************************

'fixed' c:\windows\system32\consrv.dll
'ignored' c:\program files (x86)\cain\cain.exe

*****************************************************

rebooted.

closed all startup applications except Catalyst Control Center tray.

Uninstalled LogMeIn Hamachi.

Installed malwarebytes (MBAM) free version. Updated program.
Ran quickscan...

*******************************************************************************

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Krissie :: KRISSIE-DESKTOP [administrator]

Protection: Enabled

29/05/2012 14:35:31
mbam-log-2012-05-29 (14-35-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245257
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

*****************************************************************

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 30 May 2012 - 08:17 AM

Hi,

It looks like you are all set. You should update your Java to the latest version, then take care of the following cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • TDSSKiller
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 05 June 2012 - 05:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users