Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? trojan?


  • This topic is locked This topic is locked
19 replies to this topic

#1 tapdatast

tapdatast

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 31 May 2012 - 11:53 AM

hello. I have looked into my computer (windows 7) and found that my antivirus program and my firewall were both inactive. I deleted and reinstalled the microsoft security essentials and that worked but the firewall will not turn on. I get the ty[ical error: 0x80070424.
I looked it up and it suggests that I have a virus or a trojan. I ran MSE and it keeps picking up a Trojan but does not seem to get rid of it. it is: Trojan:Win64/Sirefef.W

Now I'm not sure if this is a real trojan or not but it does say it's an activator. So, anytime your ready. I'm good to go. Iknow this is a long process but lets do i guess.

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 AM

Posted 31 May 2012 - 04:39 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 01 June 2012 - 05:13 PM

Sorry about that. I had to work a dbl shift and then i got a cold so..much later, here I am. Don't worry about taking time when you answered, it was actually quite prompt.

No sir. No original operating cd available.....it's....an....image. So...you might find..something.

It's windows 7 premium 64, service pack 1

I noticed my firewall wall was off and when I went to turn it on I received error code: 0x80070424.
I looked it up and it would appear that many feel I have a virus or trojan. I also noticed my Superantispayware keeps turning off after a rest and my Microsoft Security Essentials anti-virus protector was not on either. I attempted to turn on the MSE but it said that it did not exist on my computer. It too gave me the error code 0x80070424.
I uninstalled it and reinstalled MSE and it ran fine but it continued to pick up a trojan called Trojan:Win64/Sirefef.W
It could not delete it. I was able to tell the Anti virus program to dump it but it just kept coming back. Ran SuperAntiSpyware and all it did was dump a whole lot of cookies (I must be getting lazy).
Again, after today the firewall does not respond and the MSE is there but not working and refuses to work, almost like something is turning it off.
I have noticed a few popups where there shouldn't have been any but no redirect. I just assumed that I forgot to dump the pop up pages before I logged off. Should have went with my gut.
PS: When this is over I need a line on a really, really good AV program as I will buy the full version this time. If you could.

Here you go:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Administrator at 16:04:15 on 2012-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4095.2493 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxbxcoms.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
\\.\globalroot\systemroot\Installer\{fe4b3577-8948-536c-bd6a-8a3dba030946}\U
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
mWinlogon: Userinit=userinit.exe
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\873cd6cd-c67a-4fae-b861-73f28b11df6d.com
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMS-SH~1.LNK - C:\Program Files (x86)\PS3 Media Server\PMS.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 172.16.1.254
TCP: Interfaces\{E24AF727-6A6B-49B0-97B8-1E3F5348796C} : DhcpNameServer = 172.16.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
mRun-x64: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s8ei5xor.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/30 09:59:24];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-2-16 146928]
R2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-9-21 159232]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-3-30 87336]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-3-30 75048]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-3-30 296232]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-3-30 82928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-14 2348352]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-3-16 476728]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-5-4 996256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\system32\DRIVERS\lvsels64.sys --> C:\Windows\system32\DRIVERS\lvsels64.sys [?]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-10 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-31 17:17:28 110080 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\IconF7A21AF7.exe
2012-05-31 17:17:28 110080 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\IconD7F16134.exe
2012-05-31 17:17:28 110080 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\Icon1226A4C5.exe
2012-05-31 17:17:27 -------- d-----w- C:\sh4ldr
2012-05-31 17:17:27 -------- d-----w- C:\Program Files\Enigma Software Group
2012-05-31 17:17:16 -------- d-----w- C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-31 15:26:11 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC1528A5-7FB2-46CF-AE44-8F512B0E5020}\gapaengine.dll
2012-05-31 15:26:08 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADB782E3-8C07-48F0-BF36-EE6EAAE02809}\mpengine.dll
2012-05-31 15:23:16 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-31 15:23:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-28 22:20:43 -------- d-----w- C:\Users\Administrator\AppData\Roaming\JawboneUpdater
2012-05-28 16:54:55 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-22 16:47:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Thunder
2012-05-22 16:47:06 -------- d-----w- C:\Program Files (x86)\Dream Cheeky
2012-05-20 22:20:02 -------- d-----w- C:\Users\Administrator\AppData\Local\LogiShrd
2012-05-19 15:47:37 -------- d-----w- C:\Program Files\iPod
2012-05-19 15:47:36 -------- d-----w- C:\Program Files\iTunes
2012-05-19 15:47:36 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-19 15:29:11 -------- d-----w- C:\Users\Administrator\AppData\Local\Ares
2012-05-09 15:03:27 -------- d-----w- C:\Users\Administrator\AppData\Local\Research In Motion
2012-05-09 15:03:25 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Research In Motion
2012-05-09 15:00:16 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-05-09 07:40:08 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 07:40:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 07:40:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 07:40:06 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 07:40:06 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 07:40:06 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 07:39:45 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 07:39:36 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 07:39:34 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 07:39:34 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 07:39:34 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 07:39:34 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 07:39:34 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 20:11:30 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-06 20:11:28 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 20:11:28 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-07 06:30:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 06:30:23 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-16 12:56:18 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-16 12:53:18 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-04-15 19:05:32 1797632 ----a-w- C:\Windows\SysWow64\mprdin.dll
2012-04-15 14:03:46 1551872 ----a-w- C:\Windows\SysWow64\Mcx2Svc.dll
2012-03-21 02:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 02:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 16:04:29.38 ===============

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 AM

Posted 01 June 2012 - 06:12 PM

Hello,

Please do the following.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDssKIller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 01 June 2012 - 10:14 PM

I don't believe the tds found anything but heres the log anyways.

The combo fix didn't work. At first it would only hang but after i deleted daemon tools it finally extracted but....after that, nothing. My computer would bug out and restart due to a failure. no report either.

installed MSE. Dedected the trojan but cant get rid of it. computer just restarts all the time.



18:00:45.0613 3956 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:00:46.0159 3956 ============================================================
18:00:46.0159 3956 Current date / time: 2012/06/01 18:00:46.0159
18:00:46.0159 3956 SystemInfo:
18:00:46.0159 3956
18:00:46.0159 3956 OS Version: 6.1.7601 ServicePack: 1.0
18:00:46.0159 3956 Product type: Workstation
18:00:46.0159 3956 ComputerName: MY_MACHINE
18:00:46.0159 3956 UserName: Administrator
18:00:46.0159 3956 Windows directory: C:\Windows
18:00:46.0159 3956 System windows directory: C:\Windows
18:00:46.0159 3956 Running under WOW64
18:00:46.0159 3956 Processor architecture: Intel x64
18:00:46.0159 3956 Number of processors: 2
18:00:46.0159 3956 Page size: 0x1000
18:00:46.0159 3956 Boot type: Normal boot
18:00:46.0159 3956 ============================================================
18:00:47.0361 3956 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:00:47.0361 3956 ============================================================
18:00:47.0361 3956 \Device\Harddisk0\DR0:
18:00:47.0361 3956 MBR partitions:
18:00:47.0361 3956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:00:47.0361 3956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x24BB2000
18:00:47.0361 3956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24BE4800, BlocksNum 0x4FB21000
18:00:47.0361 3956 ============================================================
18:00:47.0376 3956 C: <-> \Device\Harddisk0\DR0\Partition1
18:00:47.0392 3956 E: <-> \Device\Harddisk0\DR0\Partition2
18:00:47.0392 3956 ============================================================
18:00:47.0392 3956 Initialize success
18:00:47.0392 3956 ============================================================
18:01:17.0094 4700 ============================================================
18:01:17.0094 4700 Scan started
18:01:17.0094 4700 Mode: Manual;
18:01:17.0094 4700 ============================================================
18:01:18.0061 4700 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:01:18.0061 4700 !SASCORE - ok
18:01:18.0155 4700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
18:01:18.0155 4700 1394ohci - ok
18:01:18.0186 4700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:01:18.0202 4700 ACPI - ok
18:01:18.0217 4700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:01:18.0217 4700 AcpiPmi - ok
18:01:18.0249 4700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:01:18.0264 4700 adp94xx - ok
18:01:18.0295 4700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:01:18.0295 4700 adpahci - ok
18:01:18.0311 4700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:01:18.0311 4700 adpu320 - ok
18:01:18.0342 4700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:01:18.0342 4700 AeLookupSvc - ok
18:01:18.0373 4700 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:01:18.0389 4700 AFD - ok
18:01:18.0405 4700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:01:18.0405 4700 agp440 - ok
18:01:18.0405 4700 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:01:18.0405 4700 ALG - ok
18:01:18.0420 4700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:01:18.0420 4700 aliide - ok
18:01:18.0451 4700 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
18:01:18.0451 4700 Alpham1 - ok
18:01:18.0467 4700 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
18:01:18.0467 4700 Alpham2 - ok
18:01:18.0467 4700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:01:18.0467 4700 amdide - ok
18:01:18.0483 4700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:01:18.0483 4700 AmdK8 - ok
18:01:18.0483 4700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:01:18.0483 4700 AmdPPM - ok
18:01:18.0514 4700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:01:18.0514 4700 amdsata - ok
18:01:18.0529 4700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:01:18.0529 4700 amdsbs - ok
18:01:18.0529 4700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:01:18.0529 4700 amdxata - ok
18:01:18.0545 4700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:01:18.0545 4700 AppID - ok
18:01:18.0561 4700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:01:18.0561 4700 AppIDSvc - ok
18:01:18.0592 4700 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:01:18.0592 4700 Appinfo - ok
18:01:18.0670 4700 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:01:18.0670 4700 Apple Mobile Device - ok
18:01:18.0670 4700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:01:18.0685 4700 arc - ok
18:01:18.0685 4700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:01:18.0685 4700 arcsas - ok
18:01:18.0717 4700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:18.0717 4700 AsyncMac - ok
18:01:18.0717 4700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:01:18.0717 4700 atapi - ok
18:01:18.0763 4700 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:01:18.0779 4700 AudioEndpointBuilder - ok
18:01:18.0779 4700 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:01:18.0779 4700 AudioSrv - ok
18:01:18.0795 4700 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:01:18.0795 4700 AxInstSV - ok
18:01:18.0826 4700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:01:18.0841 4700 b06bdrv - ok
18:01:18.0857 4700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:01:18.0857 4700 b57nd60a - ok
18:01:18.0888 4700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:01:18.0888 4700 BDESVC - ok
18:01:18.0888 4700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:01:18.0888 4700 Beep - ok
18:01:18.0935 4700 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:01:18.0951 4700 BITS - ok
18:01:18.0966 4700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:01:18.0966 4700 blbdrive - ok
18:01:19.0013 4700 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:01:19.0029 4700 Bonjour Service - ok
18:01:19.0044 4700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:01:19.0044 4700 bowser - ok
18:01:19.0044 4700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:01:19.0044 4700 BrFiltLo - ok
18:01:19.0060 4700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:01:19.0060 4700 BrFiltUp - ok
18:01:19.0075 4700 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:01:19.0075 4700 Browser - ok
18:01:19.0107 4700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:01:19.0107 4700 Brserid - ok
18:01:19.0107 4700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:19.0107 4700 BrSerWdm - ok
18:01:19.0122 4700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:19.0122 4700 BrUsbMdm - ok
18:01:19.0122 4700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:01:19.0122 4700 BrUsbSer - ok
18:01:19.0138 4700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:01:19.0138 4700 BTHMODEM - ok
18:01:19.0153 4700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:01:19.0153 4700 bthserv - ok
18:01:19.0169 4700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:19.0169 4700 cdfs - ok
18:01:19.0247 4700 CDMA Device Service (d6696435eefd7bbdb4226c60a5b343dc) C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
18:01:19.0247 4700 CDMA Device Service - ok
18:01:19.0263 4700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:01:19.0278 4700 cdrom - ok
18:01:19.0294 4700 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:01:19.0294 4700 CertPropSvc - ok
18:01:19.0309 4700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:01:19.0309 4700 circlass - ok
18:01:19.0325 4700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:01:19.0341 4700 CLFS - ok
18:01:19.0419 4700 CLHNServiceForPowerDVD12 (549f6a1198c3120bb836f04bb1baf5b8) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
18:01:19.0419 4700 CLHNServiceForPowerDVD12 - ok
18:01:19.0465 4700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:19.0465 4700 clr_optimization_v2.0.50727_32 - ok
18:01:19.0497 4700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:01:19.0497 4700 clr_optimization_v2.0.50727_64 - ok
18:01:19.0543 4700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:19.0575 4700 clr_optimization_v4.0.30319_32 - ok
18:01:19.0590 4700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:01:19.0590 4700 clr_optimization_v4.0.30319_64 - ok
18:01:19.0606 4700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:01:19.0621 4700 CmBatt - ok
18:01:19.0621 4700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:01:19.0621 4700 cmdide - ok
18:01:19.0668 4700 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:01:19.0668 4700 CNG - ok
18:01:19.0668 4700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:01:19.0668 4700 Compbatt - ok
18:01:19.0684 4700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:01:19.0684 4700 CompositeBus - ok
18:01:19.0699 4700 COMSysApp - ok
18:01:19.0715 4700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:01:19.0715 4700 crcdisk - ok
18:01:19.0762 4700 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:01:19.0762 4700 Creative ALchemy AL6 Licensing Service - ok
18:01:19.0793 4700 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:01:19.0793 4700 Creative Audio Engine Licensing Service - ok
18:01:19.0809 4700 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:01:19.0809 4700 CryptSvc - ok
18:01:19.0840 4700 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
18:01:19.0840 4700 CT20XUT - ok
18:01:19.0855 4700 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
18:01:19.0855 4700 CT20XUT.SYS - ok
18:01:19.0887 4700 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
18:01:19.0887 4700 ctac32k - ok
18:01:19.0918 4700 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
18:01:19.0918 4700 ctaud2k - ok
18:01:19.0965 4700 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:01:19.0965 4700 CTAudSvcService - ok
18:01:20.0027 4700 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
18:01:20.0043 4700 CTEXFIFX - ok
18:01:20.0136 4700 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
18:01:20.0136 4700 CTEXFIFX.SYS - ok
18:01:20.0183 4700 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
18:01:20.0183 4700 CTHWIUT - ok
18:01:20.0183 4700 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
18:01:20.0183 4700 CTHWIUT.SYS - ok
18:01:20.0199 4700 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
18:01:20.0199 4700 ctprxy2k - ok
18:01:20.0214 4700 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
18:01:20.0214 4700 ctsfm2k - ok
18:01:20.0277 4700 CyberLink PowerDVD 12 Media Server Monitor Service (751e67a18468adae2d6aa90f026e2dbe) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
18:01:20.0277 4700 CyberLink PowerDVD 12 Media Server Monitor Service - ok
18:01:20.0323 4700 CyberLink PowerDVD 12 Media Server Service (3de230f59c8830168eaab163b606dd37) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
18:01:20.0323 4700 CyberLink PowerDVD 12 Media Server Service - ok
18:01:20.0370 4700 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:01:20.0370 4700 DcomLaunch - ok
18:01:20.0417 4700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:01:20.0417 4700 defragsvc - ok
18:01:20.0448 4700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:01:20.0448 4700 DfsC - ok
18:01:20.0464 4700 dgderdrv - ok
18:01:20.0495 4700 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:01:20.0495 4700 Dhcp - ok
18:01:20.0511 4700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:01:20.0511 4700 discache - ok
18:01:20.0526 4700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:01:20.0526 4700 Disk - ok
18:01:20.0557 4700 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:01:20.0557 4700 Dnscache - ok
18:01:20.0573 4700 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:01:20.0573 4700 dot3svc - ok
18:01:20.0604 4700 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:01:20.0620 4700 DPS - ok
18:01:20.0635 4700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:01:20.0635 4700 drmkaud - ok
18:01:20.0682 4700 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:01:20.0682 4700 dtsoftbus01 - ok
18:01:20.0729 4700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:20.0729 4700 DXGKrnl - ok
18:01:20.0760 4700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:01:20.0760 4700 EapHost - ok
18:01:20.0916 4700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:01:20.0947 4700 ebdrv - ok
18:01:21.0010 4700 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:01:21.0010 4700 EFS - ok
18:01:21.0072 4700 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:01:21.0088 4700 ehRecvr - ok
18:01:21.0088 4700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:01:21.0103 4700 ehSched - ok
18:01:21.0150 4700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:01:21.0150 4700 elxstor - ok
18:01:21.0181 4700 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
18:01:21.0181 4700 emupia - ok
18:01:21.0181 4700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:01:21.0181 4700 ErrDev - ok
18:01:21.0213 4700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:01:21.0213 4700 EventSystem - ok
18:01:21.0228 4700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:01:21.0244 4700 exfat - ok
18:01:21.0259 4700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:01:21.0259 4700 fastfat - ok
18:01:21.0306 4700 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:01:21.0306 4700 Fax - ok
18:01:21.0322 4700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:01:21.0322 4700 fdc - ok
18:01:21.0337 4700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:01:21.0337 4700 fdPHost - ok
18:01:21.0353 4700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:01:21.0353 4700 FDResPub - ok
18:01:21.0369 4700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:01:21.0369 4700 FileInfo - ok
18:01:21.0369 4700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:01:21.0369 4700 Filetrace - ok
18:01:21.0384 4700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:21.0384 4700 flpydisk - ok
18:01:21.0415 4700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:01:21.0415 4700 FltMgr - ok
18:01:21.0462 4700 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:01:21.0478 4700 FontCache - ok
18:01:21.0525 4700 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:01:21.0525 4700 FontCache3.0.0.0 - ok
18:01:21.0556 4700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:01:21.0556 4700 FsDepends - ok
18:01:21.0571 4700 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:21.0571 4700 Fs_Rec - ok
18:01:21.0603 4700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:01:21.0603 4700 fvevol - ok
18:01:21.0618 4700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:01:21.0618 4700 gagp30kx - ok
18:01:21.0649 4700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:21.0649 4700 GEARAspiWDM - ok
18:01:21.0696 4700 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:01:21.0696 4700 gpsvc - ok
18:01:21.0790 4700 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
18:01:21.0790 4700 ha20x2k - ok
18:01:21.0837 4700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:01:21.0837 4700 hcw85cir - ok
18:01:21.0883 4700 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:01:21.0883 4700 HdAudAddService - ok
18:01:21.0915 4700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:21.0915 4700 HDAudBus - ok
18:01:21.0930 4700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:01:21.0930 4700 HidBatt - ok
18:01:21.0946 4700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:01:21.0946 4700 HidBth - ok
18:01:21.0961 4700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:01:21.0961 4700 HidIr - ok
18:01:21.0961 4700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:01:21.0961 4700 hidserv - ok
18:01:21.0977 4700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:21.0977 4700 HidUsb - ok
18:01:22.0008 4700 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:01:22.0008 4700 hkmsvc - ok
18:01:22.0039 4700 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:01:22.0039 4700 HomeGroupListener - ok
18:01:22.0071 4700 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:01:22.0071 4700 HomeGroupProvider - ok
18:01:22.0086 4700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:01:22.0086 4700 HpSAMD - ok
18:01:22.0117 4700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:01:22.0149 4700 HTTP - ok
18:01:22.0149 4700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:01:22.0149 4700 hwpolicy - ok
18:01:22.0180 4700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:01:22.0180 4700 i8042prt - ok
18:01:22.0227 4700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:01:22.0227 4700 iaStorV - ok
18:01:22.0320 4700 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:01:22.0351 4700 idsvc - ok
18:01:22.0367 4700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:01:22.0383 4700 iirsp - ok
18:01:22.0445 4700 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:01:22.0461 4700 IKEEXT - ok
18:01:22.0461 4700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:01:22.0461 4700 intelide - ok
18:01:22.0476 4700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:22.0476 4700 intelppm - ok
18:01:22.0492 4700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:01:22.0492 4700 IPBusEnum - ok
18:01:22.0523 4700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:22.0523 4700 IpFilterDriver - ok
18:01:22.0523 4700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:01:22.0523 4700 IPMIDRV - ok
18:01:22.0539 4700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:01:22.0539 4700 IPNAT - ok
18:01:22.0617 4700 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:01:22.0632 4700 iPod Service - ok
18:01:22.0632 4700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:01:22.0632 4700 IRENUM - ok
18:01:22.0648 4700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:01:22.0648 4700 isapnp - ok
18:01:22.0679 4700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:01:22.0679 4700 iScsiPrt - ok
18:01:22.0679 4700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:22.0695 4700 kbdclass - ok
18:01:22.0695 4700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:22.0695 4700 kbdhid - ok
18:01:22.0710 4700 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:22.0710 4700 KeyIso - ok
18:01:22.0726 4700 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:01:22.0726 4700 KSecDD - ok
18:01:22.0741 4700 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:01:22.0741 4700 KSecPkg - ok
18:01:22.0757 4700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:01:22.0757 4700 ksthunk - ok
18:01:22.0788 4700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:01:22.0788 4700 KtmRm - ok
18:01:22.0819 4700 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:01:22.0819 4700 LanmanServer - ok
18:01:22.0851 4700 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:01:22.0851 4700 LanmanWorkstation - ok
18:01:22.0866 4700 libusb0 (285954c6c6ef43b78ab84034750fac6a) C:\Windows\system32\DRIVERS\libusb0.sys
18:01:22.0882 4700 libusb0 - ok
18:01:22.0897 4700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:01:22.0897 4700 lltdio - ok
18:01:22.0929 4700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:01:22.0929 4700 lltdsvc - ok
18:01:22.0944 4700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:01:22.0944 4700 lmhosts - ok
18:01:22.0960 4700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:01:22.0960 4700 LSI_FC - ok
18:01:22.0991 4700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:01:23.0038 4700 LSI_SAS - ok
18:01:23.0069 4700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:01:23.0069 4700 LSI_SAS2 - ok
18:01:23.0085 4700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:01:23.0085 4700 LSI_SCSI - ok
18:01:23.0100 4700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:01:23.0131 4700 luafv - ok
18:01:23.0163 4700 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
18:01:23.0163 4700 lvpopf64 - ok
18:01:23.0194 4700 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:01:23.0194 4700 LVPr2M64 - ok
18:01:23.0194 4700 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:01:23.0194 4700 LVPr2Mon - ok
18:01:23.0241 4700 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:01:23.0241 4700 LVPrcS64 - ok
18:01:23.0256 4700 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
18:01:23.0256 4700 LVRS64 - ok
18:01:23.0272 4700 lvsels64 (99bcd802fe1c480e94dcb29d904f56cc) C:\Windows\system32\DRIVERS\lvsels64.sys
18:01:23.0272 4700 lvsels64 - ok
18:01:23.0537 4700 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
18:01:23.0568 4700 LVUVC64 - ok
18:01:23.0631 4700 lxbx_device - ok
18:01:23.0662 4700 Mcx2Svc - ok
18:01:23.0677 4700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:01:23.0677 4700 megasas - ok
18:01:23.0709 4700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:01:23.0724 4700 MegaSR - ok
18:01:23.0740 4700 Microsoft SharePoint Workspace Audit Service - ok
18:01:23.0771 4700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:01:23.0771 4700 MMCSS - ok
18:01:23.0787 4700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:01:23.0787 4700 Modem - ok
18:01:23.0802 4700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:01:23.0802 4700 monitor - ok
18:01:23.0818 4700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:01:23.0818 4700 mouclass - ok
18:01:23.0833 4700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:01:23.0833 4700 mouhid - ok
18:01:23.0849 4700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:01:23.0849 4700 mountmgr - ok
18:01:23.0880 4700 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:01:23.0896 4700 MozillaMaintenance - ok
18:01:23.0927 4700 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:01:23.0927 4700 MpFilter - ok
18:01:23.0958 4700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:01:23.0958 4700 mpio - ok
18:01:23.0958 4700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:01:23.0974 4700 mpsdrv - ok
18:01:23.0974 4700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:01:23.0974 4700 MRxDAV - ok
18:01:23.0989 4700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:24.0005 4700 mrxsmb - ok
18:01:24.0021 4700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:24.0021 4700 mrxsmb10 - ok
18:01:24.0036 4700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:24.0036 4700 mrxsmb20 - ok
18:01:24.0052 4700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:01:24.0052 4700 msahci - ok
18:01:24.0067 4700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:01:24.0067 4700 msdsm - ok
18:01:24.0083 4700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:01:24.0083 4700 MSDTC - ok
18:01:24.0099 4700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:01:24.0099 4700 Msfs - ok
18:01:24.0099 4700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:01:24.0099 4700 mshidkmdf - ok
18:01:24.0114 4700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:01:24.0114 4700 msisadrv - ok
18:01:24.0130 4700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:01:24.0130 4700 MSiSCSI - ok
18:01:24.0130 4700 msiserver - ok
18:01:24.0145 4700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:01:24.0145 4700 MSKSSRV - ok
18:01:24.0161 4700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:24.0161 4700 MSPCLOCK - ok
18:01:24.0161 4700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:01:24.0161 4700 MSPQM - ok
18:01:24.0192 4700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:01:24.0192 4700 MsRPC - ok
18:01:24.0208 4700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:01:24.0208 4700 mssmbios - ok
18:01:24.0208 4700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:01:24.0208 4700 MSTEE - ok
18:01:24.0208 4700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:01:24.0223 4700 MTConfig - ok
18:01:24.0239 4700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:01:24.0239 4700 Mup - ok
18:01:24.0255 4700 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:01:24.0270 4700 napagent - ok
18:01:24.0301 4700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:01:24.0301 4700 NativeWifiP - ok
18:01:24.0364 4700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:01:24.0364 4700 NDIS - ok
18:01:24.0395 4700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:01:24.0395 4700 NdisCap - ok
18:01:24.0411 4700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:24.0426 4700 NdisTapi - ok
18:01:24.0442 4700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:24.0442 4700 Ndisuio - ok
18:01:24.0457 4700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:24.0457 4700 NdisWan - ok
18:01:24.0473 4700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:01:24.0473 4700 NDProxy - ok
18:01:24.0473 4700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:01:24.0473 4700 NetBIOS - ok
18:01:24.0504 4700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:01:24.0504 4700 NetBT - ok
18:01:24.0520 4700 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:24.0520 4700 Netlogon - ok
18:01:24.0551 4700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:01:24.0567 4700 Netman - ok
18:01:24.0613 4700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:01:24.0613 4700 netprofm - ok
18:01:24.0660 4700 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:01:24.0660 4700 NetTcpPortSharing - ok
18:01:24.0691 4700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:01:24.0691 4700 nfrd960 - ok
18:01:24.0738 4700 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:01:24.0738 4700 NisDrv - ok
18:01:24.0785 4700 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
18:01:24.0785 4700 NisSrv - ok
18:01:24.0801 4700 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:01:24.0801 4700 NlaSvc - ok
18:01:24.0816 4700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:01:24.0816 4700 Npfs - ok
18:01:24.0832 4700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:01:24.0832 4700 nsi - ok
18:01:24.0847 4700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:01:24.0847 4700 nsiproxy - ok
18:01:24.0925 4700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:01:24.0941 4700 Ntfs - ok
18:01:25.0019 4700 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
18:01:25.0019 4700 ntk_PowerDVD12 - ok
18:01:25.0066 4700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:01:25.0066 4700 Null - ok
18:01:25.0097 4700 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:01:25.0113 4700 NVENETFD - ok
18:01:25.0690 4700 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:01:25.0752 4700 nvlddmkm - ok
18:01:25.0815 4700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:01:25.0815 4700 nvraid - ok
18:01:25.0830 4700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:01:25.0830 4700 nvstor - ok
18:01:25.0908 4700 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
18:01:25.0924 4700 nvsvc - ok
18:01:26.0064 4700 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:01:26.0080 4700 nvUpdatusService - ok
18:01:26.0127 4700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:01:26.0127 4700 nv_agp - ok
18:01:26.0142 4700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:01:26.0142 4700 ohci1394 - ok
18:01:26.0189 4700 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:26.0189 4700 ose - ok
18:01:26.0439 4700 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:01:26.0485 4700 osppsvc - ok
18:01:26.0532 4700 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
18:01:26.0532 4700 ossrv - ok
18:01:26.0579 4700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:01:26.0579 4700 p2pimsvc - ok
18:01:26.0610 4700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:01:26.0610 4700 p2psvc - ok
18:01:26.0626 4700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:01:26.0626 4700 Parport - ok
18:01:26.0641 4700 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:01:26.0641 4700 partmgr - ok
18:01:26.0657 4700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:01:26.0657 4700 PcaSvc - ok
18:01:26.0688 4700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:01:26.0688 4700 pci - ok
18:01:26.0704 4700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:01:26.0704 4700 pciide - ok
18:01:26.0719 4700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:01:26.0719 4700 pcmcia - ok
18:01:26.0735 4700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:01:26.0735 4700 pcw - ok
18:01:26.0766 4700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:01:26.0782 4700 PEAUTH - ok
18:01:26.0829 4700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:01:26.0829 4700 PerfHost - ok
18:01:26.0907 4700 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:01:26.0922 4700 pla - ok
18:01:26.0953 4700 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:01:26.0953 4700 PlugPlay - ok
18:01:27.0047 4700 PMBDeviceInfoProvider (fe6fd94886d25adb554ec8ddf3c47caa) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
18:01:27.0063 4700 PMBDeviceInfoProvider - ok
18:01:27.0063 4700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:01:27.0078 4700 PNRPAutoReg - ok
18:01:27.0094 4700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:01:27.0094 4700 PNRPsvc - ok
18:01:27.0141 4700 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:01:27.0141 4700 PolicyAgent - ok
18:01:27.0172 4700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:01:27.0172 4700 Power - ok
18:01:27.0219 4700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:01:27.0219 4700 PptpMiniport - ok
18:01:27.0234 4700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:01:27.0234 4700 Processor - ok
18:01:27.0250 4700 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:01:27.0250 4700 ProfSvc - ok
18:01:27.0265 4700 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:27.0265 4700 ProtectedStorage - ok
18:01:27.0281 4700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:01:27.0281 4700 Psched - ok
18:01:27.0359 4700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:01:27.0375 4700 ql2300 - ok
18:01:27.0437 4700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:01:27.0437 4700 ql40xx - ok
18:01:27.0453 4700 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:01:27.0453 4700 QWAVE - ok
18:01:27.0453 4700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:01:27.0468 4700 QWAVEdrv - ok
18:01:27.0468 4700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:01:27.0468 4700 RasAcd - ok
18:01:27.0484 4700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:01:27.0484 4700 RasAgileVpn - ok
18:01:27.0515 4700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:01:27.0515 4700 RasAuto - ok
18:01:27.0531 4700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:01:27.0531 4700 Rasl2tp - ok
18:01:27.0577 4700 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:01:27.0577 4700 RasMan - ok
18:01:27.0593 4700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:01:27.0593 4700 RasPppoe - ok
18:01:27.0593 4700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:01:27.0593 4700 RasSstp - ok
18:01:27.0624 4700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:01:27.0624 4700 rdbss - ok
18:01:27.0640 4700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:01:27.0640 4700 rdpbus - ok
18:01:27.0655 4700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:01:27.0655 4700 RDPCDD - ok
18:01:27.0655 4700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:01:27.0655 4700 RDPENCDD - ok
18:01:27.0671 4700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:01:27.0671 4700 RDPREFMP - ok
18:01:27.0687 4700 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:01:27.0687 4700 RDPWD - ok
18:01:27.0718 4700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:01:27.0718 4700 rdyboost - ok
18:01:27.0765 4700 RemoteAccess - ok
18:01:27.0780 4700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:01:27.0780 4700 RemoteRegistry - ok
18:01:27.0811 4700 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:01:27.0811 4700 RimUsb - ok
18:01:27.0827 4700 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:01:27.0827 4700 RimVSerPort - ok
18:01:27.0843 4700 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:01:27.0843 4700 ROOTMODEM - ok
18:01:27.0858 4700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:01:27.0858 4700 RpcEptMapper - ok
18:01:27.0874 4700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:01:27.0874 4700 RpcLocator - ok
18:01:27.0889 4700 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:01:27.0905 4700 RpcSs - ok
18:01:27.0905 4700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:01:27.0936 4700 rspndr - ok
18:01:27.0952 4700 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:27.0952 4700 SamSs - ok
18:01:27.0983 4700 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:01:27.0999 4700 SASDIFSV - ok
18:01:27.0999 4700 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:01:27.0999 4700 SASKUTIL - ok
18:01:28.0014 4700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:01:28.0014 4700 sbp2port - ok
18:01:28.0030 4700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:01:28.0030 4700 SCardSvr - ok
18:01:28.0045 4700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:01:28.0045 4700 scfilter - ok
18:01:28.0108 4700 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:01:28.0108 4700 Schedule - ok
18:01:28.0123 4700 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:01:28.0123 4700 SCPolicySvc - ok
18:01:28.0139 4700 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:01:28.0155 4700 SDRSVC - ok
18:01:28.0170 4700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:01:28.0170 4700 secdrv - ok
18:01:28.0186 4700 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:01:28.0186 4700 seclogon - ok
18:01:28.0201 4700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:01:28.0201 4700 SENS - ok
18:01:28.0201 4700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:01:28.0201 4700 SensrSvc - ok
18:01:28.0217 4700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:01:28.0217 4700 Serenum - ok
18:01:28.0248 4700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:01:28.0248 4700 Serial - ok
18:01:28.0248 4700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:01:28.0264 4700 sermouse - ok
18:01:28.0279 4700 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:01:28.0279 4700 SessionEnv - ok
18:01:28.0279 4700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:01:28.0279 4700 sffdisk - ok
18:01:28.0279 4700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:01:28.0279 4700 sffp_mmc - ok
18:01:28.0295 4700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:01:28.0295 4700 sffp_sd - ok
18:01:28.0295 4700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:01:28.0295 4700 sfloppy - ok
18:01:28.0326 4700 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:01:28.0326 4700 ShellHWDetection - ok
18:01:28.0342 4700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:01:28.0342 4700 SiSRaid2 - ok
18:01:28.0357 4700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:01:28.0357 4700 SiSRaid4 - ok
18:01:28.0420 4700 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:01:28.0435 4700 SkypeUpdate - ok
18:01:28.0435 4700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:01:28.0435 4700 Smb - ok
18:01:28.0451 4700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:01:28.0451 4700 SNMPTRAP - ok
18:01:28.0451 4700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:01:28.0451 4700 spldr - ok
18:01:28.0482 4700 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:01:28.0498 4700 Spooler - ok
18:01:28.0654 4700 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:01:28.0685 4700 sppsvc - ok
18:01:28.0747 4700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:01:28.0747 4700 sppuinotify - ok
18:01:28.0794 4700 sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys
18:01:28.0810 4700 sptd - ok
18:01:28.0903 4700 SpyHunter 4 Service (8058e740b8e05e0345388715c7b6bc74) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
18:01:28.0919 4700 SpyHunter 4 Service - ok
18:01:28.0981 4700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:01:28.0997 4700 srv - ok
18:01:29.0013 4700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:01:29.0028 4700 srv2 - ok
18:01:29.0044 4700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:01:29.0044 4700 srvnet - ok
18:01:29.0075 4700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:01:29.0075 4700 SSDPSRV - ok
18:01:29.0091 4700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:01:29.0091 4700 SstpSvc - ok
18:01:29.0169 4700 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:01:29.0169 4700 Stereo Service - ok
18:01:29.0184 4700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:01:29.0184 4700 stexstor - ok
18:01:29.0231 4700 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:01:29.0247 4700 stisvc - ok
18:01:29.0247 4700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:01:29.0247 4700 swenum - ok
18:01:29.0293 4700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:01:29.0293 4700 swprv - ok
18:01:29.0371 4700 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:01:29.0387 4700 SysMain - ok
18:01:29.0449 4700 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:01:29.0449 4700 TabletInputService - ok
18:01:29.0481 4700 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:01:29.0496 4700 TapiSrv - ok
18:01:29.0512 4700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:01:29.0512 4700 TBS - ok
18:01:29.0590 4700 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:01:29.0621 4700 Tcpip - ok
18:01:29.0730 4700 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:01:29.0730 4700 TCPIP6 - ok
18:01:29.0777 4700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:01:29.0777 4700 tcpipreg - ok
18:01:29.0793 4700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:01:29.0793 4700 TDPIPE - ok
18:01:29.0808 4700 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:01:29.0808 4700 TDTCP - ok
18:01:29.0824 4700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:01:29.0824 4700 tdx - ok
18:01:29.0839 4700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:01:29.0839 4700 TermDD - ok
18:01:29.0886 4700 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:01:29.0886 4700 TermService - ok
18:01:29.0902 4700 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:01:29.0902 4700 Themes - ok
18:01:29.0933 4700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:01:29.0933 4700 THREADORDER - ok
18:01:29.0949 4700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:01:29.0949 4700 TrkWks - ok
18:01:29.0980 4700 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:01:29.0980 4700 TrustedInstaller - ok
18:01:29.0995 4700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:01:29.0995 4700 tssecsrv - ok
18:01:30.0011 4700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:01:30.0011 4700 TsUsbFlt - ok
18:01:30.0011 4700 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:01:30.0027 4700 TsUsbGD - ok
18:01:30.0042 4700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:01:30.0042 4700 tunnel - ok
18:01:30.0058 4700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:01:30.0073 4700 uagp35 - ok
18:01:30.0105 4700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:01:30.0105 4700 udfs - ok
18:01:30.0120 4700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:01:30.0120 4700 UI0Detect - ok
18:01:30.0120 4700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:01:30.0120 4700 uliagpkx - ok
18:01:30.0136 4700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:01:30.0136 4700 umbus - ok
18:01:30.0136 4700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:01:30.0151 4700 UmPass - ok
18:01:30.0167 4700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:01:30.0167 4700 upnphost - ok
18:01:30.0198 4700 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:01:30.0198 4700 USBAAPL64 - ok
18:01:30.0214 4700 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:01:30.0214 4700 usbaudio - ok
18:01:30.0229 4700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:01:30.0229 4700 usbccgp - ok
18:01:30.0245 4700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:01:30.0245 4700 usbcir - ok
18:01:30.0261 4700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:01:30.0261 4700 usbehci - ok
18:01:30.0292 4700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:01:30.0292 4700 usbhub - ok
18:01:30.0307 4700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:01:30.0307 4700 usbohci - ok
18:01:30.0323 4700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:01:30.0323 4700 usbprint - ok
18:01:30.0354 4700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:01:30.0354 4700 usbscan - ok
18:01:30.0370 4700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:01:30.0370 4700 USBSTOR - ok
18:01:30.0385 4700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:01:30.0385 4700 usbuhci - ok
18:01:30.0401 4700 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:01:30.0401 4700 usbvideo - ok
18:01:30.0401 4700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:01:30.0401 4700 UxSms - ok
18:01:30.0432 4700 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:30.0432 4700 VaultSvc - ok
18:01:30.0448 4700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:01:30.0448 4700 vdrvroot - ok
18:01:30.0495 4700 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:01:30.0495 4700 vds - ok
18:01:30.0510 4700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:01:30.0510 4700 vga - ok
18:01:30.0526 4700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:01:30.0526 4700 VgaSave - ok
18:01:30.0541 4700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:01:30.0541 4700 vhdmp - ok
18:01:30.0557 4700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:01:30.0557 4700 viaide - ok
18:01:30.0573 4700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:01:30.0573 4700 volmgr - ok
18:01:30.0588 4700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:01:30.0588 4700 volmgrx - ok
18:01:30.0619 4700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:01:30.0619 4700 volsnap - ok
18:01:30.0635 4700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:01:30.0651 4700 vsmraid - ok
18:01:30.0729 4700 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:01:30.0744 4700 VSS - ok
18:01:30.0807 4700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:01:30.0807 4700 vwifibus - ok
18:01:30.0838 4700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:01:30.0838 4700 W32Time - ok
18:01:30.0853 4700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:01:30.0853 4700 WacomPen - ok
18:01:30.0869 4700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:01:30.0869 4700 WANARP - ok
18:01:30.0869 4700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:01:30.0869 4700 Wanarpv6 - ok
18:01:30.0947 4700 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:01:30.0963 4700 WatAdminSvc - ok
18:01:31.0041 4700 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:01:31.0056 4700 wbengine - ok
18:01:31.0103 4700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:01:31.0103 4700 WbioSrvc - ok
18:01:31.0134 4700 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:01:31.0150 4700 wcncsvc - ok
18:01:31.0150 4700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:01:31.0165 4700 WcsPlugInService - ok
18:01:31.0181 4700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:01:31.0197 4700 Wd - ok
18:01:31.0228 4700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:01:31.0243 4700 Wdf01000 - ok
18:01:31.0259 4700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:01:31.0259 4700 WdiServiceHost - ok
18:01:31.0259 4700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:01:31.0259 4700 WdiSystemHost - ok
18:01:31.0275 4700 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:01:31.0290 4700 WebClient - ok
18:01:31.0306 4700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:01:31.0306 4700 Wecsvc - ok
18:01:31.0321 4700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:01:31.0321 4700 wercplsupport - ok
18:01:31.0337 4700 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:01:31.0337 4700 WerSvc - ok
18:01:31.0353 4700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:01:31.0353 4700 WfpLwf - ok
18:01:31.0353 4700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:01:31.0353 4700 WIMMount - ok
18:01:31.0368 4700 WinHttpAutoProxySvc - ok
18:01:31.0415 4700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:01:31.0415 4700 Winmgmt - ok
18:01:31.0493 4700 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:01:31.0509 4700 WinRM - ok
18:01:31.0587 4700 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:01:31.0587 4700 WinUsb - ok
18:01:31.0633 4700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:01:31.0649 4700 Wlansvc - ok
18:01:31.0805 4700 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:01:31.0821 4700 wlidsvc - ok
18:01:31.0867 4700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:01:31.0867 4700 WmiAcpi - ok
18:01:31.0883 4700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:01:31.0883 4700 wmiApSrv - ok
18:01:31.0899 4700 WMPNetworkSvc - ok
18:01:31.0914 4700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:01:31.0914 4700 WPCSvc - ok
18:01:31.0930 4700 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:01:31.0930 4700 WPDBusEnum - ok
18:01:31.0945 4700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:01:31.0945 4700 ws2ifsl - ok
18:01:31.0945 4700 WSearch - ok
18:01:32.0055 4700 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:01:32.0086 4700 wuauserv - ok
18:01:32.0133 4700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:01:32.0133 4700 WudfPf - ok
18:01:32.0148 4700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:01:32.0148 4700 WUDFRd - ok
18:01:32.0164 4700 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:01:32.0164 4700 wudfsvc - ok
18:01:32.0179 4700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:01:32.0179 4700 WwanSvc - ok
18:01:32.0273 4700 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
18:01:32.0273 4700 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
18:01:32.0289 4700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:01:32.0585 4700 \Device\Harddisk0\DR0 - ok
18:01:32.0601 4700 Boot (0x1200) (8c6950a01398bd571b6ea9edfb287b26) \Device\Harddisk0\DR0\Partition0
18:01:32.0601 4700 \Device\Harddisk0\DR0\Partition0 - ok
18:01:32.0601 4700 Boot (0x1200) (c0b37738bd681e68fedebe802e03b1e6) \Device\Harddisk0\DR0\Partition1
18:01:32.0601 4700 \Device\Harddisk0\DR0\Partition1 - ok
18:01:32.0616 4700 Boot (0x1200) (11c7ef4af3eb33d68b83899c0592af3c) \Device\Harddisk0\DR0\Partition2
18:01:32.0616 4700 \Device\Harddisk0\DR0\Partition2 - ok
18:01:32.0616 4700 ============================================================
18:01:32.0616 4700 Scan finished
18:01:32.0616 4700 ============================================================
18:01:32.0632 3684 Detected object count: 0
18:01:32.0632 3684 Actual detected object count: 0
18:01:45.0081 0628 ============================================================
18:01:45.0081 0628 Scan started
18:01:45.0081 0628 Mode: Manual;
18:01:45.0081 0628 ============================================================
18:01:45.0299 0628 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:01:45.0299 0628 !SASCORE - ok
18:01:45.0330 0628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
18:01:45.0330 0628 1394ohci - ok
18:01:45.0361 0628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:01:45.0361 0628 ACPI - ok
18:01:45.0377 0628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:01:45.0377 0628 AcpiPmi - ok
18:01:45.0408 0628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:01:45.0408 0628 adp94xx - ok
18:01:45.0439 0628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:01:45.0439 0628 adpahci - ok
18:01:45.0439 0628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:01:45.0455 0628 adpu320 - ok
18:01:45.0471 0628 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:01:45.0471 0628 AeLookupSvc - ok
18:01:45.0502 0628 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:01:45.0502 0628 AFD - ok
18:01:45.0517 0628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:01:45.0517 0628 agp440 - ok
18:01:45.0517 0628 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:01:45.0517 0628 ALG - ok
18:01:45.0533 0628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:01:45.0533 0628 aliide - ok
18:01:45.0549 0628 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
18:01:45.0549 0628 Alpham1 - ok
18:01:45.0564 0628 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
18:01:45.0564 0628 Alpham2 - ok
18:01:45.0564 0628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:01:45.0564 0628 amdide - ok
18:01:45.0580 0628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:01:45.0580 0628 AmdK8 - ok
18:01:45.0580 0628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:01:45.0580 0628 AmdPPM - ok
18:01:45.0595 0628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:01:45.0595 0628 amdsata - ok
18:01:45.0611 0628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:01:45.0611 0628 amdsbs - ok
18:01:45.0627 0628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:01:45.0627 0628 amdxata - ok
18:01:45.0627 0628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:01:45.0627 0628 AppID - ok
18:01:45.0642 0628 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:01:45.0642 0628 AppIDSvc - ok
18:01:45.0658 0628 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:01:45.0658 0628 Appinfo - ok
18:01:45.0720 0628 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:01:45.0720 0628 Apple Mobile Device - ok
18:01:45.0736 0628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:01:45.0736 0628 arc - ok
18:01:45.0751 0628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:01:45.0751 0628 arcsas - ok
18:01:45.0751 0628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:45.0751 0628 AsyncMac - ok
18:01:45.0767 0628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:01:45.0767 0628 atapi - ok
18:01:45.0798 0628 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:01:45.0798 0628 AudioEndpointBuilder - ok
18:01:45.0814 0628 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:01:45.0814 0628 AudioSrv - ok
18:01:45.0814 0628 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:01:45.0829 0628 AxInstSV - ok
18:01:45.0845 0628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:01:45.0861 0628 b06bdrv - ok
18:01:45.0876 0628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:01:45.0876 0628 b57nd60a - ok
18:01:45.0892 0628 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:01:45.0892 0628 BDESVC - ok
18:01:45.0892 0628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:01:45.0892 0628 Beep - ok
18:01:45.0954 0628 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:01:45.0954 0628 BITS - ok
18:01:45.0970 0628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:01:45.0970 0628 blbdrive - ok
18:01:46.0001 0628 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:01:46.0017 0628 Bonjour Service - ok
18:01:46.0032 0628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:01:46.0032 0628 bowser - ok
18:01:46.0032 0628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:01:46.0032 0628 BrFiltLo - ok
18:01:46.0048 0628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:01:46.0048 0628 BrFiltUp - ok
18:01:46.0063 0628 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:01:46.0063 0628 Browser - ok
18:01:46.0079 0628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:01:46.0079 0628 Brserid - ok
18:01:46.0095 0628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:46.0095 0628 BrSerWdm - ok
18:01:46.0095 0628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:46.0095 0628 BrUsbMdm - ok
18:01:46.0095 0628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:01:46.0095 0628 BrUsbSer - ok
18:01:46.0110 0628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:01:46.0110 0628 BTHMODEM - ok
18:01:46.0126 0628 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:01:46.0126 0628 bthserv - ok
18:01:46.0141 0628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:46.0141 0628 cdfs - ok
18:01:46.0219 0628 CDMA Device Service (d6696435eefd7bbdb4226c60a5b343dc) C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
18:01:46.0219 0628 CDMA Device Service - ok
18:01:46.0219 0628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:01:46.0219 0628 cdrom - ok
18:01:46.0235 0628 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:01:46.0235 0628 CertPropSvc - ok
18:01:46.0251 0628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:01:46.0251 0628 circlass - ok
18:01:46.0282 0628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:01:46.0282 0628 CLFS - ok
18:01:46.0344 0628 CLHNServiceForPowerDVD12 (549f6a1198c3120bb836f04bb1baf5b8) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
18:01:46.0344 0628 CLHNServiceForPowerDVD12 - ok
18:01:46.0391 0628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:46.0391 0628 clr_optimization_v2.0.50727_32 - ok
18:01:46.0407 0628 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:01:46.0407 0628 clr_optimization_v2.0.50727_64 - ok
18:01:46.0453 0628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:46.0453 0628 clr_optimization_v4.0.30319_32 - ok
18:01:46.0485 0628 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:01:46.0485 0628 clr_optimization_v4.0.30319_64 - ok
18:01:46.0500 0628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:01:46.0500 0628 CmBatt - ok
18:01:46.0500 0628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:01:46.0500 0628 cmdide - ok
18:01:46.0547 0628 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:01:46.0547 0628 CNG - ok
18:01:46.0547 0628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:01:46.0547 0628 Compbatt - ok
18:01:46.0563 0628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:01:46.0563 0628 CompositeBus - ok
18:01:46.0578 0628 COMSysApp - ok
18:01:46.0578 0628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:01:46.0578 0628 crcdisk - ok
18:01:46.0625 0628 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:01:46.0625 0628 Creative ALchemy AL6 Licensing Service - ok
18:01:46.0641 0628 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:01:46.0641 0628 Creative Audio Engine Licensing Service - ok
18:01:46.0656 0628 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:01:46.0656 0628 CryptSvc - ok
18:01:46.0687 0628 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
18:01:46.0687 0628 CT20XUT - ok
18:01:46.0687 0628 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
18:01:46.0687 0628 CT20XUT.SYS - ok
18:01:46.0734 0628 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
18:01:46.0734 0628 ctac32k - ok
18:01:46.0781 0628 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
18:01:46.0781 0628 ctaud2k - ok
18:01:46.0828 0628 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:01:46.0828 0628 CTAudSvcService - ok
18:01:46.0890 0628 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
18:01:46.0890 0628 CTEXFIFX - ok
18:01:46.0999 0628 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
18:01:46.0999 0628 CTEXFIFX.SYS - ok
18:01:47.0046 0628 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
18:01:47.0046 0628 CTHWIUT - ok
18:01:47.0046 0628 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
18:01:47.0046 0628 CTHWIUT.SYS - ok
18:01:47.0062 0628 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
18:01:47.0062 0628 ctprxy2k - ok
18:01:47.0077 0628 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
18:01:47.0077 0628 ctsfm2k - ok
18:01:47.0124 0628 CyberLink PowerDVD 12 Media Server Monitor Service (751e67a18468adae2d6aa90f026e2dbe) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
18:01:47.0124 0628 CyberLink PowerDVD 12 Media Server Monitor Service - ok
18:01:47.0140 0628 CyberLink PowerDVD 12 Media Server Service (3de230f59c8830168eaab163b606dd37) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
18:01:47.0140 0628 CyberLink PowerDVD 12 Media Server Service - ok
18:01:47.0187 0628 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:01:47.0187 0628 DcomLaunch - ok
18:01:47.0218 0628 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:01:47.0218 0628 defragsvc - ok
18:01:47.0249 0628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:01:47.0249 0628 DfsC - ok
18:01:47.0249 0628 dgderdrv - ok
18:01:47.0280 0628 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:01:47.0280 0628 Dhcp - ok
18:01:47.0296 0628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:01:47.0296 0628 discache - ok
18:01:47.0311 0628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:01:47.0311 0628 Disk - ok
18:01:47.0327 0628 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:01:47.0327 0628 Dnscache - ok
18:01:47.0358 0628 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:01:47.0358 0628 dot3svc - ok
18:01:47.0374 0628 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:01:47.0374 0628 DPS - ok
18:01:47.0389 0628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:01:47.0389 0628 drmkaud - ok
18:01:47.0421 0628 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:01:47.0421 0628 dtsoftbus01 - ok
18:01:47.0467 0628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:47.0467 0628 DXGKrnl - ok
18:01:47.0483 0628 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:01:47.0483 0628 EapHost - ok
18:01:47.0639 0628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:01:47.0655 0628 ebdrv - ok
18:01:47.0717 0628 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:01:47.0717 0628 EFS - ok
18:01:47.0779 0628 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:01:47.0779 0628 ehRecvr - ok
18:01:47.0795 0628 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:01:47.0795 0628 ehSched - ok
18:01:47.0842 0628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:01:47.0842 0628 elxstor - ok
18:01:47.0873 0628 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
18:01:47.0873 0628 emupia - ok
18:01:47.0873 0628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:01:47.0873 0628 ErrDev - ok
18:01:47.0904 0628 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:01:47.0904 0628 EventSystem - ok
18:01:47.0935 0628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:01:47.0935 0628 exfat - ok
18:01:47.0951 0628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:01:47.0951 0628 fastfat - ok
18:01:47.0998 0628 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:01:47.0998 0628 Fax - ok
18:01:48.0013 0628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:01:48.0013 0628 fdc - ok
18:01:48.0013 0628 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:01:48.0013 0628 fdPHost - ok
18:01:48.0029 0628 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:01:48.0029 0628 FDResPub - ok
18:01:48.0045 0628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:01:48.0045 0628 FileInfo - ok
18:01:48.0060 0628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:01:48.0060 0628 Filetrace - ok
18:01:48.0076 0628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:48.0076 0628 flpydisk - ok
18:01:48.0091 0628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:01:48.0107 0628 FltMgr - ok
18:01:48.0154 0628 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:01:48.0169 0628 FontCache - ok
18:01:48.0201 0628 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:01:48.0216 0628 FontCache3.0.0.0 - ok
18:01:48.0232 0628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:01:48.0232 0628 FsDepends - ok
18:01:48.0263 0628 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:48.0263 0628 Fs_Rec - ok
18:01:48.0279 0628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:01:48.0279 0628 fvevol - ok
18:01:48.0294 0628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:01:48.0294 0628 gagp30kx - ok
18:01:48.0310 0628 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:48.0310 0628 GEARAspiWDM - ok
18:01:48.0357 0628 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:01:48.0357 0628 gpsvc - ok
18:01:48.0450 0628 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
18:01:48.0450 0628 ha20x2k - ok
18:01:48.0528 0628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:01:48.0528 0628 hcw85cir - ok
18:01:48.0575 0628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:01:48.0575 0628 HdAudAddService - ok
18:01:48.0591 0628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:48.0591 0628 HDAudBus - ok
18:01:48.0606 0628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:01:48.0606 0628 HidBatt - ok
18:01:48.0606 0628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:01:48.0606 0628 HidBth - ok
18:01:48.0622 0628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:01:48.0622 0628 HidIr - ok
18:01:48.0637 0628 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:01:48.0637 0628 hidserv - ok
18:01:48.0637 0628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:48.0637 0628 HidUsb - ok
18:01:48.0669 0628 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:01:48.0669 0628 hkmsvc - ok
18:01:48.0684 0628 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:01:48.0684 0628 HomeGroupListener - ok
18:01:48.0700 0628 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:01:48.0700 0628 HomeGroupProvider - ok
18:01:48.0715 0628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:01:48.0715 0628 HpSAMD - ok
18:01:48.0762 0628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:01:48.0762 0628 HTTP - ok
18:01:48.0762 0628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:01:48.0762 0628 hwpolicy - ok
18:01:48.0793 0628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:01:48.0793 0628 i8042prt - ok
18:01:48.0825 0628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:01:48.0840 0628 iaStorV - ok
18:01:48.0903 0628 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:01:48.0903 0628 idsvc - ok
18:01:48.0918 0628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:01:48.0918 0628 iirsp - ok
18:01:48.0981 0628 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:01:48.0981 0628 IKEEXT - ok
18:01:48.0981 0628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:01:48.0981 0628 intelide - ok
18:01:48.0996 0628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:48.0996 0628 intelppm - ok
18:01:49.0012 0628 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:01:49.0012 0628 IPBusEnum - ok
18:01:49.0027 0628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:49.0027 0628 IpFilterDriver - ok
18:01:49.0043 0628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:01:49.0043 0628 IPMIDRV - ok
18:01:49.0043 0628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:01:49.0043 0628 IPNAT - ok
18:01:49.0121 0628 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:01:49.0121 0628 iPod Service - ok
18:01:49.0137 0628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:01:49.0137 0628 IRENUM - ok
18:01:49.0137 0628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:01:49.0137 0628 isapnp - ok
18:01:49.0168 0628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:01:49.0168 0628 iScsiPrt - ok
18:01:49.0183 0628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:49.0183 0628 kbdclass - ok
18:01:49.0183 0628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:49.0183 0628 kbdhid - ok
18:01:49.0199 0628 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:49.0199 0628 KeyIso - ok
18:01:49.0215 0628 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:01:49.0215 0628 KSecDD - ok
18:01:49.0230 0628 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:01:49.0230 0628 KSecPkg - ok
18:01:49.0246 0628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:01:49.0246 0628 ksthunk - ok
18:01:49.0277 0628 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:01:49.0277 0628 KtmRm - ok
18:01:49.0293 0628 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:01:49.0293 0628 LanmanServer - ok
18:01:49.0324 0628 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:01:49.0324 0628 LanmanWorkstation - ok
18:01:49.0339 0628 libusb0 (285954c6c6ef43b78ab84034750fac6a) C:\Windows\system32\DRIVERS\libusb0.sys
18:01:49.0339 0628 libusb0 - ok
18:01:49.0355 0628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:01:49.0355 0628 lltdio - ok
18:01:49.0386 0628 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:01:49.0386 0628 lltdsvc - ok
18:01:49.0402 0628 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:01:49.0402 0628 lmhosts - ok
18:01:49.0417 0628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:01:49.0417 0628 LSI_FC - ok
18:01:49.0433 0628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:01:49.0433 0628 LSI_SAS - ok
18:01:49.0449 0628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:01:49.0449 0628 LSI_SAS2 - ok
18:01:49.0464 0628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:01:49.0464 0628 LSI_SCSI - ok
18:01:49.0464 0628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:01:49.0480 0628 luafv - ok
18:01:49.0495 0628 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
18:01:49.0495 0628 lvpopf64 - ok
18:01:49.0511 0628 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:01:49.0511 0628 LVPr2M64 - ok
18:01:49.0511 0628 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:01:49.0527 0628 LVPr2Mon - ok
18:01:49.0573 0628 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:01:49.0573 0628 LVPrcS64 - ok
18:01:49.0589 0628 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
18:01:49.0589 0628 LVRS64 - ok
18:01:49.0605 0628 lvsels64 (99bcd802fe1c480e94dcb29d904f56cc) C:\Windows\system32\DRIVERS\lvsels64.sys
18:01:49.0605 0628 lvsels64 - ok
18:01:49.0870 0628 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
18:01:49.0901 0628 LVUVC64 - ok
18:01:49.0948 0628 lxbx_device - ok
18:01:49.0995 0628 Mcx2Svc - ok
18:01:50.0010 0628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:01:50.0010 0628 megasas - ok
18:01:50.0041 0628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:01:50.0041 0628 MegaSR - ok
18:01:50.0073 0628 Microsoft SharePoint Workspace Audit Service - ok
18:01:50.0088 0628 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:01:50.0088 0628 MMCSS - ok
18:01:50.0104 0628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:01:50.0104 0628 Modem - ok
18:01:50.0119 0628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:01:50.0119 0628 monitor - ok
18:01:50.0135 0628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:01:50.0135 0628 mouclass - ok
18:01:50.0151 0628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:01:50.0151 0628 mouhid - ok
18:01:50.0166 0628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:01:50.0166 0628 mountmgr - ok
18:01:50.0182 0628 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:01:50.0182 0628 MozillaMaintenance - ok
18:01:50.0213 0628 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:01:50.0213 0628 MpFilter - ok
18:01:50.0244 0628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:01:50.0244 0628 mpio - ok
18:01:50.0275 0628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:01:50.0275 0628 mpsdrv - ok
18:01:50.0291 0628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:01:50.0291 0628 MRxDAV - ok
18:01:50.0307 0628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:50.0307 0628 mrxsmb - ok
18:01:50.0322 0628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:50.0322 0628 mrxsmb10 - ok
18:01:50.0353 0628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:50.0353 0628 mrxsmb20 - ok
18:01:50.0353 0628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:01:50.0353 0628 msahci - ok
18:01:50.0369 0628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:01:50.0369 0628 msdsm - ok
18:01:50.0385 0628 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:01:50.0385 0628 MSDTC - ok
18:01:50.0400 0628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:01:50.0400 0628 Msfs - ok
18:01:50.0416 0628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:01:50.0416 0628 mshidkmdf - ok
18:01:50.0416 0628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:01:50.0431 0628 msisadrv - ok
18:01:50.0447 0628 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:01:50.0447 0628 MSiSCSI - ok
18:01:50.0447 0628 msiserver - ok
18:01:50.0463 0628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:01:50.0463 0628 MSKSSRV - ok
18:01:50.0463 0628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:50.0463 0628 MSPCLOCK - ok
18:01:50.0463 0628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:01:50.0478 0628 MSPQM - ok
18:01:50.0494 0628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:01:50.0494 0628 MsRPC - ok
18:01:50.0509 0628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:01:50.0509 0628 mssmbios - ok
18:01:50.0509 0628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:01:50.0509 0628 MSTEE - ok
18:01:50.0525 0628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:01:50.0525 0628 MTConfig - ok
18:01:50.0525 0628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:01:50.0525 0628 Mup - ok
18:01:50.0556 0628 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:01:50.0556 0628 napagent - ok
18:01:50.0587 0628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:01:50.0587 0628 NativeWifiP - ok
18:01:50.0650 0628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:01:50.0650 0628 NDIS - ok
18:01:50.0665 0628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:01:50.0681 0628 NdisCap - ok
18:01:50.0697 0628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:50.0697 0628 NdisTapi - ok
18:01:50.0697 0628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:50.0697 0628 Ndisuio - ok
18:01:50.0712 0628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:50.0712 0628 NdisWan - ok
18:01:50.0728 0628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:01:50.0728 0628 NDProxy - ok
18:01:50.0743 0628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:01:50.0743 0628 NetBIOS - ok
18:01:50.0759 0628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:01:50.0759 0628 NetBT - ok
18:01:50.0790 0628 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:50.0790 0628 Netlogon - ok
18:01:50.0806 0628 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:01:50.0806 0628 Netman - ok
18:01:50.0853 0628 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:01:50.0853 0628 netprofm - ok
18:01:50.0899 0628 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:01:50.0899 0628 NetTcpPortSharing - ok
18:01:50.0899 0628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:01:50.0899 0628 nfrd960 - ok
18:01:50.0931 0628 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:01:50.0931 0628 NisDrv - ok
18:01:50.0993 0628 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
18:01:50.0993 0628 NisSrv - ok
18:01:50.0993 0628 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:01:51.0009 0628 NlaSvc - ok
18:01:51.0024 0628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:01:51.0024 0628 Npfs - ok
18:01:51.0040 0628 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:01:51.0040 0628 nsi - ok
18:01:51.0040 0628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:01:51.0055 0628 nsiproxy - ok
18:01:51.0133 0628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:01:51.0133 0628 Ntfs - ok
18:01:51.0227 0628 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
18:01:51.0227 0628 ntk_PowerDVD12 - ok
18:01:51.0274 0628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:01:51.0274 0628 Null - ok
18:01:51.0305 0628 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:01:51.0305 0628 NVENETFD - ok
18:01:51.0898 0628 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:01:51.0960 0628 nvlddmkm - ok
18:01:52.0023 0628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:01:52.0023 0628 nvraid - ok
18:01:52.0054 0628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:01:52.0054 0628 nvstor - ok
18:01:52.0116 0628 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
18:01:52.0116 0628 nvsvc - ok
18:01:52.0241 0628 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:01:52.0257 0628 nvUpdatusService - ok
18:01:52.0303 0628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:01:52.0303 0628 nv_agp - ok
18:01:52.0303 0628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:01:52.0303 0628 ohci1394 - ok
18:01:52.0335 0628 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:52.0335 0628 ose - ok
18:01:52.0569 0628 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:01:52.0584 0628 osppsvc - ok
18:01:52.0647 0628 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
18:01:52.0647 0628 ossrv - ok
18:01:52.0678 0628 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:01:52.0678 0628 p2pimsvc - ok
18:01:52.0693 0628 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:01:52.0693 0628 p2psvc - ok
18:01:52.0709 0628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:01:52.0709 0628 Parport - ok
18:01:52.0725 0628 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:01:52.0725 0628 partmgr - ok
18:01:52.0740 0628 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:01:52.0740 0628 PcaSvc - ok
18:01:52.0756 0628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:01:52.0756 0628 pci - ok
18:01:52.0771 0628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:01:52.0771 0628 pciide - ok
18:01:52.0787 0628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:01:52.0787 0628 pcmcia - ok
18:01:52.0787 0628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:01:52.0803 0628 pcw - ok
18:01:52.0834 0628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:01:52.0834 0628 PEAUTH - ok
18:01:52.0896 0628 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:01:52.0912 0628 PerfHost - ok
18:01:52.0974 0628 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:01:52.0974 0628 pla - ok
18:01:53.0021 0628 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:01:53.0021 0628 PlugPlay - ok
18:01:53.0099 0628 PMBDeviceInfoProvider (fe6fd94886d25adb554ec8ddf3c47caa) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
18:01:53.0099 0628 PMBDeviceInfoProvider - ok
18:01:53.0115 0628 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:01:53.0115 0628 PNRPAutoReg - ok
18:01:53.0130 0628 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:01:53.0130 0628 PNRPsvc - ok
18:01:53.0161 0628 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:01:53.0161 0628 PolicyAgent - ok
18:01:53.0193 0628 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:01:53.0193 0628 Power - ok
18:01:53.0208 0628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:01:53.0208 0628 PptpMiniport - ok
18:01:53.0224 0628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:01:53.0224 0628 Processor - ok
18:01:53.0239 0628 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:01:53.0255 0628 ProfSvc - ok
18:01:53.0271 0628 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:53.0271 0628 ProtectedStorage - ok
18:01:53.0286 0628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:01:53.0286 0628 Psched - ok
18:01:53.0349 0628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:01:53.0364 0628 ql2300 - ok
18:01:53.0427 0628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:01:53.0427 0628 ql40xx - ok
18:01:53.0427 0628 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:01:53.0442 0628 QWAVE - ok
18:01:53.0442 0628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:01:53.0442 0628 QWAVEdrv - ok
18:01:53.0458 0628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:01:53.0458 0628 RasAcd - ok
18:01:53.0473 0628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:01:53.0473 0628 RasAgileVpn - ok
18:01:53.0489 0628 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:01:53.0489 0628 RasAuto - ok
18:01:53.0505 0628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:01:53.0505 0628 Rasl2tp - ok
18:01:53.0536 0628 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:01:53.0536 0628 RasMan - ok
18:01:53.0551 0628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:01:53.0551 0628 RasPppoe - ok
18:01:53.0567 0628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:01:53.0567 0628 RasSstp - ok
18:01:53.0583 0628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:01:53.0583 0628 rdbss - ok
18:01:53.0598 0628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:01:53.0598 0628 rdpbus - ok
18:01:53.0598 0628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:01:53.0598 0628 RDPCDD - ok
18:01:53.0614 0628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:01:53.0614 0628 RDPENCDD - ok
18:01:53.0614 0628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:01:53.0614 0628 RDPREFMP - ok
18:01:53.0645 0628 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:01:53.0645 0628 RDPWD - ok
18:01:53.0661 0628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:01:53.0661 0628 rdyboost - ok
18:01:53.0707 0628 RemoteAccess - ok
18:01:53.0723 0628 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:01:53.0723 0628 RemoteRegistry - ok
18:01:53.0754 0628 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:01:53.0754 0628 RimUsb - ok
18:01:53.0770 0628 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:01:53.0770 0628 RimVSerPort - ok
18:01:53.0770 0628 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:01:53.0770 0628 ROOTMODEM - ok
18:01:53.0785 0628 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:01:53.0785 0628 RpcEptMapper - ok
18:01:53.0801 0628 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:01:53.0801 0628 RpcLocator - ok
18:01:53.0832 0628 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:01:53.0832 0628 RpcSs - ok
18:01:53.0832 0628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:01:53.0832 0628 rspndr - ok
18:01:53.0863 0628 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:53.0863 0628 SamSs - ok
18:01:53.0910 0628 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:01:53.0910 0628 SASDIFSV - ok
18:01:53.0910 0628 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:01:53.0910 0628 SASKUTIL - ok
18:01:53.0941 0628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:01:53.0941 0628 sbp2port - ok
18:01:53.0957 0628 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:01:53.0957 0628 SCardSvr - ok
18:01:53.0973 0628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:01:53.0973 0628 scfilter - ok
18:01:54.0019 0628 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:01:54.0035 0628 Schedule - ok
18:01:54.0051 0628 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:01:54.0051 0628 SCPolicySvc - ok
18:01:54.0066 0628 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:01:54.0066 0628 SDRSVC - ok
18:01:54.0082 0628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:01:54.0082 0628 secdrv - ok
18:01:54.0082 0628 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:01:54.0082 0628 seclogon - ok
18:01:54.0097 0628 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:01:54.0097 0628 SENS - ok
18:01:54.0113 0628 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:01:54.0113 0628 SensrSvc - ok
18:01:54.0129 0628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:01:54.0129 0628 Serenum - ok
18:01:54.0129 0628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:01:54.0129 0628 Serial - ok
18:01:54.0144 0628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:01:54.0144 0628 sermouse - ok
18:01:54.0160 0628 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:01:54.0160 0628 SessionEnv - ok
18:01:54.0175 0628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:01:54.0175 0628 sffdisk - ok
18:01:54.0175 0628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:01:54.0175 0628 sffp_mmc - ok
18:01:54.0175 0628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:01:54.0175 0628 sffp_sd - ok
18:01:54.0175 0628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:01:54.0191 0628 sfloppy - ok
18:01:54.0207 0628 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:01:54.0207 0628 ShellHWDetection - ok
18:01:54.0222 0628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:01:54.0222 0628 SiSRaid2 - ok
18:01:54.0238 0628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:01:54.0238 0628 SiSRaid4 - ok
18:01:54.0269 0628 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:01:54.0269 0628 SkypeUpdate - ok
18:01:54.0285 0628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:01:54.0285 0628 Smb - ok
18:01:54.0300 0628 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:01:54.0300 0628 SNMPTRAP - ok
18:01:54.0300 0628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:01:54.0300 0628 spldr - ok
18:01:54.0331 0628 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:01:54.0331 0628 Spooler - ok
18:01:54.0519 0628 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:01:54.0534 0628 sppsvc - ok
18:01:54.0581 0628 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:01:54.0581 0628 sppuinotify - ok
18:01:54.0628 0628 sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys
18:01:54.0628 0628 sptd - ok
18:01:54.0721 0628 SpyHunter 4 Service (8058e740b8e05e0345388715c7b6bc74) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
18:01:54.0737 0628 SpyHunter 4 Service - ok
18:01:54.0815 0628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:01:54.0815 0628 srv - ok
18:01:54.0846 0628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:01:54.0846 0628 srv2 - ok
18:01:54.0862 0628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:01:54.0862 0628 srvnet - ok
18:01:54.0877 0628 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:01:54.0877 0628 SSDPSRV - ok
18:01:54.0893 0628 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:01:54.0893 0628 SstpSvc - ok
18:01:54.0955 0628 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:01:54.0955 0628 Stereo Service - ok
18:01:54.0971 0628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:01:54.0987 0628 stexstor - ok
18:01:55.0018 0628 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:01:55.0033 0628 stisvc - ok
18:01:55.0033 0628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:01:55.0033 0628 swenum - ok
18:01:55.0065 0628 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:01:55.0065 0628 swprv - ok
18:01:55.0143 0628 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:01:55.0158 0628 SysMain - ok
18:01:55.0189 0628 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:01:55.0189 0628 TabletInputService - ok
18:01:55.0221 0628 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:01:55.0221 0628 TapiSrv - ok
18:01:55.0236 0628 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:01:55.0252 0628 TBS - ok
18:01:55.0330 0628 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:01:55.0345 0628 Tcpip - ok
18:01:55.0455 0628 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:01:55.0455 0628 TCPIP6 - ok
18:01:55.0501 0628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:01:55.0501 0628 tcpipreg - ok
18:01:55.0517 0628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:01:55.0517 0628 TDPIPE - ok
18:01:55.0533 0628 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:01:55.0533 0628 TDTCP - ok
18:01:55.0548 0628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:01:55.0548 0628 tdx - ok
18:01:55.0564 0628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:01:55.0564 0628 TermDD - ok
18:01:55.0595 0628 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:01:55.0595 0628 TermService - ok
18:01:55.0611 0628 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:01:55.0611 0628 Themes - ok
18:01:55.0642 0628 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:01:55.0642 0628 THREADORDER - ok
18:01:55.0657 0628 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:01:55.0657 0628 TrkWks - ok
18:01:55.0689 0628 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:01:55.0689 0628 TrustedInstaller - ok
18:01:55.0704 0628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:01:55.0704 0628 tssecsrv - ok
18:01:55.0720 0628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:01:55.0720 0628 TsUsbFlt - ok
18:01:55.0720 0628 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:01:55.0720 0628 TsUsbGD - ok
18:01:55.0735 0628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:01:55.0735 0628 tunnel - ok
18:01:55.0735 0628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:01:55.0735 0628 uagp35 - ok
18:01:55.0767 0628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:01:55.0767 0628 udfs - ok
18:01:55.0782 0628 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:01:55.0782 0628 UI0Detect - ok
18:01:55.0782 0628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:01:55.0782 0628 uliagpkx - ok
18:01:55.0798 0628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:01:55.0798 0628 umbus - ok
18:01:55.0798 0628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:01:55.0798 0628 UmPass - ok
18:01:55.0829 0628 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:01:55.0829 0628 upnphost - ok
18:01:55.0845 0628 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:01:55.0845 0628 USBAAPL64 - ok
18:01:55.0860 0628 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:01:55.0860 0628 usbaudio - ok
18:01:55.0876 0628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:01:55.0876 0628 usbccgp - ok
18:01:55.0891 0628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:01:55.0891 0628 usbcir - ok
18:01:55.0891 0628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:01:55.0891 0628 usbehci - ok
18:01:55.0923 0628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:01:55.0923 0628 usbhub - ok
18:01:55.0938 0628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:01:55.0938 0628 usbohci - ok
18:01:55.0954 0628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:01:55.0954 0628 usbprint - ok
18:01:55.0969 0628 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:01:55.0969 0628 usbscan - ok
18:01:55.0985 0628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:01:55.0985 0628 USBSTOR - ok
18:01:56.0001 0628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:01:56.0001 0628 usbuhci - ok
18:01:56.0016 0628 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:01:56.0016 0628 usbvideo - ok
18:01:56.0032 0628 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:01:56.0032 0628 UxSms - ok
18:01:56.0047 0628 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:01:56.0047 0628 VaultSvc - ok
18:01:56.0063 0628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:01:56.0063 0628 vdrvroot - ok
18:01:56.0094 0628 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:01:56.0094 0628 vds - ok
18:01:56.0110 0628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:01:56.0110 0628 vga - ok
18:01:56.0125 0628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:01:56.0125 0628 VgaSave - ok
18:01:56.0125 0628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:01:56.0125 0628 vhdmp - ok
18:01:56.0141 0628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:01:56.0141 0628 viaide - ok
18:01:56.0157 0628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:01:56.0157 0628 volmgr - ok
18:01:56.0188 0628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:01:56.0188 0628 volmgrx - ok
18:01:56.0219 0628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:01:56.0219 0628 volsnap - ok
18:01:56.0235 0628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:01:56.0235 0628 vsmraid - ok
18:01:56.0297 0628 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:01:56.0313 0628 VSS - ok
18:01:56.0391 0628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:01:56.0391 0628 vwifibus - ok
18:01:56.0406 0628 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:01:56.0422 0628 W32Time - ok
18:01:56.0422 0628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:01:56.0422 0628 WacomPen - ok
18:01:56.0437 0628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:01:56.0437 0628 WANARP - ok
18:01:56.0437 0628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:01:56.0437 0628 Wanarpv6 - ok
18:01:56.0515 0628 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:01:56.0515 0628 WatAdminSvc - ok
18:01:56.0593 0628 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:01:56.0609 0628 wbengine - ok
18:01:56.0656 0628 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:01:56.0656 0628 WbioSrvc - ok
18:01:56.0687 0628 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:01:56.0687 0628 wcncsvc - ok
18:01:56.0703 0628 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:01:56.0703 0628 WcsPlugInService - ok
18:01:56.0703 0628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:01:56.0703 0628 Wd - ok
18:01:56.0734 0628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:01:56.0734 0628 Wdf01000 - ok
18:01:56.0765 0628 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:01:56.0765 0628 WdiServiceHost - ok
18:01:56.0765 0628 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:01:56.0765 0628 WdiSystemHost - ok
18:01:56.0781 0628 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:01:56.0781 0628 WebClient - ok
18:01:56.0812 0628 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:01:56.0812 0628 Wecsvc - ok
18:01:56.0827 0628 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:01:56.0827 0628 wercplsupport - ok
18:01:56.0843 0628 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:01:56.0843 0628 WerSvc - ok
18:01:56.0859 0628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:01:56.0859 0628 WfpLwf - ok
18:01:56.0874 0628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:01:56.0874 0628 WIMMount - ok
18:01:56.0874 0628 WinHttpAutoProxySvc - ok
18:01:56.0921 0628 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:01:56.0921 0628 Winmgmt - ok
18:01:57.0015 0628 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:01:57.0030 0628 WinRM - ok
18:01:57.0077 0628 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:01:57.0077 0628 WinUsb - ok
18:01:57.0139 0628 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:01:57.0139 0628 Wlansvc - ok
18:01:57.0280 0628 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:01:57.0295 0628 wlidsvc - ok
18:01:57.0327 0628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:01:57.0327 0628 WmiAcpi - ok
18:01:57.0342 0628 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:01:57.0342 0628 wmiApSrv - ok
18:01:57.0342 0628 WMPNetworkSvc - ok
18:01:57.0358 0628 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:01:57.0358 0628 WPCSvc - ok
18:01:57.0373 0628 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:01:57.0373 0628 WPDBusEnum - ok
18:01:57.0389 0628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:01:57.0389 0628 ws2ifsl - ok
18:01:57.0389 0628 WSearch - ok
18:01:57.0514 0628 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:01:57.0529 0628 wuauserv - ok
18:01:57.0561 0628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:01:57.0561 0628 WudfPf - ok
18:01:57.0592 0628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:01:57.0592 0628 WUDFRd - ok
18:01:57.0592 0628 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:01:57.0607 0628 wudfsvc - ok
18:01:57.0623 0628 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:01:57.0623 0628 WwanSvc - ok
18:01:57.0685 0628 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
18:01:57.0685 0628 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
18:01:57.0701 0628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:01:57.0997 0628 \Device\Harddisk0\DR0 - ok
18:01:58.0013 0628 Boot (0x1200) (8c6950a01398bd571b6ea9edfb287b26) \Device\Harddisk0\DR0\Partition0
18:01:58.0013 0628 \Device\Harddisk0\DR0\Partition0 - ok
18:01:58.0013 0628 Boot (0x1200) (c0b37738bd681e68fedebe802e03b1e6) \Device\Harddisk0\DR0\Partition1
18:01:58.0013 0628 \Device\Harddisk0\DR0\Partition1 - ok
18:01:58.0044 0628 Boot (0x1200) (11c7ef4af3eb33d68b83899c0592af3c) \Device\Harddisk0\DR0\Partition2
18:01:58.0044 0628 \Device\Harddisk0\DR0\Partition2 - ok
18:01:58.0044 0628 ============================================================
18:01:58.0044 0628 Scan finished
18:01:58.0044 0628 ============================================================
18:01:58.0044 4760 Detected object count: 0
18:01:58.0044 4760 Actual detected object count: 0
18:02:01.0539 4012 Deinitialize success

Edited by tapdatast, 01 June 2012 - 10:41 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 AM

Posted 02 June 2012 - 03:35 PM

1.
Please try and run Combofix in Safemode with Networking.

Now reboot into Safe Mode with Networking.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option with networking support.
Please see here for additional details.


2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 02 June 2012 - 05:23 PM

I am sorry but the combo fix would not do anything other than the green extract even in safe mode.
restarted in normal mode. ran rogue killer
RKReport:

RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date: 06/02/2012 16:10:32

Bad processes: 0

Registry Entries: 3
[] HKLM\[...]\Wow6432Node\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3ba8a5e4b87e0a09eb5192e782b674f3
[BSP] 9e4add2c3855bde1761429c7191443ef : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 300900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616450048 | Size: 652866 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Ran OTL. Would not complete action. started up, hit run tab and error appeared as follws

Exception ERead Error in modual OTL.exe at 00016A6B.
Error reading Diskpartitioninfo1.Active:

I have included a jpeg for your viewing.

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 AM

Posted 02 June 2012 - 09:06 PM

  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


Please try and run OTL in Safemode.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 03 June 2012 - 02:35 AM

RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date: 06/03/2012 01:16:01

Bad processes: 0

Registry Entries: 3
[] HKLM\[...]\Wow6432Node\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3ba8a5e4b87e0a09eb5192e782b674f3
[BSP] 9e4add2c3855bde1761429c7191443ef : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 300900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616450048 | Size: 652866 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Im sorry. OTL would not work in safe mode either.
do I need to remformet? Frak i hope not.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 AM

Posted 03 June 2012 - 02:39 PM

Hello,

We haven't given up just yet.

1.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


3.
Windows 7 includes a disk checking tool called CHKDSK which is similar to the "scandisk" tool from older versions of Windows. This application scans your hard drives for errors such as lost sectors, bad sectors and corruption.

You can launch CHKDSK using two methods (the former being the easiest):

Graphical Interface:

Open the Computer option from the start menu, which will display all of the drives available to scan on your PC:

Posted Image

Then, right click on the drive you wish to scan for errors and select Properties:
Posted Image

Now click the Tools menu, then Check Now under the error-checking section:
Posted Image

You have several options within the check disk tool. It is always recommended you leave the "automatically fix file system errors" box checked, as this repairs and problems found. If you want to perform a deeper scan, tick "scan for and attempt recovery of bad sectors". This second option takes longer, but is worth doing if you suspect a drive problem. Once you are configured, click Start:

Posted Image

If you try to check a disk that is currently in use, you will receive a message asking if you wish to schedule a scan. Accepting this will perform the scan next time you restart your PC:

Posted Image


4.
You may have corrupt critical system files. Let's see if we can fix that.

1. SelectPosted Image
2. Select All Programs
3. Select Accessories
4. Right click Command Prompt and choose Run as administrator

Posted Image

  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Windows 7 DVD for this process to continue. This can be done with a borrowed DVD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.



    Things to include in your next reply::
    Yorkyt.exe log
    MBAM log
    How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 04 June 2012 - 10:25 AM

Good morning. I have ran all that you asked.
The yorkt program ran and then said that it detected bad sectors or files and asked to restart. I did so and it said it was all clean. It did not ask to restart more than that. nor did it give me the option to run a scan.
The Malware program ran fine and found something although im not sure what it was and installation and updating were fine.

Ran the full deep version of checkdsk and the repair for the operating system. They both ran well and although it found corrupted system files and said it repaired them, things are still happening.

For example. The firewall is off and can not be adjusted and has the same error code as I explained earlier. My whole desk top goes to default all the time. Every time I reboot the computer my icons reorganize and all my windows all go to default settings every time I click into another file or window. And lastly, I tried updating windows and it won't let me update a Windows Defender update. All else updates but that fails all the time. I do feel things might be corrupt but is it not suspicious that every time something is attempted that might be an enhancement towards protecting the computer it fails? This..is one bad ass mofo. No?
Besides that. The computer runs a lot faster.

#12 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 04 June 2012 - 10:29 AM

Can't paste yorkt file. Too big. I will paste the malware but I will zip up and attach the yorkt

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: MY_MACHINE [administrator]

Protection: Enabled

03/06/2012 8:24:37 PM
mbam-log-2012-06-03 (20-24-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273704
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-694495310-3571099376-2543545241-500\$ROO5TWQ.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)

Attached Files



#13 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 04 June 2012 - 11:05 AM

Update. Was finally able to run combofix as you wanted to earlier.
After running Combofix the fire wall suddenly turned on and started to ask for permissions. The desktop no longer goes to default and the windows defender update has seemingly dissappeared. I guess it will do it on it's own time.


full report here:

ComboFix 12-06-03.05 - Administrator 04/06/2012 9:36.1.2 - x64
Running from: c:\users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\{768161DD-E5EE-40FB-A103-D4A9302723E1}.xps
c:\users\Administrator\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\Administrator\AppData\Local\Temp\jna5582340210318697300.dll
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\muzapp.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 15:45 . 2012-06-04 15:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-04 15:45 . 2012-06-04 15:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-04 15:45 . 2012-06-04 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 02:23 . 2012-06-04 02:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-06-04 02:22 . 2012-06-04 02:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-04 02:22 . 2012-06-04 02:22 -------- d-----w- c:\programdata\Malwarebytes
2012-06-04 02:22 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:52 . 2012-06-02 22:52 181000 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2012-06-02 22:52 . 2012-06-02 22:52 123808 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-06-02 14:58 . 2012-05-11 16:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-06-02 14:58 . 2012-05-11 16:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-06-02 14:58 . 2012-05-11 16:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-06-02 14:57 . 2012-05-09 00:21 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-06-02 14:57 . 2012-05-09 00:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-06-02 14:57 . 2012-05-09 00:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-06-02 14:57 . 2012-05-09 00:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-06-02 14:57 . 2012-05-09 00:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-06-02 14:56 . 2012-05-11 17:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-02 14:56 . 2012-05-11 17:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-06-02 14:56 . 2012-05-11 17:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-06-02 14:56 . 2012-05-11 17:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-06-02 14:56 . 2012-06-02 14:56 -------- d-----w- c:\program files (x86)\PC Tools
2012-06-02 14:49 . 2012-02-28 17:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-06-02 14:49 . 2012-02-28 17:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-06-02 14:49 . 2012-04-23 18:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-06-02 14:49 . 2012-06-02 22:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-02 14:49 . 2012-05-11 17:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-02 14:46 . 2012-06-02 14:58 -------- d-----w- c:\programdata\PC Tools
2012-06-02 14:46 . 2012-06-02 14:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\TestApp
2012-06-02 06:14 . 2012-06-02 06:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG
2012-06-02 06:12 . 2012-06-02 06:12 -------- d-----w- C:\$AVG
2012-06-02 05:53 . 2012-06-02 05:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\SpeedyPC Software
2012-06-02 05:53 . 2012-06-02 05:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\DriverCure
2012-06-02 05:53 . 2012-06-02 06:02 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-02 05:10 . 2012-06-02 09:28 -------- d-----w- c:\program files (x86)\AVG
2012-06-02 05:06 . 2012-06-02 05:06 -------- d--h--w- c:\programdata\Common Files
2012-06-02 05:06 . 2012-06-02 14:36 -------- d-----w- c:\programdata\MFAData
2012-05-31 17:17 . 2012-06-02 06:02 -------- d-----w- C:\sh4ldr
2012-05-31 17:17 . 2012-05-31 17:17 -------- d-----w- c:\program files\Enigma Software Group
2012-05-31 17:17 . 2012-06-02 06:02 -------- d-----w- c:\windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-28 22:20 . 2012-05-28 22:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\JawboneUpdater
2012-05-28 16:54 . 2012-05-28 16:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-22 16:47 . 2012-05-22 16:47 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thunder
2012-05-22 16:47 . 2012-05-22 16:47 -------- d-----w- c:\program files (x86)\Dream Cheeky
2012-05-20 22:20 . 2012-05-20 22:20 -------- d-----w- c:\users\Administrator\AppData\Local\LogiShrd
2012-05-19 15:47 . 2012-05-19 15:47 -------- d-----w- c:\program files\iPod
2012-05-19 15:47 . 2012-05-19 15:47 -------- d-----w- c:\program files\iTunes
2012-05-19 15:47 . 2012-05-19 15:47 -------- d-----w- c:\program files (x86)\iTunes
2012-05-19 15:29 . 2012-05-19 15:29 -------- d-----w- c:\users\Administrator\AppData\Local\Ares
2012-05-16 18:19 . 2012-05-16 18:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2012-05-13 18:15 . 2012-05-19 15:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2012-05-09 15:03 . 2012-05-09 15:03 -------- d-----w- c:\users\Administrator\AppData\Local\Research In Motion
2012-05-09 15:03 . 2012-05-09 15:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Research In Motion
2012-05-09 15:00 . 2011-07-20 20:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-05-09 07:40 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 07:40 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 07:40 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 07:40 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 07:40 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 07:40 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 07:39 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 07:39 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 07:39 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 07:39 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 07:39 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 07:39 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 07:39 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 20:11 . 2012-05-06 20:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-06 20:11 . 2012-05-06 20:11 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 20:11 . 2012-05-06 20:11 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 23:47 . 2012-06-02 14:57 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 23:47 . 2012-06-02 14:57 131 ----a-w- c:\windows\IDB.zip
2012-05-07 06:30 . 2012-04-10 17:38 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-07 06:30 . 2011-09-10 05:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 18:59 . 2012-04-22 18:59 29184 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-04-19 02:56 . 2012-04-19 02:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56 . 2012-04-19 02:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-16 12:53 . 2011-09-11 17:18 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-04-15 19:05 . 2012-04-15 19:05 1797632 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-04-15 14:03 . 2012-04-15 14:03 1551872 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll
2012-04-12 11:08 . 2012-04-12 11:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-03-14 371256]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-03-17 728120]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMS - Shortcut.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2012-4-6 432785]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-10 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/30 09:59];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-02-17 02:46 146928]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-09 575416]
S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-03-14 87336]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-03-14 75048]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-03-14 296232]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-03-17 476728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [x]
S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-22 28672]
"lxbxmon.exe"="c:\program files (x86)\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?hl=en
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 172.16.1.254
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s8ei5xor.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,2d,98,
5a,f6,8a,4f,0f,82,a3,57,47,e7,ae,e8,8f
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,10,c4,
05,9e,b2,e9,0c,b8,9d,a5,09,89,6a,f9,df
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6e,75,
2f,b1,1b,97,08,81,1d,4b,17,a1,d3,d1,e8
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,29,9e,
6f,f6,6a,48,03,aa,f2,54,e2,18,7c,e7,62
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,c8,67,
b3,52,b2,25,06,9f,78,5b,1b,eb,52,5d,0c
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,40,9b,
b3,6f,74,be,00,92,70,ae,a9,80,5e,00,8b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,18,d3,
c6,76,fe,31,0d,a1,7f,c3,7b,c4,81,cc,b5
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,06,8c,
e9,93,80,39,0e,84,6f,39,03,8b,a2,e4,6b
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,02,4f,
37,c5,01,0f,08,b5,a8,90,f7,62,6a,06,8d
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:a8,ad,a5,53,17,1b,cd,01
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,a6,14,7a,36,89,3f,4f,a8,63,de,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,a6,14,7a,36,89,3f,4f,a8,63,de,\
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.669"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AAC"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.aif"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.aiff"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.amf"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.au"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PowerDVD12.exe"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.avr"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.caf"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.CDA"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.far"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FLAC"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.htk"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.it"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.itz"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.KAR"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mat"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mdz"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MID"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIDI"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIZ"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MKV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PowerDVD12.exe"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mod"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP2"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP3"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PowerDVD12.exe"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mtm"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSA"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.nst"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGG"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.okt"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.paf"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ptm"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.pvf"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.rf64"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.RMI"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3m"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3z"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sd2"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sds"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sf"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stm"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stz"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ult"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.voc"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.w64"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.SkinZip"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wav"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wlz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.LangZip"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WMA"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wsz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.SkinZip"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wve"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xi"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xm"
.
[HKEY_USERS\S-1-5-21-694495310-3571099376-2543545241-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xmz"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-06-04 10:02:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 16:01
.
Pre-Run: 265,240,104,960 bytes free
Post-Run: 265,316,376,576 bytes free
.
- - End Of File - - 9B3D42F58EB57F54E273C2E9A07B6337

I am aware that we will have more to do (probably) but before you let me go can you tell me what would be a good..scratch that, great antivirus or spy/malware program to buy. I swear i'll buy it this time. I don't want good. I want great. I currently use superantispyware and MSSEssentials but obviously that didnt work. I do have a line on spyware Dr for the next few months or even that Malaware program looks tough.
Whats next?

Edited by tapdatast, 04 June 2012 - 11:17 AM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:09 AM

Posted 04 June 2012 - 05:14 PM

Hello,

It seems you may have had some critical files that where corrupt causing somethings not to run properly. Along with a virus this really had things messed up.


I am aware that we will have more to do (probably) but before you let me go can you tell me what would be a good..scratch that, great antivirus or spy/malware program to buy. I swear i'll buy it this time. I don't want good. I want great. I currently use superantispyware and MSSEssentials but obviously that didnt work. I do have a line on spyware Dr for the next few months or even that Malaware program looks tough.
Whats next?


No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections.

Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.


Microsoft Security Essential is a very good Antivirus.




Please run the following tools and post there logs. We want to make sure there are no leftovers.

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MBAM log
Eset log
How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 04 June 2012 - 07:57 PM

Ok. Earlier I had run the Malaware again in full this time to see if it found anything and it didn't.
I ran the ESET scan and it found two keygens (lol I can take responsibility for that) and most important of all, it found the Trojan:Win64/Sirefef.W and according to the program it was deleted.
Here are The reports.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: MY_MACHINE [administrator]

Protection: Enabled

04/06/2012 10:20:07 AM
mbam-log-2012-06-04 (10-20-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386979
Time elapsed: 19 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



C:\Program Files (x86)\Bigasoft\Total Video Converter\keygen.exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined
C:\Windows\Installer\{fe4b3577-8948-536c-bd6a-8a3dba030946}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
E:\John\Software and such\Winamp Pro.v5.62.3173 Incl Keygen-kasimji\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users