Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AB / Sirefef.P - Desktop.ini Infections


  • This topic is locked This topic is locked
12 replies to this topic

#1 chibichanman

chibichanman

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 02 June 2012 - 10:23 PM

I noticed that my desktop icons stopped saving their size and position. This set off personal alarms about my computer so I decided to run a full AVG scan. Completed the AVG scan and it got rid of things, but my desktop icons still kept behaving abnormally.

Decided to try MSE (uninstalled AVG), and that did a full scan and identified the Sirefef virus.

Now everytime I boot and everytime I open firefox or do anything internet related, it pops with two warnings about Sirefef AB and P infecting the Desktop.ini files in the file:C:\Windows\assembly\GAC_32\ folders. Removal does nothing.

Ran a MBAM quick scan and detected a Trojac.Dropper.BCMiner which I tried to remove and it just comes back.

I run W7-64bit so I did not create a GMER log. I posted a bunch of logs from the tools I've seen other people have the poster's run, so I could cover all the bases with one swoop. Thanks in advance and I appreciate any help.


-----------------------------DDS pasted below -----------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by CCM at 16:59:48 on 2012-06-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\CCM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\CCM\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B272F1D2-E482-4F50-BAC2-AD4BD17B25C9} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mRun-x64: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CCM\AppData\Roaming\Mozilla\Firefox\Profiles\r6294z0p.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\CCM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\CCM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\CCM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-02 23:54:51 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63B7214B-A832-4252-94EC-7690D9D11A34}\offreg.dll
2012-06-02 23:53:59 50000 ----a-w- C:\Windows\System32\drivers\jfjtvbfs.sys
2012-06-02 23:53:52 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63B7214B-A832-4252-94EC-7690D9D11A34}\mpengine.dll
2012-06-02 23:52:49 -------- d-----w- C:\$RECYCLE.BIN
2012-06-02 23:46:23 98816 ----a-w- C:\Windows\sed.exe
2012-06-02 23:46:23 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-02 23:46:23 256000 ----a-w- C:\Windows\PEV.exe
2012-06-02 23:46:23 208896 ----a-w- C:\Windows\MBR.exe
2012-06-02 23:46:19 -------- d-s---w- C:\ComboFix
2012-06-02 23:27:03 -------- d-----w- C:\Users\CCM\AppData\Roaming\Malwarebytes
2012-06-02 23:26:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 23:26:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-02 23:26:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 17:58:18 -------- d-----w- C:\Windows\pss
2012-06-02 17:50:19 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-02 17:30:02 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4652B051-5CEE-410C-B3C0-CE864E5F439C}\gapaengine.dll
2012-06-02 17:27:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-02 17:27:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-02 15:39:29 -------- d-----w- C:\ProgramData\RELOADED
2012-06-02 15:27:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-02 15:15:22 -------- d-----w- C:\Program Files (x86)\Ys Origin
2012-05-19 04:49:08 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.1
2012-05-18 16:02:06 -------- d-----w- C:\Users\CCM\AppData\Local\Runic Games
2012-05-15 19:41:41 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-05-15 19:41:41 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-15 19:41:41 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-05-15 19:39:59 -------- d-----w- C:\ProgramData\Battle.net
2012-05-12 01:09:28 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 01:09:27 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 01:09:26 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 01:09:26 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 01:09:25 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 01:09:25 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 01:09:21 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 01:09:15 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 01:07:41 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 01:07:41 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M ====================
.
2012-06-02 17:50:11 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-14 18:34:26 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 18:34:26 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-09 13:44:56 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-05-03 05:09:11 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2012-04-07 00:18:49 1284192 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2012-04-07 00:18:48 986208 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-04-07 00:18:40 210528 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-04-07 00:18:40 142944 ----a-w- C:\Windows\System32\drivers\vsflt58.sys
2012-04-07 00:18:38 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-04-07 00:18:36 132704 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2012-03-25 10:01:38 1827840 ----a-w- C:\Windows\SysWow64\ipnathlp.dll
2012-03-22 21:51:50 2304 ----a-w- C:\Windows\SysWow64\HtsysmNT.sys
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-18 00:38:12 726016 ----a-w- C:\Windows\SysWow64\7z.dll
2012-03-11 06:47:36 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
.
============= FINISH: 17:00:13.18 ===============

-----------------------------Hijack This pasted below -----------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:18:21 PM, on 6/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\XFast USB\XFastUsb.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\CCM\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
O4 - HKLM\..\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-21-1325047565-1173719390-328377340-1000\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount (User '?')
O4 - HKUS\S-1-5-21-1325047565-1173719390-328377340-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-1325047565-1173719390-328377340-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - S-1-5-21-1325047565-1173719390-328377340-1000 Startup: Dropbox.lnk = C:\Users\CCM\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
O4 - Startup: Dropbox.lnk = C:\Users\CCM\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12812 bytes

-----------------------------MBAM pasted below -----------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
CCM :: CCM-PC [administrator]

6/2/2012 5:20:19 PM
mbam

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222149
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{d826e5a7-42af-07a4-b65f-b2508b67fe68}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)



-----------------------------aswMBR pasted below -----------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-02 17:19:39
-----------------------------
17:19:39.341 OS Version: Windows x64 6.1.7601 Service Pack 1
17:19:39.341 Number of processors: 12 586 0x2D06
17:19:39.342 ComputerName: CCM-PC UserName: CCM
17:19:41.026 Initialize success
17:20:08.950 AVAST engine defs: 12060201
17:25:07.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000074
17:25:07.979 Disk 0 Vendor: ATA_____ 0K05 Size: 610480MB BusType: 11
17:25:07.988 Disk 0 MBR read successfully
17:25:07.991 Disk 0 MBR scan
17:25:07.998 Disk 0 Windows 7 default MBR code
17:25:08.002 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610477 MB offset 63
17:25:08.148 Disk 0 scanning C:\Windows\system32\drivers
17:25:19.733 Service scanning
17:25:46.790 Modules scanning
17:25:46.800 Disk 0 trace - called modules:
17:25:46.818 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt58.sys iaStorF.sys ACPI.sys >>UNKNOWN [0xfffffa800a7ec2c0]<<spok.sys storport.sys hal.dll iaStorA.sys
17:25:46.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ffd2790]
17:25:46.830 3 CLASSPNP.SYS[fffff8800481743f] -> nt!IofCallDriver -> [0xfffffa800ff11b30]
17:25:47.166 5 vsflt58.sys[fffff88000fa20ed] -> nt!IofCallDriver -> [0xfffffa800ff10a90]
17:25:47.174 7 iaStorF.sys[fffff88004b8e2fa] -> nt!IofCallDriver -> [0xfffffa800af22e40]
17:25:47.181 9 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\00000074[0xfffffa800af1f060]
17:25:47.189 \Driver\iaStorA[0xfffffa800ae176c0] -> IRP_MJ_CREATE -> 0xfffffa800a7ec2c0
17:25:49.105 AVAST engine scan C:\Windows
17:25:52.575 AVAST engine scan C:\Windows\system32
17:29:05.679 AVAST engine scan C:\Windows\system32\drivers
17:29:17.500 AVAST engine scan C:\Users\CCM
17:38:58.920 AVAST engine scan C:\ProgramData
17:40:31.848 Scan finished successfully
17:41:47.869 Disk 0 MBR has been saved successfully to "C:\Users\CCM\Desktop\for bleepingcomputer\MBR.dat"
17:41:47.908 The log file has been saved successfully to "C:\Users\CCM\Desktop\for bleepingcomputer\aswMBR.txt"


-----------------------------TDSS pasted below -----------------------------
17:13:49.0330 5708 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:13:49.0790 5708 ============================================================
17:13:49.0790 5708 Current date / time: 2012/06/02 17:13:49.0790
17:13:49.0790 5708 SystemInfo:
17:13:49.0790 5708
17:13:49.0790 5708 OS Version: 6.1.7601 ServicePack: 1.0
17:13:49.0790 5708 Product type: Workstation
17:13:49.0790 5708 ComputerName: CCM-PC
17:13:49.0790 5708 UserName: CCM
17:13:49.0790 5708 Windows directory: C:\Windows
17:13:49.0790 5708 System windows directory: C:\Windows
17:13:49.0790 5708 Running under WOW64
17:13:49.0790 5708 Processor architecture: Intel x64
17:13:49.0790 5708 Number of processors: 12
17:13:49.0790 5708 Page size: 0x1000
17:13:49.0790 5708 Boot type: Normal boot
17:13:49.0790 5708 ============================================================
17:13:51.0049 5708 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:51.0068 5708 ============================================================
17:13:51.0068 5708 \Device\Harddisk0\DR0:
17:13:51.0068 5708 MBR partitions:
17:13:51.0068 5708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
17:13:51.0068 5708 ============================================================
17:13:51.0094 5708 C: <-> \Device\Harddisk0\DR0\Partition0
17:13:51.0094 5708 ============================================================
17:13:51.0094 5708 Initialize success
17:13:51.0094 5708 ============================================================
17:13:55.0574 5912 ============================================================
17:13:55.0574 5912 Scan started
17:13:55.0574 5912 Mode: Manual;
17:13:55.0574 5912 ============================================================
17:13:56.0030 5912 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:13:56.0032 5912 1394ohci - ok
17:13:56.0048 5912 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:13:56.0051 5912 ACPI - ok
17:13:56.0086 5912 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:13:56.0087 5912 AcpiPmi - ok
17:13:56.0126 5912 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:56.0145 5912 adp94xx - ok
17:13:56.0172 5912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:13:56.0177 5912 adpahci - ok
17:13:56.0200 5912 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:13:56.0204 5912 adpu320 - ok
17:13:56.0223 5912 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:13:56.0225 5912 AeLookupSvc - ok
17:13:56.0275 5912 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:13:56.0295 5912 AFD - ok
17:13:56.0306 5912 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:13:56.0308 5912 agp440 - ok
17:13:56.0323 5912 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:13:56.0325 5912 ALG - ok
17:13:56.0337 5912 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:13:56.0339 5912 aliide - ok
17:13:56.0342 5912 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:13:56.0344 5912 amdide - ok
17:13:56.0356 5912 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:13:56.0358 5912 AmdK8 - ok
17:13:56.0368 5912 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:13:56.0370 5912 AmdPPM - ok
17:13:56.0397 5912 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:13:56.0399 5912 amdsata - ok
17:13:56.0419 5912 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:56.0422 5912 amdsbs - ok
17:13:56.0436 5912 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:13:56.0437 5912 amdxata - ok
17:13:56.0455 5912 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:13:56.0456 5912 AppID - ok
17:13:56.0461 5912 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:13:56.0462 5912 AppIDSvc - ok
17:13:56.0481 5912 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:13:56.0482 5912 Appinfo - ok
17:13:56.0510 5912 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:13:56.0513 5912 AppMgmt - ok
17:13:56.0529 5912 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:13:56.0531 5912 arc - ok
17:13:56.0549 5912 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:13:56.0551 5912 arcsas - ok
17:13:56.0575 5912 asahci64 (9fa16b03f6599fd0f024a9ceaf7f71e2) C:\Windows\system32\DRIVERS\asahci64.sys
17:13:56.0576 5912 asahci64 - ok
17:13:56.0605 5912 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys
17:13:56.0606 5912 asmthub3 - ok
17:13:56.0640 5912 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys
17:13:56.0643 5912 asmtxhci - ok
17:13:56.0708 5912 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:13:56.0710 5912 aspnet_state - ok
17:13:56.0719 5912 AsrAppCharger (e1afee1584c74050de0dd16de2a54bf3) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
17:13:56.0732 5912 AsrAppCharger - ok
17:13:56.0805 5912 AsrIbDrv - ok
17:13:56.0808 5912 AsrRamDisk (e464e6a9085c6540668301e57d838fc7) C:\Windows\system32\DRIVERS\AsrRamDisk.sys
17:13:56.0814 5912 AsrRamDisk - ok
17:13:56.0858 5912 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:56.0859 5912 AsyncMac - ok
17:13:56.0872 5912 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:13:56.0872 5912 atapi - ok
17:13:56.0897 5912 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
17:13:56.0897 5912 AthBTPort - ok
17:13:56.0924 5912 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
17:13:56.0926 5912 ATHDFU - ok
17:13:56.0996 5912 AtherosSvc (1a3f71aade163866001c91bf9fb6f299) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:13:56.0998 5912 AtherosSvc - ok
17:13:57.0053 5912 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:13:57.0074 5912 AudioEndpointBuilder - ok
17:13:57.0083 5912 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:13:57.0090 5912 AudioSrv - ok
17:13:57.0130 5912 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:13:57.0133 5912 AxInstSV - ok
17:13:57.0183 5912 aytmkmvr (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\aytmkmvr.sys
17:13:57.0185 5912 aytmkmvr - ok
17:13:57.0236 5912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:13:57.0243 5912 b06bdrv - ok
17:13:57.0271 5912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:13:57.0276 5912 b57nd60a - ok
17:13:57.0291 5912 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:13:57.0294 5912 BDESVC - ok
17:13:57.0312 5912 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:13:57.0312 5912 Beep - ok
17:13:57.0372 5912 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:13:57.0419 5912 BFE - ok
17:13:57.0457 5912 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:13:57.0470 5912 BITS - ok
17:13:57.0495 5912 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:57.0496 5912 blbdrive - ok
17:13:57.0532 5912 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:13:57.0534 5912 bowser - ok
17:13:57.0541 5912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:57.0542 5912 BrFiltLo - ok
17:13:57.0553 5912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:57.0554 5912 BrFiltUp - ok
17:13:57.0570 5912 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:13:57.0572 5912 BridgeMP - ok
17:13:57.0586 5912 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:13:57.0588 5912 Browser - ok
17:13:57.0614 5912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:13:57.0618 5912 Brserid - ok
17:13:57.0630 5912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:57.0632 5912 BrSerWdm - ok
17:13:57.0646 5912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:57.0647 5912 BrUsbMdm - ok
17:13:57.0657 5912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:57.0658 5912 BrUsbSer - ok
17:13:57.0895 5912 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
17:13:57.0899 5912 BTATH_A2DP - ok
17:13:57.0930 5912 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
17:13:57.0931 5912 BTATH_BUS - ok
17:13:57.0949 5912 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:13:57.0952 5912 BTATH_HCRP - ok
17:13:57.0963 5912 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:13:57.0964 5912 BTATH_LWFLT - ok
17:13:57.0990 5912 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
17:13:57.0992 5912 BTATH_RCP - ok
17:13:58.0022 5912 BtFilter (dce0798fd5bb4e452227ec58700956f5) C:\Windows\system32\DRIVERS\btfilter.sys
17:13:58.0025 5912 BtFilter - ok
17:13:58.0035 5912 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:13:58.0036 5912 BthEnum - ok
17:13:58.0049 5912 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:58.0051 5912 BTHMODEM - ok
17:13:58.0063 5912 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:13:58.0113 5912 BthPan - ok
17:13:58.0137 5912 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:13:58.0145 5912 BTHPORT - ok
17:13:58.0169 5912 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:13:58.0171 5912 bthserv - ok
17:13:58.0178 5912 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:13:58.0180 5912 BTHUSB - ok
17:13:58.0275 5912 catchme - ok
17:13:58.0290 5912 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:13:58.0292 5912 cdfs - ok
17:13:58.0333 5912 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:13:58.0336 5912 cdrom - ok
17:13:58.0364 5912 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:13:58.0366 5912 CertPropSvc - ok
17:13:58.0467 5912 cFosSpeed (33b82cf69e41b38a2ec0c3cabde80d6e) C:\Windows\system32\DRIVERS\cfosspeed6.sys
17:13:58.0479 5912 cFosSpeed - ok
17:13:58.0561 5912 cFosSpeedS (760085908644d2988f1b504c3fca6959) C:\Program Files\ASRock\XFast LAN\spd.exe
17:13:58.0565 5912 cFosSpeedS - ok
17:13:58.0647 5912 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:13:58.0648 5912 circlass - ok
17:13:58.0679 5912 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:13:58.0682 5912 CLFS - ok
17:13:58.0712 5912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:58.0713 5912 clr_optimization_v2.0.50727_32 - ok
17:13:58.0823 5912 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:13:58.0847 5912 clr_optimization_v2.0.50727_64 - ok
17:13:58.0904 5912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:58.0905 5912 clr_optimization_v4.0.30319_32 - ok
17:13:58.0927 5912 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:13:58.0928 5912 clr_optimization_v4.0.30319_64 - ok
17:13:58.0956 5912 CM2793 (aa0efe7287e0aa0030bfeb607feb7120) C:\Windows\system32\DRIVERS\CM2793.sys
17:13:58.0961 5912 CM2793 - ok
17:13:58.0981 5912 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:58.0981 5912 CmBatt - ok
17:13:59.0065 5912 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:13:59.0067 5912 cmdide - ok
17:13:59.0191 5912 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:13:59.0196 5912 CNG - ok
17:13:59.0211 5912 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:13:59.0212 5912 Compbatt - ok
17:13:59.0233 5912 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:13:59.0234 5912 CompositeBus - ok
17:13:59.0241 5912 COMSysApp - ok
17:13:59.0254 5912 cpuz135 - ok
17:13:59.0263 5912 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:59.0264 5912 crcdisk - ok
17:13:59.0300 5912 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:13:59.0302 5912 CryptSvc - ok
17:13:59.0339 5912 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:13:59.0343 5912 CSC - ok
17:13:59.0402 5912 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:13:59.0415 5912 CscService - ok
17:13:59.0448 5912 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:13:59.0453 5912 DcomLaunch - ok
17:13:59.0493 5912 DefragFS (6ebce114dd13e4d9cbfd520d4f4bbda4) C:\Windows\system32\drivers\DefragFS.sys
17:13:59.0493 5912 DefragFS - ok
17:13:59.0528 5912 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:13:59.0531 5912 defragsvc - ok
17:13:59.0542 5912 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:13:59.0544 5912 DfsC - ok
17:13:59.0572 5912 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:13:59.0575 5912 Dhcp - ok
17:13:59.0578 5912 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:13:59.0579 5912 discache - ok
17:13:59.0591 5912 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:13:59.0592 5912 Disk - ok
17:13:59.0609 5912 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:13:59.0611 5912 Dnscache - ok
17:13:59.0639 5912 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:13:59.0641 5912 dot3svc - ok
17:13:59.0657 5912 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:13:59.0658 5912 DPS - ok
17:13:59.0682 5912 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:13:59.0683 5912 drmkaud - ok
17:13:59.0729 5912 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:13:59.0732 5912 DXGKrnl - ok
17:13:59.0771 5912 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:13:59.0773 5912 EapHost - ok
17:13:59.0883 5912 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:13:59.0926 5912 ebdrv - ok
17:14:00.0011 5912 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:14:00.0012 5912 EFS - ok
17:14:00.0055 5912 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:14:00.0069 5912 ehRecvr - ok
17:14:00.0094 5912 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:14:00.0095 5912 ehSched - ok
17:14:00.0134 5912 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:14:00.0138 5912 elxstor - ok
17:14:00.0157 5912 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:14:00.0157 5912 ErrDev - ok
17:14:00.0186 5912 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:14:00.0190 5912 EventSystem - ok
17:14:00.0204 5912 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:14:00.0206 5912 exfat - ok
17:14:00.0221 5912 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:14:00.0223 5912 fastfat - ok
17:14:00.0269 5912 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:14:00.0283 5912 Fax - ok
17:14:00.0293 5912 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:14:00.0294 5912 fdc - ok
17:14:00.0303 5912 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:14:00.0303 5912 fdPHost - ok
17:14:00.0309 5912 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:14:00.0310 5912 FDResPub - ok
17:14:00.0318 5912 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:14:00.0319 5912 FileInfo - ok
17:14:00.0328 5912 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:14:00.0328 5912 Filetrace - ok
17:14:00.0346 5912 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:14:00.0346 5912 flpydisk - ok
17:14:00.0367 5912 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:14:00.0370 5912 FltMgr - ok
17:14:00.0395 5912 fltsrv (b8afe7a30d34c0e9fdba81632294547c) C:\Windows\system32\DRIVERS\fltsrv.sys
17:14:00.0396 5912 fltsrv - ok
17:14:00.0414 5912 FNETTBOH_305 (508401a63e6b1cbf0b9c9a011498731f) C:\Windows\system32\drivers\FNETTBOH_305.SYS
17:14:00.0415 5912 FNETTBOH_305 - ok
17:14:00.0429 5912 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
17:14:00.0435 5912 FNETURPX - ok
17:14:00.0488 5912 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:14:00.0507 5912 FontCache - ok
17:14:00.0531 5912 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:14:00.0532 5912 FontCache3.0.0.0 - ok
17:14:00.0541 5912 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:14:00.0542 5912 FsDepends - ok
17:14:00.0565 5912 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:14:00.0566 5912 Fs_Rec - ok
17:14:00.0617 5912 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
17:14:00.0619 5912 Futuremark SystemInfo Service - ok
17:14:00.0638 5912 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:14:00.0640 5912 fvevol - ok
17:14:00.0649 5912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:14:00.0650 5912 gagp30kx - ok
17:14:00.0692 5912 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:14:00.0712 5912 gpsvc - ok
17:14:00.0724 5912 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:14:00.0724 5912 hcw85cir - ok
17:14:00.0772 5912 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:14:00.0775 5912 HdAudAddService - ok
17:14:00.0799 5912 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:14:00.0800 5912 HDAudBus - ok
17:14:00.0813 5912 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:14:00.0814 5912 HidBatt - ok
17:14:00.0823 5912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:14:00.0825 5912 HidBth - ok
17:14:00.0828 5912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:14:00.0829 5912 HidIr - ok
17:14:00.0846 5912 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:14:00.0847 5912 hidserv - ok
17:14:00.0853 5912 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:14:00.0854 5912 HidUsb - ok
17:14:00.0891 5912 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:14:00.0893 5912 hkmsvc - ok
17:14:00.0921 5912 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:14:00.0924 5912 HomeGroupListener - ok
17:14:00.0949 5912 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:14:00.0951 5912 HomeGroupProvider - ok
17:14:00.0985 5912 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:14:00.0986 5912 HpSAMD - ok
17:14:01.0030 5912 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:14:01.0067 5912 HTTP - ok
17:14:01.0073 5912 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:14:01.0074 5912 hwpolicy - ok
17:14:01.0097 5912 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:14:01.0099 5912 i8042prt - ok
17:14:01.0141 5912 iaStorA (db81edc524a0f07fc2bd0b7415676528) C:\Windows\system32\DRIVERS\iaStorA.sys
17:14:01.0143 5912 iaStorA - ok
17:14:01.0190 5912 IAStorDataMgrSvc (0fa3d592e9d4e342cef7adea98251832) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
17:14:01.0191 5912 IAStorDataMgrSvc - ok
17:14:01.0205 5912 iaStorF (4621fae7d3c969a1e84a2790d88fccde) C:\Windows\system32\DRIVERS\iaStorF.sys
17:14:01.0206 5912 iaStorF - ok
17:14:01.0237 5912 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:14:01.0240 5912 iaStorV - ok
17:14:01.0301 5912 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:14:01.0318 5912 idsvc - ok
17:14:01.0341 5912 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:14:01.0342 5912 iirsp - ok
17:14:01.0392 5912 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:14:01.0433 5912 IKEEXT - ok
17:14:01.0580 5912 IntcAzAudAddService (6f3ea1a36bafe2f798b7b0cdc0db53d4) C:\Windows\system32\drivers\RTKVHD64.sys
17:14:01.0591 5912 IntcAzAudAddService - ok
17:14:01.0674 5912 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:14:01.0675 5912 intelide - ok
17:14:01.0692 5912 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:14:01.0693 5912 intelppm - ok
17:14:01.0713 5912 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:14:01.0715 5912 IPBusEnum - ok
17:14:01.0743 5912 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:14:01.0744 5912 IpFilterDriver - ok
17:14:01.0779 5912 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:14:01.0788 5912 iphlpsvc - ok
17:14:01.0800 5912 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:14:01.0801 5912 IPMIDRV - ok
17:14:01.0815 5912 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:14:01.0816 5912 IPNAT - ok
17:14:01.0826 5912 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:14:01.0827 5912 IRENUM - ok
17:14:01.0837 5912 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:14:01.0837 5912 isapnp - ok
17:14:01.0859 5912 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:14:01.0861 5912 iScsiPrt - ok
17:14:01.0907 5912 jfjtvbfs (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\jfjtvbfs.sys
17:14:01.0907 5912 jfjtvbfs - ok
17:14:01.0956 5912 k57nd60a (455b75c19bf3f1f2ee3ac10e1169826c) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:14:01.0958 5912 k57nd60a - ok
17:14:01.0964 5912 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:14:01.0965 5912 kbdclass - ok
17:14:01.0977 5912 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:14:01.0978 5912 kbdhid - ok
17:14:01.0994 5912 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:01.0995 5912 KeyIso - ok
17:14:02.0009 5912 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:14:02.0010 5912 KSecDD - ok
17:14:02.0017 5912 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:14:02.0019 5912 KSecPkg - ok
17:14:02.0028 5912 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:14:02.0029 5912 ksthunk - ok
17:14:02.0062 5912 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:14:02.0066 5912 KtmRm - ok
17:14:02.0091 5912 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:14:02.0094 5912 LanmanServer - ok
17:14:02.0123 5912 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:14:02.0125 5912 LanmanWorkstation - ok
17:14:02.0213 5912 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:14:02.0216 5912 LBTServ - ok
17:14:02.0236 5912 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:14:02.0236 5912 LHidFilt - ok
17:14:02.0267 5912 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:14:02.0268 5912 lltdio - ok
17:14:02.0294 5912 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:14:02.0297 5912 lltdsvc - ok
17:14:02.0307 5912 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:14:02.0308 5912 lmhosts - ok
17:14:02.0321 5912 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:14:02.0321 5912 LMouFilt - ok
17:14:02.0343 5912 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:14:02.0344 5912 LSI_FC - ok
17:14:02.0356 5912 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:14:02.0357 5912 LSI_SAS - ok
17:14:02.0367 5912 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:14:02.0368 5912 LSI_SAS2 - ok
17:14:02.0384 5912 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:14:02.0385 5912 LSI_SCSI - ok
17:14:02.0405 5912 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:14:02.0406 5912 luafv - ok
17:14:02.0442 5912 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
17:14:02.0443 5912 LVRS64 - ok
17:14:02.0627 5912 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
17:14:02.0644 5912 LVUVC64 - ok
17:14:02.0762 5912 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
17:14:02.0763 5912 MBfilt - ok
17:14:02.0784 5912 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:14:02.0786 5912 Mcx2Svc - ok
17:14:02.0800 5912 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:14:02.0800 5912 megasas - ok
17:14:02.0822 5912 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:14:02.0825 5912 MegaSR - ok
17:14:02.0840 5912 MEIx64 (86614752d2fae34ccd9e7b2aaba5fbec) C:\Windows\system32\DRIVERS\HECIx64.sys
17:14:02.0841 5912 MEIx64 - ok
17:14:02.0898 5912 Microsoft SharePoint Workspace Audit Service - ok
17:14:03.0004 5912 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:14:03.0028 5912 MMCSS - ok
17:14:03.0041 5912 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:14:03.0042 5912 Modem - ok
17:14:03.0067 5912 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:14:03.0067 5912 monitor - ok
17:14:03.0096 5912 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:14:03.0097 5912 mouclass - ok
17:14:03.0116 5912 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:14:03.0117 5912 mouhid - ok
17:14:03.0131 5912 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:14:03.0133 5912 mountmgr - ok
17:14:03.0173 5912 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:14:03.0174 5912 MozillaMaintenance - ok
17:14:03.0219 5912 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:14:03.0220 5912 MpFilter - ok
17:14:03.0250 5912 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:14:03.0252 5912 mpio - ok
17:14:03.0267 5912 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:14:03.0268 5912 mpsdrv - ok
17:14:03.0338 5912 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:14:03.0354 5912 MpsSvc - ok
17:14:03.0380 5912 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:14:03.0382 5912 MRxDAV - ok
17:14:03.0399 5912 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:03.0401 5912 mrxsmb - ok
17:14:03.0424 5912 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:03.0426 5912 mrxsmb10 - ok
17:14:03.0433 5912 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:03.0434 5912 mrxsmb20 - ok
17:14:03.0437 5912 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:14:03.0438 5912 msahci - ok
17:14:03.0455 5912 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:14:03.0456 5912 msdsm - ok
17:14:03.0480 5912 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:14:03.0482 5912 MSDTC - ok
17:14:03.0500 5912 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:14:03.0500 5912 Msfs - ok
17:14:03.0511 5912 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:14:03.0512 5912 mshidkmdf - ok
17:14:03.0516 5912 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:14:03.0517 5912 msisadrv - ok
17:14:03.0552 5912 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:14:03.0554 5912 MSiSCSI - ok
17:14:03.0556 5912 msiserver - ok
17:14:03.0584 5912 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:14:03.0585 5912 MSKSSRV - ok
17:14:03.0614 5912 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:14:03.0615 5912 MsMpSvc - ok
17:14:03.0624 5912 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:03.0624 5912 MSPCLOCK - ok
17:14:03.0634 5912 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:14:03.0635 5912 MSPQM - ok
17:14:03.0654 5912 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:14:03.0657 5912 MsRPC - ok
17:14:03.0663 5912 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:14:03.0663 5912 mssmbios - ok
17:14:03.0665 5912 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:14:03.0666 5912 MSTEE - ok
17:14:03.0675 5912 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:14:03.0676 5912 MTConfig - ok
17:14:03.0687 5912 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:14:03.0688 5912 Mup - ok
17:14:03.0726 5912 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:14:03.0731 5912 napagent - ok
17:14:03.0761 5912 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:14:03.0764 5912 NativeWifiP - ok
17:14:03.0848 5912 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
17:14:03.0862 5912 NAUpdate - ok
17:14:03.0930 5912 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:14:03.0945 5912 NDIS - ok
17:14:03.0958 5912 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:03.0959 5912 NdisCap - ok
17:14:03.0977 5912 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:03.0978 5912 NdisTapi - ok
17:14:04.0000 5912 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:04.0001 5912 Ndisuio - ok
17:14:04.0021 5912 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:04.0022 5912 NdisWan - ok
17:14:04.0045 5912 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:14:04.0046 5912 NDProxy - ok
17:14:04.0049 5912 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:14:04.0050 5912 NetBIOS - ok
17:14:04.0061 5912 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:14:04.0063 5912 NetBT - ok
17:14:04.0079 5912 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:04.0079 5912 Netlogon - ok
17:14:04.0120 5912 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:14:04.0123 5912 Netman - ok
17:14:04.0179 5912 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:04.0180 5912 NetMsmqActivator - ok
17:14:04.0182 5912 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:04.0182 5912 NetPipeActivator - ok
17:14:04.0208 5912 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:14:04.0213 5912 netprofm - ok
17:14:04.0218 5912 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:04.0219 5912 NetTcpActivator - ok
17:14:04.0220 5912 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:04.0221 5912 NetTcpPortSharing - ok
17:14:04.0248 5912 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:14:04.0249 5912 nfrd960 - ok
17:14:04.0269 5912 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:14:04.0270 5912 NisDrv - ok
17:14:04.0327 5912 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:14:04.0329 5912 NisSrv - ok
17:14:04.0357 5912 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:14:04.0360 5912 NlaSvc - ok
17:14:04.0397 5912 NovacomD (1e8281a0bc4358cf816754e0a195d329) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
17:14:04.0398 5912 NovacomD - ok
17:14:04.0411 5912 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:14:04.0412 5912 Npfs - ok
17:14:04.0424 5912 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:14:04.0425 5912 nsi - ok
17:14:04.0437 5912 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:14:04.0438 5912 nsiproxy - ok
17:14:04.0531 5912 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:14:04.0543 5912 Ntfs - ok
17:14:04.0615 5912 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:14:04.0616 5912 Null - ok
17:14:04.0653 5912 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
17:14:04.0654 5912 NVHDA - ok
17:14:05.0170 5912 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:14:05.0217 5912 nvlddmkm - ok
17:14:05.0269 5912 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:14:05.0271 5912 nvraid - ok
17:14:05.0286 5912 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:14:05.0288 5912 nvstor - ok
17:14:05.0435 5912 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:14:05.0442 5912 nvsvc - ok
17:14:05.0683 5912 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:14:05.0700 5912 nvUpdatusService - ok
17:14:05.0758 5912 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:14:05.0759 5912 nv_agp - ok
17:14:05.0775 5912 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:14:05.0776 5912 ohci1394 - ok
17:14:05.0815 5912 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:05.0816 5912 ose - ok
17:14:05.0871 5912 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:05.0872 5912 ose64 - ok
17:14:06.0107 5912 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:14:06.0167 5912 osppsvc - ok
17:14:06.0211 5912 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:14:06.0214 5912 p2pimsvc - ok
17:14:06.0236 5912 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:14:06.0240 5912 p2psvc - ok
17:14:06.0259 5912 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:14:06.0260 5912 Parport - ok
17:14:06.0276 5912 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:14:06.0277 5912 partmgr - ok
17:14:06.0291 5912 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:14:06.0293 5912 PcaSvc - ok
17:14:06.0319 5912 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:14:06.0321 5912 pci - ok
17:14:06.0334 5912 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:14:06.0335 5912 pciide - ok
17:14:06.0350 5912 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:14:06.0352 5912 pcmcia - ok
17:14:06.0356 5912 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:14:06.0357 5912 pcw - ok
17:14:06.0467 5912 PDAgent (a0a29546bf116829140f10dbd9bacad0) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
17:14:06.0485 5912 PDAgent - ok
17:14:07.0037 5912 PDEngine (f2f7572275d900e90b69e2de931b1fb8) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
17:14:07.0067 5912 PDEngine - ok
17:14:07.0149 5912 PDFSFilter (f530fab7b9e4443b58b7a7e8e4ec3557) C:\Windows\system32\DRIVERS\PDFsFilter.sys
17:14:07.0149 5912 PDFSFilter - ok
17:14:07.0183 5912 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:14:07.0198 5912 PEAUTH - ok
17:14:07.0267 5912 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:14:07.0287 5912 PeerDistSvc - ok
17:14:07.0334 5912 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:14:07.0334 5912 PerfHost - ok
17:14:07.0424 5912 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:14:07.0443 5912 pla - ok
17:14:07.0482 5912 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:14:07.0486 5912 PlugPlay - ok
17:14:07.0500 5912 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:14:07.0501 5912 PNRPAutoReg - ok
17:14:07.0519 5912 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:14:07.0521 5912 PNRPsvc - ok
17:14:07.0552 5912 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:14:07.0557 5912 PolicyAgent - ok
17:14:07.0582 5912 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:14:07.0584 5912 Power - ok
17:14:07.0620 5912 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:14:07.0621 5912 PptpMiniport - ok
17:14:07.0638 5912 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:14:07.0639 5912 Processor - ok
17:14:07.0660 5912 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:14:07.0709 5912 ProfSvc - ok
17:14:07.0729 5912 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:07.0729 5912 ProtectedStorage - ok
17:14:07.0753 5912 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:14:07.0755 5912 Psched - ok
17:14:07.0789 5912 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:14:07.0790 5912 PxHlpa64 - ok
17:14:07.0850 5912 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:14:07.0899 5912 ql2300 - ok
17:14:07.0964 5912 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:14:07.0966 5912 ql40xx - ok
17:14:07.0990 5912 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:14:07.0992 5912 QWAVE - ok
17:14:07.0999 5912 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:14:08.0000 5912 QWAVEdrv - ok
17:14:08.0008 5912 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:14:08.0009 5912 RasAcd - ok
17:14:08.0086 5912 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:08.0111 5912 RasAgileVpn - ok
17:14:08.0118 5912 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:14:08.0120 5912 RasAuto - ok
17:14:08.0137 5912 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:08.0138 5912 Rasl2tp - ok
17:14:08.0164 5912 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:14:08.0167 5912 RasMan - ok
17:14:08.0176 5912 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:08.0177 5912 RasPppoe - ok
17:14:08.0198 5912 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:14:08.0199 5912 RasSstp - ok
17:14:08.0215 5912 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:14:08.0217 5912 rdbss - ok
17:14:08.0220 5912 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:08.0220 5912 rdpbus - ok
17:14:08.0222 5912 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:08.0223 5912 RDPCDD - ok
17:14:08.0251 5912 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:14:08.0252 5912 RDPDR - ok
17:14:08.0264 5912 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:14:08.0264 5912 RDPENCDD - ok
17:14:08.0267 5912 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:14:08.0268 5912 RDPREFMP - ok
17:14:08.0301 5912 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:14:08.0303 5912 RDPWD - ok
17:14:08.0323 5912 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:14:08.0325 5912 rdyboost - ok
17:14:08.0360 5912 RemoteAccess - ok
17:14:08.0386 5912 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:14:08.0388 5912 RemoteRegistry - ok
17:14:08.0423 5912 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:14:08.0424 5912 RFCOMM - ok
17:14:08.0431 5912 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:14:08.0433 5912 RpcEptMapper - ok
17:14:08.0448 5912 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:14:08.0449 5912 RpcLocator - ok
17:14:08.0481 5912 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:14:08.0484 5912 RpcSs - ok
17:14:08.0496 5912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:14:08.0497 5912 rspndr - ok
17:14:08.0510 5912 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:14:08.0511 5912 s3cap - ok
17:14:08.0528 5912 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:08.0529 5912 SamSs - ok
17:14:08.0538 5912 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:14:08.0539 5912 sbp2port - ok
17:14:08.0556 5912 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:14:08.0559 5912 SCardSvr - ok
17:14:08.0577 5912 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:14:08.0578 5912 scfilter - ok
17:14:08.0630 5912 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:14:08.0649 5912 Schedule - ok
17:14:08.0663 5912 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:14:08.0664 5912 SCPolicySvc - ok
17:14:08.0676 5912 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:14:08.0678 5912 SDRSVC - ok
17:14:08.0694 5912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:14:08.0694 5912 secdrv - ok
17:14:08.0716 5912 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:14:08.0717 5912 seclogon - ok
17:14:08.0722 5912 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:14:08.0723 5912 SENS - ok
17:14:08.0848 5912 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:14:08.0849 5912 SensrSvc - ok
17:14:08.0908 5912 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:14:08.0909 5912 Serenum - ok
17:14:09.0039 5912 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:14:09.0040 5912 Serial - ok
17:14:09.0049 5912 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:14:09.0049 5912 sermouse - ok
17:14:09.0059 5912 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:14:09.0061 5912 SessionEnv - ok
17:14:09.0078 5912 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:14:09.0079 5912 sffdisk - ok
17:14:09.0087 5912 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:14:09.0088 5912 sffp_mmc - ok
17:14:09.0094 5912 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:14:09.0095 5912 sffp_sd - ok
17:14:09.0106 5912 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:14:09.0107 5912 sfloppy - ok
17:14:09.0150 5912 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:14:09.0154 5912 SharedAccess - ok
17:14:09.0180 5912 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:14:09.0184 5912 ShellHWDetection - ok
17:14:09.0201 5912 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:14:09.0202 5912 SiSRaid2 - ok
17:14:09.0212 5912 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:14:09.0213 5912 SiSRaid4 - ok
17:14:09.0289 5912 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:14:09.0290 5912 SkypeUpdate - ok
17:14:09.0307 5912 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:14:09.0309 5912 Smb - ok
17:14:09.0329 5912 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:14:09.0331 5912 SNMPTRAP - ok
17:14:09.0350 5912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:14:09.0351 5912 spldr - ok
17:14:09.0383 5912 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:14:09.0398 5912 Spooler - ok
17:14:09.0541 5912 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:14:09.0583 5912 sppsvc - ok
17:14:09.0662 5912 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:14:09.0664 5912 sppuinotify - ok
17:14:09.0716 5912 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
17:14:09.0716 5912 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
17:14:09.0716 5912 sptd ( LockedFile.Multi.Generic ) - warning
17:14:09.0716 5912 sptd - detected LockedFile.Multi.Generic (1)
17:14:09.0741 5912 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:14:09.0745 5912 srv - ok
17:14:09.0760 5912 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:14:09.0763 5912 srv2 - ok
17:14:09.0770 5912 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:14:09.0772 5912 srvnet - ok
17:14:09.0796 5912 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:14:09.0798 5912 SSDPSRV - ok
17:14:09.0807 5912 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:14:09.0808 5912 SstpSvc - ok
17:14:09.0891 5912 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
17:14:09.0894 5912 StarWindServiceAE - ok
17:14:09.0917 5912 Steam Client Service - ok
17:14:09.0976 5912 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:14:09.0979 5912 Stereo Service - ok
17:14:10.0010 5912 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:14:10.0011 5912 stexstor - ok
17:14:10.0064 5912 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:14:10.0073 5912 stisvc - ok
17:14:10.0088 5912 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:14:10.0089 5912 storflt - ok
17:14:10.0106 5912 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:14:10.0107 5912 StorSvc - ok
17:14:10.0121 5912 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:14:10.0122 5912 storvsc - ok
17:14:10.0135 5912 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:14:10.0135 5912 swenum - ok
17:14:10.0199 5912 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:14:10.0202 5912 SwitchBoard - ok
17:14:10.0240 5912 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:14:10.0245 5912 swprv - ok
17:14:10.0320 5912 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:14:10.0338 5912 SysMain - ok
17:14:10.0420 5912 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:14:10.0422 5912 TabletInputService - ok
17:14:10.0437 5912 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:14:10.0440 5912 TapiSrv - ok
17:14:10.0446 5912 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:14:10.0447 5912 TBS - ok
17:14:10.0544 5912 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:14:10.0557 5912 Tcpip - ok
17:14:10.0681 5912 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:14:10.0687 5912 TCPIP6 - ok
17:14:10.0727 5912 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:14:10.0728 5912 tcpipreg - ok
17:14:10.0750 5912 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:14:10.0751 5912 TDPIPE - ok
17:14:10.0771 5912 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:14:10.0772 5912 TDTCP - ok
17:14:10.0793 5912 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:14:10.0795 5912 tdx - ok
17:14:10.0812 5912 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:14:10.0813 5912 TermDD - ok
17:14:10.0850 5912 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:14:10.0865 5912 TermService - ok
17:14:10.0884 5912 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:14:10.0886 5912 Themes - ok
17:14:10.0904 5912 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:14:10.0905 5912 THREADORDER - ok
17:14:10.0921 5912 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:14:10.0923 5912 TrkWks - ok
17:14:11.0026 5912 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:14:11.0028 5912 TrustedInstaller - ok
17:14:11.0114 5912 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:11.0115 5912 tssecsrv - ok
17:14:11.0272 5912 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:14:11.0274 5912 TsUsbFlt - ok
17:14:11.0393 5912 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:14:11.0394 5912 tunnel - ok
17:14:11.0403 5912 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:14:11.0404 5912 uagp35 - ok
17:14:11.0428 5912 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:14:11.0430 5912 udfs - ok
17:14:11.0436 5912 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:14:11.0437 5912 UI0Detect - ok
17:14:11.0451 5912 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:14:11.0452 5912 uliagpkx - ok
17:14:11.0473 5912 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:14:11.0474 5912 umbus - ok
17:14:11.0481 5912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:14:11.0482 5912 UmPass - ok
17:14:11.0497 5912 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:14:11.0500 5912 UmRdpService - ok
17:14:11.0571 5912 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:14:11.0574 5912 UMVPFSrv - ok
17:14:11.0596 5912 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:14:11.0600 5912 upnphost - ok
17:14:11.0623 5912 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:14:11.0625 5912 usbaudio - ok
17:14:11.0645 5912 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:11.0646 5912 usbccgp - ok
17:14:11.0659 5912 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:14:11.0660 5912 usbcir - ok
17:14:11.0669 5912 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:14:11.0669 5912 usbehci - ok
17:14:11.0693 5912 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:14:11.0696 5912 usbhub - ok
17:14:11.0712 5912 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:14:11.0713 5912 usbohci - ok
17:14:11.0723 5912 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:14:11.0723 5912 usbprint - ok
17:14:11.0741 5912 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:11.0742 5912 USBSTOR - ok
17:14:11.0756 5912 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:14:11.0757 5912 usbuhci - ok
17:14:11.0779 5912 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:14:11.0781 5912 usbvideo - ok
17:14:11.0797 5912 uxddrv - ok
17:14:11.0809 5912 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:14:11.0810 5912 UxSms - ok
17:14:11.0828 5912 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:14:11.0829 5912 VaultSvc - ok
17:14:11.0838 5912 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:14:11.0839 5912 vdrvroot - ok
17:14:11.0877 5912 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:14:11.0882 5912 vds - ok
17:14:11.0895 5912 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:11.0895 5912 vga - ok
17:14:11.0904 5912 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:14:11.0905 5912 VgaSave - ok
17:14:11.0919 5912 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:14:11.0921 5912 vhdmp - ok
17:14:11.0934 5912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:14:11.0934 5912 viaide - ok
17:14:11.0955 5912 vidsflt58 (6dc5d9a5bba6a858d06b7abefba1a1e6) C:\Windows\system32\DRIVERS\vsflt58.sys
17:14:11.0955 5912 vidsflt58 - ok
17:14:11.0965 5912 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:14:11.0967 5912 vmbus - ok
17:14:11.0979 5912 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:14:11.0980 5912 VMBusHID - ok
17:14:11.0985 5912 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:14:11.0986 5912 volmgr - ok
17:14:12.0004 5912 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:14:12.0007 5912 volmgrx - ok
17:14:12.0027 5912 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:14:12.0074 5912 volsnap - ok
17:14:12.0103 5912 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:12.0105 5912 vsmraid - ok
17:14:12.0178 5912 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:14:12.0192 5912 VSS - ok
17:14:12.0248 5912 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:14:12.0249 5912 vwifibus - ok
17:14:12.0287 5912 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:14:12.0291 5912 W32Time - ok
17:14:12.0300 5912 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:14:12.0301 5912 WacomPen - ok
17:14:12.0329 5912 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:14:12.0330 5912 WANARP - ok
17:14:12.0332 5912 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:14:12.0333 5912 Wanarpv6 - ok
17:14:12.0400 5912 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:14:12.0415 5912 WatAdminSvc - ok
17:14:12.0481 5912 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:14:12.0497 5912 wbengine - ok
17:14:12.0531 5912 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:14:12.0534 5912 WbioSrvc - ok
17:14:12.0554 5912 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:14:12.0558 5912 wcncsvc - ok
17:14:12.0569 5912 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:14:12.0570 5912 WcsPlugInService - ok
17:14:12.0582 5912 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:14:12.0582 5912 Wd - ok
17:14:12.0609 5912 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:14:12.0614 5912 Wdf01000 - ok
17:14:12.0622 5912 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:14:12.0624 5912 WdiServiceHost - ok
17:14:12.0626 5912 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:14:12.0627 5912 WdiSystemHost - ok
17:14:12.0653 5912 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:14:12.0656 5912 WebClient - ok
17:14:12.0691 5912 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:14:12.0694 5912 Wecsvc - ok
17:14:12.0731 5912 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:14:12.0733 5912 wercplsupport - ok
17:14:12.0814 5912 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:14:12.0816 5912 WerSvc - ok
17:14:12.0899 5912 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:12.0900 5912 WfpLwf - ok
17:14:12.0917 5912 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:14:12.0918 5912 WIMMount - ok
17:14:12.0951 5912 WinDefend - ok
17:14:12.0961 5912 WinHttpAutoProxySvc - ok
17:14:12.0996 5912 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:14:13.0000 5912 Winmgmt - ok
17:14:13.0109 5912 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:14:13.0160 5912 WinRM - ok
17:14:13.0289 5912 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:14:13.0291 5912 WinUSB - ok
17:14:13.0352 5912 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:14:13.0376 5912 Wlansvc - ok
17:14:13.0530 5912 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:14:13.0553 5912 wlidsvc - ok
17:14:13.0612 5912 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:14:13.0614 5912 WmiAcpi - ok
17:14:13.0641 5912 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:14:13.0644 5912 wmiApSrv - ok
17:14:13.0671 5912 WMPNetworkSvc - ok
17:14:13.0687 5912 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:14:13.0690 5912 WPCSvc - ok
17:14:13.0707 5912 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:14:13.0711 5912 WPDBusEnum - ok
17:14:13.0731 5912 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:14:13.0732 5912 ws2ifsl - ok
17:14:13.0753 5912 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:14:13.0756 5912 wscsvc - ok
17:14:13.0760 5912 WSearch - ok
17:14:13.0889 5912 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:14:13.0918 5912 wuauserv - ok
17:14:13.0992 5912 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:14:13.0995 5912 WudfPf - ok
17:14:14.0027 5912 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:14.0031 5912 WUDFRd - ok
17:14:14.0053 5912 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:14:14.0057 5912 wudfsvc - ok
17:14:14.0076 5912 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:14:14.0082 5912 WwanSvc - ok
17:14:14.0145 5912 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
17:14:14.0166 5912 xnacc - ok
17:14:14.0217 5912 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
17:14:14.0219 5912 xusb21 - ok
17:14:14.0256 5912 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:14:14.0429 5912 \Device\Harddisk0\DR0 - ok
17:14:14.0432 5912 Boot (0x1200) (580dbd234f395fc85af055498c646477) \Device\Harddisk0\DR0\Partition0
17:14:14.0432 5912 \Device\Harddisk0\DR0\Partition0 - ok
17:14:14.0433 5912 ============================================================
17:14:14.0433 5912 Scan finished
17:14:14.0433 5912 ============================================================
17:14:14.0438 6124 Detected object count: 1
17:14:14.0438 6124 Actual detected object count: 1
17:14:20.0450 6124 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:14:20.0450 6124 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


-----------------------------ESET Online Scanner pasted below -----------------------------
C:\Windows\Installer\{d826e5a7-42af-07a4-b65f-b2508b67fe68}\U\00000008.@ Win64/Agent.BA trojan
Operating memory a variant of Win32/Sirefef.EZ trojan

Attached Files


Edited by chibichanman, 02 June 2012 - 10:26 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:39 AM

Posted 03 June 2012 - 12:42 PM

Hi,

Please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

(you need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 chibichanman

chibichanman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 03 June 2012 - 01:33 PM

FRST pasted below

Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 03-06-2012 11:20:58
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12881512 2011-09-26] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-07-04] (cFos Software GmbH)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-08-19] (IvoSoft)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-09-14] (Intel Corporation)
HKLM-x32\...\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe [4878912 2011-12-19] (FNet Co., Ltd.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2010-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2903448 2011-06-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" [5019360 2011-12-25] (FNet Co., Ltd.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\CCM\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2009-11-15] (Alcohol Soft Development Team)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\CCM\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations)
2 cFosSpeedS; "C:\Program Files\ASRock\XFast LAN\spd.exe" -service [395136 2011-07-04] (cFos Software GmbH)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe" [7168 2011-09-14] (Intel Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [71168 2011-03-15] (Palm)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
3 PDEngine; "C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe" [3290888 2011-09-07] (Raxco Software, Inc.)
2 SharedAccess; C:\Windows\SysWow64\ipnathlp.dll [1827840 2012-03-25] ()
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
4 RemoteAccess; C:\Windows\SysWOW64\mpreim.dll [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [36960 2011-07-11] (Asmedia Technology)
3 asmthub3; C:\Windows\System32\Drivers\asmthub3.sys [126952 2011-03-04] (ASMedia Technology Inc)
3 asmtxhci; C:\Windows\System32\Drivers\asmtxhci.sys [390632 2011-03-04] (ASMedia Technology Inc)
1 AsrAppCharger; C:\Windows\System32\Drivers\AsrAppCharger.sys [17192 2011-05-10] (Windows ® Win 7 DDK provider)
0 AsrRamDisk; C:\Windows\System32\Drivers\AsrRamDisk.sys [22312 2011-10-14] (ASRock Inc.)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-01] (Atheros)
3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [51872 2011-03-01] (Windows ® Win 7 DDK provider)
1 aytmkmvr; C:\Windows\System32\Drivers\aytmkmvr.sys [50000 2012-06-02] (Microsoft Corporation)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-01] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-01] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-01] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-01] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-01] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [280224 2011-03-01] (Atheros)
1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1632128 2011-07-04] (cFos Software GmbH)
3 CM2793; C:\Windows\System32\Drivers\CM2793.sys [14840 2010-09-18] ()
3 CM2793; C:\Windows\SysWow64\Drivers\CM2793.sys [12280 2010-09-18] ()
0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [132704 2012-04-06] (Acronis)
3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [32320 2012-05-02] (FNet Co., Ltd.)
1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-12-19] (FNet Co., Ltd.)
0 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [562456 2011-09-14] (Intel Corporation)
0 iaStorF; C:\Windows\System32\Drivers\iaStorF.sys [23832 2011-09-14] (Intel Corporation)
1 jfjtvbfs; C:\Windows\System32\Drivers\jfjtvbfs.sys [50000 2012-06-02] (Microsoft Corporation)
3 MBfilt; C:\Windows\System32\drivers\MBfilt64.sys [32344 2009-11-17] (Creative Technology Ltd.)
2 PDFSFilter; C:\Windows\System32\Drivers\PDFSFilter.sys [79888 2011-09-07] (Raxco Software, Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-12-18] (Duplex Secure Ltd.)
0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [142944 2012-04-06] (Acronis)
3 AsrIbDrv; \??\C:\Windows\SysWOW64\Drivers\AsrIbDrv.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
3 uxddrv; \??\G:\wow64\uxddrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-03 11:20 - 2012-06-03 11:21 - 0000000 ____D C:\FRST
2012-06-03 10:06 - 2012-06-03 10:06 - 1395739 ____A C:\Users\CCM\Desktop\FRST64.exe
2012-06-02 16:43 - 2012-06-02 16:43 - 2322184 ____A (ESET) C:\Users\CCM\Desktop\esetsmartinstaller_enu.exe
2012-06-02 16:43 - 2012-06-02 16:43 - 0000000 ____D C:\Program Files (x86)\ESET
2012-06-02 16:17 - 2012-06-02 16:17 - 1402880 ____A C:\Users\CCM\Desktop\HijackThis.msi
2012-06-02 16:17 - 2012-06-02 16:17 - 0002965 ____A C:\Users\CCM\Desktop\HiJackThis.lnk
2012-06-02 16:17 - 2012-06-02 16:17 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-02 16:13 - 2012-06-02 16:14 - 0136682 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_17.13.49_log.txt
2012-06-02 16:07 - 2012-06-02 16:07 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aytmkmvr.sys
2012-06-02 16:02 - 2012-06-02 19:22 - 0000000 ____D C:\Users\CCM\Desktop\for bleepingcomputer
2012-06-02 15:59 - 2012-06-02 15:59 - 0607260 ____R (Swearware) C:\Users\CCM\Desktop\dds.scr
2012-06-02 15:53 - 2012-06-02 15:54 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jfjtvbfs.sys
2012-06-02 15:52 - 2012-06-02 15:52 - 0000000 ____D C:\$RECYCLE.BIN
2012-06-02 15:46 - 2012-06-02 15:52 - 0000000 ___SD C:\ComboFix
2012-06-02 15:46 - 2012-06-02 15:51 - 0000000 ____D C:\Windows\ERDNT
2012-06-02 15:46 - 2012-06-02 15:47 - 0000000 ____D C:\Qoobox
2012-06-02 15:46 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-06-02 15:46 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-06-02 15:46 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-02 15:46 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-02 15:46 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-02 15:46 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-06-02 15:46 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-06-02 15:46 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-06-02 15:44 - 2012-06-02 15:44 - 4534467 ____R (Swearware) C:\Users\CCM\Desktop\ComboFix.exe
2012-06-02 15:37 - 2012-06-02 15:37 - 4731392 ____A (AVAST Software) C:\Users\CCM\Desktop\aswMBR.exe
2012-06-02 15:27 - 2012-06-02 15:27 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-02 15:27 - 2012-06-02 15:27 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Malwarebytes
2012-06-02 15:26 - 2012-06-02 15:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 15:26 - 2012-06-02 15:26 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-06-02 15:26 - 2012-04-04 14:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-02 15:24 - 2012-06-02 15:26 - 0134696 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_16.24.38_log.txt
2012-06-02 15:24 - 2012-06-02 15:24 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\CCM\Desktop\tdsskiller.exe
2012-06-02 15:19 - 2012-06-02 15:19 - 0000049 ____A C:\Users\CCM\Desktop\sirefef dot com virus removal instructions.URL
2012-06-02 15:12 - 2012-06-02 15:12 - 0079623 ____A C:\Users\CCM\Desktop\Junction.zip
2012-06-02 15:12 - 2010-09-07 14:39 - 0150392 ____A (Sysinternals - www.sysinternals.com) C:\Users\CCM\Desktop\junction.exe
2012-06-02 15:05 - 2012-06-02 15:05 - 0294216 ____A C:\Users\CCM\Desktop\gmer.zip
2012-06-02 15:05 - 2011-07-16 21:21 - 0302592 ____A C:\Users\CCM\Desktop\gmer.exe
2012-06-02 09:58 - 2012-06-02 09:58 - 0000000 ____D C:\Windows\pss
2012-06-02 09:50 - 2012-06-02 09:50 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-02 09:50 - 2012-06-02 09:50 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-02 09:50 - 2012-06-02 09:50 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-02 09:50 - 2012-06-02 09:50 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-02 09:50 - 2012-06-02 09:50 - 0000000 ____D C:\Program Files (x86)\Java
2012-06-02 09:28 - 2012-06-02 09:28 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-02 09:27 - 2012-06-02 09:28 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-02 09:27 - 2012-06-02 09:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-02 07:39 - 2012-06-02 07:39 - 0000000 ____D C:\Users\All Users\RELOADED
2012-06-02 07:27 - 2012-06-02 07:27 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-29 08:52 - 2012-05-29 08:52 - 0152576 ____A C:\Users\CCM\Desktop\Criminal Procedure - Allen.doc
2012-05-29 08:52 - 2012-05-29 08:52 - 0142848 ____A C:\Users\CCM\Desktop\Remedies.doc
2012-05-28 22:42 - 2012-05-28 22:42 - 0267776 ____A C:\Users\CCM\Desktop\Remedies_Hutchinson_Spring2006_2.doc
2012-05-28 21:22 - 2012-05-28 21:22 - 0098304 ____A C:\Users\CCM\Desktop\CrimPro-Search And Seizure Checklist.doc
2012-05-18 20:49 - 2012-05-18 20:49 - 0000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2012-05-18 08:02 - 2012-05-28 14:02 - 0000000 ____D C:\Users\CCM\AppData\Local\Runic Games
2012-05-18 08:01 - 2012-05-18 08:01 - 0000000 ____D C:\Users\Public\Games
2012-05-17 22:18 - 2012-06-02 15:52 - 1037070336 __ASH C:\hiberfil.sys
2012-05-15 11:56 - 2012-05-15 11:56 - 0000000 ____D C:\Users\CCM\Documents\Diablo III
2012-05-15 11:41 - 2012-05-15 11:56 - 0000000 ____D C:\Program Files (x86)\Diablo III
2012-05-15 11:41 - 2012-05-15 11:54 - 0001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 11:41 - 2012-05-15 11:54 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-15 11:39 - 2012-05-15 11:40 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-15 08:48 - 2012-05-15 08:48 - 0018822 ____A C:\Users\CCM\Desktop\Seagate Technology - Order Confirmation.pdf
2012-05-14 22:34 - 2012-05-14 22:34 - 12407827 ____A C:\Users\CCM\Desktop\FS09outlinebank.zip
2012-05-14 21:36 - 2012-05-14 21:37 - 0000000 ____D C:\Users\CCM\Desktop\untzbots
2012-05-14 21:19 - 2012-05-14 21:19 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 21:19 - 2012-05-14 21:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 11:46 - 2012-05-12 11:46 - 0342940 ____A C:\Users\CCM\Desktop\hardmodefpdrops1.21.jpg
2012-05-12 07:25 - 2012-05-12 07:25 - 0272340 ____A C:\Users\CCM\Desktop\SWTOR_RE_GUIDE.png
2012-05-11 17:09 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 17:09 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 17:09 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 17:09 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 17:09 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 17:09 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 17:09 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 17:09 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-05 14:44 - 2012-05-05 14:44 - 0000000 ____D C:\Users\CCM\Desktop\UntzBot50x3

============ 3 Months Modified Files and Folders =============

2012-06-03 11:21 - 2012-06-03 11:20 - 0000000 ____D C:\FRST
2012-06-03 10:08 - 2011-12-19 09:40 - 1902300 ____A C:\Windows\WindowsUpdate.log
2012-06-03 10:06 - 2012-06-03 10:06 - 1395739 ____A C:\Users\CCM\Desktop\FRST64.exe
2012-06-03 10:06 - 2011-12-19 12:46 - 0000000 ___RD C:\Users\CCM\Dropbox
2012-06-03 10:06 - 2011-12-19 12:45 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Dropbox
2012-06-03 09:33 - 2011-12-19 13:18 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325047565-1173719390-328377340-1000UA.job
2012-06-03 00:33 - 2011-12-19 13:18 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325047565-1173719390-328377340-1000Core.job
2012-06-02 19:22 - 2012-06-02 16:02 - 0000000 ____D C:\Users\CCM\Desktop\for bleepingcomputer
2012-06-02 16:43 - 2012-06-02 16:43 - 2322184 ____A (ESET) C:\Users\CCM\Desktop\esetsmartinstaller_enu.exe
2012-06-02 16:43 - 2012-06-02 16:43 - 0000000 ____D C:\Program Files (x86)\ESET
2012-06-02 16:39 - 2011-05-17 14:28 - 0000000 ____D C:\Users\CCM\Documents\JD
2012-06-02 16:17 - 2012-06-02 16:17 - 1402880 ____A C:\Users\CCM\Desktop\HijackThis.msi
2012-06-02 16:17 - 2012-06-02 16:17 - 0002965 ____A C:\Users\CCM\Desktop\HiJackThis.lnk
2012-06-02 16:17 - 2012-06-02 16:17 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-02 16:14 - 2012-06-02 16:13 - 0136682 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_17.13.49_log.txt
2012-06-02 16:07 - 2012-06-02 16:07 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aytmkmvr.sys
2012-06-02 16:00 - 2009-07-13 20:45 - 0013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-02 16:00 - 2009-07-13 20:45 - 0013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-02 15:59 - 2012-06-02 15:59 - 0607260 ____R (Swearware) C:\Users\CCM\Desktop\dds.scr
2012-06-02 15:55 - 2011-12-21 18:11 - 0000191 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-02 15:55 - 2011-05-17 13:13 - 0000296 ____A C:\Users\CCM\Documents\ax_files.xml
2012-06-02 15:54 - 2012-06-02 15:53 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jfjtvbfs.sys
2012-06-02 15:52 - 2012-06-02 15:52 - 0000000 ____D C:\$RECYCLE.BIN
2012-06-02 15:52 - 2012-06-02 15:46 - 0000000 ___SD C:\ComboFix
2012-06-02 15:52 - 2012-05-17 22:18 - 1037070336 __ASH C:\hiberfil.sys
2012-06-02 15:52 - 2011-12-23 17:49 - 0000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-06-02 15:52 - 2011-12-19 11:19 - 0018246 ____A C:\Windows\PFRO.log
2012-06-02 15:52 - 2011-12-19 10:34 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-06-02 15:52 - 2011-12-18 17:56 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-06-02 15:52 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-02 15:52 - 2009-07-13 20:51 - 0042674 ____A C:\Windows\setupact.log
2012-06-02 15:51 - 2012-06-02 15:46 - 0000000 ____D C:\Windows\ERDNT
2012-06-02 15:47 - 2012-06-02 15:46 - 0000000 ____D C:\Qoobox
2012-06-02 15:44 - 2012-06-02 15:44 - 4534467 ____R (Swearware) C:\Users\CCM\Desktop\ComboFix.exe
2012-06-02 15:37 - 2012-06-02 15:37 - 4731392 ____A (AVAST Software) C:\Users\CCM\Desktop\aswMBR.exe
2012-06-02 15:27 - 2012-06-02 15:27 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-02 15:27 - 2012-06-02 15:27 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Malwarebytes
2012-06-02 15:27 - 2012-06-02 15:26 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 15:26 - 2012-06-02 15:26 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-06-02 15:26 - 2012-06-02 15:24 - 0134696 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_16.24.38_log.txt
2012-06-02 15:24 - 2012-06-02 15:24 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\CCM\Desktop\tdsskiller.exe
2012-06-02 15:19 - 2012-06-02 15:19 - 0000049 ____A C:\Users\CCM\Desktop\sirefef dot com virus removal instructions.URL
2012-06-02 15:12 - 2012-06-02 15:12 - 0079623 ____A C:\Users\CCM\Desktop\Junction.zip
2012-06-02 15:05 - 2012-06-02 15:05 - 0294216 ____A C:\Users\CCM\Desktop\gmer.zip
2012-06-02 14:59 - 2011-07-23 11:15 - 0000000 ___SD C:\Users\CCM\Documents\My Web Sites
2012-06-02 14:54 - 2009-07-13 21:08 - 0017208 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-02 14:53 - 2011-12-21 21:07 - 0000000 ____D C:\Users\All Users\AVG2012
2012-06-02 14:51 - 2011-12-21 20:53 - 0000000 ____D C:\Users\All Users\MFAData
2012-06-02 14:50 - 2011-05-17 16:05 - 0000000 ____D C:\$AVG
2012-06-02 09:58 - 2012-06-02 09:58 - 0000000 ____D C:\Windows\pss
2012-06-02 09:50 - 2012-06-02 09:50 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-02 09:50 - 2012-06-02 09:50 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-02 09:50 - 2012-06-02 09:50 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-02 09:50 - 2012-06-02 09:50 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-02 09:50 - 2012-06-02 09:50 - 0000000 ____D C:\Program Files (x86)\Java
2012-06-02 09:50 - 2011-12-19 06:34 - 0472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-02 09:41 - 2011-12-19 12:39 - 0000000 ____D C:\Program Files (x86)\Trillian
2012-06-02 09:28 - 2012-06-02 09:28 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-02 09:28 - 2012-06-02 09:27 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-02 09:27 - 2012-06-02 09:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-02 09:27 - 2011-12-19 10:21 - 0801896 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-02 09:05 - 2011-12-18 18:20 - 0000000 ____D C:\Program Files (x86)\Steam
2012-06-02 09:01 - 2011-12-26 16:28 - 0000000 ____D C:\Users\CCM\AppData\Local\CrashDumps
2012-06-02 07:47 - 2011-12-19 12:25 - 0000000 ____D C:\Program Files\PeerBlock
2012-06-02 07:39 - 2012-06-02 07:39 - 0000000 ____D C:\Users\All Users\RELOADED
2012-06-02 07:27 - 2012-06-02 07:27 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-02 06:59 - 2011-12-19 12:24 - 0000000 ____D C:\Users\CCM\AppData\Roaming\uTorrent
2012-06-01 11:02 - 2011-12-19 12:46 - 0000973 ____A C:\Users\CCM\Desktop\Dropbox.lnk
2012-05-30 08:50 - 2011-12-19 11:54 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-29 08:57 - 2009-07-13 21:13 - 0784802 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-29 08:52 - 2012-05-29 08:52 - 0152576 ____A C:\Users\CCM\Desktop\Criminal Procedure - Allen.doc
2012-05-29 08:52 - 2012-05-29 08:52 - 0142848 ____A C:\Users\CCM\Desktop\Remedies.doc
2012-05-28 22:42 - 2012-05-28 22:42 - 0267776 ____A C:\Users\CCM\Desktop\Remedies_Hutchinson_Spring2006_2.doc
2012-05-28 21:22 - 2012-05-28 21:22 - 0098304 ____A C:\Users\CCM\Desktop\CrimPro-Search And Seizure Checklist.doc
2012-05-28 14:02 - 2012-05-18 08:02 - 0000000 ____D C:\Users\CCM\AppData\Local\Runic Games
2012-05-28 12:50 - 2011-12-23 08:02 - 0000000 ____D C:\Program Files (x86)\JDownloader
2012-05-28 08:42 - 2012-01-11 07:41 - 0000000 __SHD C:\Users\CCM\AppData\Local\{d826e5a7-42af-07a4-b65f-b2508b67fe68}
2012-05-25 06:04 - 2012-05-03 22:41 - 0027073 ____A C:\Users\CCM\Desktop\2012 Vincent.xlsx
2012-05-23 21:33 - 2011-12-19 13:18 - 0002349 ____A C:\Users\CCM\Desktop\Google Chrome.lnk
2012-05-19 22:33 - 2011-12-19 11:37 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Mozilla
2012-05-18 20:49 - 2012-05-18 20:49 - 0000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2012-05-18 17:20 - 2011-12-19 10:04 - 0000000 ___AD C:\users\CCM
2012-05-18 17:20 - 2011-05-31 08:05 - 0000000 ____D C:\Users\CCM\Documents\My Games
2012-05-18 08:01 - 2012-05-18 08:01 - 0000000 ____D C:\Users\Public\Games
2012-05-18 07:53 - 2011-12-21 18:54 - 0000000 ____D C:\Users\All Users\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2012-05-18 07:50 - 2012-03-26 13:37 - 0000000 ____D C:\users\UpdatusUser
2012-05-15 11:56 - 2012-05-15 11:56 - 0000000 ____D C:\Users\CCM\Documents\Diablo III
2012-05-15 11:56 - 2012-05-15 11:41 - 0000000 ____D C:\Program Files (x86)\Diablo III
2012-05-15 11:54 - 2012-05-15 11:41 - 0001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 11:54 - 2012-05-15 11:41 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-15 11:40 - 2012-05-15 11:39 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-15 08:48 - 2012-05-15 08:48 - 0018822 ____A C:\Users\CCM\Desktop\Seagate Technology - Order Confirmation.pdf
2012-05-14 22:34 - 2012-05-14 22:34 - 12407827 ____A C:\Users\CCM\Desktop\FS09outlinebank.zip
2012-05-14 21:37 - 2012-05-14 21:36 - 0000000 ____D C:\Users\CCM\Desktop\untzbots
2012-05-14 21:19 - 2012-05-14 21:19 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 21:19 - 2012-05-14 21:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 10:34 - 2012-04-11 15:20 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-14 10:34 - 2011-12-18 18:08 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-14 10:32 - 2009-07-13 20:45 - 4975008 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 11:46 - 2012-05-12 11:46 - 0342940 ____A C:\Users\CCM\Desktop\hardmodefpdrops1.21.jpg
2012-05-12 07:25 - 2012-05-12 07:25 - 0272340 ____A C:\Users\CCM\Desktop\SWTOR_RE_GUIDE.png
2012-05-11 17:18 - 2011-12-19 11:05 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 05:45 - 2011-12-19 11:32 - 0001621 ____A C:\Windows\LkmdfCoInst.log
2012-05-09 05:44 - 2011-12-19 11:32 - 0018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-05-05 14:44 - 2012-05-05 14:44 - 0000000 ____D C:\Users\CCM\Desktop\UntzBot50x3
2012-05-03 09:51 - 2012-05-03 09:51 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-03 09:51 - 2012-05-03 09:51 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-03 09:51 - 2011-12-19 11:37 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-02 21:09 - 2011-12-19 11:32 - 0032320 ____A (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS
2012-04-30 07:28 - 2012-04-30 07:28 - 5352868 ____A C:\Users\CCM\Desktop\(primary verification)hotspot_candidates-allfields_TNPOI4.0_M-Z_macros.xlsm
2012-04-29 17:08 - 2011-12-27 16:46 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Skype
2012-04-16 20:21 - 2011-12-19 11:48 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Winamp
2012-04-16 17:23 - 2012-04-16 17:23 - 0000000 ____D C:\Users\All Users\Acronis
2012-04-16 17:23 - 2012-04-16 17:22 - 4179426 ____A C:\Windows\System32\AcronisTrueImage.msi.txt
2012-04-16 17:23 - 2012-04-16 17:22 - 0248678 ____A C:\Windows\SysWOW64\AcronisTrueImage.msi.txt
2012-04-13 09:03 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-06 16:19 - 2012-04-06 16:18 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Acronis
2012-04-06 16:18 - 2012-04-06 16:18 - 1284192 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-04-06 16:18 - 2012-04-06 16:18 - 0986208 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-04-06 16:18 - 2012-04-06 16:18 - 0310368 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-04-06 16:18 - 2012-04-06 16:18 - 0210528 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-04-06 16:18 - 2012-04-06 16:18 - 0142944 ____A (Acronis) C:\Windows\System32\Drivers\vsflt58.sys
2012-04-06 16:18 - 2012-04-06 16:18 - 0132704 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-04-06 16:17 - 2012-04-06 16:16 - 0000000 ____D C:\Users\CCM\Desktop\Acronis True Image Home 2012 15.0.0 Build 5545 - Final
2012-04-04 14:56 - 2012-06-02 15:26 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 22:05 - 2012-05-11 17:09 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 17:09 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 17:09 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 17:09 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-11 17:09 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-26 19:36 - 2012-02-24 15:13 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-26 13:37 - 2012-03-26 13:37 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-03-26 13:37 - 2012-03-26 13:37 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-03-26 13:37 - 2011-12-19 10:33 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-26 13:37 - 2011-12-19 10:32 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-26 13:34 - 2011-05-17 14:40 - 0000000 ____D C:\NVIDIA
2012-03-25 02:01 - 2012-03-25 02:01 - 1827840 ____A C:\Windows\SysWOW64\ipnathlp.dll
2012-03-25 02:01 - 2012-03-25 02:01 - 0000400 ____A C:\Windows\SysWOW64\ipnathlp.ocx
2012-03-24 22:33 - 2011-12-21 18:18 - 0000000 ____D C:\Users\CCM\AppData\Local\Adobe
2012-03-24 08:17 - 2011-12-21 18:18 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-23 06:26 - 2012-03-23 06:26 - 0000000 ____D C:\Users\CCM\AppData\Local\BigHugeEngine
2012-03-22 14:11 - 2012-03-22 14:11 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-03-22 13:51 - 2012-03-23 10:02 - 0002304 ____A C:\Windows\SysWOW64\HtsysmNT.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 17:21 - 2012-02-25 16:34 - 0000000 ____D C:\Users\CCM\Desktop\childlaw project
2012-03-19 12:09 - 2012-03-19 12:09 - 0000000 ____D C:\Users\CCM\Documents\DeadIsland
2012-03-19 12:08 - 2012-03-19 12:08 - 0000560 ____A C:\Windows\wmsetup.log
2012-03-19 12:08 - 2011-12-20 09:17 - 0093835 ____A C:\Windows\DirectX.log
2012-03-18 12:39 - 2012-03-18 11:08 - 0000000 ____D C:\Users\CCM\Desktop\video pictures
2012-03-17 16:38 - 2012-03-17 16:38 - 0726016 ____A (Igor Pavlov) C:\Windows\SysWOW64\7z.dll
2012-03-17 16:38 - 2012-03-17 16:38 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Xilisoft
2012-03-17 16:38 - 2012-03-17 16:38 - 0000000 ____D C:\Users\All Users\Xilisoft
2012-03-17 16:38 - 2012-03-17 16:38 - 0000000 ____D C:\Program Files (x86)\Xilisoft
2012-03-17 16:29 - 2012-03-17 16:29 - 0000000 ____D C:\Users\CCM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-17 16:29 - 2011-12-18 18:08 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Adobe
2012-03-17 16:27 - 2012-03-17 16:27 - 0000021 ____A C:\Windows\SurCode.INI
2012-03-17 16:27 - 2012-03-17 16:27 - 0000000 ____D C:\Users\CCM\Documents\Adobe
2012-03-17 16:27 - 2012-03-17 16:27 - 0000000 ____D C:\Users\CCM\AppData\Roaming\PACE Anti-Piracy
2012-03-17 16:27 - 2012-03-17 16:27 - 0000000 ____D C:\Users\CCM\AppData\Local\PACE Anti-Piracy
2012-03-17 16:27 - 2012-03-17 16:27 - 0000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-03-17 16:27 - 2012-03-17 16:27 - 0000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2012-03-17 16:27 - 2011-12-19 10:18 - 0110952 ____A C:\Users\CCM\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-17 16:27 - 2009-07-13 19:20 - 0000000 ___AD C:\Program Files\Common Files\System
2012-03-17 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-17 16:23 - 2011-12-25 19:39 - 0000000 ____D C:\Users\CCM\Desktop\psp
2012-03-17 16:19 - 2012-03-17 16:19 - 0000000 ____D C:\Program Files (x86)\Total Video Converter
2012-03-17 16:16 - 2012-03-17 14:57 - 0000000 ____D C:\Program Files\Adobe
2012-03-17 16:16 - 2011-12-21 18:15 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-17 16:08 - 2011-12-21 18:15 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-17 16:01 - 2012-03-17 14:57 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-03-17 15:55 - 2012-03-17 15:55 - 0000000 ____D C:\Users\All Users\ALM
2012-03-17 15:39 - 2012-03-17 15:38 - 0000000 ____D C:\Users\CCM\AppData\Local\{B3A2618B-C9F7-42F8-AC95-12B875076808}
2012-03-17 15:39 - 2012-03-17 15:29 - 0000000 ____D C:\Users\CCM\AppData\Local\Windows Live
2012-03-17 15:38 - 2012-03-17 15:38 - 0000000 ____D C:\Users\CCM\AppData\Local\{897BC80A-F7C1-4F7F-996A-2A2F3FDA62E2}
2012-03-17 15:36 - 2012-03-17 15:36 - 0000000 ____D C:\Windows\en
2012-03-17 15:35 - 2012-03-17 15:35 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-17 15:35 - 2012-03-17 15:33 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-17 15:22 - 2012-03-17 15:22 - 0000000 ____D C:\Users\CCM\Adobe Flash Builder 4
2012-03-17 15:12 - 2012-03-17 15:12 - 0000000 ____D C:\Users\Public\Documents\Adobe
2012-03-17 15:06 - 2012-03-17 15:06 - 0000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-03-17 15:05 - 2012-03-17 15:05 - 0000000 ____D C:\Program Files (x86)\My Company Name
2012-03-17 14:55 - 2012-03-26 13:37 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2012-03-17 14:55 - 2012-03-17 14:55 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-03-17 14:55 - 2012-03-17 14:55 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-03-16 23:58 - 2012-05-11 17:09 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 08:05 - 2011-12-19 11:31 - 0000000 ____D C:\Program Files\Common Files\Logishrd
2012-03-16 08:05 - 2011-12-18 17:56 - 0012387 ____A C:\Windows\System32\lvcoinst.log
2012-03-15 20:10 - 2012-03-15 20:10 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Apple Computer
2012-03-15 19:52 - 2012-03-15 19:52 - 0000000 ____D C:\Users\CCM\AppData\Local\LogiShrd
2012-03-14 21:08 - 2012-03-04 16:19 - 0000000 ____D C:\Users\CCM\AppData\Roaming\Mumble
2012-03-12 18:06 - 2012-03-12 18:06 - 0067639 ____A C:\Users\CCM\Desktop\hmdrops1.png
2012-03-12 12:00 - 2011-12-23 16:38 - 0000000 ____D C:\Users\CCM\Desktop\android apps
2012-03-10 23:15 - 2012-03-10 23:15 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-10 23:15 - 2012-03-10 23:14 - 0000000 ____D C:\Users\All Users\TuneUp Software
2012-03-10 23:15 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-03-10 23:14 - 2012-03-10 23:14 - 0000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-10 23:14 - 2012-03-10 23:14 - 0000000 ____D C:\Users\CCM\AppData\Roaming\TuneUp Software
2012-03-10 23:02 - 2012-03-10 23:02 - 0000000 ____D C:\Program Files\Recuva
2012-03-10 22:47 - 2012-03-10 22:47 - 0047616 ____A C:\Windows\SysWOW64\pdf995mon64.dll
2012-03-10 22:47 - 2012-03-10 22:47 - 0000000 ____D C:\Users\All Users\pdf995
2012-03-10 22:47 - 2012-03-01 22:24 - 0000000 ____D C:\Program Files (x86)\PDF995
2012-03-07 19:40 - 2012-03-07 19:40 - 0310967 ____A C:\Users\CCM\Desktop\t1opsloot.jpg
2012-03-06 18:21 - 2012-03-06 18:21 - 0011097 ____A C:\Users\CCM\Documents\California_Bar_Moral_Character_appsubmittal2.asp.htm
2012-03-06 18:21 - 2012-03-06 18:21 - 0000000 ____D C:\Users\CCM\Documents\California_Bar_Moral_Character_appsubmittal2.asp_files

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 12240.41 MB
Available physical RAM: 11217.04 MB
Total Pagefile: 12238.56 MB
Available Pagefile: 11202.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:596.17 GB) (Free:150.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:0.49 GB) (Free:0.49 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 Online 500 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 596 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 499 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 499 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-28 23:29

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   38.26KB   0 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:39 AM

Posted 03 June 2012 - 02:43 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2012-06-02 16:07 - 2012-06-02 16:07 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aytmkmvr.sys
2012-05-28 08:42 - 2012-01-11 07:41 - 0000000 __SHD C:\Users\CCM\AppData\Local\{d826e5a7-42af-07a4-b65f-b2508b67fe68}
2012-05-18 07:53 - 2011-12-21 18:54 - 0000000 ____D C:\Users\All Users\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2012-03-17 15:39 - 2012-03-17 15:38 - 0000000 ____D C:\Users\CCM\AppData\Local\{B3A2618B-C9F7-42F8-AC95-12B875076808}
2012-03-17 15:38 - 2012-03-17 15:38 - 0000000 ____D C:\Users\CCM\AppData\Local\{897BC80A-F7C1-4F7F-996A-2A2F3FDA62E2}
2012-03-10 23:14 - 2012-03-10 23:14 - 0000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
1 aytmkmvr; C:\Windows\System32\Drivers\aytmkmvr.sys [50000 2012-06-02] (Microsoft Corporation)
2012-06-02 15:54 - 2012-06-02 15:53 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jfjtvbfs.sys
1 jfjtvbfs; C:\Windows\System32\Drivers\jfjtvbfs.sys [50000 2012-06-02] (Microsoft Corporation)
C:\Windows\Installer\{d826e5a7-42af-07a4-b65f-b2508b67fe68}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT

Delete the copy of ComboFix that you have on your desktop and download a fresh copy from the link below, make certain your security programs are disabled and run it

please post the resulting log:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 chibichanman

chibichanman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 03 June 2012 - 09:47 PM

I booted up and MSE started at start-up. When everything loaded, MSE had the same two errors (Desktop.ini with GAC_32 and GAC_64.

I ran ComboFix and posted the log. I am waiting for a response before loading up MSE again (turned it off for combofix run).

Thank you!


----FRST LOG---

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-03 19:29:05 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\Drivers\aytmkmvr.sys not found.
C:\Users\CCM\AppData\Local\{d826e5a7-42af-07a4-b65f-b2508b67fe68} moved successfully.
C:\Users\All Users\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} moved successfully.
C:\Users\CCM\AppData\Local\{B3A2618B-C9F7-42F8-AC95-12B875076808} moved successfully.
C:\Users\CCM\AppData\Local\{897BC80A-F7C1-4F7F-996A-2A2F3FDA62E2} moved successfully.
C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936} moved successfully.
aytmkmvr service not found.
C:\Windows\System32\Drivers\jfjtvbfs.sys not found.
jfjtvbfs service not found.
C:\Windows\Installer\{d826e5a7-42af-07a4-b65f-b2508b67fe68} moved successfully.

==== End of Fixlog ====


---ComboFix Log----
ComboFix 12-06-03.05 - CCM 06/03/2012 19:37:13.2.12 - x64
Running from: c:\users\CCM\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
---- Previous Run -------
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 02:41 . 2012-06-04 02:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-04 02:41 . 2012-06-04 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 02:34 . 2012-06-04 02:34 50000 ----a-w- c:\windows\system32\drivers\sgmsmomx.sys
2012-06-04 02:32 . 2012-06-04 02:32 50000 ----a-w- c:\windows\system32\drivers\izdzelch.sys
2012-06-04 02:31 . 2012-06-04 02:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F164129-6565-49BE-83EE-F959C9BAAF0F}\offreg.dll
2012-06-03 19:20 . 2012-06-03 19:21 -------- d-----w- C:\FRST
2012-06-03 18:33 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F164129-6565-49BE-83EE-F959C9BAAF0F}\mpengine.dll
2012-06-03 00:43 . 2012-06-03 00:43 -------- d-----w- c:\program files (x86)\ESET
2012-06-03 00:17 . 2012-06-03 00:17 388096 ----a-r- c:\users\CCM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-03 00:17 . 2012-06-03 00:17 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-02 23:53 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-02 23:27 . 2012-06-02 23:27 -------- d-----w- c:\users\CCM\AppData\Roaming\Malwarebytes
2012-06-02 23:26 . 2012-06-02 23:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\programdata\Malwarebytes
2012-06-02 23:26 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 17:50 . 2012-06-02 17:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-02 17:50 . 2012-06-02 17:50 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-02 17:50 . 2012-06-02 17:50 -------- d-----w- c:\program files (x86)\Java
2012-06-02 17:30 . 2012-06-02 17:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4652B051-5CEE-410C-B3C0-CE864E5F439C}\gapaengine.dll
2012-06-02 17:27 . 2012-06-02 17:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-02 17:27 . 2012-06-02 17:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-02 15:39 . 2012-06-02 15:39 -------- d-----w- c:\programdata\RELOADED
2012-06-02 15:27 . 2012-06-02 15:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-02 15:15 . 2012-06-02 17:09 -------- d-----w- c:\program files (x86)\Ys Origin
2012-05-19 04:49 . 2012-05-19 04:49 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2012-05-18 16:02 . 2012-05-28 22:02 -------- d-----w- c:\users\CCM\AppData\Local\Runic Games
2012-05-18 16:01 . 2012-05-18 16:01 -------- d-----w- c:\users\Public\Games
2012-05-15 19:41 . 2012-05-15 19:56 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 19:41 . 2012-05-15 19:54 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 19:41 . 2012-05-15 19:54 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-15 19:39 . 2012-05-15 19:40 -------- d-----w- c:\programdata\Battle.net
2012-05-15 05:19 . 2012-05-15 05:19 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 05:19 . 2012-05-15 05:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-12 01:09 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 01:09 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 01:09 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 01:09 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 01:09 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 01:09 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 01:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 01:09 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 01:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 01:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 18:25 . 2011-12-19 19:32 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 17:50 . 2011-12-19 14:34 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-14 18:34 . 2012-04-11 23:20 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-14 18:34 . 2011-12-19 02:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 05:09 . 2011-12-19 19:32 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-04-07 00:18 . 2012-04-07 00:18 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-04-07 00:18 . 2012-04-07 00:18 986208 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-07 00:18 . 2012-04-07 00:18 210528 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-04-07 00:18 . 2012-04-07 00:18 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys
2012-04-07 00:18 . 2012-04-07 00:18 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-07 00:18 . 2012-04-07 00:18 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-03-25 10:01 . 2012-03-25 10:01 1827840 ----a-w- c:\windows\SysWow64\ipnathlp.dll
2012-03-22 21:51 . 2012-03-23 18:02 2304 ----a-w- c:\windows\SysWow64\HtsysmNT.sys
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 00:38 . 2012-03-18 00:38 726016 ----a-w- c:\windows\SysWow64\7z.dll
2012-03-17 23:33 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-11 06:47 . 2012-03-11 06:47 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-20 06:13 505344 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-15 286720]
"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2011-12-19 4878912]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2011-12-25 5019360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\CCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\CCM\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 CM2793;CM2793 Filter;c:\windows\system32\DRIVERS\CM2793.sys [2010-09-18 14840]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AsrIbDrv;AsrIbDrv;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325047565-1173719390-328377340-1000Core.job
- c:\users\CCM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 21:18]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325047565-1173719390-328377340-1000UA.job
- c:\users\CCM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 21:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-20 06:14 629248 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-27 12881512]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-08-20 98304]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\CCM\AppData\Roaming\Mozilla\Firefox\Profiles\r6294z0p.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:2e,2d,26,37,af,c8,f9,97,bc,39,a0,43,8f,7f,13,98,da,40,93,c1,45,
1a,6e,37,12,b0,07,23,8a,2e,0a,9c,87,fc,c3,64,43,71,d3,88,b7,63,43,6a,64,89,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:2e,2d,26,37,af,c8,f9,97,bc,39,a0,43,8f,7f,13,98,da,40,93,c1,45,
1a,6e,37,12,b0,07,23,8a,2e,0a,9c,87,fc,c3,64,43,71,d3,88,b7,63,43,6a,64,89,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-03 19:42:41
ComboFix-quarantined-files.txt 2012-06-04 02:42
.
Pre-Run: 163,210,248,192 bytes free
Post-Run: 163,169,030,144 bytes free
.
- - End Of File - - EBA80C29D0B80E6C963EC7F2E00DB875

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:39 AM

Posted 03 June 2012 - 10:01 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic455709.html/page__gopid__2719620#entry2719620

Collect::
c:\windows\system32\drivers\sgmsmomx.sys
c:\windows\system32\drivers\izdzelch.sys

File::
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Edited by CatByte, 03 June 2012 - 10:02 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 chibichanman

chibichanman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 04 June 2012 - 02:49 PM

Followed all instructions. Still have not turned on MSE. Will await further instructions before doing anything with antivirus programs.

----- ComboFix log ------
ComboFix 12-06-04.02 - CCM 06/04/2012 12:34:46.3.12 - x64
Running from: c:\users\CCM\Desktop\ComboFix.exe
Command switches used :: c:\users\CCM\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\izdzelch.sys
c:\windows\system32\drivers\sgmsmomx.sys
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_izdzelch
-------\Service_sgmsmomx
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 19:37 . 2012-06-04 19:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-04 19:37 . 2012-06-04 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 16:09 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5798355C-F965-4679-ABD1-EC214AE6CE68}\mpengine.dll
2012-06-03 19:20 . 2012-06-03 19:21 -------- d-----w- C:\FRST
2012-06-03 18:33 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-03 00:43 . 2012-06-03 00:43 -------- d-----w- c:\program files (x86)\ESET
2012-06-03 00:17 . 2012-06-03 00:17 388096 ----a-r- c:\users\CCM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-03 00:17 . 2012-06-03 00:17 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-02 23:27 . 2012-06-02 23:27 -------- d-----w- c:\users\CCM\AppData\Roaming\Malwarebytes
2012-06-02 23:26 . 2012-06-02 23:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\programdata\Malwarebytes
2012-06-02 23:26 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 17:50 . 2012-06-02 17:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-02 17:50 . 2012-06-02 17:50 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-02 17:50 . 2012-06-02 17:50 -------- d-----w- c:\program files (x86)\Java
2012-06-02 17:30 . 2012-06-02 17:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4652B051-5CEE-410C-B3C0-CE864E5F439C}\gapaengine.dll
2012-06-02 17:27 . 2012-06-02 17:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-02 17:27 . 2012-06-02 17:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-02 15:39 . 2012-06-02 15:39 -------- d-----w- c:\programdata\RELOADED
2012-06-02 15:27 . 2012-06-02 15:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-02 15:15 . 2012-06-02 17:09 -------- d-----w- c:\program files (x86)\Ys Origin
2012-05-19 04:49 . 2012-05-19 04:49 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2012-05-18 16:02 . 2012-05-28 22:02 -------- d-----w- c:\users\CCM\AppData\Local\Runic Games
2012-05-18 16:01 . 2012-05-18 16:01 -------- d-----w- c:\users\Public\Games
2012-05-15 19:41 . 2012-05-15 19:56 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 19:41 . 2012-05-15 19:54 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 19:41 . 2012-05-15 19:54 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-15 19:39 . 2012-05-15 19:40 -------- d-----w- c:\programdata\Battle.net
2012-05-15 05:19 . 2012-05-15 05:19 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 05:19 . 2012-05-15 05:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-12 01:09 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 01:09 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 01:09 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 01:09 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 01:09 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 01:09 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 01:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 01:09 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 01:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 01:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 18:25 . 2011-12-19 19:32 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 17:50 . 2011-12-19 14:34 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-14 18:34 . 2012-04-11 23:20 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-14 18:34 . 2011-12-19 02:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 05:09 . 2011-12-19 19:32 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-04-07 00:18 . 2012-04-07 00:18 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-04-07 00:18 . 2012-04-07 00:18 986208 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-07 00:18 . 2012-04-07 00:18 210528 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-04-07 00:18 . 2012-04-07 00:18 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys
2012-04-07 00:18 . 2012-04-07 00:18 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-07 00:18 . 2012-04-07 00:18 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-03-25 10:01 . 2012-03-25 10:01 1827840 ----a-w- c:\windows\SysWow64\ipnathlp.dll
2012-03-22 21:51 . 2012-03-23 18:02 2304 ----a-w- c:\windows\SysWow64\HtsysmNT.sys
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 00:38 . 2012-03-18 00:38 726016 ----a-w- c:\windows\SysWow64\7z.dll
2012-03-17 23:33 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-11 06:47 . 2012-03-11 06:47 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-04_02.41.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-04 02:34 . 2012-06-04 16:11 2896 c:\windows\SoftwareDistribution\EventCache\{F3E1B802-43D4-42FC-BCBE-577DE7C99CEB}.bin
- 2011-12-24 18:56 . 2012-06-04 02:26 5508 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-12-24 18:56 . 2012-06-04 19:38 5508 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-06-04 02:30 . 2012-06-04 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 19:39 . 2012-06-04 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 19:39 . 2012-06-04 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-04 02:30 . 2012-06-04 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-04 02:26 473560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-04 19:38 473560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-06-04 16:21 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-05-14 18:30 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-19 20:02 . 2012-06-04 19:38 21972976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1325047565-1173719390-328377340-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-20 06:13 505344 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-15 286720]
"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2011-12-19 4878912]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2011-12-25 5019360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\CCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\CCM\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 CM2793;CM2793 Filter;c:\windows\system32\DRIVERS\CM2793.sys [2010-09-18 14840]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;g:\wow64\uxddrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-15 7168]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-26 687400]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-16 71168]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AsrIbDrv;AsrIbDrv;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325047565-1173719390-328377340-1000Core.job
- c:\users\CCM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 21:18]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325047565-1173719390-328377340-1000UA.job
- c:\users\CCM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 21:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\CCM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-20 06:14 629248 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-27 12881512]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-08-20 98304]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF12602.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\CCM\AppData\Roaming\Mozilla\Firefox\Profiles\r6294z0p.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:2e,2d,26,37,af,c8,f9,97,bc,39,a0,43,8f,7f,13,98,da,40,93,c1,45,
1a,6e,37,12,b0,07,23,8a,2e,0a,9c,87,fc,c3,64,43,71,d3,88,b7,63,43,6a,64,89,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:2e,2d,26,37,af,c8,f9,97,bc,39,a0,43,8f,7f,13,98,da,40,93,c1,45,
1a,6e,37,12,b0,07,23,8a,2e,0a,9c,87,fc,c3,64,43,71,d3,88,b7,63,43,6a,64,89,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe
.
**************************************************************************
.
Completion time: 2012-06-04 12:44:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 19:44
ComboFix2.txt 2012-06-04 02:42
.
Pre-Run: 165,332,140,032 bytes free
Post-Run: 174,708,809,728 bytes free
.
- - End Of File - - AA35A580630B819A9F8F14BCF57D82ED
Upload was successful




----- TDSS log ------
12:46:30.0623 5004 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:46:30.0989 5004 ============================================================
12:46:30.0989 5004 Current date / time: 2012/06/04 12:46:30.0989
12:46:30.0989 5004 SystemInfo:
12:46:30.0989 5004
12:46:30.0989 5004 OS Version: 6.1.7601 ServicePack: 1.0
12:46:30.0989 5004 Product type: Workstation
12:46:30.0989 5004 ComputerName: CCM-PC
12:46:30.0990 5004 UserName: CCM
12:46:30.0990 5004 Windows directory: C:\Windows
12:46:30.0990 5004 System windows directory: C:\Windows
12:46:30.0990 5004 Running under WOW64
12:46:30.0990 5004 Processor architecture: Intel x64
12:46:30.0990 5004 Number of processors: 12
12:46:30.0990 5004 Page size: 0x1000
12:46:30.0990 5004 Boot type: Normal boot
12:46:30.0990 5004 ============================================================
12:46:33.0276 5004 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:46:33.0292 5004 Drive \Device\Harddisk1\DR1 - Size: 0x78F000000 (30.23 Gb), SectorSize: 0x200, Cylinders: 0xF6A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:46:33.0299 5004 ============================================================
12:46:33.0299 5004 \Device\Harddisk0\DR0:
12:46:33.0299 5004 MBR partitions:
12:46:33.0299 5004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
12:46:33.0300 5004 \Device\Harddisk1\DR1:
12:46:33.0300 5004 MBR partitions:
12:46:33.0300 5004 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3C77FE0
12:46:33.0300 5004 ============================================================
12:46:33.0314 5004 C: <-> \Device\Harddisk0\DR0\Partition0
12:46:33.0314 5004 ============================================================
12:46:33.0314 5004 Initialize success
12:46:33.0314 5004 ============================================================
12:46:48.0251 1184 ============================================================
12:46:48.0251 1184 Scan started
12:46:48.0251 1184 Mode: Manual; TDLFS;
12:46:48.0251 1184 ============================================================
12:46:50.0175 1184 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:46:50.0178 1184 1394ohci - ok
12:46:50.0232 1184 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:46:50.0237 1184 ACPI - ok
12:46:50.0246 1184 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:46:50.0247 1184 AcpiPmi - ok
12:46:50.0312 1184 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:46:50.0333 1184 adp94xx - ok
12:46:50.0357 1184 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:46:50.0363 1184 adpahci - ok
12:46:50.0377 1184 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:46:50.0381 1184 adpu320 - ok
12:46:50.0401 1184 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:46:50.0402 1184 AeLookupSvc - ok
12:46:50.0477 1184 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:46:50.0497 1184 AFD - ok
12:46:50.0541 1184 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:46:50.0543 1184 agp440 - ok
12:46:50.0559 1184 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:46:50.0561 1184 ALG - ok
12:46:50.0598 1184 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:46:50.0599 1184 aliide - ok
12:46:50.0603 1184 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:46:50.0604 1184 amdide - ok
12:46:50.0616 1184 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:46:50.0618 1184 AmdK8 - ok
12:46:50.0629 1184 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:46:50.0630 1184 AmdPPM - ok
12:46:50.0673 1184 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:46:50.0676 1184 amdsata - ok
12:46:50.0720 1184 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:46:50.0724 1184 amdsbs - ok
12:46:50.0729 1184 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:46:50.0730 1184 amdxata - ok
12:46:50.0748 1184 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:46:50.0750 1184 AppID - ok
12:46:50.0754 1184 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:46:50.0755 1184 AppIDSvc - ok
12:46:50.0808 1184 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:46:50.0810 1184 Appinfo - ok
12:46:50.0879 1184 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:46:50.0882 1184 AppMgmt - ok
12:46:50.0898 1184 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:46:50.0900 1184 arc - ok
12:46:50.0918 1184 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:46:50.0920 1184 arcsas - ok
12:46:50.0961 1184 asahci64 (9fa16b03f6599fd0f024a9ceaf7f71e2) C:\Windows\system32\DRIVERS\asahci64.sys
12:46:50.0962 1184 asahci64 - ok
12:46:51.0015 1184 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys
12:46:51.0016 1184 asmthub3 - ok
12:46:51.0058 1184 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys
12:46:51.0061 1184 asmtxhci - ok
12:46:51.0144 1184 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:46:51.0145 1184 aspnet_state - ok
12:46:51.0196 1184 AsrAppCharger (e1afee1584c74050de0dd16de2a54bf3) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
12:46:51.0197 1184 AsrAppCharger - ok
12:46:51.0242 1184 AsrIbDrv - ok
12:46:51.0248 1184 AsrRamDisk (e464e6a9085c6540668301e57d838fc7) C:\Windows\system32\DRIVERS\AsrRamDisk.sys
12:46:51.0249 1184 AsrRamDisk - ok
12:46:51.0286 1184 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:46:51.0286 1184 AsyncMac - ok
12:46:51.0350 1184 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:46:51.0351 1184 atapi - ok
12:46:51.0383 1184 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
12:46:51.0383 1184 AthBTPort - ok
12:46:51.0426 1184 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
12:46:51.0427 1184 ATHDFU - ok
12:46:51.0490 1184 AtherosSvc (1a3f71aade163866001c91bf9fb6f299) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
12:46:51.0491 1184 AtherosSvc - ok
12:46:51.0563 1184 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:46:51.0584 1184 AudioEndpointBuilder - ok
12:46:51.0594 1184 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:46:51.0601 1184 AudioSrv - ok
12:46:51.0657 1184 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:46:51.0659 1184 AxInstSV - ok
12:46:51.0721 1184 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:46:51.0729 1184 b06bdrv - ok
12:46:51.0798 1184 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:46:51.0803 1184 b57nd60a - ok
12:46:51.0843 1184 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:46:51.0846 1184 BDESVC - ok
12:46:51.0849 1184 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:46:51.0850 1184 Beep - ok
12:46:51.0925 1184 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:46:51.0971 1184 BFE - ok
12:46:52.0008 1184 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:46:52.0018 1184 BITS - ok
12:46:52.0063 1184 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:46:52.0065 1184 blbdrive - ok
12:46:52.0109 1184 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:46:52.0111 1184 bowser - ok
12:46:52.0118 1184 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:46:52.0119 1184 BrFiltLo - ok
12:46:52.0130 1184 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:46:52.0131 1184 BrFiltUp - ok
12:46:52.0173 1184 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:46:52.0175 1184 BridgeMP - ok
12:46:52.0188 1184 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:46:52.0190 1184 Browser - ok
12:46:52.0216 1184 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:46:52.0221 1184 Brserid - ok
12:46:52.0232 1184 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:46:52.0234 1184 BrSerWdm - ok
12:46:52.0248 1184 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:52.0249 1184 BrUsbMdm - ok
12:46:52.0259 1184 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:46:52.0260 1184 BrUsbSer - ok
12:46:52.0312 1184 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
12:46:52.0315 1184 BTATH_A2DP - ok
12:46:52.0357 1184 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
12:46:52.0358 1184 BTATH_BUS - ok
12:46:52.0377 1184 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
12:46:52.0379 1184 BTATH_HCRP - ok
12:46:52.0391 1184 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:46:52.0392 1184 BTATH_LWFLT - ok
12:46:52.0442 1184 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
12:46:52.0444 1184 BTATH_RCP - ok
12:46:52.0507 1184 BtFilter (dce0798fd5bb4e452227ec58700956f5) C:\Windows\system32\DRIVERS\btfilter.sys
12:46:52.0510 1184 BtFilter - ok
12:46:52.0521 1184 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
12:46:52.0522 1184 BthEnum - ok
12:46:52.0559 1184 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:46:52.0561 1184 BTHMODEM - ok
12:46:52.0576 1184 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:46:52.0578 1184 BthPan - ok
12:46:52.0612 1184 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
12:46:52.0620 1184 BTHPORT - ok
12:46:52.0671 1184 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:46:52.0673 1184 bthserv - ok
12:46:52.0680 1184 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
12:46:52.0682 1184 BTHUSB - ok
12:46:52.0711 1184 catchme - ok
12:46:52.0743 1184 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:46:52.0745 1184 cdfs - ok
12:46:52.0793 1184 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:46:52.0796 1184 cdrom - ok
12:46:52.0841 1184 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:46:52.0843 1184 CertPropSvc - ok
12:46:52.0963 1184 cFosSpeed (33b82cf69e41b38a2ec0c3cabde80d6e) C:\Windows\system32\DRIVERS\cfosspeed6.sys
12:46:52.0979 1184 cFosSpeed - ok
12:46:53.0038 1184 cFosSpeedS (760085908644d2988f1b504c3fca6959) C:\Program Files\ASRock\XFast LAN\spd.exe
12:46:53.0042 1184 cFosSpeedS - ok
12:46:53.0125 1184 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:46:53.0126 1184 circlass - ok
12:46:53.0184 1184 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:46:53.0189 1184 CLFS - ok
12:46:53.0223 1184 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:46:53.0225 1184 clr_optimization_v2.0.50727_32 - ok
12:46:53.0252 1184 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:46:53.0254 1184 clr_optimization_v2.0.50727_64 - ok
12:46:53.0332 1184 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:46:53.0335 1184 clr_optimization_v4.0.30319_32 - ok
12:46:53.0364 1184 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:46:53.0366 1184 clr_optimization_v4.0.30319_64 - ok
12:46:53.0416 1184 CM2793 (aa0efe7287e0aa0030bfeb607feb7120) C:\Windows\system32\DRIVERS\CM2793.sys
12:46:53.0418 1184 CM2793 - ok
12:46:53.0450 1184 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:46:53.0451 1184 CmBatt - ok
12:46:53.0498 1184 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:46:53.0499 1184 cmdide - ok
12:46:53.0564 1184 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:46:53.0570 1184 CNG - ok
12:46:53.0614 1184 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:46:53.0615 1184 Compbatt - ok
12:46:53.0656 1184 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:46:53.0657 1184 CompositeBus - ok
12:46:53.0680 1184 COMSysApp - ok
12:46:53.0703 1184 cpuz135 - ok
12:46:53.0715 1184 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:46:53.0717 1184 crcdisk - ok
12:46:53.0777 1184 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:46:53.0779 1184 CryptSvc - ok
12:46:53.0819 1184 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:46:53.0827 1184 CSC - ok
12:46:53.0875 1184 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:46:53.0888 1184 CscService - ok
12:46:53.0921 1184 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:46:53.0928 1184 DcomLaunch - ok
12:46:54.0004 1184 DefragFS (6ebce114dd13e4d9cbfd520d4f4bbda4) C:\Windows\system32\drivers\DefragFS.sys
12:46:54.0006 1184 DefragFS - ok
12:46:54.0074 1184 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:46:54.0079 1184 defragsvc - ok
12:46:54.0121 1184 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:46:54.0123 1184 DfsC - ok
12:46:54.0176 1184 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:46:54.0179 1184 Dhcp - ok
12:46:54.0183 1184 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:46:54.0184 1184 discache - ok
12:46:54.0203 1184 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:46:54.0204 1184 Disk - ok
12:46:54.0238 1184 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:46:54.0241 1184 Dnscache - ok
12:46:54.0268 1184 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:46:54.0272 1184 dot3svc - ok
12:46:54.0285 1184 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:46:54.0288 1184 DPS - ok
12:46:54.0334 1184 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:46:54.0335 1184 drmkaud - ok
12:46:54.0388 1184 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:46:54.0398 1184 DXGKrnl - ok
12:46:54.0416 1184 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:46:54.0419 1184 EapHost - ok
12:46:54.0584 1184 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:46:54.0638 1184 ebdrv - ok
12:46:54.0722 1184 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:46:54.0724 1184 EFS - ok
12:46:54.0771 1184 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:46:54.0791 1184 ehRecvr - ok
12:46:54.0814 1184 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:46:54.0817 1184 ehSched - ok
12:46:54.0883 1184 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:46:54.0900 1184 elxstor - ok
12:46:54.0917 1184 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:46:54.0918 1184 ErrDev - ok
12:46:54.0954 1184 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:46:54.0957 1184 EventSystem - ok
12:46:55.0008 1184 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:46:55.0011 1184 exfat - ok
12:46:55.0034 1184 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:46:55.0037 1184 fastfat - ok
12:46:55.0110 1184 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:46:55.0130 1184 Fax - ok
12:46:55.0138 1184 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:46:55.0139 1184 fdc - ok
12:46:55.0171 1184 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:46:55.0173 1184 fdPHost - ok
12:46:55.0187 1184 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:46:55.0188 1184 FDResPub - ok
12:46:55.0204 1184 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:46:55.0206 1184 FileInfo - ok
12:46:55.0214 1184 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:46:55.0215 1184 Filetrace - ok
12:46:55.0223 1184 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:46:55.0224 1184 flpydisk - ok
12:46:55.0255 1184 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:46:55.0259 1184 FltMgr - ok
12:46:55.0307 1184 fltsrv (b8afe7a30d34c0e9fdba81632294547c) C:\Windows\system32\DRIVERS\fltsrv.sys
12:46:55.0309 1184 fltsrv - ok
12:46:55.0350 1184 FNETTBOH_305 (508401a63e6b1cbf0b9c9a011498731f) C:\Windows\system32\drivers\FNETTBOH_305.SYS
12:46:55.0351 1184 FNETTBOH_305 - ok
12:46:55.0373 1184 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
12:46:55.0373 1184 FNETURPX - ok
12:46:55.0442 1184 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:46:55.0466 1184 FontCache - ok
12:46:55.0501 1184 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:46:55.0503 1184 FontCache3.0.0.0 - ok
12:46:55.0519 1184 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:46:55.0521 1184 FsDepends - ok
12:46:55.0542 1184 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:46:55.0544 1184 Fs_Rec - ok
12:46:55.0612 1184 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
12:46:55.0615 1184 Futuremark SystemInfo Service - ok
12:46:55.0659 1184 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:46:55.0663 1184 fvevol - ok
12:46:55.0676 1184 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:46:55.0678 1184 gagp30kx - ok
12:46:55.0726 1184 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:46:55.0761 1184 gpsvc - ok
12:46:55.0777 1184 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:46:55.0778 1184 hcw85cir - ok
12:46:55.0844 1184 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:46:55.0850 1184 HdAudAddService - ok
12:46:55.0886 1184 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:46:55.0889 1184 HDAudBus - ok
12:46:55.0900 1184 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:46:55.0901 1184 HidBatt - ok
12:46:55.0919 1184 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:46:55.0921 1184 HidBth - ok
12:46:55.0927 1184 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:46:55.0928 1184 HidIr - ok
12:46:55.0949 1184 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:46:55.0951 1184 hidserv - ok
12:46:55.0990 1184 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:46:55.0991 1184 HidUsb - ok
12:46:56.0045 1184 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:46:56.0047 1184 hkmsvc - ok
12:46:56.0076 1184 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:46:56.0080 1184 HomeGroupListener - ok
12:46:56.0112 1184 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:46:56.0116 1184 HomeGroupProvider - ok
12:46:56.0164 1184 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:46:56.0166 1184 HpSAMD - ok
12:46:56.0213 1184 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:46:56.0230 1184 HTTP - ok
12:46:56.0234 1184 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:46:56.0235 1184 hwpolicy - ok
12:46:56.0284 1184 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:46:56.0287 1184 i8042prt - ok
12:46:56.0332 1184 iaStorA (db81edc524a0f07fc2bd0b7415676528) C:\Windows\system32\DRIVERS\iaStorA.sys
12:46:56.0337 1184 iaStorA - ok
12:46:56.0385 1184 IAStorDataMgrSvc (0fa3d592e9d4e342cef7adea98251832) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
12:46:56.0386 1184 IAStorDataMgrSvc - ok
12:46:56.0406 1184 iaStorF (4621fae7d3c969a1e84a2790d88fccde) C:\Windows\system32\DRIVERS\iaStorF.sys
12:46:56.0407 1184 iaStorF - ok
12:46:56.0451 1184 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:46:56.0458 1184 iaStorV - ok
12:46:56.0518 1184 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:46:56.0543 1184 idsvc - ok
12:46:56.0586 1184 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:46:56.0588 1184 iirsp - ok
12:46:56.0659 1184 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:46:56.0675 1184 IKEEXT - ok
12:46:56.0884 1184 IntcAzAudAddService (6f3ea1a36bafe2f798b7b0cdc0db53d4) C:\Windows\system32\drivers\RTKVHD64.sys
12:46:56.0900 1184 IntcAzAudAddService - ok
12:46:57.0003 1184 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:46:57.0004 1184 intelide - ok
12:46:57.0046 1184 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:46:57.0047 1184 intelppm - ok
12:46:57.0092 1184 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:46:57.0095 1184 IPBusEnum - ok
12:46:57.0122 1184 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:57.0124 1184 IpFilterDriver - ok
12:46:57.0161 1184 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:46:57.0178 1184 iphlpsvc - ok
12:46:57.0195 1184 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:46:57.0197 1184 IPMIDRV - ok
12:46:57.0210 1184 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:46:57.0213 1184 IPNAT - ok
12:46:57.0246 1184 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:46:57.0247 1184 IRENUM - ok
12:46:57.0256 1184 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:46:57.0257 1184 isapnp - ok
12:46:57.0279 1184 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:46:57.0282 1184 iScsiPrt - ok
12:46:57.0338 1184 k57nd60a (455b75c19bf3f1f2ee3ac10e1169826c) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:46:57.0342 1184 k57nd60a - ok
12:46:57.0366 1184 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:46:57.0367 1184 kbdclass - ok
12:46:57.0379 1184 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:46:57.0380 1184 kbdhid - ok
12:46:57.0406 1184 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:46:57.0408 1184 KeyIso - ok
12:46:57.0421 1184 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:46:57.0423 1184 KSecDD - ok
12:46:57.0433 1184 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:46:57.0436 1184 KSecPkg - ok
12:46:57.0448 1184 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:46:57.0449 1184 ksthunk - ok
12:46:57.0509 1184 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:46:57.0516 1184 KtmRm - ok
12:46:57.0538 1184 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:46:57.0543 1184 LanmanServer - ok
12:46:57.0569 1184 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:46:57.0573 1184 LanmanWorkstation - ok
12:46:57.0669 1184 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:46:57.0675 1184 LBTServ - ok
12:46:57.0715 1184 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:46:57.0716 1184 LHidFilt - ok
12:46:57.0762 1184 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:46:57.0763 1184 lltdio - ok
12:46:57.0800 1184 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:46:57.0806 1184 lltdsvc - ok
12:46:57.0819 1184 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:46:57.0821 1184 lmhosts - ok
12:46:57.0833 1184 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:46:57.0834 1184 LMouFilt - ok
12:46:57.0871 1184 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:46:57.0873 1184 LSI_FC - ok
12:46:57.0892 1184 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:46:57.0894 1184 LSI_SAS - ok
12:46:57.0903 1184 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:46:57.0905 1184 LSI_SAS2 - ok
12:46:57.0920 1184 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:46:57.0923 1184 LSI_SCSI - ok
12:46:57.0967 1184 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:46:57.0969 1184 luafv - ok
12:46:58.0030 1184 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
12:46:58.0033 1184 LVRS64 - ok
12:46:58.0262 1184 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:46:58.0282 1184 LVUVC64 - ok
12:46:58.0389 1184 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
12:46:58.0390 1184 MBfilt - ok
12:46:58.0412 1184 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:46:58.0415 1184 Mcx2Svc - ok
12:46:58.0427 1184 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:46:58.0428 1184 megasas - ok
12:46:58.0452 1184 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:46:58.0457 1184 MegaSR - ok
12:46:58.0493 1184 MEIx64 (86614752d2fae34ccd9e7b2aaba5fbec) C:\Windows\system32\DRIVERS\HECIx64.sys
12:46:58.0494 1184 MEIx64 - ok
12:46:58.0567 1184 Microsoft SharePoint Workspace Audit Service - ok
12:46:58.0582 1184 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:46:58.0585 1184 MMCSS - ok
12:46:58.0593 1184 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:46:58.0595 1184 Modem - ok
12:46:58.0636 1184 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:46:58.0637 1184 monitor - ok
12:46:58.0682 1184 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:46:58.0683 1184 mouclass - ok
12:46:58.0702 1184 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:46:58.0703 1184 mouhid - ok
12:46:58.0734 1184 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:46:58.0736 1184 mountmgr - ok
12:46:58.0818 1184 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:46:58.0821 1184 MozillaMaintenance - ok
12:46:58.0881 1184 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:46:58.0884 1184 MpFilter - ok
12:46:58.0912 1184 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:46:58.0915 1184 mpio - ok
12:46:58.0928 1184 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:46:58.0930 1184 mpsdrv - ok
12:46:59.0028 1184 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:46:59.0045 1184 MpsSvc - ok
12:46:59.0067 1184 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:46:59.0070 1184 MRxDAV - ok
12:46:59.0095 1184 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:59.0097 1184 mrxsmb - ok
12:46:59.0120 1184 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:59.0125 1184 mrxsmb10 - ok
12:46:59.0134 1184 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:59.0136 1184 mrxsmb20 - ok
12:46:59.0140 1184 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:46:59.0141 1184 msahci - ok
12:46:59.0167 1184 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:46:59.0169 1184 msdsm - ok
12:46:59.0192 1184 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:46:59.0195 1184 MSDTC - ok
12:46:59.0235 1184 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:46:59.0236 1184 Msfs - ok
12:46:59.0247 1184 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:46:59.0248 1184 mshidkmdf - ok
12:46:59.0260 1184 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:46:59.0261 1184 msisadrv - ok
12:46:59.0314 1184 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:46:59.0317 1184 MSiSCSI - ok
12:46:59.0321 1184 msiserver - ok
12:46:59.0361 1184 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:46:59.0362 1184 MSKSSRV - ok
12:46:59.0425 1184 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:46:59.0425 1184 MsMpSvc - ok
12:46:59.0467 1184 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:59.0468 1184 MSPCLOCK - ok
12:46:59.0478 1184 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:46:59.0479 1184 MSPQM - ok
12:46:59.0508 1184 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:46:59.0514 1184 MsRPC - ok
12:46:59.0532 1184 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:46:59.0532 1184 mssmbios - ok
12:46:59.0537 1184 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:46:59.0538 1184 MSTEE - ok
12:46:59.0553 1184 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:46:59.0554 1184 MTConfig - ok
12:46:59.0560 1184 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:46:59.0562 1184 Mup - ok
12:46:59.0607 1184 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:46:59.0628 1184 napagent - ok
12:46:59.0683 1184 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:46:59.0688 1184 NativeWifiP - ok
12:46:59.0806 1184 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
12:46:59.0835 1184 NAUpdate - ok
12:46:59.0922 1184 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:46:59.0931 1184 NDIS - ok
12:46:59.0969 1184 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:46:59.0970 1184 NdisCap - ok
12:47:00.0005 1184 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:00.0006 1184 NdisTapi - ok
12:47:00.0019 1184 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:00.0021 1184 Ndisuio - ok
12:47:00.0049 1184 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:00.0052 1184 NdisWan - ok
12:47:00.0073 1184 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:47:00.0074 1184 NDProxy - ok
12:47:00.0096 1184 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:47:00.0098 1184 NetBIOS - ok
12:47:00.0111 1184 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:47:00.0115 1184 NetBT - ok
12:47:00.0139 1184 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:47:00.0141 1184 Netlogon - ok
12:47:00.0199 1184 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:47:00.0204 1184 Netman - ok
12:47:00.0282 1184 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:00.0284 1184 NetMsmqActivator - ok
12:47:00.0304 1184 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:00.0306 1184 NetPipeActivator - ok
12:47:00.0345 1184 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:47:00.0350 1184 netprofm - ok
12:47:00.0380 1184 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:00.0381 1184 NetTcpActivator - ok
12:47:00.0383 1184 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:00.0384 1184 NetTcpPortSharing - ok
12:47:00.0416 1184 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:00.0417 1184 nfrd960 - ok
12:47:00.0463 1184 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:47:00.0465 1184 NisDrv - ok
12:47:00.0531 1184 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:47:00.0536 1184 NisSrv - ok
12:47:00.0587 1184 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:47:00.0593 1184 NlaSvc - ok
12:47:00.0657 1184 NovacomD (1e8281a0bc4358cf816754e0a195d329) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
12:47:00.0659 1184 NovacomD - ok
12:47:00.0672 1184 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:47:00.0673 1184 Npfs - ok
12:47:00.0684 1184 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:47:00.0686 1184 nsi - ok
12:47:00.0698 1184 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:47:00.0699 1184 nsiproxy - ok
12:47:00.0804 1184 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:47:00.0813 1184 Ntfs - ok
12:47:00.0884 1184 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:47:00.0885 1184 Null - ok
12:47:00.0932 1184 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
12:47:00.0934 1184 NVHDA - ok
12:47:01.0951 1184 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:47:01.0998 1184 nvlddmkm - ok
12:47:02.0073 1184 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:47:02.0076 1184 nvraid - ok
12:47:02.0098 1184 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:47:02.0101 1184 nvstor - ok
12:47:02.0193 1184 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
12:47:02.0206 1184 nvsvc - ok
12:47:02.0355 1184 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:47:02.0391 1184 nvUpdatusService - ok
12:47:02.0460 1184 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:47:02.0463 1184 nv_agp - ok
12:47:02.0477 1184 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:47:02.0479 1184 ohci1394 - ok
12:47:02.0551 1184 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:02.0553 1184 ose - ok
12:47:02.0622 1184 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:02.0626 1184 ose64 - ok
12:47:03.0189 1184 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:47:03.0228 1184 osppsvc - ok
12:47:03.0360 1184 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:47:03.0365 1184 p2pimsvc - ok
12:47:03.0427 1184 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:47:03.0431 1184 p2psvc - ok
12:47:03.0495 1184 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:47:03.0497 1184 Parport - ok
12:47:03.0565 1184 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:47:03.0566 1184 partmgr - ok
12:47:03.0584 1184 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:47:03.0588 1184 PcaSvc - ok
12:47:03.0662 1184 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:47:03.0684 1184 pci - ok
12:47:03.0719 1184 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:47:03.0720 1184 pciide - ok
12:47:04.0699 1184 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:04.0704 1184 pcmcia - ok
12:47:04.0942 1184 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:47:04.0943 1184 pcw - ok
12:47:05.0299 1184 PDAgent (a0a29546bf116829140f10dbd9bacad0) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
12:47:05.0355 1184 PDAgent - ok
12:47:05.0555 1184 PDEngine (f2f7572275d900e90b69e2de931b1fb8) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
12:47:05.0594 1184 PDEngine - ok
12:47:05.0695 1184 PDFSFilter (f530fab7b9e4443b58b7a7e8e4ec3557) C:\Windows\system32\DRIVERS\PDFsFilter.sys
12:47:05.0696 1184 PDFSFilter - ok
12:47:06.0579 1184 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:47:06.0588 1184 PEAUTH - ok
12:47:06.0671 1184 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:47:06.0695 1184 PeerDistSvc - ok
12:47:06.0744 1184 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:47:06.0745 1184 PerfHost - ok
12:47:06.0834 1184 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:47:06.0853 1184 pla - ok
12:47:06.0910 1184 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:47:06.0914 1184 PlugPlay - ok
12:47:06.0927 1184 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:47:06.0928 1184 PNRPAutoReg - ok
12:47:06.0946 1184 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:47:06.0948 1184 PNRPsvc - ok
12:47:06.0980 1184 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:47:06.0984 1184 PolicyAgent - ok
12:47:07.0009 1184 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:47:07.0012 1184 Power - ok
12:47:07.0072 1184 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:47:07.0074 1184 PptpMiniport - ok
12:47:07.0090 1184 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:47:07.0092 1184 Processor - ok
12:47:07.0110 1184 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:47:07.0113 1184 ProfSvc - ok
12:47:07.0130 1184 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:47:07.0131 1184 ProtectedStorage - ok
12:47:07.0181 1184 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:47:07.0183 1184 Psched - ok
12:47:07.0233 1184 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:47:07.0235 1184 PxHlpa64 - ok
12:47:07.0314 1184 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:47:07.0343 1184 ql2300 - ok
12:47:07.0408 1184 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:07.0411 1184 ql40xx - ok
12:47:07.0435 1184 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:47:07.0440 1184 QWAVE - ok
12:47:07.0451 1184 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:47:07.0453 1184 QWAVEdrv - ok
12:47:07.0460 1184 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:47:07.0461 1184 RasAcd - ok
12:47:07.0506 1184 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:07.0507 1184 RasAgileVpn - ok
12:47:07.0521 1184 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:47:07.0524 1184 RasAuto - ok
12:47:07.0548 1184 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:07.0550 1184 Rasl2tp - ok
12:47:07.0577 1184 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:47:07.0582 1184 RasMan - ok
12:47:07.0595 1184 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:07.0597 1184 RasPppoe - ok
12:47:07.0622 1184 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:47:07.0624 1184 RasSstp - ok
12:47:07.0661 1184 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:47:07.0665 1184 rdbss - ok
12:47:07.0670 1184 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:07.0671 1184 rdpbus - ok
12:47:07.0682 1184 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:07.0683 1184 RDPCDD - ok
12:47:07.0712 1184 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:47:07.0715 1184 RDPDR - ok
12:47:07.0819 1184 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:47:07.0820 1184 RDPENCDD - ok
12:47:07.0836 1184 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:47:07.0837 1184 RDPREFMP - ok
12:47:08.0403 1184 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:47:08.0424 1184 RDPWD - ok
12:47:08.0468 1184 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:47:08.0472 1184 rdyboost - ok
12:47:08.0538 1184 RemoteAccess - ok
12:47:08.0564 1184 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:47:08.0566 1184 RemoteRegistry - ok
12:47:08.0626 1184 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:47:08.0628 1184 RFCOMM - ok
12:47:08.0642 1184 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:47:08.0645 1184 RpcEptMapper - ok
12:47:08.0666 1184 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:47:08.0668 1184 RpcLocator - ok
12:47:08.0703 1184 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:47:08.0710 1184 RpcSs - ok
12:47:08.0748 1184 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:47:08.0750 1184 rspndr - ok
12:47:08.0770 1184 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:47:08.0772 1184 s3cap - ok
12:47:08.0797 1184 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:47:08.0798 1184 SamSs - ok
12:47:08.0816 1184 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:47:08.0818 1184 sbp2port - ok
12:47:08.0842 1184 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:47:08.0847 1184 SCardSvr - ok
12:47:08.0871 1184 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:47:08.0872 1184 scfilter - ok
12:47:08.0939 1184 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:47:08.0952 1184 Schedule - ok
12:47:08.0966 1184 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:47:08.0967 1184 SCPolicySvc - ok
12:47:08.0986 1184 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:47:08.0989 1184 SDRSVC - ok
12:47:09.0037 1184 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:47:09.0038 1184 secdrv - ok
12:47:09.0060 1184 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:47:09.0062 1184 seclogon - ok
12:47:09.0069 1184 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:47:09.0072 1184 SENS - ok
12:47:09.0081 1184 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:47:09.0083 1184 SensrSvc - ok
12:47:09.0123 1184 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:47:09.0124 1184 Serenum - ok
12:47:09.0139 1184 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:47:09.0141 1184 Serial - ok
12:47:09.0150 1184 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:47:09.0152 1184 sermouse - ok
12:47:09.0184 1184 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:47:09.0188 1184 SessionEnv - ok
12:47:09.0197 1184 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:47:09.0198 1184 sffdisk - ok
12:47:09.0214 1184 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:47:09.0215 1184 sffp_mmc - ok
12:47:09.0229 1184 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:47:09.0230 1184 sffp_sd - ok
12:47:09.0266 1184 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:09.0267 1184 sfloppy - ok
12:47:09.0355 1184 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:47:09.0361 1184 SharedAccess - ok
12:47:09.0393 1184 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:47:09.0398 1184 ShellHWDetection - ok
12:47:09.0436 1184 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:09.0438 1184 SiSRaid2 - ok
12:47:09.0448 1184 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:09.0450 1184 SiSRaid4 - ok
12:47:09.0550 1184 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:47:09.0553 1184 SkypeUpdate - ok
12:47:09.0576 1184 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:47:09.0577 1184 Smb - ok
12:47:09.0615 1184 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:47:09.0617 1184 SNMPTRAP - ok
12:47:09.0627 1184 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:47:09.0628 1184 spldr - ok
12:47:09.0671 1184 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:47:09.0678 1184 Spooler - ok
12:47:10.0282 1184 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:47:10.0318 1184 sppsvc - ok
12:47:10.0389 1184 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:47:10.0392 1184 sppuinotify - ok
12:47:10.0448 1184 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
12:47:10.0448 1184 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
12:47:10.0450 1184 sptd ( LockedFile.Multi.Generic ) - warning
12:47:10.0450 1184 sptd - detected LockedFile.Multi.Generic (1)
12:47:10.0480 1184 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:47:10.0487 1184 srv - ok
12:47:10.0507 1184 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:47:10.0514 1184 srv2 - ok
12:47:10.0525 1184 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:47:10.0528 1184 srvnet - ok
12:47:10.0574 1184 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:47:10.0578 1184 SSDPSRV - ok
12:47:10.0592 1184 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:47:10.0594 1184 SstpSvc - ok
12:47:10.0688 1184 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:47:10.0693 1184 StarWindServiceAE - ok
12:47:10.0719 1184 Steam Client Service - ok
12:47:10.0822 1184 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:47:10.0828 1184 Stereo Service - ok
12:47:10.0854 1184 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:47:10.0856 1184 stexstor - ok
12:47:10.0930 1184 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:47:10.0945 1184 stisvc - ok
12:47:10.0957 1184 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:47:10.0959 1184 storflt - ok
12:47:10.0982 1184 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:47:10.0985 1184 StorSvc - ok
12:47:10.0998 1184 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:47:11.0000 1184 storvsc - ok
12:47:11.0012 1184 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:47:11.0013 1184 swenum - ok
12:47:11.0105 1184 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:47:11.0125 1184 SwitchBoard - ok
12:47:11.0178 1184 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:47:11.0197 1184 swprv - ok
12:47:11.0286 1184 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:47:11.0315 1184 SysMain - ok
12:47:11.0398 1184 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:47:11.0401 1184 TabletInputService - ok
12:47:11.0419 1184 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:47:11.0424 1184 TapiSrv - ok
12:47:11.0440 1184 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:47:11.0442 1184 TBS - ok
12:47:11.0553 1184 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:47:11.0571 1184 Tcpip - ok
12:47:11.0715 1184 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:47:11.0730 1184 TCPIP6 - ok
12:47:12.0346 1184 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:47:12.0347 1184 tcpipreg - ok
12:47:12.0368 1184 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:47:12.0370 1184 TDPIPE - ok
12:47:12.0390 1184 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:47:12.0391 1184 TDTCP - ok
12:47:12.0412 1184 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:47:12.0414 1184 tdx - ok
12:47:12.0431 1184 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:47:12.0432 1184 TermDD - ok
12:47:12.0474 1184 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:47:12.0482 1184 TermService - ok
12:47:12.0495 1184 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:47:12.0498 1184 Themes - ok
12:47:12.0514 1184 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:47:12.0516 1184 THREADORDER - ok
12:47:12.0532 1184 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:47:12.0536 1184 TrkWks - ok
12:47:12.0559 1184 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:47:12.0562 1184 TrustedInstaller - ok
12:47:12.0584 1184 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:12.0585 1184 tssecsrv - ok
12:47:12.0606 1184 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:47:12.0608 1184 TsUsbFlt - ok
12:47:12.0660 1184 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:47:12.0662 1184 tunnel - ok
12:47:12.0672 1184 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:47:12.0673 1184 uagp35 - ok
12:47:12.0698 1184 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:47:12.0702 1184 udfs - ok
12:47:12.0709 1184 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:47:12.0711 1184 UI0Detect - ok
12:47:12.0745 1184 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:47:12.0746 1184 uliagpkx - ok
12:47:12.0784 1184 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:47:12.0785 1184 umbus - ok
12:47:12.0800 1184 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:47:12.0801 1184 UmPass - ok
12:47:12.0826 1184 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:47:12.0831 1184 UmRdpService - ok
12:47:12.0943 1184 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:47:12.0948 1184 UMVPFSrv - ok
12:47:12.0977 1184 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:47:12.0985 1184 upnphost - ok
12:47:13.0009 1184 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:47:13.0011 1184 usbaudio - ok
12:47:13.0031 1184 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:13.0033 1184 usbccgp - ok
12:47:13.0069 1184 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:47:13.0071 1184 usbcir - ok
12:47:13.0079 1184 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:47:13.0080 1184 usbehci - ok
12:47:13.0106 1184 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:47:13.0111 1184 usbhub - ok
12:47:13.0122 1184 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:47:13.0123 1184 usbohci - ok
12:47:13.0141 1184 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:47:13.0142 1184 usbprint - ok
12:47:13.0161 1184 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:13.0162 1184 USBSTOR - ok
12:47:13.0176 1184 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:47:13.0177 1184 usbuhci - ok
12:47:13.0216 1184 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:47:13.0219 1184 usbvideo - ok
12:47:13.0242 1184 uxddrv - ok
12:47:13.0261 1184 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:47:13.0264 1184 UxSms - ok
12:47:13.0281 1184 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:47:13.0282 1184 VaultSvc - ok
12:47:13.0333 1184 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:47:13.0334 1184 vdrvroot - ok
12:47:13.0377 1184 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:47:13.0394 1184 vds - ok
12:47:13.0406 1184 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:13.0407 1184 vga - ok
12:47:13.0415 1184 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:47:13.0416 1184 VgaSave - ok
12:47:13.0440 1184 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:47:13.0444 1184 vhdmp - ok
12:47:13.0453 1184 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:47:13.0454 1184 viaide - ok
12:47:13.0500 1184 vidsflt58 (6dc5d9a5bba6a858d06b7abefba1a1e6) C:\Windows\system32\DRIVERS\vsflt58.sys
12:47:13.0502 1184 vidsflt58 - ok
12:47:13.0521 1184 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:47:13.0525 1184 vmbus - ok
12:47:13.0540 1184 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:47:13.0541 1184 VMBusHID - ok
12:47:13.0547 1184 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:47:13.0548 1184 volmgr - ok
12:47:13.0575 1184 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:47:13.0579 1184 volmgrx - ok
12:47:13.0598 1184 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:47:13.0645 1184 volsnap - ok
12:47:13.0690 1184 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:13.0693 1184 vsmraid - ok
12:47:14.0310 1184 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:47:14.0327 1184 VSS - ok
12:47:14.0392 1184 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:47:14.0394 1184 vwifibus - ok
12:47:14.0459 1184 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:47:14.0466 1184 W32Time - ok
12:47:14.0478 1184 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:47:14.0479 1184 WacomPen - ok
12:47:14.0524 1184 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:14.0526 1184 WANARP - ok
12:47:14.0545 1184 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:14.0547 1184 Wanarpv6 - ok
12:47:14.0637 1184 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:47:14.0658 1184 WatAdminSvc - ok
12:47:14.0731 1184 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:47:14.0756 1184 wbengine - ok
12:47:14.0801 1184 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:47:14.0806 1184 WbioSrvc - ok
12:47:14.0833 1184 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:47:14.0841 1184 wcncsvc - ok
12:47:14.0855 1184 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:47:14.0857 1184 WcsPlugInService - ok
12:47:14.0868 1184 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:47:14.0869 1184 Wd - ok
12:47:14.0902 1184 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:47:14.0911 1184 Wdf01000 - ok
12:47:14.0926 1184 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:47:14.0930 1184 WdiServiceHost - ok
12:47:14.0933 1184 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:47:14.0936 1184 WdiSystemHost - ok
12:47:14.0965 1184 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:47:14.0971 1184 WebClient - ok
12:47:14.0989 1184 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:47:14.0995 1184 Wecsvc - ok
12:47:15.0011 1184 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:47:15.0015 1184 wercplsupport - ok
12:47:15.0059 1184 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:47:15.0062 1184 WerSvc - ok
12:47:15.0101 1184 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:15.0102 1184 WfpLwf - ok
12:47:15.0119 1184 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:47:15.0121 1184 WIMMount - ok
12:47:15.0171 1184 WinDefend - ok
12:47:15.0180 1184 WinHttpAutoProxySvc - ok
12:47:15.0215 1184 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:47:15.0219 1184 Winmgmt - ok
12:47:15.0324 1184 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:47:15.0345 1184 WinRM - ok
12:47:15.0450 1184 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:47:15.0452 1184 WinUSB - ok
12:47:15.0504 1184 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:47:15.0528 1184 Wlansvc - ok
12:47:15.0674 1184 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:47:15.0700 1184 wlidsvc - ok
12:47:16.0073 1184 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:47:16.0074 1184 WmiAcpi - ok
12:47:16.0101 1184 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:47:16.0105 1184 wmiApSrv - ok
12:47:16.0131 1184 WMPNetworkSvc - ok
12:47:16.0147 1184 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:47:16.0150 1184 WPCSvc - ok
12:47:16.0167 1184 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:47:16.0171 1184 WPDBusEnum - ok
12:47:16.0191 1184 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:47:16.0192 1184 ws2ifsl - ok
12:47:16.0238 1184 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:47:16.0242 1184 wscsvc - ok
12:47:16.0246 1184 WSearch - ok
12:47:16.0383 1184 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:47:16.0420 1184 wuauserv - ok
12:47:16.0487 1184 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:47:16.0489 1184 WudfPf - ok
12:47:16.0538 1184 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:16.0541 1184 WUDFRd - ok
12:47:16.0564 1184 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:47:16.0567 1184 wudfsvc - ok
12:47:16.0587 1184 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:47:16.0592 1184 WwanSvc - ok
12:47:16.0680 1184 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
12:47:16.0694 1184 xnacc - ok
12:47:16.0760 1184 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
12:47:16.0762 1184 xusb21 - ok
12:47:16.0817 1184 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:47:17.0037 1184 \Device\Harddisk0\DR0 - ok
12:47:17.0043 1184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:47:18.0550 1184 \Device\Harddisk1\DR1 - ok
12:47:18.0553 1184 Boot (0x1200) (580dbd234f395fc85af055498c646477) \Device\Harddisk0\DR0\Partition0
12:47:18.0554 1184 \Device\Harddisk0\DR0\Partition0 - ok
12:47:18.0558 1184 Boot (0x1200) (2ca05ebebcc54159d424c9ad85e29483) \Device\Harddisk1\DR1\Partition0
12:47:18.0559 1184 \Device\Harddisk1\DR1\Partition0 - ok
12:47:18.0560 1184 ============================================================
12:47:18.0560 1184 Scan finished
12:47:18.0560 1184 ============================================================
12:47:18.0569 4836 Detected object count: 1
12:47:18.0569 4836 Actual detected object count: 1
12:48:08.0918 4836 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:48:08.0918 4836 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:39 AM

Posted 04 June 2012 - 03:04 PM

That looks better now

turn on MSSE, update the definitions and give it a quick scan, let me know if it finds anything that isn't already in quarantine


How is the computer running now? Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 chibichanman

chibichanman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 04 June 2012 - 03:09 PM

Amazing!

Quick scan revealed nothing, no pop-ups on threats either like before. Desktop icons behave normally.

Thank you so much for your help, I really do appreciate it.

Donation on the way! :)

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:39 AM

Posted 04 June 2012 - 03:16 PM

Hi (thank-you very much :))

Just some housekeeping to do now,

Please do the following:


You can delete the DDS, FRST and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Edited by CatByte, 04 June 2012 - 03:16 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 chibichanman

chibichanman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 05 June 2012 - 11:08 AM

Programs deleted and programs/addons ran and or installed.

Thanks again for all the help!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:39 AM

Posted 05 June 2012 - 06:11 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:39 AM

Posted 05 June 2012 - 06:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users