Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible KeyLogger


  • This topic is locked This topic is locked
11 replies to this topic

#1 I Put My Faith In U

I Put My Faith In U

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Faith is located around in the Baltimore area.
  • Local time:04:02 PM

Posted 22 June 2012 - 06:05 PM

Hi,

I believe I have a possible Keylogger in my system. There are a few reasons why I think so.
The person that I think installed the KeyLogger, was really into what I was doing. Was always looking over my shoulder, and was always writing people messages who he didn't think I should be talking to. He would spy on the websites that I viewed, than randomly out-of-nowhere tell me things about it when we clearly never spoke of the website prior.

Also, I noticed yesterday, I went to log on to one of my accounts on a website, and the password was changed. It never was changed before - ever. I will wait even more patiently for someone to help me remove this KeyLogger he installed. I appreciate it. Thanks in advance.

Programs I've tried thus far: SpyBot: Search & Destroy, Malwarebytes, Avast, Avira, Norton, Super Anti-Spyware.
Avira picked up on something about not being able to go inside the folder due to it being password protected. I searched on line and other people were having similar problems.


Vamred

Edited by I Put My Faith In U, 23 June 2012 - 03:43 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 27 June 2012 - 06:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458028 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 02 July 2012 - 06:15 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:02 AM

Posted 07 July 2012 - 12:39 AM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 I Put My Faith In U

I Put My Faith In U
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Faith is located around in the Baltimore area.
  • Local time:04:02 PM

Posted 07 July 2012 - 01:42 AM

Good Morning,

Thank you for re-opening my post, Budapest!

Here is information about my system:

64-bit version of Windows
Windows 7 Home Premium
Service Pack 1


It came with No Windows CD.

I have a 64-bit version, so I didn't attach a GMER log.
Again, there has been a lot of different errors within my system. I mentioned before, I had a friend who liked to download things, and was always spying on me.
My log-in account password was changed recently, and my Facebook account was tampered with. There were pages being liked without my permission, messages being sent that weren't from me. I'm not sure what Avira had picked up, but it was a file that looked suspicious. My proocessors might be bugged. There duplicates. Unless a lot of them, imitate like the Svchost file does. After visiting certain sites, my friend would message me talking about the sites, and telling me they were bad and blah blah, but he was trying to be discreet about it, because he knew I would suspect something. Not to rant and rave, but I really need to get rid of this time consuming situation going on. I want this thing detected, and wiped away completely.

I've tried a few things:

SuperAnti-Spyware, Spybot: Search & Destroy, Malwarebytes, Avira, Avast, AVG, Norton, Site Advisor, Mcafee, Comodo,
Kaspersky. System Restore. Housecall.

I understood, that there were conflicts between different anti-virus protectors, but after I deleted the ones I didn't want, and had only one, it worked just fine, now without more than one Anti-Virus, it's still acting weird.



However, I have not used Combofix, HiJackThis, etc... Because I realized, it was for advanced users, who know what they are doing. I'm patient, but ery eager to get rid of this KeyLogger. I know that the KeyLoggers are meant to be hidden in a user's system, but I believe in getting rid of one completely. Faith. lol.
My other computer was trashed with a trojan, so I do not want this one to be. Anyway, I look forward to your help! :-)


Thanks in advance!

Attaching the Attach.txt file, and adding the DDS below. Also, I am disabling the CD emulation programs with Defogger. Let me know, if you need me to download the GMER log anyway.

The DDS could have changed since I used the defogger. Not sure.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brittany Forrester at 2:29:37 on 2012-07-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.303 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
uRun: [Google Update] "C:\Users\Brittany Forrester\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{974C78B8-9200-49D0-BB9D-3DBF8DA9BECC} : DhcpNameServer = 192.168.72.2
TCP: Interfaces\{A4D03D01-51FC-4107-A087-D64A10F2A236} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\Firefox\Profiles\p5nt0x6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Brittany Forrester\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001_ba0\BHDrvx64.sys [2012-6-19 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120705.001\IDSviA64.sys [2012-7-6 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-25 98208]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-25 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-25 1817088]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-25 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-15 86224]
S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-15 110032]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-6-15 465360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 DMBdtv;DTMB DTV USB Tuner;C:\Windows\system32\Drivers\DMBdtv.sys --> C:\Windows\system32\Drivers\DMBdtv.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 113120]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-06 15:44:46 -------- d-----w- C:\Windows\pss
2012-07-02 05:31:20 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8E265123-0560-428A-955E-57815CDC4797}
2012-06-26 16:34:00 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-26 16:34:00 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-26 04:31:48 -------- d--h--w- C:\Windows\AxInstSV
2012-06-25 11:53:32 409960 ----a-w- C:\Windows\System32\xactengine2_8.dll
2012-06-25 11:53:32 266088 ----a-w- C:\Windows\SysWow64\xactengine2_8.dll
2012-06-25 11:53:32 21352 ----a-w- C:\Windows\System32\x3daudio1_2.dll
2012-06-25 11:53:32 18280 ----a-w- C:\Windows\SysWow64\x3daudio1_2.dll
2012-06-25 11:53:31 506728 ----a-w- C:\Windows\System32\d3dx10_34.dll
2012-06-25 11:53:31 443752 ----a-w- C:\Windows\SysWow64\d3dx10_34.dll
2012-06-25 11:53:31 1401200 ----a-w- C:\Windows\System32\D3DCompiler_34.dll
2012-06-25 11:53:31 1124720 ----a-w- C:\Windows\SysWow64\D3DCompiler_34.dll
2012-06-25 11:53:26 4496232 ----a-w- C:\Windows\System32\d3dx9_34.dll
2012-06-25 11:53:26 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-06-25 11:53:22 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-06-25 11:53:22 107368 ----a-w- C:\Windows\System32\xinput1_3.dll
2012-06-25 11:49:51 -------- d-----w- C:\Program Files (x86)\Blue Mars
2012-06-25 01:53:27 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{655630B6-0F5D-4C97-A8FC-40E020FE7DC9}
2012-06-24 05:58:44 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{E056E780-1081-4F00-9C0D-D89695679D12}
2012-06-23 09:32:25 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-06-23 09:32:24 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-23 05:34:51 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8D739B2A-54B3-4364-B70D-E217079C7866}
2012-06-23 01:15:55 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-06-23 01:15:48 -------- d-----w- C:\Program Files (x86)\Aeria Games
2012-06-20 21:36:43 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-06-20 21:33:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-20 21:33:29 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-20 21:33:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-20 21:33:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 08:52:46 -------- d-----w- C:\Program Files (x86)\Aika Online1
2012-06-20 06:14:00 -------- d-----w- C:\Program Files (x86)\AikaOnline
2012-06-20 02:47:56 -------- d-----w- C:\Program Files (x86)\Aika Online
2012-06-19 18:32:36 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 18:31:59 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-19 18:31:59 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-19 06:27:05 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{35612BBC-5436-42FA-BF53-3E23BFA1DC1B}
2012-06-19 01:12:09 -------- d-----w- C:\ProgramData\CPA_VA
2012-06-18 15:52:09 -------- d--h--w- C:\ProgramData\Common Files
2012-06-18 11:29:06 -------- d-----w- C:\ProgramData\MFAData
2012-06-17 17:32:25 -------- d--h--w- C:\Windows\msdownld.tmp
2012-06-17 17:15:23 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\SCE
2012-06-17 17:15:09 -------- d-----w- C:\Windows\SysWow64\directx
2012-06-16 16:17:59 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\FOG Downloader
2012-06-16 14:54:58 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-15 12:37:30 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\APN
2012-06-15 12:35:13 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-06-15 12:35:12 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-06-15 12:35:10 -------- d-----w- C:\ProgramData\Avira
2012-06-15 12:35:10 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-15 06:53:44 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{78F71F62-66FE-49C7-BAC3-1739434C5378}
2012-06-14 13:17:25 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{B0E4F089-9F39-45C1-9BEA-D2E8DBFE5DF5}
2012-06-14 06:30:06 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\Macromedia
2012-06-14 05:56:33 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 05:56:32 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-14 05:01:56 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-06-14 05:01:54 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-14 05:01:54 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-14 05:01:52 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-13 06:02:19 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{E462BF8B-B9DD-479F-939A-591FA14FBB77}
2012-06-13 05:36:07 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 05:36:06 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 05:36:05 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 05:36:05 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 05:36:04 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 05:36:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 05:15:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 05:15:53 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 05:15:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 05:13:17 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 05:13:07 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 05:11:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 05:11:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 05:10:54 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:03:56 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 03:57:32 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 03:55:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 08:58:05 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{703D890F-8E79-4346-83BC-80A12096AD65}
2012-06-10 23:34:22 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\ElevatedDiagnostics
2012-06-08 20:44:08 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-06-08 05:32:13 -------- d-----w- C:\ProgramData\NexonUS
2012-06-08 05:29:35 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-06-07 18:55:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 18:55:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 18:08:51 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-07 18:08:50 -------- d-----w- C:\Program Files\AVAST Software
.
==================== Find3M ====================
.
2012-06-27 20:11:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-27 20:11:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-15 18:17:11 878184 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys
2012-06-01 11:31:56 377768 ----a-w- C:\Windows\System32\vsnp2uvc.dll
2012-06-01 11:31:54 400296 ----a-w- C:\Windows\System32\rsnp2uvc.dll
2012-06-01 11:31:54 1863720 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys
2012-06-01 11:31:52 245672 ----a-w- C:\Windows\System32\csnp2uvc.dll
2012-06-01 11:31:36 311208 ----a-w- C:\Windows\SysWow64\vsnp2uvc.dll
2012-06-01 11:31:34 26024 ----a-w- C:\Windows\snuvcdsm.exe
2012-06-01 11:31:24 401832 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-17 13:22:29 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 2:31:03.64 ===============

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 08 July 2012 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with this.

Make sure you have run the Defogger tool and that the driver is still disable.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 I Put My Faith In U

I Put My Faith In U
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Faith is located around in the Baltimore area.
  • Local time:04:02 PM

Posted 09 July 2012 - 07:53 PM

Hello Nasdaq,


Thanks for your assistance!

Here is the TDSS Killer Log

19:12:26.0578 2912 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
19:12:27.0566 2912 ============================================================
19:12:27.0566 2912 Current date / time: 2012/07/09 19:12:27.0566
19:12:27.0566 2912 SystemInfo:
19:12:27.0566 2912
19:12:27.0567 2912 OS Version: 6.1.7601 ServicePack: 1.0
19:12:27.0567 2912 Product type: Workstation
19:12:27.0567 2912 ComputerName: KITTY
19:12:27.0568 2912 UserName: Brittany Forrester
19:12:27.0568 2912 Windows directory: C:\Windows
19:12:27.0568 2912 System windows directory: C:\Windows
19:12:27.0568 2912 Running under WOW64
19:12:27.0568 2912 Processor architecture: Intel x64
19:12:27.0568 2912 Number of processors: 2
19:12:27.0568 2912 Page size: 0x1000
19:12:27.0568 2912 Boot type: Normal boot
19:12:27.0568 2912 ============================================================
19:12:28.0531 2912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:12:28.0537 2912 ============================================================
19:12:28.0537 2912 \Device\Harddisk0\DR0:
19:12:28.0537 2912 MBR partitions:
19:12:28.0537 2912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:12:28.0537 2912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22EF1000
19:12:28.0537 2912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x22F55000, BlocksNum 0x1CE9800
19:12:28.0537 2912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x24C3E800, BlocksNum 0x7EFAB0
19:12:28.0537 2912 ============================================================
19:12:28.0585 2912 C: <-> \Device\Harddisk0\DR0\Partition1
19:12:28.0630 2912 D: <-> \Device\Harddisk0\DR0\Partition2
19:12:28.0642 2912 E: <-> \Device\Harddisk0\DR0\Partition3
19:12:28.0642 2912 ============================================================
19:12:28.0642 2912 Initialize success
19:12:28.0642 2912 ============================================================
19:14:52.0208 3348 ============================================================
19:14:52.0208 3348 Scan started
19:14:52.0208 3348 Mode: Manual;
19:14:52.0208 3348 ============================================================
19:14:53.0931 3348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:14:53.0939 3348 1394ohci - ok
19:14:54.0046 3348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:14:54.0054 3348 ACPI - ok
19:14:54.0088 3348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:14:54.0091 3348 AcpiPmi - ok
19:14:54.0223 3348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:14:54.0226 3348 AdobeARMservice - ok
19:14:54.0354 3348 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:14:54.0362 3348 AdobeFlashPlayerUpdateSvc - ok
19:14:54.0437 3348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:14:54.0453 3348 adp94xx - ok
19:14:54.0532 3348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:14:54.0549 3348 adpahci - ok
19:14:54.0607 3348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:14:54.0611 3348 adpu320 - ok
19:14:54.0651 3348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:14:54.0653 3348 AeLookupSvc - ok
19:14:54.0755 3348 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:14:54.0757 3348 AERTFilters - ok
19:14:54.0836 3348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:14:54.0845 3348 AFD - ok
19:14:54.0872 3348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:14:54.0874 3348 agp440 - ok
19:14:54.0918 3348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:14:54.0921 3348 ALG - ok
19:14:54.0957 3348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:14:54.0960 3348 aliide - ok
19:14:54.0983 3348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:14:54.0985 3348 amdide - ok
19:14:55.0039 3348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:14:55.0052 3348 AmdK8 - ok
19:14:55.0075 3348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:14:55.0077 3348 AmdPPM - ok
19:14:55.0122 3348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:14:55.0124 3348 amdsata - ok
19:14:55.0175 3348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:14:55.0180 3348 amdsbs - ok
19:14:55.0222 3348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:14:55.0241 3348 amdxata - ok
19:14:55.0390 3348 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:14:55.0395 3348 AntiVirSchedulerService - ok
19:14:55.0471 3348 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:14:55.0475 3348 AntiVirService - ok
19:14:55.0535 3348 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:14:55.0560 3348 AntiVirWebService - ok
19:14:55.0608 3348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:14:55.0617 3348 AppID - ok
19:14:55.0650 3348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:14:55.0665 3348 AppIDSvc - ok
19:14:55.0703 3348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:14:55.0705 3348 Appinfo - ok
19:14:55.0751 3348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:14:55.0754 3348 arc - ok
19:14:55.0788 3348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:14:55.0790 3348 arcsas - ok
19:14:55.0818 3348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:14:55.0829 3348 AsyncMac - ok
19:14:55.0861 3348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:14:55.0864 3348 atapi - ok
19:14:55.0946 3348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:14:55.0956 3348 AudioEndpointBuilder - ok
19:14:55.0967 3348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:14:55.0973 3348 AudioSrv - ok
19:14:56.0046 3348 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:14:56.0058 3348 avgntflt - ok
19:14:56.0112 3348 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:14:56.0117 3348 avipbb - ok
19:14:56.0134 3348 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:14:56.0136 3348 avkmgr - ok
19:14:56.0186 3348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:14:56.0189 3348 AxInstSV - ok
19:14:56.0246 3348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:14:56.0254 3348 b06bdrv - ok
19:14:56.0301 3348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:14:56.0306 3348 b57nd60a - ok
19:14:56.0445 3348 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:14:56.0476 3348 BCM43XX - ok
19:14:56.0521 3348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:14:56.0539 3348 BDESVC - ok
19:14:56.0609 3348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:14:56.0611 3348 Beep - ok
19:14:56.0703 3348 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:14:56.0715 3348 BFE - ok
19:14:56.0989 3348 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001_ba0\BHDrvx64.sys
19:14:57.0018 3348 BHDrvx64 - ok
19:14:57.0170 3348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:14:57.0209 3348 BITS - ok
19:14:57.0274 3348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:14:57.0295 3348 blbdrive - ok
19:14:57.0336 3348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:14:57.0356 3348 bowser - ok
19:14:57.0400 3348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:14:57.0418 3348 BrFiltLo - ok
19:14:57.0439 3348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:14:57.0456 3348 BrFiltUp - ok
19:14:57.0511 3348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:14:57.0514 3348 Browser - ok
19:14:57.0568 3348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:14:57.0573 3348 Brserid - ok
19:14:57.0602 3348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:14:57.0620 3348 BrSerWdm - ok
19:14:57.0651 3348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:14:57.0653 3348 BrUsbMdm - ok
19:14:57.0674 3348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:14:57.0676 3348 BrUsbSer - ok
19:14:57.0693 3348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:14:57.0696 3348 BTHMODEM - ok
19:14:57.0742 3348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:14:57.0744 3348 bthserv - ok
19:14:57.0799 3348 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
19:14:57.0822 3348 ccSet_NIS - ok
19:14:57.0872 3348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:14:57.0888 3348 cdfs - ok
19:14:57.0942 3348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:14:57.0946 3348 cdrom - ok
19:14:57.0998 3348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:14:58.0001 3348 CertPropSvc - ok
19:14:58.0028 3348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:14:58.0039 3348 circlass - ok
19:14:58.0099 3348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:14:58.0105 3348 CLFS - ok
19:14:58.0182 3348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:58.0187 3348 clr_optimization_v2.0.50727_32 - ok
19:14:58.0259 3348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:14:58.0266 3348 clr_optimization_v2.0.50727_64 - ok
19:14:58.0339 3348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:14:58.0399 3348 clr_optimization_v4.0.30319_32 - ok
19:14:58.0451 3348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:14:58.0457 3348 clr_optimization_v4.0.30319_64 - ok
19:14:58.0492 3348 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
19:14:58.0495 3348 clwvd - ok
19:14:58.0526 3348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:14:58.0547 3348 CmBatt - ok
19:14:58.0577 3348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:14:58.0598 3348 cmdide - ok
19:14:58.0715 3348 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:14:58.0740 3348 CNG - ok
19:14:58.0789 3348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:14:58.0792 3348 Compbatt - ok
19:14:58.0847 3348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:14:58.0850 3348 CompositeBus - ok
19:14:58.0866 3348 COMSysApp - ok
19:14:58.0982 3348 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:14:59.0069 3348 cphs - ok
19:14:59.0117 3348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:14:59.0137 3348 crcdisk - ok
19:14:59.0200 3348 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:14:59.0204 3348 CryptSvc - ok
19:14:59.0279 3348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:14:59.0288 3348 DcomLaunch - ok
19:14:59.0345 3348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:14:59.0351 3348 defragsvc - ok
19:14:59.0378 3348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:14:59.0398 3348 DfsC - ok
19:14:59.0447 3348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:14:59.0452 3348 Dhcp - ok
19:14:59.0480 3348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:14:59.0492 3348 discache - ok
19:14:59.0542 3348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:14:59.0544 3348 Disk - ok
19:14:59.0583 3348 DMBdtv (cb3b9b788be428fc67829d9d14f532e0) C:\Windows\system32\Drivers\DMBdtv.sys
19:14:59.0586 3348 DMBdtv - ok
19:14:59.0632 3348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:14:59.0635 3348 Dnscache - ok
19:14:59.0684 3348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:14:59.0689 3348 dot3svc - ok
19:14:59.0702 3348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:14:59.0705 3348 DPS - ok
19:14:59.0735 3348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:14:59.0749 3348 drmkaud - ok
19:14:59.0828 3348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:14:59.0858 3348 DXGKrnl - ok
19:14:59.0917 3348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:14:59.0920 3348 EapHost - ok
19:15:00.0143 3348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:15:00.0190 3348 ebdrv - ok
19:15:00.0311 3348 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:15:00.0319 3348 eeCtrl - ok
19:15:00.0444 3348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:15:00.0447 3348 EFS - ok
19:15:00.0586 3348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:15:00.0615 3348 ehRecvr - ok
19:15:00.0694 3348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:15:00.0703 3348 ehSched - ok
19:15:00.0851 3348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:15:00.0860 3348 elxstor - ok
19:15:01.0085 3348 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:15:01.0092 3348 EraserUtilRebootDrv - ok
19:15:01.0144 3348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:15:01.0146 3348 ErrDev - ok
19:15:01.0482 3348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:15:01.0504 3348 EventSystem - ok
19:15:01.0686 3348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:15:01.0721 3348 exfat - ok
19:15:01.0908 3348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:15:01.0964 3348 fastfat - ok
19:15:02.0106 3348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:15:02.0121 3348 Fax - ok
19:15:02.0145 3348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:15:02.0162 3348 fdc - ok
19:15:02.0210 3348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:15:02.0211 3348 fdPHost - ok
19:15:02.0224 3348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:15:02.0227 3348 FDResPub - ok
19:15:02.0253 3348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:15:02.0256 3348 FileInfo - ok
19:15:02.0277 3348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:15:02.0293 3348 Filetrace - ok
19:15:02.0325 3348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:15:02.0327 3348 flpydisk - ok
19:15:02.0367 3348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:15:02.0372 3348 FltMgr - ok
19:15:02.0462 3348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:15:02.0481 3348 FontCache - ok
19:15:02.0558 3348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:15:02.0563 3348 FontCache3.0.0.0 - ok
19:15:02.0622 3348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:15:02.0639 3348 FsDepends - ok
19:15:02.0694 3348 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:15:02.0697 3348 Fs_Rec - ok
19:15:02.0765 3348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:15:02.0772 3348 fvevol - ok
19:15:02.0842 3348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:15:02.0846 3348 gagp30kx - ok
19:15:02.0951 3348 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:15:02.0966 3348 GamesAppService - ok
19:15:03.0059 3348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:15:03.0077 3348 gpsvc - ok
19:15:03.0157 3348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:15:03.0162 3348 gupdate - ok
19:15:03.0170 3348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:15:03.0173 3348 gupdatem - ok
19:15:03.0207 3348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:15:03.0209 3348 hcw85cir - ok
19:15:03.0269 3348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:15:03.0288 3348 HdAudAddService - ok
19:15:03.0343 3348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:15:03.0346 3348 HDAudBus - ok
19:15:03.0360 3348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:15:03.0362 3348 HidBatt - ok
19:15:03.0388 3348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:15:03.0392 3348 HidBth - ok
19:15:03.0421 3348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:15:03.0437 3348 HidIr - ok
19:15:03.0462 3348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:15:03.0483 3348 hidserv - ok
19:15:03.0532 3348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:15:03.0534 3348 HidUsb - ok
19:15:03.0575 3348 hitmanpro35 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
19:15:03.0585 3348 hitmanpro35 - ok
19:15:03.0645 3348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:15:03.0648 3348 hkmsvc - ok
19:15:03.0669 3348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:15:03.0674 3348 HomeGroupListener - ok
19:15:03.0711 3348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:15:03.0716 3348 HomeGroupProvider - ok
19:15:03.0848 3348 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:15:03.0852 3348 HP Support Assistant Service - ok
19:15:03.0953 3348 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
19:15:03.0963 3348 HPAuto - ok
19:15:04.0027 3348 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:15:04.0033 3348 HPClientSvc - ok
19:15:04.0107 3348 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:15:04.0112 3348 HPDrvMntSvc.exe - ok
19:15:04.0233 3348 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:15:04.0247 3348 hpqwmiex - ok
19:15:04.0355 3348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:15:04.0358 3348 HpSAMD - ok
19:15:04.0427 3348 HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:15:04.0430 3348 HPWMISVC - ok
19:15:04.0503 3348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:15:04.0532 3348 HTTP - ok
19:15:04.0574 3348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:15:04.0594 3348 hwpolicy - ok
19:15:04.0636 3348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:15:04.0639 3348 i8042prt - ok
19:15:04.0701 3348 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:15:04.0706 3348 iaStor - ok
19:15:04.0858 3348 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:15:04.0860 3348 IAStorDataMgrSvc - ok
19:15:04.0952 3348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:15:04.0959 3348 iaStorV - ok
19:15:05.0134 3348 IconMan_R (e4693409d06785477a49fb34afae1b92) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:15:05.0163 3348 IconMan_R - ok
19:15:05.0312 3348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:15:05.0326 3348 idsvc - ok
19:15:05.0508 3348 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120705.001\IDSvia64.sys
19:15:05.0527 3348 IDSVia64 - ok
19:15:06.0750 3348 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:15:07.0122 3348 igfx - ok
19:15:07.0277 3348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:15:07.0297 3348 iirsp - ok
19:15:07.0391 3348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:15:07.0407 3348 IKEEXT - ok
19:15:07.0597 3348 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys
19:15:07.0669 3348 IntcAzAudAddService - ok
19:15:07.0802 3348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:15:07.0805 3348 intelide - ok
19:15:07.0833 3348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:15:07.0846 3348 intelppm - ok
19:15:07.0889 3348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:15:07.0903 3348 IPBusEnum - ok
19:15:07.0938 3348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:15:07.0953 3348 IpFilterDriver - ok
19:15:08.0022 3348 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:15:08.0033 3348 iphlpsvc - ok
19:15:08.0073 3348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:15:08.0076 3348 IPMIDRV - ok
19:15:08.0101 3348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:15:08.0105 3348 IPNAT - ok
19:15:08.0150 3348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:15:08.0169 3348 IRENUM - ok
19:15:08.0196 3348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:15:08.0198 3348 isapnp - ok
19:15:08.0241 3348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:15:08.0246 3348 iScsiPrt - ok
19:15:08.0279 3348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:15:08.0282 3348 kbdclass - ok
19:15:08.0325 3348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:15:08.0341 3348 kbdhid - ok
19:15:08.0385 3348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:15:08.0387 3348 KeyIso - ok
19:15:08.0404 3348 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:15:08.0407 3348 KSecDD - ok
19:15:08.0437 3348 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:15:08.0454 3348 KSecPkg - ok
19:15:08.0599 3348 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
19:15:08.0605 3348 KSS - ok
19:15:08.0659 3348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:15:08.0661 3348 ksthunk - ok
19:15:08.0712 3348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:15:08.0731 3348 KtmRm - ok
19:15:08.0812 3348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:15:08.0817 3348 LanmanServer - ok
19:15:08.0856 3348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:15:08.0861 3348 LanmanWorkstation - ok
19:15:08.0918 3348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:15:08.0938 3348 lltdio - ok
19:15:08.0989 3348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:15:08.0995 3348 lltdsvc - ok
19:15:09.0003 3348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:15:09.0006 3348 lmhosts - ok
19:15:09.0145 3348 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:15:09.0152 3348 LMS - ok
19:15:09.0200 3348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:15:09.0220 3348 LSI_FC - ok
19:15:09.0277 3348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:15:09.0299 3348 LSI_SAS - ok
19:15:09.0329 3348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:15:09.0332 3348 LSI_SAS2 - ok
19:15:09.0365 3348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:15:09.0369 3348 LSI_SCSI - ok
19:15:09.0406 3348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:15:09.0428 3348 luafv - ok
19:15:09.0461 3348 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:15:09.0463 3348 MBAMProtector - ok
19:15:09.0535 3348 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:15:09.0547 3348 MBAMService - ok
19:15:09.0620 3348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:15:09.0625 3348 Mcx2Svc - ok
19:15:09.0646 3348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:15:09.0662 3348 megasas - ok
19:15:09.0710 3348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:15:09.0716 3348 MegaSR - ok
19:15:09.0754 3348 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:15:09.0757 3348 MEIx64 - ok
19:15:09.0824 3348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:15:09.0842 3348 MMCSS - ok
19:15:09.0868 3348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:15:09.0870 3348 Modem - ok
19:15:09.0903 3348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:15:09.0917 3348 monitor - ok
19:15:09.0973 3348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:15:09.0975 3348 mouclass - ok
19:15:10.0012 3348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:15:10.0017 3348 mouhid - ok
19:15:10.0047 3348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:15:10.0050 3348 mountmgr - ok
19:15:10.0201 3348 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:15:10.0207 3348 MozillaMaintenance - ok
19:15:10.0245 3348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:15:10.0249 3348 mpio - ok
19:15:10.0272 3348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:15:10.0274 3348 mpsdrv - ok
19:15:10.0358 3348 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:15:10.0372 3348 MpsSvc - ok
19:15:10.0396 3348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:15:10.0399 3348 MRxDAV - ok
19:15:10.0437 3348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:15:10.0453 3348 mrxsmb - ok
19:15:10.0495 3348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:15:10.0544 3348 mrxsmb10 - ok
19:15:10.0570 3348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:15:10.0574 3348 mrxsmb20 - ok
19:15:10.0608 3348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:15:10.0610 3348 msahci - ok
19:15:10.0634 3348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:15:10.0638 3348 msdsm - ok
19:15:10.0673 3348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:15:10.0677 3348 MSDTC - ok
19:15:10.0724 3348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:15:10.0753 3348 Msfs - ok
19:15:10.0806 3348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:15:10.0823 3348 mshidkmdf - ok
19:15:10.0856 3348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:15:10.0858 3348 msisadrv - ok
19:15:10.0902 3348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:15:10.0917 3348 MSiSCSI - ok
19:15:10.0920 3348 msiserver - ok
19:15:10.0962 3348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:15:10.0979 3348 MSKSSRV - ok
19:15:11.0004 3348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:15:11.0007 3348 MSPCLOCK - ok
19:15:11.0013 3348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:15:11.0030 3348 MSPQM - ok
19:15:11.0077 3348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:15:11.0096 3348 MsRPC - ok
19:15:11.0125 3348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:15:11.0127 3348 mssmbios - ok
19:15:11.0172 3348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:15:11.0173 3348 MSTEE - ok
19:15:11.0193 3348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:15:11.0212 3348 MTConfig - ok
19:15:11.0241 3348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:15:11.0257 3348 Mup - ok
19:15:11.0315 3348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:15:11.0341 3348 napagent - ok
19:15:11.0400 3348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:15:11.0406 3348 NativeWifiP - ok
19:15:11.0533 3348 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120708.024\ENG64.SYS
19:15:11.0539 3348 NAVENG - ok
19:15:11.0697 3348 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120708.024\EX64.SYS
19:15:11.0807 3348 NAVEX15 - ok
19:15:11.0997 3348 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:15:12.0025 3348 NDIS - ok
19:15:12.0075 3348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:15:12.0077 3348 NdisCap - ok
19:15:12.0102 3348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:15:12.0123 3348 NdisTapi - ok
19:15:12.0152 3348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:15:12.0155 3348 Ndisuio - ok
19:15:12.0186 3348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:15:12.0190 3348 NdisWan - ok
19:15:12.0206 3348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:15:12.0209 3348 NDProxy - ok
19:15:12.0223 3348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:15:12.0225 3348 NetBIOS - ok
19:15:12.0260 3348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:15:12.0264 3348 NetBT - ok
19:15:12.0306 3348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:15:12.0308 3348 Netlogon - ok
19:15:12.0370 3348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:15:12.0377 3348 Netman - ok
19:15:12.0406 3348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:15:12.0414 3348 netprofm - ok
19:15:12.0485 3348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:15:12.0502 3348 NetTcpPortSharing - ok
19:15:12.0549 3348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:15:12.0552 3348 nfrd960 - ok
19:15:12.0649 3348 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
19:15:12.0653 3348 NIS - ok
19:15:12.0710 3348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:15:12.0718 3348 NlaSvc - ok
19:15:12.0760 3348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:15:12.0763 3348 Npfs - ok
19:15:12.0826 3348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:15:12.0828 3348 nsi - ok
19:15:12.0854 3348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:15:12.0867 3348 nsiproxy - ok
19:15:13.0021 3348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:15:13.0043 3348 Ntfs - ok
19:15:13.0162 3348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:15:13.0164 3348 Null - ok
19:15:13.0233 3348 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:15:13.0242 3348 NVENETFD - ok
19:15:13.0289 3348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:15:13.0292 3348 nvraid - ok
19:15:13.0321 3348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:15:13.0324 3348 nvstor - ok
19:15:13.0376 3348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:15:13.0379 3348 nv_agp - ok
19:15:13.0399 3348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:15:13.0402 3348 ohci1394 - ok
19:15:13.0446 3348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:15:13.0452 3348 p2pimsvc - ok
19:15:13.0499 3348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:15:13.0507 3348 p2psvc - ok
19:15:13.0540 3348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:15:13.0543 3348 Parport - ok
19:15:13.0576 3348 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:15:13.0596 3348 partmgr - ok
19:15:13.0641 3348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:15:13.0646 3348 PcaSvc - ok
19:15:13.0683 3348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:15:13.0687 3348 pci - ok
19:15:13.0715 3348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:15:13.0718 3348 pciide - ok
19:15:13.0750 3348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:15:13.0755 3348 pcmcia - ok
19:15:13.0781 3348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:15:13.0783 3348 pcw - ok
19:15:13.0851 3348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:15:13.0861 3348 PEAUTH - ok
19:15:13.0955 3348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:15:13.0990 3348 PerfHost - ok
19:15:14.0115 3348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:15:14.0136 3348 pla - ok
19:15:14.0206 3348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:15:14.0214 3348 PlugPlay - ok
19:15:14.0233 3348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:15:14.0236 3348 PNRPAutoReg - ok
19:15:14.0269 3348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:15:14.0273 3348 PNRPsvc - ok
19:15:14.0331 3348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:15:14.0339 3348 PolicyAgent - ok
19:15:14.0377 3348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:15:14.0381 3348 Power - ok
19:15:14.0451 3348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:15:14.0474 3348 PptpMiniport - ok
19:15:14.0502 3348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:15:14.0505 3348 Processor - ok
19:15:14.0551 3348 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:15:14.0559 3348 ProfSvc - ok
19:15:14.0583 3348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:15:14.0585 3348 ProtectedStorage - ok
19:15:14.0621 3348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:15:14.0638 3348 Psched - ok
19:15:14.0754 3348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:15:14.0778 3348 ql2300 - ok
19:15:14.0914 3348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:15:14.0918 3348 ql40xx - ok
19:15:14.0964 3348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:15:14.0973 3348 QWAVE - ok
19:15:15.0001 3348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:15:15.0014 3348 QWAVEdrv - ok
19:15:15.0038 3348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:15:15.0040 3348 RasAcd - ok
19:15:15.0088 3348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:15:15.0104 3348 RasAgileVpn - ok
19:15:15.0147 3348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:15:15.0153 3348 RasAuto - ok
19:15:15.0201 3348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:15:15.0217 3348 Rasl2tp - ok
19:15:15.0280 3348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:15:15.0289 3348 RasMan - ok
19:15:15.0316 3348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:15:15.0319 3348 RasPppoe - ok
19:15:15.0353 3348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:15:15.0355 3348 RasSstp - ok
19:15:15.0398 3348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:15:15.0403 3348 rdbss - ok
19:15:15.0425 3348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:15:15.0427 3348 rdpbus - ok
19:15:15.0451 3348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:15:15.0452 3348 RDPCDD - ok
19:15:15.0493 3348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:15:15.0503 3348 RDPENCDD - ok
19:15:15.0510 3348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:15:15.0512 3348 RDPREFMP - ok
19:15:15.0549 3348 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:15:15.0555 3348 RDPWD - ok
19:15:15.0584 3348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:15:15.0589 3348 rdyboost - ok
19:15:15.0621 3348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:15:15.0625 3348 RemoteAccess - ok
19:15:15.0661 3348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:15:15.0685 3348 RemoteRegistry - ok
19:15:15.0782 3348 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:15:15.0789 3348 RoxioNow Service - ok
19:15:15.0825 3348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:15:15.0828 3348 RpcEptMapper - ok
19:15:15.0872 3348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:15:15.0913 3348 RpcLocator - ok
19:15:15.0976 3348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:15:15.0985 3348 RpcSs - ok
19:15:16.0077 3348 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
19:15:16.0096 3348 RSPCIESTOR - ok
19:15:16.0135 3348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:15:16.0156 3348 rspndr - ok
19:15:16.0223 3348 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:15:16.0248 3348 RTL8167 - ok
19:15:16.0339 3348 RTL8192Ce (508d997a5e9f400fade6c85251bf13df) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
19:15:16.0354 3348 RTL8192Ce - ok
19:15:16.0372 3348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:15:16.0374 3348 SamSs - ok
19:15:16.0407 3348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:15:16.0438 3348 sbp2port - ok
19:15:16.0473 3348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:15:16.0478 3348 SCardSvr - ok
19:15:16.0497 3348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:15:16.0499 3348 scfilter - ok
19:15:16.0601 3348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:15:16.0617 3348 Schedule - ok
19:15:16.0647 3348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:15:16.0649 3348 SCPolicySvc - ok
19:15:16.0700 3348 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
19:15:16.0711 3348 sdbus - ok
19:15:16.0770 3348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:15:16.0790 3348 SDRSVC - ok
19:15:16.0822 3348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:15:16.0824 3348 secdrv - ok
19:15:16.0847 3348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:15:16.0851 3348 seclogon - ok
19:15:16.0861 3348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:15:16.0865 3348 SENS - ok
19:15:16.0901 3348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:15:16.0917 3348 SensrSvc - ok
19:15:16.0949 3348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:15:16.0951 3348 Serenum - ok
19:15:16.0990 3348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:15:16.0993 3348 Serial - ok
19:15:17.0029 3348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:15:17.0040 3348 sermouse - ok
19:15:17.0082 3348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:15:17.0098 3348 SessionEnv - ok
19:15:17.0130 3348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:15:17.0132 3348 sffdisk - ok
19:15:17.0169 3348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:15:17.0170 3348 sffp_mmc - ok
19:15:17.0206 3348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:15:17.0208 3348 sffp_sd - ok
19:15:17.0220 3348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:15:17.0222 3348 sfloppy - ok
19:15:17.0273 3348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:15:17.0293 3348 SharedAccess - ok
19:15:17.0345 3348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:15:17.0352 3348 ShellHWDetection - ok
19:15:17.0396 3348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:15:17.0398 3348 SiSRaid2 - ok
19:15:17.0429 3348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:15:17.0440 3348 SiSRaid4 - ok
19:15:17.0465 3348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:15:17.0468 3348 Smb - ok
19:15:17.0513 3348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:15:17.0535 3348 SNMPTRAP - ok
19:15:17.0704 3348 SNP2UVC (3325d6e50e52cc05c5f8228288df2a4c) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:15:17.0771 3348 SNP2UVC - ok
19:15:17.0950 3348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:15:17.0952 3348 spldr - ok
19:15:18.0017 3348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:15:18.0029 3348 Spooler - ok
19:15:18.0243 3348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:15:18.0319 3348 sppsvc - ok
19:15:18.0406 3348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:15:18.0410 3348 sppuinotify - ok
19:15:18.0546 3348 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
19:15:18.0574 3348 SRTSP - ok
19:15:18.0595 3348 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
19:15:18.0612 3348 SRTSPX - ok
19:15:18.0676 3348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:15:18.0684 3348 srv - ok
19:15:18.0736 3348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:15:18.0792 3348 srv2 - ok
19:15:18.0875 3348 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:15:18.0897 3348 SrvHsfHDA - ok
19:15:19.0050 3348 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:15:19.0095 3348 SrvHsfV92 - ok
19:15:19.0276 3348 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:15:19.0290 3348 SrvHsfWinac - ok
19:15:19.0331 3348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:15:19.0335 3348 srvnet - ok
19:15:19.0379 3348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:15:19.0385 3348 SSDPSRV - ok
19:15:19.0405 3348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:15:19.0439 3348 SstpSvc - ok
19:15:19.0470 3348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:15:19.0496 3348 stexstor - ok
19:15:19.0580 3348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:15:19.0590 3348 stisvc - ok
19:15:19.0613 3348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:15:19.0626 3348 swenum - ok
19:15:19.0695 3348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:15:19.0716 3348 swprv - ok
19:15:19.0817 3348 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
19:15:19.0825 3348 SymDS - ok
19:15:19.0907 3348 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
19:15:19.0933 3348 SymEFA - ok
19:15:19.0975 3348 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:15:19.0992 3348 SymEvent - ok
19:15:20.0037 3348 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
19:15:20.0054 3348 SymIRON - ok
19:15:20.0107 3348 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
19:15:20.0113 3348 SymNetS - ok
19:15:20.0196 3348 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
19:15:20.0240 3348 SynTP - ok
19:15:20.0391 3348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:15:20.0419 3348 SysMain - ok
19:15:20.0524 3348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:15:20.0547 3348 TabletInputService - ok
19:15:20.0592 3348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:15:20.0610 3348 TapiSrv - ok
19:15:20.0643 3348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:15:20.0647 3348 TBS - ok
19:15:20.0824 3348 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:15:20.0866 3348 Tcpip - ok
19:15:21.0109 3348 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:15:21.0130 3348 TCPIP6 - ok
19:15:21.0254 3348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:15:21.0257 3348 tcpipreg - ok
19:15:21.0284 3348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:15:21.0286 3348 TDPIPE - ok
19:15:21.0316 3348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:15:21.0333 3348 TDTCP - ok
19:15:21.0377 3348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:15:21.0381 3348 tdx - ok
19:15:21.0408 3348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:15:21.0429 3348 TermDD - ok
19:15:21.0492 3348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:15:21.0506 3348 TermService - ok
19:15:21.0528 3348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:15:21.0531 3348 Themes - ok
19:15:21.0556 3348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:15:21.0559 3348 THREADORDER - ok
19:15:21.0606 3348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:15:21.0610 3348 TrkWks - ok
19:15:21.0674 3348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:15:21.0688 3348 TrustedInstaller - ok
19:15:21.0713 3348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:15:21.0715 3348 tssecsrv - ok
19:15:21.0746 3348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:15:21.0748 3348 TsUsbFlt - ok
19:15:21.0764 3348 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:15:21.0766 3348 TsUsbGD - ok
19:15:21.0812 3348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:15:21.0816 3348 tunnel - ok
19:15:21.0835 3348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:15:21.0837 3348 uagp35 - ok
19:15:21.0876 3348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:15:21.0894 3348 udfs - ok
19:15:21.0937 3348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:15:21.0957 3348 UI0Detect - ok
19:15:21.0999 3348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:15:22.0001 3348 uliagpkx - ok
19:15:22.0017 3348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:15:22.0019 3348 umbus - ok
19:15:22.0033 3348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:15:22.0042 3348 UmPass - ok
19:15:22.0303 3348 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:15:22.0339 3348 UNS - ok
19:15:22.0466 3348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:15:22.0473 3348 upnphost - ok
19:15:22.0533 3348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:15:22.0536 3348 usbccgp - ok
19:15:22.0564 3348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:15:22.0567 3348 usbcir - ok
19:15:22.0587 3348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:15:22.0589 3348 usbehci - ok
19:15:22.0652 3348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
19:15:22.0659 3348 usbhub - ok
19:15:22.0682 3348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:15:22.0684 3348 usbohci - ok
19:15:22.0713 3348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:15:22.0716 3348 usbprint - ok
19:15:22.0778 3348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:15:22.0780 3348 USBSTOR - ok
19:15:22.0803 3348 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:15:22.0805 3348 usbuhci - ok
19:15:22.0845 3348 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:15:22.0858 3348 usbvideo - ok
19:15:22.0889 3348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:15:22.0892 3348 UxSms - ok
19:15:22.0915 3348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:15:22.0917 3348 VaultSvc - ok
19:15:22.0942 3348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:15:22.0945 3348 vdrvroot - ok
19:15:23.0021 3348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:15:23.0045 3348 vds - ok
19:15:23.0085 3348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:15:23.0103 3348 vga - ok
19:15:23.0126 3348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:15:23.0128 3348 VgaSave - ok
19:15:23.0172 3348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:15:23.0177 3348 vhdmp - ok
19:15:23.0208 3348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:15:23.0210 3348 viaide - ok
19:15:23.0253 3348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:15:23.0255 3348 volmgr - ok
19:15:23.0295 3348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:15:23.0312 3348 volmgrx - ok
19:15:23.0367 3348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:15:23.0372 3348 volsnap - ok
19:15:23.0409 3348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:15:23.0413 3348 vsmraid - ok
19:15:23.0544 3348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:15:23.0569 3348 VSS - ok
19:15:23.0687 3348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:15:23.0690 3348 vwifibus - ok
19:15:23.0717 3348 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:15:23.0720 3348 vwififlt - ok
19:15:23.0783 3348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:15:23.0807 3348 W32Time - ok
19:15:23.0840 3348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:15:23.0842 3348 WacomPen - ok
19:15:23.0879 3348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:15:23.0882 3348 WANARP - ok
19:15:23.0886 3348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:15:23.0888 3348 Wanarpv6 - ok
19:15:24.0009 3348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:15:24.0071 3348 WatAdminSvc - ok
19:15:24.0208 3348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:15:24.0275 3348 wbengine - ok
19:15:24.0390 3348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:15:24.0398 3348 WbioSrvc - ok
19:15:24.0426 3348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:15:24.0449 3348 wcncsvc - ok
19:15:24.0476 3348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:15:24.0480 3348 WcsPlugInService - ok
19:15:24.0536 3348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:15:24.0546 3348 Wd - ok
19:15:24.0615 3348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:15:24.0624 3348 Wdf01000 - ok
19:15:24.0649 3348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:15:24.0653 3348 WdiServiceHost - ok
19:15:24.0662 3348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:15:24.0665 3348 WdiSystemHost - ok
19:15:24.0713 3348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:15:24.0719 3348 WebClient - ok
19:15:24.0772 3348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:15:24.0779 3348 Wecsvc - ok
19:15:24.0812 3348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:15:24.0816 3348 wercplsupport - ok
19:15:24.0837 3348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:15:24.0841 3348 WerSvc - ok
19:15:24.0903 3348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:15:24.0923 3348 WfpLwf - ok
19:15:24.0940 3348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:15:24.0942 3348 WIMMount - ok
19:15:24.0980 3348 WinDefend - ok
19:15:24.0990 3348 WinHttpAutoProxySvc - ok
19:15:25.0067 3348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:15:25.0076 3348 Winmgmt - ok
19:15:25.0215 3348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:15:25.0304 3348 WinRM - ok
19:15:25.0489 3348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:15:25.0505 3348 Wlansvc - ok
19:15:25.0584 3348 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:15:25.0601 3348 wlcrasvc - ok
19:15:25.0821 3348 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:15:25.0853 3348 wlidsvc - ok
19:15:26.0032 3348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:15:26.0035 3348 WmiAcpi - ok
19:15:26.0102 3348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:15:26.0113 3348 wmiApSrv - ok
19:15:26.0164 3348 WMPNetworkSvc - ok
19:15:26.0208 3348 wolf - ok
19:15:26.0238 3348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:15:26.0266 3348 WPCSvc - ok
19:15:26.0291 3348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:15:26.0317 3348 WPDBusEnum - ok
19:15:26.0349 3348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:15:26.0368 3348 ws2ifsl - ok
19:15:26.0411 3348 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:15:26.0417 3348 wscsvc - ok
19:15:26.0423 3348 WSearch - ok
19:15:27.0075 3348 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:15:27.0157 3348 wuauserv - ok
19:15:27.0518 3348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:15:27.0522 3348 WudfPf - ok
19:15:27.0620 3348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:15:27.0644 3348 WUDFRd - ok
19:15:27.0707 3348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:15:27.0711 3348 wudfsvc - ok
19:15:27.0780 3348 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
19:15:27.0828 3348 WwanSvc - ok
19:15:27.0848 3348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:15:28.0076 3348 \Device\Harddisk0\DR0 - ok
19:15:28.0091 3348 Boot (0x1200) (77072bb58518f8f77142b8574f18ab76) \Device\Harddisk0\DR0\Partition0
19:15:28.0098 3348 \Device\Harddisk0\DR0\Partition0 - ok
19:15:28.0108 3348 Boot (0x1200) (ca30c01eb1c2458ea5ca62ae8a49d772) \Device\Harddisk0\DR0\Partition1
19:15:28.0111 3348 \Device\Harddisk0\DR0\Partition1 - ok
19:15:28.0144 3348 Boot (0x1200) (1a307d77c3210a0ce11cae50d987015b) \Device\Harddisk0\DR0\Partition2
19:15:28.0146 3348 \Device\Harddisk0\DR0\Partition2 - ok
19:15:28.0170 3348 Boot (0x1200) (786510e5de27036fca008a69acf01c3a) \Device\Harddisk0\DR0\Partition3
19:15:28.0172 3348 \Device\Harddisk0\DR0\Partition3 - ok
19:15:28.0172 3348 ============================================================
19:15:28.0172 3348 Scan finished
19:15:28.0172 3348 ============================================================
19:15:28.0186 1968 Detected object count: 0
19:15:28.0186 1968 Actual detected object count: 0




I RAN THE aswMBR.exe AND HAD TO LEAVE SOME WHERE, WHILE IT SCANNED. I CAME BACK AND MY COMPUTER WAS OFF! COMPLETELY! I TURNED IT BACK ON AND GOT THIS MESSAGE:

Windows has recovered from an unexpected error.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 000000000000004B
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF88001094115
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\070912-24289-01.dmp
C:\Users\Brittany Forrester\AppData\Local\Temp\WER-42744-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


IS THAT BECAUSE I LEFT IT UNATTENDED FOR TOO LONG, OR BECAUSE THE DRIVERS WERE OFF TOO LONG?
I'M SO AFRAID, IT NEVER HAPPENED LIKE THIS BEFORE! I hope it's normal :(


I'm running it again and I will see if it happens again(hopefully not, I want to see the log)
OK, it worked this time! I still am confused what that error was for :(



ASWMBR LOG
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 19:22:12
-----------------------------
19:22:12.571 OS Version: Windows x64 6.1.7601 Service Pack 1
19:22:12.571 Number of processors: 2 586 0x2A07
19:22:12.581 ComputerName: KITTY UserName:
19:22:14.191 Initialize success
19:22:27.161 AVAST engine defs: 12070900
19:22:38.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:22:38.885 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
19:22:38.905 Disk 0 MBR read successfully
19:22:38.915 Disk 0 MBR scan
19:22:38.975 Disk 0 Windows 7 default MBR code
19:22:38.985 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:22:39.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286178 MB offset 409600
19:22:39.035 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14803 MB offset 586502144
19:22:39.065 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 616818688
19:22:39.115 Disk 0 scanning C:\Windows\system32\drivers
19:22:59.719 Service scanning
19:23:44.238 Modules scanning
19:23:44.248 Disk 0 trace - called modules:
19:23:44.658 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:23:44.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003fdf730]
19:23:44.678 3 CLASSPNP.SYS[fffff88001d5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003b97050]
19:23:45.918 AVAST engine scan C:\Windows
19:23:49.128 AVAST engine scan C:\Windows\system32
19:27:08.582 AVAST engine scan C:\Windows\system32\drivers
19:27:31.233 AVAST engine scan C:\Users\Brittany Forrester
19:30:17.239 Disk 0 MBR has been saved successfully to "C:\Users\Brittany Forrester\Documents\MBR.dat"
19:30:17.241 The log file has been saved successfully to "C:\Users\Brittany Forrester\Documents\aswMBR2.txt"
19:35:17.359 AVAST engine scan C:\ProgramData
19:37:20.694 Scan finished successfully
19:43:42.388 Disk 0 MBR has been saved successfully to "C:\Users\Brittany Forrester\Documents\MBR.dat"
19:43:42.558 The log file has been saved successfully to "C:\Users\Brittany Forrester\Documents\aswMBR2.txt"

Attached Files

  • Attached File  MBR.zip   580bytes   0 downloads

Edited by I Put My Faith In U, 09 July 2012 - 07:58 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 10 July 2012 - 07:56 AM

Your logs are clean.

I'm running it again and I will see if it happens again(hopefully not, I want to see the log)
OK, it worked this time! I still am confused what that error was for


Lets hope it's just a one time deal.

Let me know if you get the same thing again or if you get a Blue Screen of Death make a note of the error message is you can.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#9 I Put My Faith In U

I Put My Faith In U
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Faith is located around in the Baltimore area.
  • Local time:04:02 PM

Posted 11 July 2012 - 02:55 PM

It hasn't shown that Blue Screen error since then. I believe it was from that aswMBR program somehow.

ComboFix 12-07-11.03 - Brittany Forrester 07/11/2012 15:37:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.587 [GMT -4:00]
Running from: c:\users\Brittany Forrester\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 19:45 . 2012-07-11 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 19:14 . 2012-07-11 19:14 -------- d-----w- c:\windows\en
2012-07-11 19:09 . 2012-07-11 19:09 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-11 19:03 . 2012-07-11 19:03 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DSETUP.dll
2012-07-11 19:03 . 2012-07-11 19:03 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DXSETUP.exe
2012-07-11 19:03 . 2012-07-11 19:03 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\dsetup32.dll
2012-07-11 19:03 . 2012-07-11 19:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e37fe80a1cd5f9702\MeshBetaRemover.exe
2012-07-11 06:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 05:53 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-10 02:11 . 2012-07-10 02:11 -------- d-----w- c:\programdata\KingsIsle Entertainment
2012-07-08 13:16 . 2012-07-08 13:17 -------- d-----w- c:\users\KatGirl
2012-06-26 16:34 . 2012-06-26 16:33 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-26 16:34 . 2012-06-26 16:33 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-26 16:33 . 2012-06-26 16:33 -------- d-----w- c:\program files\Java
2012-06-26 05:53 . 2012-07-07 00:33 -------- d-----w- c:\programdata\McAfee
2012-06-26 04:31 . 2012-06-26 04:34 -------- d--h--w- c:\windows\AxInstSV
2012-06-25 11:53 . 2007-06-21 00:49 409960 ----a-w- c:\windows\system32\xactengine2_8.dll
2012-06-25 11:53 . 2007-06-21 00:46 266088 ----a-w- c:\windows\SysWow64\xactengine2_8.dll
2012-06-25 11:53 . 2007-06-21 00:45 21352 ----a-w- c:\windows\system32\x3daudio1_2.dll
2012-06-25 11:53 . 2007-06-21 00:45 18280 ----a-w- c:\windows\SysWow64\x3daudio1_2.dll
2012-06-25 11:53 . 2007-05-16 20:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-06-25 11:53 . 2007-05-16 20:45 443752 ----a-w- c:\windows\SysWow64\d3dx10_34.dll
2012-06-25 11:53 . 2007-05-16 20:45 1401200 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2012-06-25 11:53 . 2007-05-16 20:45 1124720 ----a-w- c:\windows\SysWow64\D3DCompiler_34.dll
2012-06-25 11:53 . 2007-05-16 20:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-06-25 11:53 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-06-25 11:53 . 2007-04-04 22:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2012-06-25 11:53 . 2007-04-04 22:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-06-25 11:49 . 2012-06-26 12:18 -------- d-----w- c:\program files (x86)\Blue Mars
2012-06-23 09:32 . 2012-06-23 09:32 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-23 09:32 . 2012-06-23 09:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-23 01:15 . 2012-06-23 01:15 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-06-23 01:15 . 2012-06-23 01:15 -------- d-----w- c:\program files (x86)\Aeria Games
2012-06-20 21:36 . 2012-06-20 21:36 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-06-20 21:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-20 21:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-20 21:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-20 21:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-20 21:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-20 21:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-20 21:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-20 21:33 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 21:33 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 06:14 . 2012-06-20 21:26 -------- d-----w- c:\program files (x86)\AikaOnline
2012-06-20 02:47 . 2012-06-20 21:26 -------- d-----w- c:\program files (x86)\Aika Online
2012-06-19 18:32 . 2012-06-19 18:32 -------- d-----w- c:\users\Brittany Forrester\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 18:31 . 2012-06-20 21:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-19 18:31 . 2012-06-19 18:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-19 01:12 . 2012-06-19 23:17 -------- d-----w- c:\programdata\CPA_VA
2012-06-18 15:52 . 2012-06-18 15:52 -------- d--h--w- c:\programdata\Common Files
2012-06-18 11:29 . 2012-06-20 21:26 -------- d-----w- c:\programdata\MFAData
2012-06-17 17:32 . 2012-06-17 19:08 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-17 17:15 . 2012-06-17 17:15 -------- d-----w- c:\users\Brittany Forrester\AppData\Local\SCE
2012-06-17 17:14 . 2012-06-17 17:14 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-06-16 16:17 . 2012-06-16 20:06 -------- d-----w- c:\users\Brittany Forrester\AppData\Roaming\FOG Downloader
2012-06-16 14:55 . 2012-06-16 14:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-16 14:54 . 2012-06-16 14:54 -------- d-----w- c:\program files (x86)\Oracle
2012-06-16 14:53 . 2012-06-16 14:53 -------- d-----w- c:\program files (x86)\Java
2012-06-16 14:48 . 2012-06-16 14:48 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-16 14:48 . 2012-06-16 14:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-15 12:37 . 2012-06-15 12:37 -------- d-----w- c:\users\Brittany Forrester\AppData\Local\APN
2012-06-15 12:35 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-15 12:35 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-15 12:35 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-15 12:35 . 2012-06-20 21:26 -------- d-----w- c:\programdata\Avira
2012-06-15 12:35 . 2012-06-20 21:26 -------- d-----w- c:\program files (x86)\Avira
2012-06-14 06:30 . 2012-06-14 06:30 -------- d-----w- c:\users\Brittany Forrester\AppData\Local\Macromedia
2012-06-14 06:21 . 2012-06-14 06:21 -------- d-----w- c:\windows\system32\Macromed
2012-06-14 05:56 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 05:56 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-13 05:36 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 05:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 05:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 05:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 05:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 05:15 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 05:15 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 05:15 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 05:13 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 05:13 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 05:11 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 05:11 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 05:10 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:03 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 03:55 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 20:11 . 2012-05-17 22:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 20:11 . 2011-07-13 03:24 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 18:17 . 2012-04-25 23:25 878184 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2012-06-08 20:44 . 2012-06-08 20:44 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-01 11:31 . 2012-06-01 11:31 377768 ----a-w- c:\windows\system32\vsnp2uvc.dll
2012-06-01 11:31 . 2012-06-01 11:31 400296 ----a-w- c:\windows\system32\rsnp2uvc.dll
2012-06-01 11:31 . 2012-06-01 11:31 1863720 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2012-06-01 11:31 . 2012-06-01 11:31 245672 ----a-w- c:\windows\system32\csnp2uvc.dll
2012-06-01 11:31 . 2012-06-01 11:31 311208 ----a-w- c:\windows\SysWow64\vsnp2uvc.dll
2012-06-01 11:31 . 2012-06-01 11:31 26024 ----a-w- c:\windows\snuvcdsm.exe
2012-06-01 11:31 . 2012-06-01 11:31 401832 ----a-w- c:\windows\SysWow64\rsnp2uvc.dll
2012-05-17 13:22 . 2012-04-25 23:36 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 250056]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 DMBdtv;DTMB DTV USB Tuner;c:\windows\system32\Drivers\DMBdtv.sys [2009-12-30 121088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-07 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-06-08 30496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-17 1255736]
R3 wolf;wolf;c:\aeriagames\Wolfteam\wolf64.sys [x]
R4 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001_ba0\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120710.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-31 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-12-31 56344]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-06-15 878184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:11]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-07 18:10]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-07 18:10]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087335480-1404189264-2463535051-1000Core.job
- c:\users\Brittany Forrester\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-12 19:32]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087335480-1404189264-2463535051-1000UA.job
- c:\users\Brittany Forrester\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-12 19:32]
.
2012-07-11 c:\windows\Tasks\HPCeeScheduleForBrittany Forrester.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-07-11 c:\windows\Tasks\HPCeeScheduleForBRITTANYFORREST$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-07-06 c:\windows\Tasks\HPCeeScheduleForKITTY$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Brittany Forrester\AppData\Roaming\Mozilla\Firefox\Profiles\p5nt0x6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-11 15:48:47
ComboFix-quarantined-files.txt 2012-07-11 19:48
.
Pre-Run: 243,665,227,776 bytes free
Post-Run: 243,322,486,784 bytes free
.
- - End Of File - - BA3C8B265BA719731CB48E277A3CB7B8





Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 12 July 2012 - 07:29 AM

Your logs are clean.

Just to be on the safe side run this scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 18 July 2012 - 01:09 PM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 24 July 2012 - 07:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users