Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 ian2000t

ian2000t

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 25 June 2012 - 06:13 PM

I had my email and Paypal hacked the other day (without a password reset) which prompted me to run a scan. AVG found a Rootkit in some .sys files. I cleaned these, rebooted, scanned again and found different .sys files infected. Basically after every reboot there were new .sys files infected with this same infection. Doing a bit Googling led me to think it was an MBR infection that keeps reinfecting on restart. I should have written down the exact error, but it was something like "atapi.sys hooked import".

I ran an aswMBR scan and it showed one file in red - \Driver\atapi.sys -> IR_MJ_CREATE

Sorry I don't have the full descriptions of the problem - I didn't screenshot them because I was consistently getting them after every reboot. I've left the PC offline for a week until I had some spare time. Now I've ran AVG and ASW (after following your guide to running defogger to disable Daemon Tools and getting DDS logs) and now neither AVG or ASW show what they did before which is typical.

Anyway, I've attached the 2 DDS logs, and the ASW log as it shows now (no red anymore). Really sorry how vague this is - can't believe it's not showing the same symptoms it now I have time to look into it.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 25 June 2012 - 07:45 PM

Hello ian2000t,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 28 June 2012 - 02:27 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 30 June 2012 - 02:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 01 July 2012 - 08:47 AM

This topic has been re-opened at the request of the person who originally posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 ian2000t

ian2000t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 01 July 2012 - 09:18 AM

Thank you so much for re-opening - and again, sorry I missed the replies - I think I have email alerts setup correctly now.

Below are the TDSS and ComboFix logs. How is my PC running? Well, as it always has done - the only hint I had of the infection was my Yahoo, Gmail and Paypal accounts being compromised (on the morning of the 16th June).




12:02:21.0202 5624 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
12:02:21.0280 5624 ============================================================
12:02:21.0280 5624 Current date / time: 2012/07/01 12:02:21.0280
12:02:21.0280 5624 SystemInfo:
12:02:21.0280 5624
12:02:21.0280 5624 OS Version: 6.1.7601 ServicePack: 1.0
12:02:21.0280 5624 Product type: Workstation
12:02:21.0280 5624 ComputerName: IAN-PC
12:02:21.0280 5624 UserName: Ian
12:02:21.0280 5624 Windows directory: C:\Windows
12:02:21.0280 5624 System windows directory: C:\Windows
12:02:21.0280 5624 Running under WOW64
12:02:21.0280 5624 Processor architecture: Intel x64
12:02:21.0280 5624 Number of processors: 4
12:02:21.0280 5624 Page size: 0x1000
12:02:21.0280 5624 Boot type: Normal boot
12:02:21.0280 5624 ============================================================
12:02:22.0637 5624 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:02:22.0653 5624 Drive \Device\Harddisk5\DR5 - Size: 0x7820000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:02:22.0653 5624 ============================================================
12:02:22.0653 5624 \Device\Harddisk0\DR0:
12:02:22.0653 5624 MBR partitions:
12:02:22.0653 5624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:02:22.0653 5624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000
12:02:22.0653 5624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x6220D800
12:02:22.0653 5624 \Device\Harddisk5\DR5:
12:02:22.0653 5624 MBR partitions:
12:02:22.0653 5624 ============================================================
12:02:22.0699 5624 C: <-> \Device\Harddisk0\DR0\Partition1
12:02:22.0731 5624 D: <-> \Device\Harddisk0\DR0\Partition2
12:02:22.0731 5624 ============================================================
12:02:22.0731 5624 Initialize success
12:02:22.0731 5624 ============================================================
12:02:41.0872 0400 ============================================================
12:02:41.0872 0400 Scan started
12:02:41.0872 0400 Mode: Manual;
12:02:41.0872 0400 ============================================================
12:02:43.0026 0400 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:02:43.0042 0400 !SASCORE - ok
12:02:43.0167 0400 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:02:43.0167 0400 1394ohci - ok
12:02:43.0214 0400 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:02:43.0214 0400 ACPI - ok
12:02:43.0214 0400 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:02:43.0229 0400 AcpiPmi - ok
12:02:43.0260 0400 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
12:02:43.0260 0400 adfs - ok
12:02:43.0323 0400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:02:43.0338 0400 adp94xx - ok
12:02:43.0354 0400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:02:43.0354 0400 adpahci - ok
12:02:43.0370 0400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:02:43.0370 0400 adpu320 - ok
12:02:43.0385 0400 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:02:43.0385 0400 AeLookupSvc - ok
12:02:43.0416 0400 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:02:43.0416 0400 AFD - ok
12:02:43.0448 0400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:02:43.0448 0400 agp440 - ok
12:02:43.0463 0400 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:02:43.0463 0400 ALG - ok
12:02:43.0479 0400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:02:43.0479 0400 aliide - ok
12:02:43.0526 0400 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
12:02:43.0541 0400 AMD External Events Utility - ok
12:02:43.0541 0400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:02:43.0541 0400 amdide - ok
12:02:43.0557 0400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:02:43.0557 0400 AmdK8 - ok
12:02:43.0791 0400 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
12:02:43.0884 0400 amdkmdag - ok
12:02:43.0994 0400 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
12:02:43.0994 0400 amdkmdap - ok
12:02:43.0994 0400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:02:43.0994 0400 AmdPPM - ok
12:02:44.0025 0400 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:02:44.0025 0400 amdsata - ok
12:02:44.0056 0400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:02:44.0056 0400 amdsbs - ok
12:02:44.0072 0400 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:02:44.0072 0400 amdxata - ok
12:02:44.0212 0400 Apache2.2 (44ceaff41ede4297f30913ddf80d17c1) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
12:02:44.0212 0400 Apache2.2 - ok
12:02:44.0259 0400 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:02:44.0259 0400 AppID - ok
12:02:44.0290 0400 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:02:44.0290 0400 AppIDSvc - ok
12:02:44.0306 0400 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:02:44.0306 0400 Appinfo - ok
12:02:44.0352 0400 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:02:44.0352 0400 AppMgmt - ok
12:02:44.0384 0400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:02:44.0384 0400 arc - ok
12:02:44.0384 0400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:02:44.0399 0400 arcsas - ok
12:02:44.0462 0400 AsIO (68726474c69b738eac3a62e06b33addc) C:\Windows\syswow64\drivers\AsIO.sys
12:02:44.0462 0400 AsIO - ok
12:02:44.0477 0400 AsSysCtrlService (798a87b2d7ad73b16b7cd968c5d1f18f) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
12:02:44.0477 0400 AsSysCtrlService - ok
12:02:44.0493 0400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:02:44.0493 0400 AsyncMac - ok
12:02:44.0524 0400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:02:44.0524 0400 atapi - ok
12:02:44.0571 0400 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
12:02:44.0571 0400 AtiHDAudioService - ok
12:02:44.0586 0400 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
12:02:44.0586 0400 AtiHdmiService - ok
12:02:44.0836 0400 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
12:02:44.0883 0400 atikmdag - ok
12:02:44.0961 0400 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:02:44.0961 0400 AudioEndpointBuilder - ok
12:02:44.0976 0400 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:02:44.0976 0400 AudioSrv - ok
12:02:45.0148 0400 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:02:45.0164 0400 AVGIDSAgent - ok
12:02:45.0257 0400 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:02:45.0273 0400 AVGIDSDriver - ok
12:02:45.0288 0400 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:02:45.0288 0400 AVGIDSFilter - ok
12:02:45.0320 0400 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:02:45.0320 0400 AVGIDSHA - ok
12:02:45.0351 0400 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:02:45.0351 0400 Avgldx64 - ok
12:02:45.0398 0400 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:02:45.0398 0400 Avgmfx64 - ok
12:02:45.0413 0400 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:02:45.0413 0400 Avgrkx64 - ok
12:02:45.0444 0400 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:02:45.0444 0400 Avgtdia - ok
12:02:45.0476 0400 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:02:45.0476 0400 avgwd - ok
12:02:45.0507 0400 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:02:45.0507 0400 AxInstSV - ok
12:02:45.0538 0400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:02:45.0538 0400 b06bdrv - ok
12:02:45.0569 0400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:02:45.0569 0400 b57nd60a - ok
12:02:45.0600 0400 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:02:45.0600 0400 BDESVC - ok
12:02:45.0632 0400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:02:45.0632 0400 Beep - ok
12:02:45.0678 0400 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:02:45.0694 0400 BFE - ok
12:02:45.0725 0400 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:02:45.0741 0400 BITS - ok
12:02:45.0772 0400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:02:45.0772 0400 blbdrive - ok
12:02:45.0819 0400 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:02:45.0834 0400 Bonjour Service - ok
12:02:45.0866 0400 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:02:45.0866 0400 bowser - ok
12:02:45.0866 0400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:02:45.0866 0400 BrFiltLo - ok
12:02:45.0881 0400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:02:45.0881 0400 BrFiltUp - ok
12:02:45.0897 0400 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:02:45.0897 0400 BridgeMP - ok
12:02:45.0944 0400 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:02:45.0944 0400 Browser - ok
12:02:45.0959 0400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:02:45.0959 0400 Brserid - ok
12:02:45.0959 0400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:02:45.0959 0400 BrSerWdm - ok
12:02:45.0975 0400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:02:45.0975 0400 BrUsbMdm - ok
12:02:45.0975 0400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:02:45.0975 0400 BrUsbSer - ok
12:02:46.0022 0400 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:02:46.0022 0400 BthEnum - ok
12:02:46.0037 0400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:02:46.0037 0400 BTHMODEM - ok
12:02:46.0084 0400 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:02:46.0084 0400 BthPan - ok
12:02:46.0115 0400 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:02:46.0115 0400 BTHPORT - ok
12:02:46.0131 0400 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:02:46.0131 0400 bthserv - ok
12:02:46.0131 0400 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:02:46.0146 0400 BTHUSB - ok
12:02:46.0193 0400 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
12:02:46.0193 0400 btusbflt - ok
12:02:46.0209 0400 btwaudio (05acfd6cfb58d6ac174ad50d33c24efc) C:\Windows\system32\drivers\btwaudio.sys
12:02:46.0209 0400 btwaudio - ok
12:02:46.0240 0400 btwavdt (73b4341807e3398dac73102e4709ecb0) C:\Windows\system32\DRIVERS\btwavdt.sys
12:02:46.0240 0400 btwavdt - ok
12:02:46.0271 0400 btwrchid (da0386aed062087147a4a9e09a23f6f1) C:\Windows\system32\DRIVERS\btwrchid.sys
12:02:46.0271 0400 btwrchid - ok
12:02:46.0318 0400 catchme - ok
12:02:46.0318 0400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:02:46.0334 0400 cdfs - ok
12:02:46.0365 0400 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:02:46.0365 0400 cdrom - ok
12:02:46.0412 0400 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:02:46.0412 0400 CertPropSvc - ok
12:02:46.0427 0400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:02:46.0443 0400 circlass - ok
12:02:46.0458 0400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:02:46.0458 0400 CLFS - ok
12:02:46.0521 0400 CLHNServiceForPowerDVD (43f2e10c73f8b9119ad396830a264fd3) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
12:02:46.0521 0400 CLHNServiceForPowerDVD - ok
12:02:46.0583 0400 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:02:46.0583 0400 clr_optimization_v2.0.50727_32 - ok
12:02:46.0630 0400 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:02:46.0630 0400 clr_optimization_v2.0.50727_64 - ok
12:02:46.0708 0400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:02:46.0739 0400 clr_optimization_v4.0.30319_32 - ok
12:02:46.0770 0400 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:02:46.0770 0400 clr_optimization_v4.0.30319_64 - ok
12:02:46.0802 0400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:02:46.0802 0400 CmBatt - ok
12:02:46.0833 0400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:02:46.0833 0400 cmdide - ok
12:02:46.0864 0400 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:02:46.0864 0400 CNG - ok
12:02:46.0880 0400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:02:46.0880 0400 Compbatt - ok
12:02:46.0911 0400 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:02:46.0926 0400 CompositeBus - ok
12:02:46.0926 0400 COMSysApp - ok
12:02:46.0926 0400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:02:46.0926 0400 crcdisk - ok
12:02:46.0973 0400 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:02:46.0973 0400 CryptSvc - ok
12:02:47.0004 0400 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:02:47.0004 0400 CSC - ok
12:02:47.0036 0400 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:02:47.0036 0400 CscService - ok
12:02:47.0098 0400 CyberLink PowerDVD 11.0 Monitor Service (a5809b65f018a42afe8847135c124b0d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
12:02:47.0098 0400 CyberLink PowerDVD 11.0 Monitor Service - ok
12:02:47.0114 0400 CyberLink PowerDVD 11.0 Service (1e3bf6bcecd39809546f3c161e293da2) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
12:02:47.0114 0400 CyberLink PowerDVD 11.0 Service - ok
12:02:47.0176 0400 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:02:47.0176 0400 DcomLaunch - ok
12:02:47.0207 0400 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:02:47.0207 0400 defragsvc - ok
12:02:47.0238 0400 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:02:47.0238 0400 DfsC - ok
12:02:47.0285 0400 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:02:47.0285 0400 Dhcp - ok
12:02:47.0301 0400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:02:47.0301 0400 discache - ok
12:02:47.0316 0400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:02:47.0316 0400 Disk - ok
12:02:47.0348 0400 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
12:02:47.0348 0400 DNE - ok
12:02:47.0379 0400 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:02:47.0379 0400 Dnscache - ok
12:02:47.0426 0400 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:02:47.0426 0400 dot3svc - ok
12:02:47.0457 0400 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:02:47.0457 0400 DPS - ok
12:02:47.0504 0400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:02:47.0504 0400 drmkaud - ok
12:02:47.0566 0400 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe
12:02:47.0566 0400 DvmMDES - ok
12:02:47.0582 0400 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:02:47.0597 0400 DXGKrnl - ok
12:02:47.0613 0400 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:02:47.0613 0400 EapHost - ok
12:02:47.0706 0400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:02:47.0722 0400 ebdrv - ok
12:02:47.0831 0400 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:02:47.0831 0400 EFS - ok
12:02:47.0878 0400 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:02:47.0894 0400 ehRecvr - ok
12:02:47.0909 0400 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:02:47.0909 0400 ehSched - ok
12:02:47.0956 0400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:02:47.0956 0400 elxstor - ok
12:02:47.0987 0400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:02:47.0987 0400 ErrDev - ok
12:02:48.0003 0400 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:02:48.0018 0400 EventSystem - ok
12:02:48.0018 0400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:02:48.0018 0400 exfat - ok
12:02:48.0034 0400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:02:48.0034 0400 fastfat - ok
12:02:48.0081 0400 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:02:48.0081 0400 Fax - ok
12:02:48.0096 0400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:02:48.0096 0400 fdc - ok
12:02:48.0096 0400 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:02:48.0096 0400 fdPHost - ok
12:02:48.0112 0400 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:02:48.0112 0400 FDResPub - ok
12:02:48.0143 0400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:02:48.0143 0400 FileInfo - ok
12:02:48.0143 0400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:02:48.0143 0400 Filetrace - ok
12:02:48.0221 0400 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:02:48.0221 0400 FLEXnet Licensing Service - ok
12:02:48.0284 0400 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:02:48.0299 0400 FLEXnet Licensing Service 64 - ok
12:02:48.0315 0400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:02:48.0315 0400 flpydisk - ok
12:02:48.0330 0400 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:02:48.0330 0400 FltMgr - ok
12:02:48.0408 0400 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:02:48.0424 0400 FontCache - ok
12:02:48.0502 0400 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:02:48.0502 0400 FontCache3.0.0.0 - ok
12:02:48.0502 0400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:02:48.0502 0400 FsDepends - ok
12:02:48.0533 0400 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:02:48.0533 0400 Fs_Rec - ok
12:02:48.0564 0400 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:02:48.0564 0400 fvevol - ok
12:02:48.0596 0400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:02:48.0596 0400 gagp30kx - ok
12:02:48.0658 0400 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:02:48.0658 0400 gpsvc - ok
12:02:48.0689 0400 GRemoteBus (5bd454f0e896150e92dba95b4e23289a) C:\Windows\system32\DRIVERS\GRemoteBus64.sys
12:02:48.0689 0400 GRemoteBus - ok
12:02:48.0705 0400 GRemoteJoy (82fe5756a0a71458b778b50325aa8bc7) C:\Windows\system32\DRIVERS\GRemoteJoy64.sys
12:02:48.0705 0400 GRemoteJoy - ok
12:02:48.0798 0400 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:02:48.0798 0400 gupdate - ok
12:02:48.0814 0400 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:02:48.0814 0400 gupdatem - ok
12:02:48.0814 0400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:02:48.0814 0400 hcw85cir - ok
12:02:48.0876 0400 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:02:48.0876 0400 HdAudAddService - ok
12:02:48.0892 0400 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:02:48.0892 0400 HDAudBus - ok
12:02:48.0908 0400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:02:48.0908 0400 HidBatt - ok
12:02:48.0923 0400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:02:48.0923 0400 HidBth - ok
12:02:48.0923 0400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:02:48.0923 0400 HidIr - ok
12:02:48.0939 0400 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:02:48.0939 0400 hidserv - ok
12:02:48.0986 0400 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:02:48.0986 0400 HidUsb - ok
12:02:49.0064 0400 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:02:49.0064 0400 hkmsvc - ok
12:02:49.0251 0400 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:02:49.0251 0400 HomeGroupListener - ok
12:02:49.0438 0400 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:02:49.0438 0400 HomeGroupProvider - ok
12:02:49.0485 0400 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:02:49.0485 0400 HpSAMD - ok
12:02:49.0563 0400 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:02:49.0563 0400 HTCAND64 - ok
12:02:49.0594 0400 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
12:02:49.0594 0400 htcnprot - ok
12:02:49.0641 0400 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:02:49.0656 0400 HTTP - ok
12:02:49.0703 0400 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:02:49.0703 0400 hwpolicy - ok
12:02:49.0734 0400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:02:49.0734 0400 i8042prt - ok
12:02:49.0766 0400 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:02:49.0766 0400 iaStorV - ok
12:02:49.0844 0400 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:02:49.0844 0400 idsvc - ok
12:02:49.0875 0400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:02:49.0875 0400 iirsp - ok
12:02:49.0922 0400 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:02:49.0922 0400 IKEEXT - ok
12:02:49.0953 0400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:02:49.0953 0400 intelide - ok
12:02:49.0968 0400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:02:49.0968 0400 intelppm - ok
12:02:49.0984 0400 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:02:49.0984 0400 IPBusEnum - ok
12:02:50.0015 0400 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:02:50.0015 0400 IpFilterDriver - ok
12:02:50.0046 0400 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:02:50.0046 0400 iphlpsvc - ok
12:02:50.0078 0400 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:02:50.0078 0400 IPMIDRV - ok
12:02:50.0078 0400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:02:50.0078 0400 IPNAT - ok
12:02:50.0124 0400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:02:50.0124 0400 IRENUM - ok
12:02:50.0156 0400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:02:50.0156 0400 isapnp - ok
12:02:50.0171 0400 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:02:50.0202 0400 iScsiPrt - ok
12:02:50.0218 0400 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
12:02:50.0218 0400 JRAID - ok
12:02:50.0265 0400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:02:50.0265 0400 kbdclass - ok
12:02:50.0343 0400 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:02:50.0343 0400 kbdhid - ok
12:02:50.0374 0400 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:02:50.0374 0400 KeyIso - ok
12:02:50.0483 0400 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:02:50.0483 0400 KSecDD - ok
12:02:50.0577 0400 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:02:50.0577 0400 KSecPkg - ok
12:02:50.0592 0400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:02:50.0592 0400 ksthunk - ok
12:02:50.0608 0400 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:02:50.0608 0400 KtmRm - ok
12:02:50.0639 0400 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:02:50.0655 0400 LanmanServer - ok
12:02:50.0702 0400 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:02:50.0702 0400 LanmanWorkstation - ok
12:02:50.0717 0400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:02:50.0717 0400 lltdio - ok
12:02:50.0748 0400 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:02:50.0748 0400 lltdsvc - ok
12:02:50.0764 0400 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:02:50.0764 0400 lmhosts - ok
12:02:50.0780 0400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:02:50.0780 0400 LSI_FC - ok
12:02:50.0811 0400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:02:50.0811 0400 LSI_SAS - ok
12:02:50.0811 0400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:02:50.0811 0400 LSI_SAS2 - ok
12:02:50.0826 0400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:02:50.0826 0400 LSI_SCSI - ok
12:02:50.0842 0400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:02:50.0842 0400 luafv - ok
12:02:50.0889 0400 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
12:02:50.0889 0400 MarvinBus - ok
12:02:50.0982 0400 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:02:50.0982 0400 MBAMProtector - ok
12:02:51.0060 0400 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:02:51.0076 0400 MBAMService - ok
12:02:51.0092 0400 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:02:51.0092 0400 Mcx2Svc - ok
12:02:51.0107 0400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:02:51.0107 0400 megasas - ok
12:02:51.0123 0400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:02:51.0123 0400 MegaSR - ok
12:02:51.0185 0400 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:02:51.0185 0400 Microsoft Office Groove Audit Service - ok
12:02:51.0216 0400 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:02:51.0216 0400 MMCSS - ok
12:02:51.0216 0400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:02:51.0216 0400 Modem - ok
12:02:51.0232 0400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:02:51.0232 0400 monitor - ok
12:02:51.0263 0400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:02:51.0263 0400 mouclass - ok
12:02:51.0326 0400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:02:51.0326 0400 mouhid - ok
12:02:51.0560 0400 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:02:51.0560 0400 mountmgr - ok
12:02:51.0716 0400 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:02:51.0716 0400 MozillaMaintenance - ok
12:02:51.0747 0400 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:02:51.0762 0400 mpio - ok
12:02:51.0934 0400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:02:51.0934 0400 mpsdrv - ok
12:02:52.0012 0400 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:02:52.0028 0400 MpsSvc - ok
12:02:52.0090 0400 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:02:52.0090 0400 MRxDAV - ok
12:02:52.0137 0400 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:02:52.0137 0400 mrxsmb - ok
12:02:52.0168 0400 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:02:52.0168 0400 mrxsmb10 - ok
12:02:52.0199 0400 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:02:52.0199 0400 mrxsmb20 - ok
12:02:52.0199 0400 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:02:52.0215 0400 msahci - ok
12:02:52.0215 0400 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:02:52.0215 0400 msdsm - ok
12:02:52.0246 0400 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:02:52.0246 0400 MSDTC - ok
12:02:52.0262 0400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:02:52.0262 0400 Msfs - ok
12:02:52.0277 0400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:02:52.0277 0400 mshidkmdf - ok
12:02:52.0277 0400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:02:52.0277 0400 msisadrv - ok
12:02:52.0308 0400 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:02:52.0308 0400 MSiSCSI - ok
12:02:52.0308 0400 msiserver - ok
12:02:52.0324 0400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:02:52.0324 0400 MSKSSRV - ok
12:02:52.0340 0400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:02:52.0340 0400 MSPCLOCK - ok
12:02:52.0340 0400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:02:52.0340 0400 MSPQM - ok
12:02:52.0371 0400 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:02:52.0371 0400 MsRPC - ok
12:02:52.0386 0400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:02:52.0386 0400 mssmbios - ok
12:02:52.0386 0400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:02:52.0386 0400 MSTEE - ok
12:02:52.0402 0400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:02:52.0402 0400 MTConfig - ok
12:02:52.0418 0400 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
12:02:52.0418 0400 MTsensor - ok
12:02:52.0433 0400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:02:52.0433 0400 Mup - ok
12:02:52.0480 0400 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:02:52.0480 0400 napagent - ok
12:02:52.0511 0400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:02:52.0511 0400 NativeWifiP - ok
12:02:52.0636 0400 NBService (87a00faedd703d8d2bdcb29ce5eeea6b) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
12:02:52.0652 0400 NBService - ok
12:02:52.0683 0400 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:02:52.0698 0400 NDIS - ok
12:02:52.0698 0400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:02:52.0714 0400 NdisCap - ok
12:02:52.0730 0400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:02:52.0730 0400 NdisTapi - ok
12:02:52.0745 0400 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:02:52.0745 0400 Ndisuio - ok
12:02:52.0776 0400 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:02:52.0776 0400 NdisWan - ok
12:02:52.0808 0400 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:02:52.0808 0400 NDProxy - ok
12:02:52.0823 0400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:02:52.0823 0400 NetBIOS - ok
12:02:52.0870 0400 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:02:52.0870 0400 NetBT - ok
12:02:52.0917 0400 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:02:52.0917 0400 Netlogon - ok
12:02:52.0948 0400 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:02:52.0948 0400 Netman - ok
12:02:52.0964 0400 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:02:52.0964 0400 netprofm - ok
12:02:53.0010 0400 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:02:53.0010 0400 NetTcpPortSharing - ok
12:02:53.0042 0400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:02:53.0042 0400 nfrd960 - ok
12:02:53.0151 0400 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:02:53.0151 0400 NlaSvc - ok
12:02:53.0229 0400 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
12:02:53.0229 0400 NPF - ok
12:02:53.0244 0400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:02:53.0244 0400 Npfs - ok
12:02:53.0385 0400 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:02:53.0385 0400 nsi - ok
12:02:53.0385 0400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:02:53.0385 0400 nsiproxy - ok
12:02:53.0494 0400 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:02:53.0494 0400 Ntfs - ok
12:02:53.0634 0400 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
12:02:53.0634 0400 ntk_PowerDVD - ok
12:02:53.0790 0400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:02:53.0790 0400 Null - ok
12:02:53.0822 0400 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:02:53.0822 0400 nvraid - ok
12:02:53.0837 0400 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:02:53.0837 0400 nvstor - ok
12:02:53.0884 0400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:02:53.0884 0400 nv_agp - ok
12:02:53.0931 0400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:02:53.0946 0400 odserv - ok
12:02:53.0962 0400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:02:53.0962 0400 ohci1394 - ok
12:02:54.0024 0400 OrbMediaService (51fdba0e059ce23e45955f5e8041b7a0) C:\Program Files (x86)\Winamp Remote\bin\OrbMediaService.exe
12:02:54.0024 0400 OrbMediaService - ok
12:02:54.0056 0400 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:54.0056 0400 ose - ok
12:02:54.0087 0400 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:02:54.0102 0400 p2pimsvc - ok
12:02:54.0118 0400 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:02:54.0118 0400 p2psvc - ok
12:02:54.0149 0400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:02:54.0149 0400 Parport - ok
12:02:54.0165 0400 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:02:54.0165 0400 partmgr - ok
12:02:54.0227 0400 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:02:54.0227 0400 PassThru Service - ok
12:02:54.0243 0400 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:02:54.0243 0400 PcaSvc - ok
12:02:54.0258 0400 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:02:54.0258 0400 pci - ok
12:02:54.0290 0400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:02:54.0290 0400 pciide - ok
12:02:54.0305 0400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:02:54.0305 0400 pcmcia - ok
12:02:54.0305 0400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:02:54.0305 0400 pcw - ok
12:02:54.0336 0400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:02:54.0336 0400 PEAUTH - ok
12:02:54.0399 0400 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:02:54.0414 0400 PeerDistSvc - ok
12:02:54.0477 0400 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:02:54.0477 0400 PerfHost - ok
12:02:54.0555 0400 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:02:54.0570 0400 pla - ok
12:02:54.0820 0400 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:02:54.0820 0400 PlugPlay - ok
12:02:54.0836 0400 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:02:54.0836 0400 PNRPAutoReg - ok
12:02:54.0898 0400 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:02:54.0898 0400 PNRPsvc - ok
12:02:54.0945 0400 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:02:54.0945 0400 PolicyAgent - ok
12:02:54.0960 0400 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:02:54.0976 0400 Power - ok
12:02:55.0038 0400 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:02:55.0038 0400 PptpMiniport - ok
12:02:55.0054 0400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:02:55.0054 0400 Processor - ok
12:02:55.0085 0400 PRODIGY (65937a34c9a5741e3030a86905400d91) C:\Windows\system32\Drivers\PRODIGY.SYS
12:02:55.0085 0400 PRODIGY - ok
12:02:55.0132 0400 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:02:55.0132 0400 ProfSvc - ok
12:02:55.0163 0400 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:02:55.0163 0400 ProtectedStorage - ok
12:02:55.0194 0400 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:02:55.0194 0400 Psched - ok
12:02:55.0226 0400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:02:55.0241 0400 ql2300 - ok
12:02:55.0304 0400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:02:55.0304 0400 ql40xx - ok
12:02:55.0319 0400 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:02:55.0319 0400 QWAVE - ok
12:02:55.0335 0400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:02:55.0335 0400 QWAVEdrv - ok
12:02:55.0413 0400 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
12:02:55.0413 0400 RapiMgr - ok
12:02:55.0413 0400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:02:55.0428 0400 RasAcd - ok
12:02:55.0444 0400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:02:55.0444 0400 RasAgileVpn - ok
12:02:55.0444 0400 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:02:55.0460 0400 RasAuto - ok
12:02:55.0475 0400 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:02:55.0475 0400 Rasl2tp - ok
12:02:55.0522 0400 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:02:55.0522 0400 RasMan - ok
12:02:55.0538 0400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:02:55.0538 0400 RasPppoe - ok
12:02:55.0538 0400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:02:55.0538 0400 RasSstp - ok
12:02:55.0569 0400 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:02:55.0569 0400 rdbss - ok
12:02:55.0584 0400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:02:55.0584 0400 rdpbus - ok
12:02:55.0600 0400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:02:55.0600 0400 RDPCDD - ok
12:02:55.0694 0400 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:02:55.0709 0400 RDPDR - ok
12:02:55.0740 0400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:02:55.0740 0400 RDPENCDD - ok
12:02:55.0740 0400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:02:55.0740 0400 RDPREFMP - ok
12:02:55.0772 0400 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:02:55.0772 0400 RDPWD - ok
12:02:55.0818 0400 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:02:55.0818 0400 rdyboost - ok
12:02:55.0818 0400 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:02:55.0850 0400 RemoteAccess - ok
12:02:55.0896 0400 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:02:55.0896 0400 RemoteRegistry - ok
12:02:55.0928 0400 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:02:55.0928 0400 RFCOMM - ok
12:02:55.0974 0400 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
12:02:55.0974 0400 rpcapd - ok
12:02:55.0990 0400 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:02:55.0990 0400 RpcEptMapper - ok
12:02:56.0006 0400 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:02:56.0006 0400 RpcLocator - ok
12:02:56.0037 0400 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
12:02:56.0037 0400 RpcSs - ok
12:02:56.0052 0400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:02:56.0052 0400 rspndr - ok
12:02:56.0099 0400 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:02:56.0099 0400 RTL8167 - ok
12:02:56.0130 0400 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:02:56.0130 0400 s3cap - ok
12:02:56.0146 0400 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:02:56.0146 0400 SamSs - ok
12:02:56.0208 0400 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:02:56.0208 0400 SASDIFSV - ok
12:02:56.0224 0400 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:02:56.0224 0400 SASKUTIL - ok
12:02:56.0224 0400 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:02:56.0240 0400 sbp2port - ok
12:02:56.0240 0400 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:02:56.0255 0400 SCardSvr - ok
12:02:56.0271 0400 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:02:56.0271 0400 scfilter - ok
12:02:56.0333 0400 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:02:56.0333 0400 Schedule - ok
12:02:56.0364 0400 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:02:56.0364 0400 SCPolicySvc - ok
12:02:56.0458 0400 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:02:56.0458 0400 SDRSVC - ok
12:02:56.0489 0400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:02:56.0489 0400 secdrv - ok
12:02:56.0520 0400 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:02:56.0520 0400 seclogon - ok
12:02:56.0536 0400 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:02:56.0536 0400 SENS - ok
12:02:56.0536 0400 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:02:56.0536 0400 SensrSvc - ok
12:02:56.0552 0400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:02:56.0552 0400 Serenum - ok
12:02:56.0567 0400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:02:56.0567 0400 Serial - ok
12:02:56.0598 0400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:02:56.0598 0400 sermouse - ok
12:02:56.0692 0400 ServiceLayer (8988d1f32f56b3cd3f0f6c39f8a91a98) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
12:02:56.0692 0400 ServiceLayer - ok
12:02:56.0739 0400 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:02:56.0739 0400 SessionEnv - ok
12:02:56.0754 0400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:02:56.0754 0400 sffdisk - ok
12:02:56.0770 0400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:02:56.0770 0400 sffp_mmc - ok
12:02:56.0801 0400 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:02:56.0801 0400 sffp_sd - ok
12:02:56.0832 0400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:02:56.0832 0400 sfloppy - ok
12:02:56.0848 0400 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:02:56.0864 0400 SharedAccess - ok
12:02:56.0879 0400 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:02:56.0879 0400 ShellHWDetection - ok
12:02:56.0910 0400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:02:56.0910 0400 SiSRaid2 - ok
12:02:56.0910 0400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:02:56.0926 0400 SiSRaid4 - ok
12:02:56.0973 0400 SlimFTPd (c76226da51e439a5e51bab3a2c61d953) C:\Program Files (x86)\SlimFTP\SlimFTPd.exe
12:02:56.0973 0400 SlimFTPd - ok
12:02:56.0988 0400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:02:56.0988 0400 Smb - ok
12:02:57.0035 0400 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:02:57.0035 0400 SNMPTRAP - ok
12:02:57.0082 0400 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
12:02:57.0082 0400 speedfan - ok
12:02:57.0098 0400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:02:57.0098 0400 spldr - ok
12:02:57.0129 0400 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:02:57.0129 0400 Spooler - ok
12:02:57.0425 0400 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:02:57.0456 0400 sppsvc - ok
12:02:57.0519 0400 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:02:57.0519 0400 sppuinotify - ok
12:02:57.0628 0400 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
12:02:57.0628 0400 sptd - ok
12:02:57.0659 0400 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:02:57.0675 0400 srv - ok
12:02:57.0690 0400 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:02:57.0690 0400 srv2 - ok
12:02:57.0706 0400 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:02:57.0706 0400 srvnet - ok
12:02:57.0737 0400 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:02:57.0737 0400 SSDPSRV - ok
12:02:57.0753 0400 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:02:57.0753 0400 SstpSvc - ok
12:02:57.0784 0400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:02:57.0784 0400 stexstor - ok
12:02:57.0815 0400 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:02:57.0831 0400 stisvc - ok
12:02:57.0862 0400 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:02:57.0862 0400 storflt - ok
12:02:57.0878 0400 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:02:57.0878 0400 StorSvc - ok
12:02:57.0893 0400 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:02:57.0893 0400 storvsc - ok
12:02:57.0924 0400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:02:57.0924 0400 swenum - ok
12:02:58.0018 0400 SWGVCSvc (ba41a448446fdf839a32e27a8dcb7c9d) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
12:02:58.0018 0400 SWGVCSvc - ok
12:02:58.0034 0400 SWIPsec (1e036f98e6c780dd7669f516e8be0cea) C:\Windows\system32\Drivers\SWIPsec.sys
12:02:58.0049 0400 SWIPsec - ok
12:02:58.0065 0400 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:02:58.0080 0400 swprv - ok
12:02:58.0127 0400 SWVNIC (dcf11e08a8524b19ec47515c22be492e) C:\Windows\system32\DRIVERS\swvnic.sys
12:02:58.0127 0400 SWVNIC - ok
12:02:58.0190 0400 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:02:58.0205 0400 SysMain - ok
12:02:58.0283 0400 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:02:58.0283 0400 TabletInputService - ok
12:02:58.0314 0400 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:02:58.0314 0400 TapiSrv - ok
12:02:58.0330 0400 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:02:58.0330 0400 TBS - ok
12:02:58.0408 0400 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:02:58.0424 0400 Tcpip - ok
12:02:58.0470 0400 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:02:58.0486 0400 TCPIP6 - ok
12:02:58.0517 0400 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:02:58.0517 0400 tcpipreg - ok
12:02:58.0533 0400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:02:58.0533 0400 TDPIPE - ok
12:02:58.0564 0400 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:02:58.0564 0400 TDTCP - ok
12:02:58.0595 0400 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:02:58.0611 0400 tdx - ok
12:02:58.0611 0400 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:02:58.0611 0400 TermDD - ok
12:02:58.0658 0400 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:02:58.0658 0400 TermService - ok
12:02:58.0689 0400 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:02:58.0689 0400 Themes - ok
12:02:58.0704 0400 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:02:58.0704 0400 THREADORDER - ok
12:02:58.0720 0400 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:02:58.0720 0400 TrkWks - ok
12:02:58.0751 0400 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:02:58.0751 0400 TrustedInstaller - ok
12:02:58.0782 0400 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:02:58.0782 0400 tssecsrv - ok
12:02:58.0814 0400 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:02:58.0814 0400 TsUsbFlt - ok
12:02:58.0876 0400 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:02:58.0876 0400 tunnel - ok
12:02:58.0876 0400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:02:58.0876 0400 uagp35 - ok
12:02:58.0907 0400 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:02:58.0907 0400 udfs - ok
12:02:58.0938 0400 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:02:58.0938 0400 UI0Detect - ok
12:02:58.0970 0400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:02:58.0970 0400 uliagpkx - ok
12:02:58.0985 0400 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:02:58.0985 0400 umbus - ok
12:02:59.0001 0400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:02:59.0001 0400 UmPass - ok
12:02:59.0016 0400 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:02:59.0016 0400 UmRdpService - ok
12:02:59.0048 0400 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:02:59.0048 0400 upnphost - ok
12:02:59.0063 0400 upperdev - ok
12:02:59.0079 0400 USB28xxBGA (c4ed3a5104707e294036e86cbff105e1) C:\Windows\system32\DRIVERS\emBDA64.sys
12:02:59.0094 0400 USB28xxBGA - ok
12:02:59.0094 0400 USB28xxOEM (1222c03f2cc886620b299708a543639e) C:\Windows\system32\DRIVERS\emOEM64.sys
12:02:59.0094 0400 USB28xxOEM - ok
12:02:59.0126 0400 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:02:59.0126 0400 usbccgp - ok
12:02:59.0157 0400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:02:59.0157 0400 usbcir - ok
12:02:59.0172 0400 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:02:59.0172 0400 usbehci - ok
12:02:59.0188 0400 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:02:59.0188 0400 usbhub - ok
12:02:59.0219 0400 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:02:59.0219 0400 usbohci - ok
12:02:59.0235 0400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:02:59.0235 0400 usbprint - ok
12:02:59.0297 0400 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:02:59.0297 0400 usbscan - ok
12:02:59.0313 0400 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:02:59.0313 0400 USBSTOR - ok
12:02:59.0344 0400 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:02:59.0344 0400 usbuhci - ok
12:02:59.0360 0400 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
12:02:59.0360 0400 usb_rndisx - ok
12:02:59.0375 0400 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:02:59.0375 0400 UxSms - ok
12:02:59.0453 0400 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:02:59.0469 0400 VaultSvc - ok
12:02:59.0547 0400 VBoxDrv (f6b266fda43a39924e40b1a42b91c983) C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:02:59.0547 0400 VBoxDrv - ok
12:02:59.0672 0400 VBoxNetAdp (d119c47f337b5b5a80e259563703a922) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:02:59.0672 0400 VBoxNetAdp - ok
12:02:59.0828 0400 VBoxNetFlt (a10eb38d1395f5fce91e07608e0185b6) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
12:02:59.0828 0400 VBoxNetFlt - ok
12:02:59.0859 0400 VBoxUSBMon (6dd88ea539217a9cfeff4ef888c9d101) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:02:59.0859 0400 VBoxUSBMon - ok
12:02:59.0890 0400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:02:59.0890 0400 vdrvroot - ok
12:02:59.0921 0400 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:02:59.0921 0400 vds - ok
12:02:59.0937 0400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:02:59.0937 0400 vga - ok
12:02:59.0952 0400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:02:59.0952 0400 VgaSave - ok
12:02:59.0984 0400 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:02:59.0984 0400 vhdmp - ok
12:03:00.0030 0400 VIAHdAudAddService (906a7c6b6659a650648cf21998270945) C:\Windows\system32\drivers\viahduaa.sys
12:03:00.0046 0400 VIAHdAudAddService - ok
12:03:00.0077 0400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:03:00.0077 0400 viaide - ok
12:03:00.0093 0400 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:03:00.0093 0400 vmbus - ok
12:03:00.0093 0400 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:03:00.0093 0400 VMBusHID - ok
12:03:00.0108 0400 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:03:00.0108 0400 volmgr - ok
12:03:00.0140 0400 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:03:00.0140 0400 volmgrx - ok
12:03:00.0155 0400 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:03:00.0171 0400 volsnap - ok
12:03:00.0202 0400 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
12:03:00.0202 0400 vpcbus - ok
12:03:00.0233 0400 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:03:00.0233 0400 vpcnfltr - ok
12:03:00.0249 0400 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
12:03:00.0249 0400 vpcusb - ok
12:03:00.0296 0400 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
12:03:00.0296 0400 vpcvmm - ok
12:03:00.0311 0400 vserial - ok
12:03:00.0342 0400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:03:00.0342 0400 vsmraid - ok
12:03:00.0405 0400 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:03:00.0420 0400 VSS - ok
12:03:00.0483 0400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:03:00.0498 0400 vwifibus - ok
12:03:00.0514 0400 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:03:00.0530 0400 W32Time - ok
12:03:00.0561 0400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:03:00.0561 0400 WacomPen - ok
12:03:00.0608 0400 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:03:00.0608 0400 WANARP - ok
12:03:00.0608 0400 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:03:00.0608 0400 Wanarpv6 - ok
12:03:00.0670 0400 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:03:00.0686 0400 WatAdminSvc - ok
12:03:00.0779 0400 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:03:00.0795 0400 wbengine - ok
12:03:00.0826 0400 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:03:00.0826 0400 WbioSrvc - ok
12:03:00.0920 0400 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
12:03:00.0920 0400 WcesComm - ok
12:03:00.0951 0400 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:03:00.0951 0400 wcncsvc - ok
12:03:00.0966 0400 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:03:00.0966 0400 WcsPlugInService - ok
12:03:00.0966 0400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:03:00.0982 0400 Wd - ok
12:03:00.0998 0400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:03:00.0998 0400 Wdf01000 - ok
12:03:01.0013 0400 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:03:01.0013 0400 WdiServiceHost - ok
12:03:01.0013 0400 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:03:01.0013 0400 WdiSystemHost - ok
12:03:01.0044 0400 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:03:01.0044 0400 WebClient - ok
12:03:01.0060 0400 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:03:01.0060 0400 Wecsvc - ok
12:03:01.0076 0400 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:03:01.0076 0400 wercplsupport - ok
12:03:01.0091 0400 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:03:01.0091 0400 WerSvc - ok
12:03:01.0122 0400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:03:01.0122 0400 WfpLwf - ok
12:03:01.0122 0400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:03:01.0122 0400 WIMMount - ok
12:03:01.0154 0400 WinDefend - ok
12:03:01.0169 0400 WinHttpAutoProxySvc - ok
12:03:01.0263 0400 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:03:01.0263 0400 Winmgmt - ok
12:03:01.0325 0400 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:03:01.0341 0400 WinRM - ok
12:03:01.0419 0400 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
12:03:01.0419 0400 WinUsb - ok
12:03:01.0450 0400 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:03:01.0450 0400 Wlansvc - ok
12:03:01.0590 0400 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:03:01.0606 0400 wlidsvc - ok
12:03:01.0653 0400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:03:01.0653 0400 WmiAcpi - ok
12:03:01.0668 0400 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:03:01.0684 0400 wmiApSrv - ok
12:03:01.0684 0400 WMPNetworkSvc - ok
12:03:01.0684 0400 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:03:01.0700 0400 WPCSvc - ok
12:03:01.0731 0400 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:03:01.0731 0400 WPDBusEnum - ok
12:03:01.0746 0400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:03:01.0746 0400 ws2ifsl - ok
12:03:01.0762 0400 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:03:01.0762 0400 wscsvc - ok
12:03:01.0762 0400 WSearch - ok
12:03:01.0840 0400 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:03:01.0871 0400 wuauserv - ok
12:03:01.0902 0400 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:03:01.0918 0400 WudfPf - ok
12:03:01.0934 0400 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:03:01.0934 0400 WUDFRd - ok
12:03:01.0965 0400 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:03:01.0965 0400 wudfsvc - ok
12:03:01.0996 0400 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:03:02.0012 0400 WwanSvc - ok
12:03:02.0090 0400 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
12:03:02.0105 0400 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
12:03:02.0136 0400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:03:02.0261 0400 \Device\Harddisk0\DR0 - ok
12:03:02.0277 0400 MBR (0x1B8) (c07036bb451070728871e7cd4970e99b) \Device\Harddisk5\DR5
12:03:02.0698 0400 \Device\Harddisk5\DR5 - ok
12:03:02.0698 0400 Boot (0x1200) (ce3c304a84d4862998bb81b8f1b4f2ad) \Device\Harddisk0\DR0\Partition0
12:03:02.0698 0400 \Device\Harddisk0\DR0\Partition0 - ok
12:03:02.0698 0400 Boot (0x1200) (dcde296c14f18d689251d0d999a0a3e8) \Device\Harddisk0\DR0\Partition1
12:03:02.0714 0400 \Device\Harddisk0\DR0\Partition1 - ok
12:03:02.0714 0400 Boot (0x1200) (5adcb92d06b0a91e9e46417ea33a4860) \Device\Harddisk0\DR0\Partition2
12:03:02.0714 0400 \Device\Harddisk0\DR0\Partition2 - ok
12:03:02.0714 0400 ============================================================
12:03:02.0714 0400 Scan finished
12:03:02.0714 0400 ============================================================
12:03:02.0729 0612 Detected object count: 0
12:03:02.0729 0612 Actual detected object count: 0
12:03:23.0056 5108 Deinitialize success



ComboFix 12-07-01.02 - Ian 01/07/2012 12:07:28.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4087.2681 [GMT 1:00]
Running from: c:\users\Ian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 11:13 . 2012-07-01 11:13 -------- d-----w- c:\users\Laura\AppData\Local\temp
2012-07-01 11:13 . 2012-07-01 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 11:02 . 2012-07-01 11:02 116016 ----a-w- c:\windows\system32\drivers\37251762.sys
2012-06-19 23:10 . 2012-06-19 23:10 -------- d-----w- c:\users\Ian\AppData\Roaming\Malwarebytes
2012-06-19 23:10 . 2012-06-19 23:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 23:10 . 2012-06-19 23:10 -------- d-----w- c:\programdata\Malwarebytes
2012-06-19 23:10 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 14:57 . 2012-06-16 14:57 -------- d-----w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com
2012-06-16 14:56 . 2012-06-16 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-16 14:56 . 2012-06-16 14:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-15 16:53 . 2012-06-15 16:53 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-15 16:53 . 2012-06-15 16:53 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-15 16:46 . 2012-06-15 16:46 -------- d-----w- c:\programdata\ATI
2012-06-15 16:46 . 2012-06-15 16:46 -------- d-----w- c:\programdata\AMD
2012-06-15 16:46 . 2012-06-15 16:46 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-15 16:46 . 2012-06-15 16:46 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-15 16:46 . 2012-06-15 16:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-15 16:43 . 2012-06-15 16:43 -------- d-----w- C:\AMD
2012-06-14 07:29 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 07:29 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 07:29 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 07:29 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 07:14 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:14 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:14 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:14 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:13 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:13 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 07:13 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 07:13 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 07:13 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 07:13 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 07:13 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 07:13 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 07:13 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 14:57 . 2012-06-12 14:57 -------- d-----w- c:\program files\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 10:21 . 2012-03-30 12:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 10:21 . 2011-05-15 09:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 18:58 . 2012-03-30 12:58 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-02-03 04:22 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2010-02-03 04:17 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-02-03 03:23 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-11-25 03:04 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2011-01-26 21:32 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2011-01-26 21:22 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2010-02-03 03:24 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-02-03 03:23 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-01-26 21:12 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 21:34 . 2012-04-05 21:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34 . 2012-04-05 21:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 21:34 . 2012-04-05 21:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 21:33 . 2012-04-05 21:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 21:33 . 2012-04-05 21:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 21:33 . 2012-04-05 21:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 21:32 . 2012-04-05 21:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 21:32 . 2012-04-05 21:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 21:32 . 2012-04-05 21:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GRemoteServer Pro"="c:\program files (x86)\GBM\GRemote Pro\GRemoteServer.exe" [2010-10-18 2642400]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-16 880496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-24 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2009-08-20 7256576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"T Probe"="c:\program files (x86)\ASUS\T Probe\TProbe.exe" [2009-08-06 3984896]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-09-14 230696]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
LockPC.bat - Shortcut.lnk - c:\users\Ian\BatchFiles\LockPC.bat [2010-4-20 493]
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2010-3-7 845584]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-11-25 4009592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 994856]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-9-9 41051]
Run VNC Server.lnk - c:\program files (x86)\RealVNC\VNC4\winvnc4.exe [2010-3-7 439632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-05 99352]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R2 SlimFTPd;SlimFTPd;c:\program files (x86)\SlimFTP\SlimFTPd.exe [2006-10-20 54272]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-03 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-15 113120]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-04 24600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 834544]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-05-16 231600]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-05-16 56752]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/12 20:51];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-16 10:36 148976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-09-09 20549]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-09-14 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-10-12 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-10-12 292136]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-09-14 75248]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-05 284696]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus64.sys [2009-08-05 27336]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy64.sys [2009-08-05 46792]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 156912]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-05-16 176560]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11117133
*Deregistered* - 11117133
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 00:47]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 00:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: alcohol-injection.com\www
Trusted Zone: bmw-planet.com\www
Trusted Zone: pallet-track.net\www
Trusted Zone: tvtorrents.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\xhvltagk.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - 70845c0900000000000000190e05f161
FF - user.js: extensions.funmoods_i.instlDay - 15450
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:54
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-batExec - c:\program files (x86)\batExec\batExec.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-01 12:14:58
ComboFix-quarantined-files.txt 2012-07-01 11:14
.
Pre-Run: 54,796,574,720 bytes free
Post-Run: 54,513,774,592 bytes free
.
- - End Of File - - A52D8CADF1A9A391E4B664CDBCAFF7FF

#7 ian2000t

ian2000t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 01 July 2012 - 09:24 AM

I have just realised that although AVG isn't showing the infection now still, I have all of the logs from when it was showing the infection. Not sure if these are any use to you or not.

Seems the first one to show it was a Scheduled Scan on the evening of 15/06/2012 (morning before hack). However, I only switched the PC on quickly and shut it back down while this scan was running so didn't see the warning of infections! The reason there are so many logs is that I was trying many different scanners (Super anti spyware, malware bytes, TDSS Killer, Avast, ASWMBR, etc and rescanning with AVG after each one - and nothing touched it).

You'll see what I mean about it being a different .sys file each time.

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 04 July 2012 - 11:05 AM

Hello,

I don't see any signs of a current infection. However the keygen you had from the first log you gave me could have been infected with a password stealer. Let's have a few more logs to be sure.


1.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

2.
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

3.
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Things to include in your next reply:;
Roguekiller log
Sophos log
Dr.Web log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 07 July 2012 - 09:32 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 ian2000t

ian2000t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 08 July 2012 - 04:12 PM

Hi, yes still here just been a long, busy week.

Attached the 3 logs as per above. The only download on the Sophos link was "Sophos Virus Removal Tool". I ran that and I've posted the log for it.

Also, the log file created by DrWeb is called "CureIt.log" and is 74Mb in size so I can't post it here.

Re: the KeyGen that AVG found - that has actually been on my D: drive for years without causing issues. I'm not saying it's definitely not that, but I wouldn't have thought it would be.

Attached Files



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 08 July 2012 - 06:45 PM

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 10 July 2012 - 03:24 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 ian2000t

ian2000t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 13 July 2012 - 02:48 AM

Hi, yes, sorry I am still here - just had a few family issues going on this week. Will get some more logs to you asap.

Re: Malwarebytes, I've already got that installed (I installed it to try and remove the infection before i joined here). Should I uninstall it and follow your instructions, or just scan from it's current state?

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 13 July 2012 - 02:38 PM

Re: Malwarebytes, I've already got that installed (I installed it to try and remove the infection before i joined here). Should I uninstall it and follow your instructions, or just scan from it's current state?


Make sure to update it first before running it.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:31 PM

Posted 15 July 2012 - 04:02 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users