Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit


  • This topic is locked This topic is locked
23 replies to this topic

#1 troublesh00ter

troublesh00ter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 09 July 2012 - 11:33 PM

I recently opened a ticket in "Am I Infected" and was redirected here after my helper, Broni, identified a ZeroAccess Rootkit on my machine. I need help removing this infection from my computer. I receive messages from my browser stating that "The site's security certificate is signed using a weak signature algorithm!" and I am also suffering redirects which are attempting to phish my facebook info. Very scary! Pasted and attached is the requested information. Thanks for being an internet hero. :)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by goose at 23:30:35 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1909 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\windows\SysWOW64\vmnetdhcp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\goose\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\goose\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\goose\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\goose\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe
C:\Users\goose\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\windows\system32\taskeng.exe
C:\Users\goose\Desktop\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\goose\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MusicManager] "C:\Users\goose\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [F.lux] "C:\Users\goose\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
StartupFolder: C:\Users\goose\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BOXCRY~1.LNK - C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe
StartupFolder: C:\Users\goose\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\goose\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20E411CF-4527-4695-82AC-4029C9448C31} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20E411CF-4527-4695-82AC-4029C9448C31}\2656C6B696E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20E411CF-4527-4695-82AC-4029C9448C31}\3696761627D616E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20E411CF-4527-4695-82AC-4029C9448C31}\3747F6079647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20E411CF-4527-4695-82AC-4029C9448C31}\56E656874723437686A7 : DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.5.1
TCP: Interfaces\{20E411CF-4527-4695-82AC-4029C9448C31}\96E666563647F55707F6E6F536F6E6E6563647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20E411CF-4527-4695-82AC-4029C9448C31}\A45445 : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{26B524B7-D010-4A3F-A2CC-22F679D1623E} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\goose\AppData\Roaming\Mozilla\Firefox\Profiles\60wvszyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\goose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\goose\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\goose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\goose\AppData\Roaming\Mozilla\Firefox\Profiles\60wvszyo.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\goose\AppData\Roaming\Mozilla\Firefox\Profiles\60wvszyo.default\extensions\TechnicianConsole@logmeinrescue.com\plugins\npRescue.dll
FF - plugin: C:\Users\goose\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\goose\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\goose\AppData\Roaming\Mozilla\plugins\npSlimCleanDB.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cbfs3;cbfs3;\??\C:\windows\system32\drivers\cbfs3.sys --> C:\windows\system32\drivers\cbfs3.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 networx;networx;C:\windows\system32\drivers\networx.sys --> C:\windows\system32\drivers\networx.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cpuz135;cpuz135;\??\C:\windows\system32\drivers\cpuz135_x64.sys --> C:\windows\system32\drivers\cpuz135_x64.sys [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-24 2253688]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-22 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam_x64.sys --> C:\windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S0 Soluto;Soluto;C:\windows\system32\DRIVERS\Soluto.sys --> C:\windows\system32\DRIVERS\Soluto.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-16 136176]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257224]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-16 136176]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-25 129976]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 Folding@home-CPU-[2];Folding@home-CPU-[2];C:\Users\goose\FAH\fah6 -svcstart -d "C:\Users\goose\FAH" --> C:\Users\goose\FAH\fah6 -svcstart -d C:\Users\goose\FAH [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-10 02:19:59 -------- d-----w- C:\Users\goose\AppData\Local\{761E7424-E795-4EE8-B5EC-718CBF186E52}
2012-07-10 02:19:47 -------- d-----w- C:\Users\goose\AppData\Local\{4D1BE980-C90C-43A4-A76F-FF16691945CE}
2012-07-10 01:52:41 -------- d-----w- C:\Users\goose\AppData\Roaming\Malwarebytes
2012-07-09 14:12:31 -------- d-----w- C:\Users\goose\AppData\Local\{BB740FCF-CBEA-4983-80F8-0AB9B26782EB}
2012-07-09 14:12:09 -------- d-----w- C:\Users\goose\AppData\Local\{857F2340-6424-4805-99F9-A358FBE2C78F}
2012-07-09 13:23:12 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-08 16:57:09 -------- d-----w- C:\Users\goose\AppData\Local\{767E507A-8268-4B38-843A-6102C7C97C83}
2012-07-08 16:54:03 -------- d-----w- C:\Program Files (x86)\SlySoft
2012-07-07 03:56:12 -------- d-----w- C:\Users\goose\AppData\Local\{A0E1B4AC-1D64-4013-B2CE-5BC7A9EF1AD6}
2012-07-04 03:59:30 -------- d-----w- C:\Users\goose\AppData\Local\{D99A38B2-CDB8-4ABA-A0CE-2EF88DE65160}
2012-07-03 13:13:25 -------- d-----w- C:\Users\goose\AppData\Local\{1AC33531-3F13-41DC-B540-EFD6FD50A45B}
2012-07-03 13:13:13 -------- d-----w- C:\Users\goose\AppData\Local\{75D14157-F9E0-4C56-B000-E8741620DAD8}
2012-07-02 13:09:56 -------- d-----w- C:\Users\goose\AppData\Local\{41F77045-B768-4211-92CD-281348BD99EA}
2012-07-02 13:09:45 -------- d-----w- C:\Users\goose\AppData\Local\{39F70575-FA97-4D5B-ACA4-2EFE380007AE}
2012-07-01 19:12:02 -------- d-----w- C:\Users\goose\AppData\Local\WBFSManager
2012-07-01 19:11:15 -------- d-----w- C:\Program Files\WBFS
2012-06-30 23:46:21 -------- d-----w- C:\Users\goose\AppData\Local\{C40C2B55-9C3C-4CD8-A3CD-9FE792236EBC}
2012-06-30 23:46:10 -------- d-----w- C:\Users\goose\AppData\Local\{1DB1E0C4-D1F0-4D99-9943-AB15F1455FF4}
2012-06-29 16:03:21 -------- d-----w- C:\Users\goose\AppData\Local\{C399BB14-06CF-4165-B858-38D625B3347D}
2012-06-29 16:03:08 -------- d-----w- C:\Users\goose\AppData\Local\{3AB54C27-D66D-433A-97AF-8CF1F20A8089}
2012-06-29 04:03:14 -------- d-----w- C:\Users\goose\AppData\Local\{006D443C-78F4-4B06-AD4C-8208967F7320}
2012-06-29 04:02:59 -------- d-----w- C:\Users\goose\AppData\Local\{FD24D329-B5EF-4078-9478-823D126B5108}
2012-06-28 13:09:07 -------- d-----w- C:\Users\goose\AppData\Local\{AE130ECB-43D8-4E5B-94D1-36EDC0560053}
2012-06-28 13:08:51 -------- d-----w- C:\Users\goose\AppData\Local\{2E9C7EAE-4E89-4066-8BFB-4399D0641186}
2012-06-27 19:03:01 -------- d-----w- C:\ProgramData\IObit
2012-06-27 19:03:01 -------- d-----w- C:\Program Files (x86)\IObit
2012-06-27 14:43:48 -------- d-----w- C:\Users\goose\AppData\Roaming\AVG
2012-06-27 14:40:43 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-27 13:50:19 63128 ----a-w- C:\windows\System32\drivers\vmx86.sys
2012-06-27 13:49:50 433816 ----a-w- C:\windows\SysWow64\vmnat.exe
2012-06-27 13:49:50 354456 ----a-w- C:\windows\SysWow64\vmnetdhcp.exe
2012-06-27 13:49:48 30360 ----a-w- C:\windows\System32\drivers\vmnetuserif.sys
2012-06-27 13:49:46 942744 ----a-w- C:\windows\System32\vnetlib64.dll
2012-06-27 13:49:42 32920 ----a-w- C:\windows\System32\drivers\VMkbd.sys
2012-06-27 13:49:41 39024 ----a-w- C:\windows\System32\drivers\hcmon.sys
2012-06-27 13:49:11 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-06-27 13:48:17 -------- d-----w- C:\Program Files\Common Files\VMware
2012-06-27 13:01:36 -------- d-----w- C:\Users\goose\AppData\Local\{75FB566C-5666-45D0-AD93-C0F9AD1A2AE2}
2012-06-27 13:01:24 -------- d-----w- C:\Users\goose\AppData\Local\{9D0A64BE-97A1-4B8B-8172-4B04B0E3EE19}
2012-06-26 15:55:38 -------- d-----w- C:\Users\goose\AppData\Local\{8F41225A-0847-43E4-A43E-773FA2BBE2F3}
2012-06-26 15:55:24 -------- d-----w- C:\Users\goose\AppData\Local\{5CFCAC6A-6D61-4508-9A81-AF92A296BEC5}
2012-06-25 15:10:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-25 15:10:03 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-25 15:10:03 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-25 15:10:03 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-25 15:10:03 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-25 13:04:06 -------- d-----w- C:\Users\goose\AppData\Local\{0DA4AFBC-51A2-48FC-91A8-76202FDBB47B}
2012-06-25 13:03:53 -------- d-----w- C:\Users\goose\AppData\Local\{F14836CB-08E3-451A-A151-2102FC4E1B79}
2012-06-22 14:38:13 -------- d-----w- C:\Users\goose\AppData\Roaming\TuneUp Software
2012-06-22 14:37:17 -------- d-----w- C:\ProgramData\TuneUp Software
2012-06-22 14:37:10 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-22 14:19:14 -------- d-----w- C:\Users\goose\AppData\Local\{6B73D976-E5A4-4964-A506-1D6C3C14A18A}
2012-06-22 14:19:02 -------- d-----w- C:\Users\goose\AppData\Local\{6C96C429-A40F-4C86-9D21-C8B351A2C5A4}
2012-06-22 14:09:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-22 14:08:55 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-22 14:08:26 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-22 14:08:26 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-22 04:00:41 -------- d-----w- C:\Users\goose\AppData\Local\{472FDCE6-157E-4E79-A597-7D970D6D01E3}
2012-06-21 15:00:12 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-06-21 15:00:12 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-06-21 13:28:35 -------- d-----w- C:\Users\goose\AppData\Local\{4717668F-1B52-4004-AD7F-1A2F8C391A45}
2012-06-21 13:28:23 -------- d-----w- C:\Users\goose\AppData\Local\{4A2AA6F1-0F63-4728-92D9-B0E20EBDDF60}
2012-06-20 19:45:38 -------- d-----w- C:\Users\goose\AppData\Local\Macromedia
2012-06-20 16:00:52 -------- d-----w- C:\Users\goose\AppData\Local\{3C0E549E-4004-4E17-B72B-0B5C87AAA8C1}
2012-06-20 16:00:28 -------- d-----w- C:\Users\goose\AppData\Local\{5C8764CE-028F-4E5B-AC10-1EF547F94006}
2012-06-20 04:00:14 -------- d-----w- C:\Users\goose\AppData\Local\{1F4879EC-5561-471E-BD0D-910EE53C9ACE}
2012-06-19 13:12:43 -------- d-----w- C:\Users\goose\AppData\Local\{AF094314-BB8F-4F31-BA65-FC5FE19D06C5}
2012-06-19 13:12:04 -------- d-----w- C:\Users\goose\AppData\Local\{7EECDB52-1A95-4438-8AB4-C2BA9D55F93E}
2012-06-18 13:02:05 -------- d-----w- C:\Users\goose\AppData\Local\{9F5B9D4A-0F4A-49F5-A651-F6305C4E4B33}
2012-06-15 16:02:57 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-15 16:02:57 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-15 16:02:56 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-15 16:00:38 -------- d-----w- C:\Users\goose\AppData\Local\{0B0E6080-6F3B-4481-9E0F-C7E5B0A02F00}
2012-06-15 04:00:29 -------- d-----w- C:\Users\goose\AppData\Local\{7F57209D-E9C5-4FBB-B575-1CFCE63E205E}
2012-06-14 12:43:26 -------- d-----w- C:\Users\goose\AppData\Local\{F72510E9-C639-4CF1-9B39-011B1E14FB0E}
2012-06-14 12:42:48 -------- d-----w- C:\Users\goose\AppData\Local\{AE979BFB-A7B2-4DAD-B835-1A629E5713F4}
2012-06-13 18:25:55 -------- d-----w- C:\CEF
2012-06-13 13:19:01 -------- d-----w- C:\Users\goose\AppData\Local\{684F0EB0-6899-400B-9113-4C684AD00D81}
2012-06-13 13:18:50 -------- d-----w- C:\Users\goose\AppData\Local\{0CF61247-2FE6-40DF-A53E-6BA8C7386318}
2012-06-12 16:04:46 -------- d-----w- C:\Users\goose\AppData\Local\{45A63B9F-29D9-4EE0-952A-2CB61318DA4A}
2012-06-12 16:04:34 -------- d-----w- C:\Users\goose\AppData\Local\{0B20E82B-9013-4D8E-86A9-A7DF4FEA4700}
2012-06-12 04:04:35 -------- d-----w- C:\Users\goose\AppData\Local\{AE6A486E-F2A9-4E87-B516-53910040BC58}
2012-06-11 14:49:00 -------- d-----w- C:\windows\SysWow64\wbem\Logs
.
==================== Find3M ====================
.
2012-07-09 13:12:24 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 13:12:24 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-26 15:55:36 9815752 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-09 05:29:42 252056 ----a-w- C:\windows\SysWow64\vmnc.dll
2012-06-09 04:52:20 62064 ----a-w- C:\windows\System32\vmnetbridge.dll
2012-06-09 04:52:20 48752 ----a-w- C:\windows\System32\vnetinst.dll
2012-06-09 04:52:20 45680 ----a-w- C:\windows\System32\drivers\vmnetbridge.sys
2012-06-09 04:52:20 24176 ----a-w- C:\windows\System32\drivers\vmnet.sys
2012-06-09 04:52:20 20080 ----a-w- C:\windows\System32\drivers\vmnetadapter.sys
2012-05-31 20:05:26 288732698 ----a-w- C:\registry_backup.reg
2012-05-23 13:08:17 87456 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2012-05-23 13:08:17 80768 ----a-w- C:\windows\System32\LMIinit.dll
2012-05-23 13:08:17 34688 ----a-w- C:\windows\System32\LMIport.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-17 20:15:58 743760 ----a-w- C:\windows\SysWow64\msvcp100d.dll
2012-05-17 13:45:12 24968 ----a-w- C:\windows\System32\dopdfmn7.dll
2012-05-17 13:45:10 21384 ----a-w- C:\windows\System32\dopdfmi7.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 22:13:24 54728 ----a-w- C:\windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-16 16:32:15 279616 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2011-11-07 03:00:49 2365674 ----a-w- C:\Program Files (x86)\Uninstall.exe
.
============= FINISH: 23:31:17.06 ===============

Attached Files


for3ver,
goose90proof

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 10 July 2012 - 12:17 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 10 July 2012 - 08:48 AM

Thanks for your help Gringo. Here is the requested log file.

Scan result of Farbar Recovery Scan Tool Version: 09-07-2012
Ran by SYSTEM at 10-07-2012 08:06:48
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167704 2012-01-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [392984 2012-01-10] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [417560 2012-01-10] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\goose\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\goose\...\Run: [Google Update] "C:\Users\goose\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-26] (Google Inc.)
HKU\goose\...\Run: [Facebook Update] "C:\Users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-11-15] (Facebook Inc.)
HKU\goose\...\Run: [MusicManager] "C:\Users\goose\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
HKU\goose\...\Run: [F.lux] "C:\Users\goose\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1716784 2012-04-24] (Soluto)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.116.2.50 24.116.2.34 192.168.5.1
Startup: C:\Users\goose\Start Menu\Programs\Startup\BoxCryptor.lnk
ShortcutTarget: BoxCryptor.lnk -> C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
Startup: C:\Users\goose\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\WindowsAnswers\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-23] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-23] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4466688 2007-11-07] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306416 2010-11-11] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8251120 2010-11-11] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467696 2010-11-11] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
1 cbfs3; C:\Windows\System32\Drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2012-04-16] (DT Soft Ltd)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.)
1 networx; C:\Windows\System32\Drivers\networx.sys [56968 2011-02-07] (NetFilterSDK.com)
1 SABI; C:\Windows\System32\Drivers\SABI.sys [13824 2009-05-27] (SAMSUNG ELECTRONICS)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-27] (Duplex Secure Ltd.)
3 WsAudio_DeviceS(1); C:\Windows\System32\Drivers\WsAudio_DeviceS(1).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(2); C:\Windows\System32\Drivers\WsAudio_DeviceS(2).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(3); C:\Windows\System32\Drivers\WsAudio_DeviceS(3).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(4); C:\Windows\System32\Drivers\WsAudio_DeviceS(4).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(5); C:\Windows\System32\Drivers\WsAudio_DeviceS(5).sys [29288 2010-12-24] (Wondershare)
4 Folding@home-CPU-[2]; C:\Users\goose\FAH\fah6 -svcstart -d "C:\Users\goose\FAH" [x]
4 LMIRfsClientNP; [x]
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-10 04:58 - 2012-07-10 04:58 - 01434401 ____A (Farbar) C:\Users\goose\Desktop\FRST64.exe
2012-07-09 20:31 - 2012-07-09 20:31 - 00031622 ____A C:\Users\goose\Desktop\DDS.txt
2012-07-09 20:31 - 2012-07-09 20:31 - 00008170 ____A C:\Users\goose\Desktop\Attach.txt
2012-07-09 20:30 - 2012-07-09 20:30 - 00000582 ____A C:\Users\goose\Desktop\defogger_disable.log
2012-07-09 20:30 - 2012-07-09 20:30 - 00000020 ____A C:\Users\goose\defogger_reenable
2012-07-09 20:23 - 2012-07-09 20:19 - 00607260 ____R (Swearware) C:\Users\goose\Desktop\dds.scr
2012-07-09 19:59 - 2012-07-09 19:59 - 00050477 ____A C:\Users\goose\Desktop\Defogger.exe
2012-07-09 18:39 - 2012-07-09 18:39 - 00002333 ____A C:\Users\goose\Desktop\aswMBR.txt
2012-07-09 18:39 - 2012-07-09 18:39 - 00000512 ____A C:\Users\goose\Desktop\MBR.dat
2012-07-09 18:19 - 2012-07-09 18:20 - 00000000 ____D C:\Users\goose\AppData\Local\{761E7424-E795-4EE8-B5EC-718CBF186E52}
2012-07-09 18:19 - 2012-07-09 18:19 - 00000000 ____D C:\Users\goose\AppData\Local\{4D1BE980-C90C-43A4-A76F-FF16691945CE}
2012-07-09 18:18 - 2012-07-09 18:18 - 00262144 ____A C:\Windows\Minidump\070912-22058-01.dmp
2012-07-09 18:18 - 2012-07-09 18:18 - 00000000 ____D C:\Windows\Minidump
2012-07-09 17:58 - 2012-07-09 17:59 - 00040467 ____A C:\Users\goose\Desktop\Result.txt
2012-07-09 17:58 - 2012-07-09 17:58 - 04731392 ____A (AVAST Software) C:\Users\goose\Desktop\aswMBR.exe
2012-07-09 17:57 - 2012-07-09 17:57 - 00403231 ____A C:\Users\goose\Desktop\MiniToolBox.exe
2012-07-09 17:55 - 2012-07-09 18:21 - 00003817 ____A C:\Users\goose\Desktop\FSS.txt
2012-07-09 17:54 - 2012-07-09 17:54 - 00688663 ____A (Farbar) C:\Users\goose\Desktop\FSS.exe
2012-07-09 17:54 - 2012-07-09 17:54 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-09 17:53 - 2012-07-09 17:53 - 00869194 ____A C:\Users\goose\Desktop\SecurityCheck.exe
2012-07-09 17:52 - 2012-07-09 17:52 - 00000000 ____D C:\Users\goose\Application Data\Malwarebytes
2012-07-09 17:52 - 2012-07-09 17:52 - 00000000 ____D C:\Users\goose\AppData\Roaming\Malwarebytes
2012-07-09 06:12 - 2012-07-09 06:12 - 00000000 ____D C:\Users\goose\AppData\Local\{BB740FCF-CBEA-4983-80F8-0AB9B26782EB}
2012-07-09 06:12 - 2012-07-09 06:12 - 00000000 ____D C:\Users\goose\AppData\Local\{857F2340-6424-4805-99F9-A358FBE2C78F}
2012-07-09 05:23 - 2012-07-09 05:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-08 09:00 - 2012-07-08 09:00 - 00000000 ____D C:\Users\goose\Documents\AnyDVDHD
2012-07-08 08:57 - 2012-07-08 08:57 - 00000000 ____D C:\Users\goose\AppData\Local\{767E507A-8268-4B38-843A-6102C7C97C83}
2012-07-08 08:55 - 2012-07-09 18:18 - 00000908 ____A C:\Windows\PFRO.log
2012-07-08 08:54 - 2012-07-08 08:54 - 00001101 ____A C:\Users\Public\Desktop\AnyDVD.lnk
2012-07-08 08:54 - 2012-07-08 08:54 - 00000000 ____D C:\Users\All Users\SlySoft
2012-07-08 08:54 - 2012-07-08 08:54 - 00000000 ____D C:\Program Files (x86)\SlySoft
2012-07-06 19:56 - 2012-07-06 19:56 - 00000000 ____D C:\Users\goose\AppData\Local\{A0E1B4AC-1D64-4013-B2CE-5BC7A9EF1AD6}
2012-07-06 05:33 - 2012-07-09 20:34 - 00000336 ____A C:\Windows\setupact.log
2012-07-06 05:33 - 2012-07-06 05:33 - 00000000 ____A C:\Windows\setuperr.log
2012-07-03 19:59 - 2012-07-03 19:59 - 00000000 ____D C:\Users\goose\AppData\Local\{D99A38B2-CDB8-4ABA-A0CE-2EF88DE65160}
2012-07-03 05:13 - 2012-07-03 05:13 - 00000000 ____D C:\Users\goose\AppData\Local\{75D14157-F9E0-4C56-B000-E8741620DAD8}
2012-07-03 05:13 - 2012-07-03 05:13 - 00000000 ____D C:\Users\goose\AppData\Local\{1AC33531-3F13-41DC-B540-EFD6FD50A45B}
2012-07-02 05:09 - 2012-07-02 05:10 - 00000000 ____D C:\Users\goose\AppData\Local\{41F77045-B768-4211-92CD-281348BD99EA}
2012-07-02 05:09 - 2012-07-02 05:09 - 00000000 ____D C:\Users\goose\AppData\Local\{39F70575-FA97-4D5B-ACA4-2EFE380007AE}
2012-07-01 12:02 - 2012-07-01 12:02 - 06959040 ____A C:\Users\goose\Downloads\USBLoaderGX_v3.0_IOS249.wad
2012-07-01 12:02 - 2012-07-01 12:02 - 04829984 ____A C:\Users\goose\Downloads\boot.dol
2012-07-01 11:59 - 2012-07-01 11:59 - 00000000 ____D C:\Users\goose\Downloads\USB_Loader_GX-UNEO_Forwarder_16.06.09
2012-07-01 11:31 - 2012-07-09 18:22 - 04804267 ____A C:\Users\goose\Downloads\IOS236_Installer_v6.zip
2012-07-01 11:28 - 2012-07-01 11:28 - 06730633 ____A C:\Users\goose\Downloads\USB_Loader_GX-UNEO_Forwarder_16.06.09.rar
2012-07-01 11:12 - 2012-07-01 11:12 - 00000000 ____D C:\Users\goose\AppData\Local\WBFSManager
2012-07-01 11:11 - 2012-07-01 11:20 - 00000000 ____D C:\Users\goose\Documents\WBFS Manager Covers
2012-07-01 11:11 - 2012-07-01 11:11 - 00000952 ____A C:\Users\goose\Desktop\WBFS Manager 3.0.lnk
2012-07-01 11:11 - 2012-07-01 11:11 - 00000000 ____D C:\Users\goose\Downloads\WBFSManager3.0-RTW-x64
2012-07-01 11:11 - 2012-07-01 11:11 - 00000000 ____D C:\Program Files\WBFS
2012-07-01 11:10 - 2012-07-01 11:10 - 02845640 ____A C:\Users\goose\Downloads\WBFSManager3.0-RTW-x64.zip
2012-07-01 10:31 - 2012-07-01 10:31 - 00022990 ____A C:\Users\goose\Downloads\Wii-Endless.Ocean.NTSC.USA.torrent
2012-07-01 10:30 - 2012-07-01 10:30 - 00047272 ____A C:\Users\goose\Downloads\Wii-Dragon.Ball.Z.Budokai.Tenkaichi.3.USA (1).torrent
2012-07-01 10:30 - 2012-07-01 10:30 - 00015428 ____A C:\Users\goose\Downloads\Wii-Monster.Hunter.3.NTSC.torrent
2012-07-01 09:42 - 2012-07-01 09:45 - 00000000 ____D C:\Users\goose\Desktop\NUSDownloader_v19
2012-06-30 16:56 - 2012-06-30 16:56 - 00047421 ____A C:\Users\goose\Downloads\Wii-Soul.Calibur.Legends-USA.torrent
2012-06-30 16:56 - 2012-06-30 16:56 - 00047272 ____A C:\Users\goose\Downloads\Wii-Dragon.Ball.Z.Budokai.Tenkaichi.3.USA.torrent
2012-06-30 16:56 - 2012-06-30 16:56 - 00039130 ____A C:\Users\goose\Downloads\Wii-Super.Smash.Bros.Brawl.NTSC.USA.torrent
2012-06-30 16:53 - 2012-06-30 16:53 - 00015307 ____A C:\Users\goose\Downloads\Wii-Mario.Kart.PAL.torrent
2012-06-30 15:46 - 2012-06-30 15:46 - 00000000 ____D C:\Users\goose\AppData\Local\{C40C2B55-9C3C-4CD8-A3CD-9FE792236EBC}
2012-06-30 15:46 - 2012-06-30 15:46 - 00000000 ____D C:\Users\goose\AppData\Local\{1DB1E0C4-D1F0-4D99-9943-AB15F1455FF4}
2012-06-29 08:03 - 2012-06-29 08:03 - 00000000 ____D C:\Users\goose\AppData\Local\{C399BB14-06CF-4165-B858-38D625B3347D}
2012-06-29 08:03 - 2012-06-29 08:03 - 00000000 ____D C:\Users\goose\AppData\Local\{3AB54C27-D66D-433A-97AF-8CF1F20A8089}
2012-06-28 20:03 - 2012-06-28 20:03 - 00000000 ____D C:\Users\goose\AppData\Local\{006D443C-78F4-4B06-AD4C-8208967F7320}
2012-06-28 20:02 - 2012-06-28 20:03 - 00000000 ____D C:\Users\goose\AppData\Local\{FD24D329-B5EF-4078-9478-823D126B5108}
2012-06-28 05:09 - 2012-06-28 05:09 - 00000000 ____D C:\Users\goose\AppData\Local\{AE130ECB-43D8-4E5B-94D1-36EDC0560053}
2012-06-28 05:08 - 2012-06-28 05:09 - 00000000 ____D C:\Users\goose\AppData\Local\{2E9C7EAE-4E89-4066-8BFB-4399D0641186}
2012-06-27 13:31 - 2012-07-03 13:58 - 00000521 ____A C:\Users\goose\Documents\support notes.txt
2012-06-27 11:44 - 2012-06-27 11:44 - 00000000 ____D C:\Users\goose\Downloads\swim paper
2012-06-27 11:41 - 2012-06-27 11:41 - 01673608 ____A C:\Users\goose\Downloads\swim paper.zip
2012-06-27 11:03 - 2012-06-27 11:03 - 00000000 ____D C:\Users\All Users\IObit
2012-06-27 11:03 - 2012-06-27 11:03 - 00000000 ____D C:\Program Files (x86)\IObit
2012-06-27 11:02 - 2012-06-27 11:02 - 04359432 ____A (IObit ) C:\Users\goose\Downloads\gb3-setup.exe
2012-06-27 06:43 - 2012-06-27 07:38 - 00000000 ____D C:\Users\goose\Application Data\AVG
2012-06-27 06:43 - 2012-06-27 07:38 - 00000000 ____D C:\Users\goose\AppData\Roaming\AVG
2012-06-27 06:40 - 2012-06-27 06:40 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-27 05:50 - 2012-06-08 23:37 - 00063128 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-06-27 05:49 - 2012-06-27 05:49 - 00002132 ____A C:\Users\Public\Desktop\VMware Player.lnk
2012-06-27 05:49 - 2012-06-08 23:37 - 00942744 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-06-27 05:49 - 2012-06-08 23:37 - 00433816 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-06-27 05:49 - 2012-06-08 23:36 - 00354456 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-06-27 05:49 - 2012-06-08 23:36 - 00032920 ____A (VMware, Inc.) C:\Windows\System32\Drivers\VMkbd.sys
2012-06-27 05:49 - 2012-06-08 23:35 - 00030360 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-06-27 05:49 - 2011-08-29 20:11 - 00039024 ____A (VMware, Inc.) C:\Windows\System32\Drivers\hcmon.sys
2012-06-27 05:48 - 2012-06-27 05:48 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-06-27 05:01 - 2012-06-27 05:01 - 00000000 ____D C:\Users\goose\AppData\Local\{9D0A64BE-97A1-4B8B-8172-4B04B0E3EE19}
2012-06-27 05:01 - 2012-06-27 05:01 - 00000000 ____D C:\Users\goose\AppData\Local\{75FB566C-5666-45D0-AD93-C0F9AD1A2AE2}
2012-06-26 07:55 - 2012-06-26 07:55 - 00000000 ____D C:\Users\goose\AppData\Local\{8F41225A-0847-43E4-A43E-773FA2BBE2F3}
2012-06-26 07:55 - 2012-06-26 07:55 - 00000000 ____D C:\Users\goose\AppData\Local\{5CFCAC6A-6D61-4508-9A81-AF92A296BEC5}
2012-06-25 07:10 - 2012-06-25 07:10 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-25 07:10 - 2012-06-25 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-25 05:04 - 2012-06-25 05:04 - 00000000 ____D C:\Users\goose\AppData\Local\{0DA4AFBC-51A2-48FC-91A8-76202FDBB47B}
2012-06-25 05:03 - 2012-06-25 05:04 - 00000000 ____D C:\Users\goose\AppData\Local\{F14836CB-08E3-451A-A151-2102FC4E1B79}
2012-06-22 06:38 - 2012-06-22 06:38 - 00000000 ____D C:\Users\goose\Application Data\TuneUp Software
2012-06-22 06:38 - 2012-06-22 06:38 - 00000000 ____D C:\Users\goose\AppData\Roaming\TuneUp Software
2012-06-22 06:37 - 2012-06-22 06:38 - 00000000 ____D C:\Users\All Users\TuneUp Software
2012-06-22 06:37 - 2012-06-22 06:37 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-22 06:19 - 2012-06-22 06:19 - 00000000 ____D C:\Users\goose\AppData\Local\{6C96C429-A40F-4C86-9D21-C8B351A2C5A4}
2012-06-22 06:19 - 2012-06-22 06:19 - 00000000 ____D C:\Users\goose\AppData\Local\{6B73D976-E5A4-4964-A506-1D6C3C14A18A}
2012-06-22 06:09 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 06:09 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 06:09 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 06:09 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 06:08 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 06:08 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 06:08 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 06:08 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 06:08 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 20:00 - 2012-06-21 20:00 - 00000000 ____D C:\Users\goose\AppData\Local\{472FDCE6-157E-4E79-A597-7D970D6D01E3}
2012-06-21 07:00 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-21 07:00 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-06-21 05:30 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-21 05:30 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-21 05:30 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-21 05:30 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-21 05:30 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-21 05:30 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-21 05:30 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-21 05:30 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-21 05:30 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-21 05:30 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-21 05:30 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-21 05:30 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-21 05:30 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-21 05:30 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-21 05:30 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-21 05:30 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-21 05:30 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-21 05:30 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-21 05:30 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-21 05:30 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-21 05:30 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-21 05:30 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-21 05:30 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-21 05:30 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-21 05:30 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-21 05:30 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-21 05:30 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-21 05:30 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-21 05:28 - 2012-06-21 05:28 - 00000000 ____D C:\Users\goose\AppData\Local\{4A2AA6F1-0F63-4728-92D9-B0E20EBDDF60}
2012-06-21 05:28 - 2012-06-21 05:28 - 00000000 ____D C:\Users\goose\AppData\Local\{4717668F-1B52-4004-AD7F-1A2F8C391A45}
2012-06-20 11:45 - 2012-06-20 11:45 - 00000000 ____D C:\Users\goose\AppData\Local\Macromedia
2012-06-20 08:00 - 2012-06-20 08:01 - 00000000 ____D C:\Users\goose\AppData\Local\{3C0E549E-4004-4E17-B72B-0B5C87AAA8C1}
2012-06-20 08:00 - 2012-06-20 08:00 - 00000000 ____D C:\Users\goose\AppData\Local\{5C8764CE-028F-4E5B-AC10-1EF547F94006}
2012-06-19 20:00 - 2012-06-19 20:00 - 00000000 ____D C:\Users\goose\AppData\Local\{1F4879EC-5561-471E-BD0D-910EE53C9ACE}
2012-06-19 05:12 - 2012-06-19 05:13 - 00000000 ____D C:\Users\goose\AppData\Local\{AF094314-BB8F-4F31-BA65-FC5FE19D06C5}
2012-06-19 05:12 - 2012-06-19 05:12 - 00000000 ____D C:\Users\goose\AppData\Local\{7EECDB52-1A95-4438-8AB4-C2BA9D55F93E}
2012-06-18 05:02 - 2012-06-18 05:02 - 00000000 ____D C:\Users\goose\AppData\Local\{9F5B9D4A-0F4A-49F5-A651-F6305C4E4B33}
2012-06-15 08:00 - 2012-06-15 08:00 - 00000000 ____D C:\Users\goose\AppData\Local\{0B0E6080-6F3B-4481-9E0F-C7E5B0A02F00}
2012-06-15 05:44 - 2012-06-15 05:45 - 00000000 ____D C:\Users\goose\Documents\KETO
2012-06-14 20:00 - 2012-06-14 20:00 - 00000000 ____D C:\Users\goose\AppData\Local\{7F57209D-E9C5-4FBB-B575-1CFCE63E205E}
2012-06-14 04:43 - 2012-06-14 04:43 - 00000000 ____D C:\Users\goose\AppData\Local\{F72510E9-C639-4CF1-9B39-011B1E14FB0E}
2012-06-14 04:42 - 2012-06-14 04:43 - 00000000 ____D C:\Users\goose\AppData\Local\{AE979BFB-A7B2-4DAD-B835-1A629E5713F4}
2012-06-13 10:25 - 2012-06-13 10:25 - 00000000 ____D C:\Users\goose\Desktop\chrome_ux
2012-06-13 10:25 - 2012-06-13 10:25 - 00000000 ____D C:\CEF
2012-06-13 08:49 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 08:49 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 08:49 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 08:49 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 08:49 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 08:49 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 08:49 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 08:49 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 08:49 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 08:49 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 08:49 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 08:49 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 08:49 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 08:49 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 08:49 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 08:49 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 08:49 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 05:19 - 2012-06-13 05:19 - 00000000 ____D C:\Users\goose\AppData\Local\{684F0EB0-6899-400B-9113-4C684AD00D81}
2012-06-13 05:18 - 2012-06-13 05:19 - 00000000 ____D C:\Users\goose\AppData\Local\{0CF61247-2FE6-40DF-A53E-6BA8C7386318}
2012-06-12 08:04 - 2012-06-12 08:04 - 00000000 ____D C:\Users\goose\AppData\Local\{45A63B9F-29D9-4EE0-952A-2CB61318DA4A}
2012-06-12 08:04 - 2012-06-12 08:04 - 00000000 ____D C:\Users\goose\AppData\Local\{0B20E82B-9013-4D8E-86A9-A7DF4FEA4700}
2012-06-11 20:04 - 2012-06-11 20:04 - 00000000 ____D C:\Users\goose\AppData\Local\{AE6A486E-F2A9-4E87-B516-53910040BC58}


============ 3 Months Modified Files ========================

2012-07-10 05:03 - 2011-01-16 14:27 - 01888857 ____A C:\Windows\WindowsUpdate.log
2012-07-10 04:59 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-10 04:59 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-10 04:58 - 2012-07-10 04:58 - 01434401 ____A (Farbar) C:\Users\goose\Desktop\FRST64.exe
2012-07-10 04:53 - 2012-04-04 13:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-10 04:53 - 2011-01-16 14:36 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-10 04:52 - 2011-11-15 19:44 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001UA.job
2012-07-10 04:52 - 2011-05-16 09:27 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001UA.job
2012-07-09 20:34 - 2012-07-06 05:33 - 00000336 ____A C:\Windows\setupact.log
2012-07-09 20:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-09 20:31 - 2012-07-09 20:31 - 00031622 ____A C:\Users\goose\Desktop\DDS.txt
2012-07-09 20:31 - 2012-07-09 20:31 - 00008170 ____A C:\Users\goose\Desktop\Attach.txt
2012-07-09 20:30 - 2012-07-09 20:30 - 00000582 ____A C:\Users\goose\Desktop\defogger_disable.log
2012-07-09 20:30 - 2012-07-09 20:30 - 00000020 ____A C:\Users\goose\defogger_reenable
2012-07-09 20:24 - 2009-07-13 21:13 - 00784490 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-09 20:19 - 2012-07-09 20:23 - 00607260 ____R (Swearware) C:\Users\goose\Desktop\dds.scr
2012-07-09 19:59 - 2012-07-09 19:59 - 00050477 ____A C:\Users\goose\Desktop\Defogger.exe
2012-07-09 19:55 - 2011-11-15 19:44 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001Core.job
2012-07-09 18:39 - 2012-07-09 18:39 - 00002333 ____A C:\Users\goose\Desktop\aswMBR.txt
2012-07-09 18:39 - 2012-07-09 18:39 - 00000512 ____A C:\Users\goose\Desktop\MBR.dat
2012-07-09 18:22 - 2012-07-01 11:31 - 04804267 ____A C:\Users\goose\Downloads\IOS236_Installer_v6.zip
2012-07-09 18:21 - 2012-07-09 17:55 - 00003817 ____A C:\Users\goose\Desktop\FSS.txt
2012-07-09 18:18 - 2012-07-09 18:18 - 00262144 ____A C:\Windows\Minidump\070912-22058-01.dmp
2012-07-09 18:18 - 2012-07-08 08:55 - 00000908 ____A C:\Windows\PFRO.log
2012-07-09 17:59 - 2012-07-09 17:58 - 00040467 ____A C:\Users\goose\Desktop\Result.txt
2012-07-09 17:58 - 2012-07-09 17:58 - 04731392 ____A (AVAST Software) C:\Users\goose\Desktop\aswMBR.exe
2012-07-09 17:57 - 2012-07-09 17:57 - 00403231 ____A C:\Users\goose\Desktop\MiniToolBox.exe
2012-07-09 17:54 - 2012-07-09 17:54 - 00688663 ____A (Farbar) C:\Users\goose\Desktop\FSS.exe
2012-07-09 17:54 - 2012-07-09 17:54 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-09 17:53 - 2012-07-09 17:53 - 00869194 ____A C:\Users\goose\Desktop\SecurityCheck.exe
2012-07-09 13:57 - 2011-07-12 12:05 - 00002016 ___AH C:\Users\goose\Documents\Default.rdp
2012-07-09 12:35 - 2012-04-26 11:24 - 00000410 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2012-07-09 12:12 - 2011-05-16 09:27 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001Core.job
2012-07-09 05:30 - 2012-05-18 05:38 - 00000380 ____A C:\Windows\Tasks\SlimCleaner Scan.job
2012-07-09 05:12 - 2012-04-04 13:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-09 05:12 - 2011-05-27 14:16 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-08 08:54 - 2012-07-08 08:54 - 00001101 ____A C:\Users\Public\Desktop\AnyDVD.lnk
2012-07-06 05:33 - 2012-07-06 05:33 - 00000000 ____A C:\Windows\setuperr.log
2012-07-03 13:58 - 2012-06-27 13:31 - 00000521 ____A C:\Users\goose\Documents\support notes.txt
2012-07-01 12:02 - 2012-07-01 12:02 - 06959040 ____A C:\Users\goose\Downloads\USBLoaderGX_v3.0_IOS249.wad
2012-07-01 12:02 - 2012-07-01 12:02 - 04829984 ____A C:\Users\goose\Downloads\boot.dol
2012-07-01 11:28 - 2012-07-01 11:28 - 06730633 ____A C:\Users\goose\Downloads\USB_Loader_GX-UNEO_Forwarder_16.06.09.rar
2012-07-01 11:11 - 2012-07-01 11:11 - 00000952 ____A C:\Users\goose\Desktop\WBFS Manager 3.0.lnk
2012-07-01 11:10 - 2012-07-01 11:10 - 02845640 ____A C:\Users\goose\Downloads\WBFSManager3.0-RTW-x64.zip
2012-07-01 10:31 - 2012-07-01 10:31 - 00022990 ____A C:\Users\goose\Downloads\Wii-Endless.Ocean.NTSC.USA.torrent
2012-07-01 10:30 - 2012-07-01 10:30 - 00047272 ____A C:\Users\goose\Downloads\Wii-Dragon.Ball.Z.Budokai.Tenkaichi.3.USA (1).torrent
2012-07-01 10:30 - 2012-07-01 10:30 - 00015428 ____A C:\Users\goose\Downloads\Wii-Monster.Hunter.3.NTSC.torrent
2012-06-30 16:56 - 2012-06-30 16:56 - 00047421 ____A C:\Users\goose\Downloads\Wii-Soul.Calibur.Legends-USA.torrent
2012-06-30 16:56 - 2012-06-30 16:56 - 00047272 ____A C:\Users\goose\Downloads\Wii-Dragon.Ball.Z.Budokai.Tenkaichi.3.USA.torrent
2012-06-30 16:56 - 2012-06-30 16:56 - 00039130 ____A C:\Users\goose\Downloads\Wii-Super.Smash.Bros.Brawl.NTSC.USA.torrent
2012-06-30 16:53 - 2012-06-30 16:53 - 00015307 ____A C:\Users\goose\Downloads\Wii-Mario.Kart.PAL.torrent
2012-06-27 11:41 - 2012-06-27 11:41 - 01673608 ____A C:\Users\goose\Downloads\swim paper.zip
2012-06-27 11:02 - 2012-06-27 11:02 - 04359432 ____A (IObit ) C:\Users\goose\Downloads\gb3-setup.exe
2012-06-27 05:49 - 2012-06-27 05:49 - 00002132 ____A C:\Users\Public\Desktop\VMware Player.lnk
2012-06-27 05:49 - 2011-01-19 14:05 - 00797780 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-26 07:55 - 2012-04-06 05:37 - 09815752 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-22 07:40 - 2011-02-25 12:19 - 00007603 ____A C:\Users\goose\AppData\Local\Resmon.ResmonCfg
2012-06-22 06:16 - 2009-07-13 20:45 - 00455520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-18 10:12 - 2012-04-27 10:04 - 00002467 ____A C:\Users\Public\Desktop\SlimCleaner.lnk
2012-06-15 05:07 - 2012-05-18 11:26 - 00000600 ____A C:\Users\goose\AppData\Local\PUTTY.RND
2012-06-11 07:15 - 2011-03-17 06:27 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk
2012-06-08 23:37 - 2012-06-27 05:50 - 00063128 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-06-08 23:37 - 2012-06-27 05:49 - 00942744 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-06-08 23:37 - 2012-06-27 05:49 - 00433816 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-06-08 23:36 - 2012-06-27 05:49 - 00354456 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-06-08 23:36 - 2012-06-27 05:49 - 00032920 ____A (VMware, Inc.) C:\Windows\System32\Drivers\VMkbd.sys
2012-06-08 23:35 - 2012-06-27 05:49 - 00030360 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-06-08 21:29 - 2012-06-08 21:29 - 00252056 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnc.dll
2012-06-08 20:52 - 2012-06-08 20:52 - 00062064 ____A (VMware, Inc.) C:\Windows\System32\vmnetbridge.dll
2012-06-08 20:52 - 2012-06-08 20:52 - 00048752 ____A (VMware, Inc.) C:\Windows\System32\vnetinst.dll
2012-06-08 20:52 - 2012-06-08 20:52 - 00045680 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetbridge.sys
2012-06-08 20:52 - 2012-06-08 20:52 - 00024176 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnet.sys
2012-06-08 20:52 - 2012-06-08 20:52 - 00020080 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetadapter.sys
2012-06-03 20:28 - 2011-11-08 06:11 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-22 06:09 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 06:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 06:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 06:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 06:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 06:09 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 06:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-22 06:08 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-22 06:08 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 13:41 - 2012-05-31 13:32 - 00000024 ____A C:\ScrubRetValFile.txt
2012-05-31 12:05 - 2012-05-31 12:05 - 288732698 ____A C:\registry_backup.reg
2012-05-31 06:07 - 2009-07-13 18:34 - 00000419 ____A C:\Windows\win.ini
2012-05-30 13:11 - 2012-05-24 06:33 - 00122056 ____A C:\Users\goose\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-28 20:11 - 2012-05-28 20:11 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-05-23 05:08 - 2011-07-18 07:44 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-23 05:08 - 2011-07-18 07:44 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-23 05:08 - 2011-07-18 07:44 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-18 11:18 - 2012-05-18 11:18 - 00000518 ____A C:\Users\goose\Desktop\key.ppk - Shortcut.lnk
2012-05-18 11:15 - 2012-05-18 11:15 - 00000963 ____A C:\Users\Public\Desktop\PuTTY.lnk
2012-05-17 18:47 - 2012-06-21 05:30 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-21 05:30 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-21 05:30 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-21 05:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-21 05:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-21 05:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-21 05:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-21 05:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-21 05:30 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-21 05:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-21 05:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-21 05:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-21 05:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-21 05:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-21 05:30 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-21 05:30 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-21 05:30 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-21 05:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-21 05:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-21 05:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-21 05:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-21 05:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-21 05:30 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-21 05:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-21 05:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-21 05:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-21 05:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-21 05:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 12:15 - 2012-05-17 12:15 - 00743760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll
2012-05-17 05:45 - 2012-05-21 06:07 - 00024968 ____A (Softland) C:\Windows\System32\dopdfmn7.dll
2012-05-17 05:45 - 2012-05-21 06:07 - 00021384 ____A (Softland) C:\Windows\System32\dopdfmi7.dll
2012-05-16 06:30 - 2012-05-16 06:30 - 00017156 ____A C:\Users\goose\.recently-used.xbel
2012-05-14 17:32 - 2012-06-13 08:49 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 12:55 - 2012-04-27 06:21 - 00000514 ____A C:\Users\goose\Desktop\kelsi_mixcd.txt
2012-05-11 09:00 - 2012-05-11 09:00 - 00000977 ____A C:\Users\goose\Desktop\Dolphin.exe - Shortcut.lnk
2012-05-09 16:50 - 2012-05-09 16:40 - 04535526 ____A C:\RecoveryInstaller.apk
2012-05-09 07:53 - 2012-05-09 07:53 - 00000520 ____A C:\Users\goose\Desktop\Eclipse IDE.lnk
2012-05-09 07:16 - 2012-05-09 07:16 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-09 07:16 - 2012-05-09 07:16 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-08 07:44 - 2012-05-08 07:44 - 00000963 ____A C:\Users\goose\Desktop\ePSXe.exe - Shortcut.lnk
2012-05-04 03:06 - 2012-06-13 08:49 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 08:49 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 08:49 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 08:49 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 08:49 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 11:23 - 2012-04-26 11:23 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2012-04-25 21:41 - 2012-06-13 08:49 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 08:49 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 08:49 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 14:13 - 2011-07-14 05:28 - 00054728 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys
2012-04-23 21:37 - 2012-06-13 08:49 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 08:49 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 08:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 08:49 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 08:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 08:49 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 13:12 - 2010-01-22 02:33 - 00002370 ____A C:\RHDSetup.log
2012-04-23 13:12 - 2010-01-22 02:33 - 00000206 ____A C:\setup.log
2012-04-17 05:53 - 2012-04-17 05:53 - 00000958 ____A C:\Users\Public\Desktop\PDF to Word.lnk
2012-04-16 08:32 - 2012-04-16 08:32 - 00279616 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-04-14 14:32 - 2012-04-14 14:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

ZeroAccess:
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\@
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\L
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\L\00000004.@
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\L\1afb2d56
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\L\201d3dde
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U\00000004.@
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U\00000008.@
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U\000000cb.@
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U\80000000.@
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U\80000032.@
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U\80000064.@

ZeroAccess:
C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}
C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\@
C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\L
C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\n
C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3892.55 MB
Available physical RAM: 3262.18 MB
Total Pagefile: 3890.7 MB
Available Pagefile: 3261.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:100 GB) (Free:10.75 GB) NTFS
2 Drive e: () (Fixed) (Total:350.66 GB) (Free:242.55 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:1.95 GB) (Free:0.94 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 2007 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 100 GB 15 GB
Partition 4 Primary 350 GB 115 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 100 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 350 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 2000 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 2000 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-05-21 10:32

======================= End Of Log ==========================
for3ver,
goose90proof

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 10 July 2012 - 10:17 AM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 10 July 2012 - 11:02 AM

Here is the log. If it would help, I do have access to installation media for my OS.

Farbar Recovery Scan Tool Version: 09-07-2012
Ran by SYSTEM at 2012-07-10 10:39:34
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
for3ver,
goose90proof

#6 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 10 July 2012 - 06:48 PM

Bad news. I think that my Desktop computer is now also infected. I cannot connect to the internet on my home network via ethernet but I can on my laptop (which we've been working on). :(
for3ver,
goose90proof

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 10 July 2012 - 08:49 PM

Hello

lets get this one clean and then we will tackle that one

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}
C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 10 July 2012 - 09:55 PM

Thanks for the quick response Gringo. I hope you've had a good day so far. I think you'll be pleased to hear that the redirects seem to have stopped. I say this tentatively, but I visited a few https websites and they all loaded without issue. Of course, I do not doubt your expertise, but it has been years since I've had a virus and it's pretty scary. I'm usually more careful. Anyways, here is the fixlog from FRST.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 2012-07-10 21:47:25 Run:1
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{c45ff06d-2bbd-3310-2edf-da1f62fe0082} moved successfully.
C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====
for3ver,
goose90proof

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 10 July 2012 - 10:15 PM

Hello

Tell me a little about the desktop



I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 10 July 2012 - 11:12 PM

The problems with the Desktop started just last night. With the laptop, I was always able to connect but received bad security certificates from almost every website. Fortunately, I was able to connect to BC! With the Desktop, I have no connectivity. I know the service is working because I can connect to the internet on the same network with my laptop. As for the laptop now, the auspicious behaviour has stopped, but I am still precautious. I will sleep better when you tell me it's clean. Below is the ComboFix log you requested. Sorry it took so long.


ComboFix 12-07-10.01 - goose 07/10/2012 22:39:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2512 [GMT -5:00]
Running from: c:\users\goose\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\lol
c:\program files (x86)\lol\LeagueOfLegends\0x0409.ini
c:\program files (x86)\lol\LeagueOfLegends\data1.cab
c:\program files (x86)\lol\LeagueOfLegends\data1.hdr
c:\program files (x86)\lol\LeagueOfLegends\data2.cab
c:\program files (x86)\lol\LeagueOfLegends\ISSetup.dll
c:\program files (x86)\lol\LeagueOfLegends\layout.bin
c:\program files (x86)\lol\LeagueOfLegends\setup.exe
c:\program files (x86)\lol\LeagueOfLegends\setup.ini
c:\program files (x86)\lol\LeagueOfLegends\setup.inx
c:\program files (x86)\lol\LeagueOfLegends\setup.isn
c:\program files (x86)\Uninstall.exe
c:\program files (x86)\Uninstall.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 03:52 . 2012-07-11 03:52 -------- d-----w- c:\users\WindowsAnswers\AppData\Local\temp
2012-07-10 16:06 . 2012-07-10 16:06 -------- d-----w- C:\FRST
2012-07-10 01:52 . 2012-07-10 01:52 -------- d-----w- c:\users\goose\AppData\Roaming\Malwarebytes
2012-07-09 13:23 . 2012-07-09 13:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-08 16:54 . 2012-07-08 16:54 -------- d-----w- c:\programdata\SlySoft
2012-07-08 16:54 . 2012-07-08 16:54 -------- d-----w- c:\program files (x86)\SlySoft
2012-07-01 19:12 . 2012-07-01 19:12 -------- d-----w- c:\users\goose\AppData\Local\WBFSManager
2012-07-01 19:11 . 2012-07-01 19:11 -------- d-----w- c:\program files\WBFS
2012-06-27 19:03 . 2012-06-27 19:03 -------- d-----w- c:\programdata\IObit
2012-06-27 19:03 . 2012-06-27 19:03 -------- d-----w- c:\program files (x86)\IObit
2012-06-27 14:43 . 2012-06-27 15:38 -------- d-----w- c:\users\goose\AppData\Roaming\AVG
2012-06-27 14:40 . 2012-06-27 14:40 -------- d-----w- c:\program files (x86)\AVG
2012-06-27 13:50 . 2012-06-09 07:37 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-06-27 13:49 . 2012-06-09 07:37 433816 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-06-27 13:49 . 2012-06-09 07:36 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-06-27 13:49 . 2012-06-09 07:35 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-06-27 13:49 . 2012-06-09 07:37 942744 ----a-w- c:\windows\system32\vnetlib64.dll
2012-06-27 13:49 . 2012-06-09 07:36 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-06-27 13:49 . 2011-08-30 04:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-06-27 13:49 . 2012-06-27 13:49 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-06-27 13:48 . 2012-06-27 13:48 -------- d-----w- c:\program files\Common Files\VMware
2012-06-25 15:10 . 2012-06-25 15:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-25 15:10 . 2012-06-25 15:10 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-25 15:10 . 2012-06-25 15:10 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-25 15:10 . 2012-06-25 15:10 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-25 15:10 . 2012-06-25 15:10 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-22 14:38 . 2012-06-22 14:38 -------- d-----w- c:\users\goose\AppData\Roaming\TuneUp Software
2012-06-22 14:37 . 2012-06-22 14:38 -------- d-----w- c:\programdata\TuneUp Software
2012-06-22 14:37 . 2012-06-22 14:37 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-22 14:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 14:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 14:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 14:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 14:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 14:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 14:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 14:08 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 14:08 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:00 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-21 15:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-20 19:45 . 2012-06-20 19:45 -------- d-----w- c:\users\goose\AppData\Local\Macromedia
2012-06-15 16:02 . 2012-06-25 15:10 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-15 16:02 . 2012-06-25 15:10 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-15 16:02 . 2012-06-25 15:10 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-13 18:25 . 2012-06-13 18:25 -------- d-----w- C:\CEF
2012-06-11 14:49 . 2012-06-11 14:49 -------- d-----w- c:\windows\SysWow64\wbem\Logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 13:12 . 2012-04-04 21:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-09 13:12 . 2011-05-27 22:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 15:55 . 2012-04-06 13:37 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-09 05:29 . 2012-06-09 05:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-06-09 04:52 . 2012-06-09 04:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-06-09 04:52 . 2012-06-09 04:52 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-06-09 04:52 . 2012-06-09 04:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-06-09 04:52 . 2012-06-09 04:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-06-09 04:52 . 2012-06-09 04:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-05-31 20:05 . 2012-05-31 20:05 288732698 ----a-w- C:\registry_backup.reg
2012-05-23 13:08 . 2011-07-18 15:44 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-23 13:08 . 2011-07-18 15:44 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-23 13:08 . 2011-07-18 15:44 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-17 20:15 . 2012-05-17 20:15 743760 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2012-05-17 13:45 . 2012-05-21 14:07 24968 ----a-w- c:\windows\system32\dopdfmn7.dll
2012-05-17 13:45 . 2012-05-21 14:07 21384 ----a-w- c:\windows\system32\dopdfmi7.dll
2012-04-24 22:13 . 2011-07-14 13:28 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-16 16:32 . 2012-04-16 16:32 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
"MusicManager"="c:\users\goose\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"F.lux"="c:\users\goose\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\users\WindowsAnswers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\goose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\program files (x86)\BoxCryptor\BoxCryptor.exe [2012-4-12 1179136]
Dropbox.lnk - c:\users\goose\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 129976]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 352144]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 279616]
S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-02-08 56968]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-23 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-12 15928]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-05-20 394016]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:12]
.
2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001Core.job
- c:\users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 03:44]
.
2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001UA.job
- c:\users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 03:44]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 22:36]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 22:36]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001Core.job
- c:\users\goose\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 17:53]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001UA.job
- c:\users\goose\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 17:53]
.
2012-07-09 c:\windows\Tasks\SlimCleaner Scan.job
- c:\program files (x86)\SlimCleaner\SlimCleaner.exe [2012-05-01 18:43]
.
2012-07-09 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-04-26 19:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12666984]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-12 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hotmail.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\goose\AppData\Roaming\Mozilla\Firefox\Profiles\60wvszyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Big Pack 8.4 - c:\program files (x86)\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Folding@home-CPU-[2]]
"ImagePath"="c:\users\goose\FAH\fah6 -svcstart -d \"c:\users\goose\FAH\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2012-07-10 23:01:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-11 04:01
.
Pre-Run: 10,859,343,872 bytes free
Post-Run: 10,811,600,896 bytes free
.
- - End Of File - - C2068CDD20C85727B7CE47ABEB7CC8D1
for3ver,
goose90proof

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 10 July 2012 - 11:48 PM

Greetings

we still have some work to do on this one but when we finish and if you want I will take a look at the other one

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 11 July 2012 - 12:19 AM

TDSSKiller did not find anything. :( Here are the logs.

23:53:48.0090 2248 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:53:48.0436 2248 ============================================================
23:53:48.0436 2248 Current date / time: 2012/07/10 23:53:48.0436
23:53:48.0436 2248 SystemInfo:
23:53:48.0436 2248
23:53:48.0436 2248 OS Version: 6.1.7601 ServicePack: 1.0
23:53:48.0436 2248 Product type: Workstation
23:53:48.0436 2248 ComputerName: RED_NOVA
23:53:48.0436 2248 UserName: goose
23:53:48.0436 2248 Windows directory: C:\windows
23:53:48.0436 2248 System windows directory: C:\windows
23:53:48.0436 2248 Running under WOW64
23:53:48.0436 2248 Processor architecture: Intel x64
23:53:48.0436 2248 Number of processors: 4
23:53:48.0436 2248 Page size: 0x1000
23:53:48.0436 2248 Boot type: Normal boot
23:53:48.0436 2248 ============================================================
23:53:50.0039 2248 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:53:50.0051 2248 ============================================================
23:53:50.0051 2248 \Device\Harddisk0\DR0:
23:53:50.0051 2248 MBR partitions:
23:53:50.0051 2248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
23:53:50.0051 2248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC800000
23:53:50.0051 2248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE632800, BlocksNum 0x2BD52800
23:53:50.0051 2248 ============================================================
23:53:50.0072 2248 C: <-> \Device\Harddisk0\DR0\Partition1
23:53:50.0106 2248 D: <-> \Device\Harddisk0\DR0\Partition2
23:53:50.0106 2248 ============================================================
23:53:50.0106 2248 Initialize success
23:53:50.0106 2248 ============================================================
23:53:52.0766 4552 ============================================================
23:53:52.0766 4552 Scan started
23:53:52.0766 4552 Mode: Manual;
23:53:52.0766 4552 ============================================================
23:53:53.0664 4552 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:53:53.0669 4552 1394ohci - ok
23:53:53.0756 4552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:53:53.0762 4552 ACPI - ok
23:53:53.0822 4552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:53:53.0824 4552 AcpiPmi - ok
23:53:53.0973 4552 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:53:53.0975 4552 AdobeARMservice - ok
23:53:54.0172 4552 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:53:54.0177 4552 AdobeFlashPlayerUpdateSvc - ok
23:53:54.0272 4552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
23:53:54.0281 4552 adp94xx - ok
23:53:54.0339 4552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
23:53:54.0345 4552 adpahci - ok
23:53:54.0408 4552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
23:53:54.0414 4552 adpu320 - ok
23:53:54.0457 4552 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
23:53:54.0459 4552 AeLookupSvc - ok
23:53:54.0553 4552 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
23:53:54.0561 4552 AFD - ok
23:53:54.0612 4552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:53:54.0614 4552 agp440 - ok
23:53:54.0668 4552 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
23:53:54.0670 4552 ALG - ok
23:53:54.0741 4552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:53:54.0742 4552 aliide - ok
23:53:54.0803 4552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:53:54.0805 4552 amdide - ok
23:53:54.0860 4552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
23:53:54.0862 4552 AmdK8 - ok
23:53:54.0886 4552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
23:53:54.0888 4552 AmdPPM - ok
23:53:54.0951 4552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:53:54.0951 4552 amdsata - ok
23:53:54.0998 4552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
23:53:54.0998 4552 amdsbs - ok
23:53:55.0082 4552 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:53:55.0083 4552 amdxata - ok
23:53:55.0186 4552 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\windows\system32\Drivers\AnyDVD.sys
23:53:55.0188 4552 AnyDVD - ok
23:53:55.0243 4552 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:53:55.0245 4552 AppID - ok
23:53:55.0270 4552 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
23:53:55.0272 4552 AppIDSvc - ok
23:53:55.0318 4552 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
23:53:55.0320 4552 Appinfo - ok
23:53:55.0382 4552 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
23:53:55.0384 4552 arc - ok
23:53:55.0419 4552 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
23:53:55.0422 4552 arcsas - ok
23:53:55.0578 4552 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:53:55.0580 4552 aspnet_state - ok
23:53:55.0635 4552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:53:55.0637 4552 AsyncMac - ok
23:53:55.0779 4552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:53:55.0779 4552 atapi - ok
23:53:55.0938 4552 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
23:53:55.0964 4552 athr - ok
23:53:56.0162 4552 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:53:56.0173 4552 AudioEndpointBuilder - ok
23:53:56.0186 4552 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:53:56.0194 4552 AudioSrv - ok
23:53:56.0235 4552 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
23:53:56.0238 4552 AxInstSV - ok
23:53:56.0311 4552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
23:53:56.0319 4552 b06bdrv - ok
23:53:56.0377 4552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:53:56.0382 4552 b57nd60a - ok
23:53:56.0430 4552 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
23:53:56.0433 4552 BDESVC - ok
23:53:56.0461 4552 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:53:56.0462 4552 Beep - ok
23:53:56.0536 4552 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
23:53:56.0548 4552 BFE - ok
23:53:56.0614 4552 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
23:53:56.0629 4552 BITS - ok
23:53:56.0681 4552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:53:56.0683 4552 blbdrive - ok
23:53:56.0720 4552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:53:56.0722 4552 bowser - ok
23:53:56.0770 4552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:53:56.0772 4552 BrFiltLo - ok
23:53:56.0788 4552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:53:56.0789 4552 BrFiltUp - ok
23:53:56.0827 4552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
23:53:56.0829 4552 BridgeMP - ok
23:53:56.0894 4552 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
23:53:56.0897 4552 Browser - ok
23:53:56.0945 4552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:53:56.0950 4552 Brserid - ok
23:53:57.0003 4552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:53:57.0005 4552 BrSerWdm - ok
23:53:57.0025 4552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:53:57.0027 4552 BrUsbMdm - ok
23:53:57.0057 4552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:53:57.0059 4552 BrUsbSer - ok
23:53:57.0104 4552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
23:53:57.0106 4552 BTHMODEM - ok
23:53:57.0144 4552 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
23:53:57.0146 4552 bthserv - ok
23:53:57.0169 4552 catchme - ok
23:53:57.0266 4552 cbfs3 (555fa105c22b1616094edad1cbfb0551) C:\windows\system32\drivers\cbfs3.sys
23:53:57.0271 4552 cbfs3 - ok
23:53:57.0313 4552 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:53:57.0316 4552 cdfs - ok
23:53:57.0381 4552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
23:53:57.0381 4552 cdrom - ok
23:53:57.0428 4552 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:53:57.0428 4552 CertPropSvc - ok
23:53:57.0459 4552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
23:53:57.0475 4552 circlass - ok
23:53:57.0527 4552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:53:57.0533 4552 CLFS - ok
23:53:57.0604 4552 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:57.0607 4552 clr_optimization_v2.0.50727_32 - ok
23:53:57.0630 4552 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:53:57.0632 4552 clr_optimization_v2.0.50727_64 - ok
23:53:57.0706 4552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:53:57.0709 4552 clr_optimization_v4.0.30319_32 - ok
23:53:57.0747 4552 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:53:57.0751 4552 clr_optimization_v4.0.30319_64 - ok
23:53:57.0780 4552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:53:57.0781 4552 CmBatt - ok
23:53:57.0816 4552 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:53:57.0818 4552 cmdide - ok
23:53:57.0889 4552 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
23:53:57.0896 4552 CNG - ok
23:53:57.0936 4552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
23:53:57.0937 4552 Compbatt - ok
23:53:57.0989 4552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
23:53:57.0991 4552 CompositeBus - ok
23:53:58.0006 4552 COMSysApp - ok
23:53:58.0051 4552 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\windows\system32\drivers\cpuz135_x64.sys
23:53:58.0052 4552 cpuz135 - ok
23:53:58.0085 4552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
23:53:58.0087 4552 crcdisk - ok
23:53:58.0145 4552 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
23:53:58.0149 4552 CryptSvc - ok
23:53:58.0246 4552 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:53:58.0257 4552 DcomLaunch - ok
23:53:58.0299 4552 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
23:53:58.0304 4552 defragsvc - ok
23:53:58.0360 4552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:53:58.0362 4552 DfsC - ok
23:53:58.0434 4552 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
23:53:58.0440 4552 Dhcp - ok
23:53:58.0468 4552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:53:58.0469 4552 discache - ok
23:53:58.0508 4552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
23:53:58.0510 4552 Disk - ok
23:53:58.0573 4552 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
23:53:58.0577 4552 Dnscache - ok
23:53:58.0643 4552 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
23:53:58.0648 4552 dot3svc - ok
23:53:58.0680 4552 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
23:53:58.0684 4552 DPS - ok
23:53:58.0712 4552 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:53:58.0713 4552 drmkaud - ok
23:53:58.0786 4552 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\windows\system32\DRIVERS\dtsoftbus01.sys
23:53:58.0796 4552 dtsoftbus01 - ok
23:53:58.0907 4552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:53:58.0919 4552 DXGKrnl - ok
23:53:58.0963 4552 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
23:53:58.0967 4552 EapHost - ok
23:53:59.0213 4552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
23:53:59.0297 4552 ebdrv - ok
23:53:59.0431 4552 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
23:53:59.0434 4552 EFS - ok
23:53:59.0547 4552 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
23:53:59.0558 4552 ehRecvr - ok
23:53:59.0590 4552 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
23:53:59.0590 4552 ehSched - ok
23:53:59.0684 4552 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\windows\system32\Drivers\ElbyCDIO.sys
23:53:59.0684 4552 ElbyCDIO - ok
23:53:59.0793 4552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
23:53:59.0808 4552 elxstor - ok
23:53:59.0849 4552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:53:59.0850 4552 ErrDev - ok
23:53:59.0912 4552 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
23:53:59.0920 4552 EventSystem - ok
23:53:59.0959 4552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:53:59.0963 4552 exfat - ok
23:53:59.0992 4552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:53:59.0996 4552 fastfat - ok
23:54:00.0086 4552 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
23:54:00.0098 4552 Fax - ok
23:54:00.0124 4552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
23:54:00.0126 4552 fdc - ok
23:54:00.0155 4552 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
23:54:00.0156 4552 fdPHost - ok
23:54:00.0186 4552 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
23:54:00.0189 4552 FDResPub - ok
23:54:00.0206 4552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:54:00.0208 4552 FileInfo - ok
23:54:00.0229 4552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:54:00.0230 4552 Filetrace - ok
23:54:00.0257 4552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
23:54:00.0258 4552 flpydisk - ok
23:54:00.0307 4552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:54:00.0312 4552 FltMgr - ok
23:54:00.0394 4552 Folding@home-CPU-[2] - ok
23:54:00.0510 4552 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
23:54:00.0530 4552 FontCache - ok
23:54:00.0623 4552 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:54:00.0624 4552 FontCache3.0.0.0 - ok
23:54:00.0673 4552 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:54:00.0675 4552 FsDepends - ok
23:54:00.0729 4552 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
23:54:00.0731 4552 fssfltr - ok
23:54:00.0915 4552 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:54:00.0930 4552 fsssvc - ok
23:54:01.0082 4552 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
23:54:01.0082 4552 Fs_Rec - ok
23:54:01.0156 4552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:54:01.0160 4552 fvevol - ok
23:54:01.0198 4552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
23:54:01.0200 4552 gagp30kx - ok
23:54:01.0285 4552 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
23:54:01.0299 4552 gpsvc - ok
23:54:01.0386 4552 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:54:01.0388 4552 gupdate - ok
23:54:01.0419 4552 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:54:01.0422 4552 gupdatem - ok
23:54:01.0499 4552 hcmon (adb4348da1345877b04e22203afc8993) C:\windows\system32\drivers\hcmon.sys
23:54:01.0500 4552 hcmon - ok
23:54:01.0529 4552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:54:01.0531 4552 hcw85cir - ok
23:54:01.0612 4552 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:54:01.0619 4552 HdAudAddService - ok
23:54:01.0658 4552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
23:54:01.0661 4552 HDAudBus - ok
23:54:01.0724 4552 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
23:54:01.0725 4552 HECIx64 - ok
23:54:01.0750 4552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
23:54:01.0752 4552 HidBatt - ok
23:54:01.0794 4552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
23:54:01.0797 4552 HidBth - ok
23:54:01.0830 4552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
23:54:01.0832 4552 HidIr - ok
23:54:01.0861 4552 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
23:54:01.0863 4552 hidserv - ok
23:54:01.0919 4552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
23:54:01.0921 4552 HidUsb - ok
23:54:01.0956 4552 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
23:54:01.0959 4552 hkmsvc - ok
23:54:02.0004 4552 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
23:54:02.0010 4552 HomeGroupListener - ok
23:54:02.0053 4552 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
23:54:02.0058 4552 HomeGroupProvider - ok
23:54:02.0111 4552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:54:02.0114 4552 HpSAMD - ok
23:54:02.0211 4552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:54:02.0224 4552 HTTP - ok
23:54:02.0264 4552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:54:02.0265 4552 hwpolicy - ok
23:54:02.0335 4552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
23:54:02.0338 4552 i8042prt - ok
23:54:02.0405 4552 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\windows\system32\DRIVERS\iaStor.sys
23:54:02.0411 4552 iaStor - ok
23:54:02.0485 4552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:54:02.0493 4552 iaStorV - ok
23:54:02.0628 4552 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:54:02.0642 4552 idsvc - ok
23:54:03.0423 4552 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\windows\system32\DRIVERS\igdkmd64.sys
23:54:03.0743 4552 igfx - ok
23:54:03.0886 4552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
23:54:03.0887 4552 iirsp - ok
23:54:03.0994 4552 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
23:54:04.0009 4552 IKEEXT - ok
23:54:04.0080 4552 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
23:54:04.0084 4552 Impcd - ok
23:54:04.0325 4552 IntcAzAudAddService (4bbb5a55eeb5ec11b20fcbb4cbb49357) C:\windows\system32\drivers\RTKVHD64.sys
23:54:04.0361 4552 IntcAzAudAddService - ok
23:54:04.0531 4552 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\windows\system32\DRIVERS\IntcDAud.sys
23:54:04.0536 4552 IntcDAud - ok
23:54:04.0593 4552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:54:04.0594 4552 intelide - ok
23:54:04.0649 4552 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
23:54:04.0650 4552 intelppm - ok
23:54:04.0681 4552 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
23:54:04.0685 4552 IPBusEnum - ok
23:54:04.0727 4552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:54:04.0729 4552 IpFilterDriver - ok
23:54:04.0797 4552 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
23:54:04.0807 4552 iphlpsvc - ok
23:54:04.0849 4552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:54:04.0851 4552 IPMIDRV - ok
23:54:04.0889 4552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:54:04.0892 4552 IPNAT - ok
23:54:04.0921 4552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:54:04.0923 4552 IRENUM - ok
23:54:04.0951 4552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:54:04.0953 4552 isapnp - ok
23:54:05.0016 4552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:54:05.0021 4552 iScsiPrt - ok
23:54:05.0062 4552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:54:05.0063 4552 kbdclass - ok
23:54:05.0119 4552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
23:54:05.0121 4552 kbdhid - ok
23:54:05.0176 4552 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:54:05.0179 4552 KeyIso - ok
23:54:05.0199 4552 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
23:54:05.0202 4552 KSecDD - ok
23:54:05.0226 4552 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
23:54:05.0229 4552 KSecPkg - ok
23:54:05.0271 4552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:54:05.0273 4552 ksthunk - ok
23:54:05.0327 4552 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
23:54:05.0335 4552 KtmRm - ok
23:54:05.0410 4552 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
23:54:05.0416 4552 LanmanServer - ok
23:54:05.0470 4552 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
23:54:05.0476 4552 LanmanWorkstation - ok
23:54:05.0524 4552 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:54:05.0528 4552 lltdio - ok
23:54:05.0600 4552 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
23:54:05.0615 4552 lltdsvc - ok
23:54:05.0647 4552 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
23:54:05.0647 4552 lmhosts - ok
23:54:05.0829 4552 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
23:54:05.0836 4552 LMIGuardianSvc - ok
23:54:05.0890 4552 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
23:54:05.0891 4552 LMIInfo - ok
23:54:05.0933 4552 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
23:54:05.0936 4552 LMIMaint - ok
23:54:05.0995 4552 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\windows\system32\DRIVERS\lmimirr.sys
23:54:05.0996 4552 lmimirr - ok
23:54:06.0001 4552 LMIRfsClientNP - ok
23:54:06.0058 4552 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\windows\system32\drivers\LMIRfsDriver.sys
23:54:06.0059 4552 LMIRfsDriver - ok
23:54:06.0159 4552 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:54:06.0164 4552 LMS - ok
23:54:06.0249 4552 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
23:54:06.0257 4552 LogMeIn - ok
23:54:06.0299 4552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
23:54:06.0302 4552 LSI_FC - ok
23:54:06.0325 4552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
23:54:06.0327 4552 LSI_SAS - ok
23:54:06.0354 4552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:54:06.0356 4552 LSI_SAS2 - ok
23:54:06.0405 4552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:54:06.0408 4552 LSI_SCSI - ok
23:54:06.0444 4552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:54:06.0447 4552 luafv - ok
23:54:06.0497 4552 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\windows\system32\DRIVERS\ManyCam_x64.sys
23:54:06.0498 4552 ManyCam - ok
23:54:06.0556 4552 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
23:54:06.0560 4552 Mcx2Svc - ok
23:54:06.0591 4552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
23:54:06.0593 4552 megasas - ok
23:54:06.0634 4552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
23:54:06.0639 4552 MegaSR - ok
23:54:06.0744 4552 Microsoft SharePoint Workspace Audit Service - ok
23:54:06.0795 4552 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:54:06.0798 4552 MMCSS - ok
23:54:06.0825 4552 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:54:06.0826 4552 Modem - ok
23:54:06.0849 4552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:54:06.0849 4552 monitor - ok
23:54:06.0895 4552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
23:54:06.0895 4552 mouclass - ok
23:54:06.0942 4552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
23:54:06.0958 4552 mouhid - ok
23:54:07.0005 4552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:54:07.0020 4552 mountmgr - ok
23:54:07.0068 4552 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:54:07.0071 4552 MozillaMaintenance - ok
23:54:07.0110 4552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:54:07.0114 4552 mpio - ok
23:54:07.0147 4552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:54:07.0149 4552 mpsdrv - ok
23:54:07.0263 4552 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
23:54:07.0278 4552 MpsSvc - ok
23:54:07.0318 4552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:54:07.0321 4552 MRxDAV - ok
23:54:07.0377 4552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:54:07.0380 4552 mrxsmb - ok
23:54:07.0415 4552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:54:07.0420 4552 mrxsmb10 - ok
23:54:07.0441 4552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:54:07.0444 4552 mrxsmb20 - ok
23:54:07.0481 4552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
23:54:07.0483 4552 msahci - ok
23:54:07.0529 4552 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:54:07.0533 4552 msdsm - ok
23:54:07.0568 4552 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
23:54:07.0572 4552 MSDTC - ok
23:54:07.0617 4552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:54:07.0619 4552 Msfs - ok
23:54:07.0647 4552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:54:07.0649 4552 mshidkmdf - ok
23:54:07.0682 4552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:54:07.0683 4552 msisadrv - ok
23:54:07.0722 4552 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
23:54:07.0726 4552 MSiSCSI - ok
23:54:07.0732 4552 msiserver - ok
23:54:07.0779 4552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:54:07.0781 4552 MSKSSRV - ok
23:54:07.0797 4552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:54:07.0798 4552 MSPCLOCK - ok
23:54:07.0813 4552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:54:07.0814 4552 MSPQM - ok
23:54:07.0872 4552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:54:07.0878 4552 MsRPC - ok
23:54:07.0918 4552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
23:54:07.0919 4552 mssmbios - ok
23:54:07.0949 4552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:54:07.0950 4552 MSTEE - ok
23:54:08.0357 4552 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
23:54:08.0475 4552 msvsmon90 - ok
23:54:08.0596 4552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
23:54:08.0597 4552 MTConfig - ok
23:54:08.0619 4552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:54:08.0621 4552 Mup - ok
23:54:08.0681 4552 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
23:54:08.0691 4552 napagent - ok
23:54:08.0752 4552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:54:08.0758 4552 NativeWifiP - ok
23:54:08.0877 4552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
23:54:08.0892 4552 NDIS - ok
23:54:08.0935 4552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:54:08.0937 4552 NdisCap - ok
23:54:08.0968 4552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:54:08.0970 4552 NdisTapi - ok
23:54:09.0036 4552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:54:09.0038 4552 Ndisuio - ok
23:54:09.0085 4552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:54:09.0089 4552 NdisWan - ok
23:54:09.0115 4552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:54:09.0117 4552 NDProxy - ok
23:54:09.0143 4552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:54:09.0144 4552 NetBIOS - ok
23:54:09.0205 4552 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:54:09.0209 4552 NetBT - ok
23:54:09.0255 4552 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:54:09.0257 4552 Netlogon - ok
23:54:09.0313 4552 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
23:54:09.0322 4552 Netman - ok
23:54:09.0454 4552 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:09.0457 4552 NetMsmqActivator - ok
23:54:09.0471 4552 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:09.0473 4552 NetPipeActivator - ok
23:54:09.0530 4552 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
23:54:09.0540 4552 netprofm - ok
23:54:09.0565 4552 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:09.0567 4552 NetTcpActivator - ok
23:54:09.0574 4552 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:54:09.0576 4552 NetTcpPortSharing - ok
23:54:09.0646 4552 networx (3a02e2cf4cc836abe474b5bd63719772) C:\windows\system32\drivers\networx.sys
23:54:09.0647 4552 networx - ok
23:54:09.0688 4552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
23:54:09.0690 4552 nfrd960 - ok
23:54:09.0762 4552 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
23:54:09.0769 4552 NlaSvc - ok
23:54:09.0800 4552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:54:09.0802 4552 Npfs - ok
23:54:09.0829 4552 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
23:54:09.0832 4552 nsi - ok
23:54:09.0847 4552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:54:09.0848 4552 nsiproxy - ok
23:54:09.0996 4552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:54:10.0021 4552 Ntfs - ok
23:54:10.0150 4552 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:54:10.0151 4552 Null - ok
23:54:10.0213 4552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:54:10.0216 4552 nvraid - ok
23:54:10.0237 4552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:54:10.0237 4552 nvstor - ok
23:54:10.0299 4552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:54:10.0315 4552 nv_agp - ok
23:54:10.0346 4552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:54:10.0346 4552 ohci1394 - ok
23:54:10.0565 4552 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:54:10.0565 4552 ose - ok
23:54:10.0627 4552 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:54:10.0634 4552 p2pimsvc - ok
23:54:10.0691 4552 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
23:54:10.0700 4552 p2psvc - ok
23:54:10.0790 4552 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
23:54:10.0793 4552 Parport - ok
23:54:10.0837 4552 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
23:54:10.0839 4552 partmgr - ok
23:54:10.0877 4552 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
23:54:10.0883 4552 PcaSvc - ok
23:54:10.0934 4552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:54:10.0937 4552 pci - ok
23:54:10.0976 4552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
23:54:10.0977 4552 pciide - ok
23:54:11.0019 4552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
23:54:11.0023 4552 pcmcia - ok
23:54:11.0053 4552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:54:11.0054 4552 pcw - ok
23:54:11.0115 4552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:54:11.0126 4552 PEAUTH - ok
23:54:11.0215 4552 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
23:54:11.0218 4552 PerfHost - ok
23:54:11.0410 4552 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
23:54:11.0434 4552 pla - ok
23:54:11.0498 4552 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
23:54:11.0507 4552 PlugPlay - ok
23:54:11.0559 4552 pneteth (a010f13d27c1033a8be09d5fa9bf348b) C:\windows\system32\DRIVERS\pneteth.sys
23:54:11.0561 4552 pneteth - ok
23:54:11.0588 4552 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
23:54:11.0588 4552 PNRPAutoReg - ok
23:54:11.0619 4552 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:54:11.0619 4552 PNRPsvc - ok
23:54:11.0706 4552 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
23:54:11.0715 4552 PolicyAgent - ok
23:54:11.0757 4552 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
23:54:11.0762 4552 Power - ok
23:54:11.0819 4552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:54:11.0821 4552 PptpMiniport - ok
23:54:11.0854 4552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
23:54:11.0856 4552 Processor - ok
23:54:11.0903 4552 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
23:54:11.0909 4552 ProfSvc - ok
23:54:11.0944 4552 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:54:11.0947 4552 ProtectedStorage - ok
23:54:11.0997 4552 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:54:12.0000 4552 Psched - ok
23:54:12.0157 4552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
23:54:12.0182 4552 ql2300 - ok
23:54:12.0309 4552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
23:54:12.0312 4552 ql40xx - ok
23:54:12.0358 4552 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
23:54:12.0364 4552 QWAVE - ok
23:54:12.0398 4552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:54:12.0400 4552 QWAVEdrv - ok
23:54:12.0415 4552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:54:12.0417 4552 RasAcd - ok
23:54:12.0458 4552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:54:12.0459 4552 RasAgileVpn - ok
23:54:12.0499 4552 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
23:54:12.0504 4552 RasAuto - ok
23:54:12.0601 4552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:54:12.0604 4552 Rasl2tp - ok
23:54:12.0668 4552 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
23:54:12.0676 4552 RasMan - ok
23:54:12.0711 4552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:54:12.0713 4552 RasPppoe - ok
23:54:12.0729 4552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:54:12.0732 4552 RasSstp - ok
23:54:12.0795 4552 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:54:12.0801 4552 rdbss - ok
23:54:12.0830 4552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
23:54:12.0832 4552 rdpbus - ok
23:54:12.0846 4552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:54:12.0847 4552 RDPCDD - ok
23:54:12.0872 4552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:54:12.0873 4552 RDPENCDD - ok
23:54:12.0886 4552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:54:12.0887 4552 RDPREFMP - ok
23:54:12.0941 4552 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
23:54:12.0946 4552 RDPWD - ok
23:54:13.0026 4552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:54:13.0030 4552 rdyboost - ok
23:54:13.0071 4552 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
23:54:13.0075 4552 RemoteAccess - ok
23:54:13.0121 4552 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
23:54:13.0127 4552 RemoteRegistry - ok
23:54:13.0219 4552 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\windows\system32\DRIVERS\revoflt.sys
23:54:13.0221 4552 Revoflt - ok
23:54:13.0281 4552 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\windows\system32\DRIVERS\RMCAST.sys
23:54:13.0284 4552 RMCAST - ok
23:54:13.0314 4552 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
23:54:13.0318 4552 RpcEptMapper - ok
23:54:13.0348 4552 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
23:54:13.0350 4552 RpcLocator - ok
23:54:13.0419 4552 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
23:54:13.0428 4552 RpcSs - ok
23:54:13.0472 4552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:54:13.0474 4552 rspndr - ok
23:54:13.0502 4552 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
23:54:13.0506 4552 RTL8167 - ok
23:54:13.0532 4552 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
23:54:13.0533 4552 SABI - ok
23:54:13.0566 4552 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:54:13.0569 4552 SamSs - ok
23:54:13.0606 4552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:54:13.0609 4552 sbp2port - ok
23:54:13.0658 4552 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
23:54:13.0664 4552 SCardSvr - ok
23:54:13.0700 4552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:54:13.0702 4552 scfilter - ok
23:54:13.0801 4552 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
23:54:13.0816 4552 Schedule - ok
23:54:13.0873 4552 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:54:13.0875 4552 SCPolicySvc - ok
23:54:13.0903 4552 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
23:54:13.0908 4552 SDRSVC - ok
23:54:13.0961 4552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:54:13.0963 4552 secdrv - ok
23:54:14.0003 4552 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
23:54:14.0007 4552 seclogon - ok
23:54:14.0039 4552 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
23:54:14.0042 4552 SENS - ok
23:54:14.0067 4552 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
23:54:14.0071 4552 SensrSvc - ok
23:54:14.0115 4552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
23:54:14.0117 4552 Serenum - ok
23:54:14.0136 4552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
23:54:14.0139 4552 Serial - ok
23:54:14.0193 4552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
23:54:14.0195 4552 sermouse - ok
23:54:14.0247 4552 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
23:54:14.0252 4552 SessionEnv - ok
23:54:14.0278 4552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:54:14.0280 4552 sffdisk - ok
23:54:14.0299 4552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:54:14.0300 4552 sffp_mmc - ok
23:54:14.0313 4552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:54:14.0315 4552 sffp_sd - ok
23:54:14.0341 4552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
23:54:14.0343 4552 sfloppy - ok
23:54:14.0407 4552 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
23:54:14.0414 4552 SharedAccess - ok
23:54:14.0473 4552 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
23:54:14.0481 4552 ShellHWDetection - ok
23:54:14.0522 4552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:54:14.0524 4552 SiSRaid2 - ok
23:54:14.0557 4552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
23:54:14.0560 4552 SiSRaid4 - ok
23:54:14.0583 4552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:54:14.0586 4552 Smb - ok
23:54:14.0626 4552 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
23:54:14.0629 4552 SNMPTRAP - ok
23:54:14.0723 4552 Soluto (f9369327409492097b0bb7ce86bd29de) C:\windows\system32\DRIVERS\Soluto.sys
23:54:14.0725 4552 Soluto - ok
23:54:14.0877 4552 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
23:54:14.0884 4552 SolutoService - ok
23:54:14.0926 4552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:54:14.0927 4552 spldr - ok
23:54:15.0009 4552 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
23:54:15.0020 4552 Spooler - ok
23:54:15.0292 4552 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
23:54:15.0386 4552 sppsvc - ok
23:54:15.0538 4552 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
23:54:15.0542 4552 sppuinotify - ok
23:54:15.0590 4552 sptd - ok
23:54:15.0691 4552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:54:15.0699 4552 srv - ok
23:54:15.0769 4552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:54:15.0776 4552 srv2 - ok
23:54:15.0817 4552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:54:15.0821 4552 srvnet - ok
23:54:15.0870 4552 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
23:54:15.0876 4552 SSDPSRV - ok
23:54:15.0902 4552 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
23:54:15.0907 4552 SstpSvc - ok
23:54:15.0991 4552 Steam Client Service - ok
23:54:16.0031 4552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
23:54:16.0033 4552 stexstor - ok
23:54:16.0118 4552 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
23:54:16.0130 4552 stisvc - ok
23:54:16.0161 4552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
23:54:16.0162 4552 swenum - ok
23:54:16.0222 4552 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
23:54:16.0233 4552 swprv - ok
23:54:16.0338 4552 SynTP (2f827bb08cc7f1a17df2ead7b424d731) C:\windows\system32\DRIVERS\SynTP.sys
23:54:16.0342 4552 SynTP - ok
23:54:16.0488 4552 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
23:54:16.0520 4552 SysMain - ok
23:54:16.0656 4552 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
23:54:16.0661 4552 TabletInputService - ok
23:54:16.0700 4552 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
23:54:16.0709 4552 TapiSrv - ok
23:54:16.0738 4552 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
23:54:16.0742 4552 TBS - ok
23:54:16.0930 4552 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
23:54:16.0960 4552 Tcpip - ok
23:54:17.0226 4552 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
23:54:17.0248 4552 TCPIP6 - ok
23:54:17.0400 4552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:54:17.0402 4552 tcpipreg - ok
23:54:17.0431 4552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:54:17.0433 4552 TDPIPE - ok
23:54:17.0460 4552 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
23:54:17.0462 4552 TDTCP - ok
23:54:17.0507 4552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:54:17.0511 4552 tdx - ok
23:54:17.0776 4552 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
23:54:17.0803 4552 TeamViewer6 - ok
23:54:17.0960 4552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
23:54:17.0961 4552 TermDD - ok
23:54:18.0044 4552 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
23:54:18.0057 4552 TermService - ok
23:54:18.0095 4552 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
23:54:18.0098 4552 Themes - ok
23:54:18.0130 4552 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:54:18.0133 4552 THREADORDER - ok
23:54:18.0176 4552 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
23:54:18.0181 4552 TrkWks - ok
23:54:18.0259 4552 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
23:54:18.0263 4552 TrustedInstaller - ok
23:54:18.0306 4552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:54:18.0308 4552 tssecsrv - ok
23:54:18.0372 4552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:54:18.0374 4552 TsUsbFlt - ok
23:54:18.0432 4552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:54:18.0435 4552 tunnel - ok
23:54:18.0470 4552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
23:54:18.0472 4552 uagp35 - ok
23:54:18.0521 4552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:54:18.0527 4552 udfs - ok
23:54:18.0560 4552 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
23:54:18.0564 4552 UI0Detect - ok
23:54:18.0616 4552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:54:18.0618 4552 uliagpkx - ok
23:54:18.0664 4552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
23:54:18.0666 4552 umbus - ok
23:54:18.0698 4552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
23:54:18.0700 4552 UmPass - ok
23:54:18.0984 4552 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:54:19.0020 4552 UNS - ok
23:54:19.0160 4552 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
23:54:19.0168 4552 upnphost - ok
23:54:19.0235 4552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
23:54:19.0237 4552 usbccgp - ok
23:54:19.0291 4552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:54:19.0294 4552 usbcir - ok
23:54:19.0312 4552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
23:54:19.0314 4552 usbehci - ok
23:54:19.0355 4552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:54:19.0361 4552 usbhub - ok
23:54:19.0399 4552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
23:54:19.0401 4552 usbohci - ok
23:54:19.0430 4552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
23:54:19.0432 4552 usbprint - ok
23:54:19.0454 4552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:54:19.0457 4552 USBSTOR - ok
23:54:19.0479 4552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
23:54:19.0481 4552 usbuhci - ok
23:54:19.0538 4552 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
23:54:19.0542 4552 usbvideo - ok
23:54:19.0580 4552 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
23:54:19.0584 4552 UxSms - ok
23:54:19.0634 4552 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:54:19.0637 4552 VaultSvc - ok
23:54:19.0677 4552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:54:19.0678 4552 vdrvroot - ok
23:54:19.0752 4552 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
23:54:19.0764 4552 vds - ok
23:54:19.0804 4552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:54:19.0804 4552 vga - ok
23:54:19.0819 4552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:54:19.0819 4552 VgaSave - ok
23:54:19.0872 4552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:54:19.0877 4552 vhdmp - ok
23:54:19.0898 4552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:54:19.0900 4552 viaide - ok
23:54:20.0035 4552 VMAuthdService (1562a089b46c821487aff8d01ee5547e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
23:54:20.0038 4552 VMAuthdService - ok
23:54:20.0110 4552 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\windows\system32\DRIVERS\vmci.sys
23:54:20.0113 4552 vmci - ok
23:54:20.0194 4552 vmkbd (de41918b7abae9056eb1e62540d229d3) C:\windows\system32\drivers\VMkbd.sys
23:54:20.0195 4552 vmkbd - ok
23:54:20.0238 4552 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\windows\system32\DRIVERS\vmnetadapter.sys
23:54:20.0239 4552 VMnetAdapter - ok
23:54:20.0290 4552 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\windows\system32\DRIVERS\vmnetbridge.sys
23:54:20.0292 4552 VMnetBridge - ok
23:54:20.0298 4552 VMnetDHCP - ok
23:54:20.0344 4552 VMnetuserif (0ab32d9f175c015d97eb712f5e636313) C:\windows\system32\drivers\vmnetuserif.sys
23:54:20.0345 4552 VMnetuserif - ok
23:54:20.0485 4552 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
23:54:20.0499 4552 VMUSBArbService - ok
23:54:20.0545 4552 VMware NAT Service - ok
23:54:20.0588 4552 vmx86 (840dd8ad9b1e26f82c598242369ea770) C:\windows\system32\drivers\vmx86.sys
23:54:20.0590 4552 vmx86 - ok
23:54:20.0628 4552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:54:20.0630 4552 volmgr - ok
23:54:20.0706 4552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:54:20.0712 4552 volmgrx - ok
23:54:20.0772 4552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
23:54:20.0777 4552 volsnap - ok
23:54:20.0821 4552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
23:54:20.0825 4552 vsmraid - ok
23:54:20.0972 4552 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
23:54:20.0988 4552 VSS - ok
23:54:21.0128 4552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:54:21.0128 4552 vwifibus - ok
23:54:21.0159 4552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:54:21.0159 4552 vwififlt - ok
23:54:21.0190 4552 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
23:54:21.0190 4552 vwifimp - ok
23:54:21.0237 4552 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
23:54:21.0258 4552 W32Time - ok
23:54:21.0290 4552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
23:54:21.0292 4552 WacomPen - ok
23:54:21.0338 4552 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:54:21.0341 4552 WANARP - ok
23:54:21.0346 4552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:54:21.0348 4552 Wanarpv6 - ok
23:54:21.0471 4552 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
23:54:21.0491 4552 WatAdminSvc - ok
23:54:21.0629 4552 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
23:54:21.0655 4552 wbengine - ok
23:54:21.0803 4552 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
23:54:21.0809 4552 WbioSrvc - ok
23:54:21.0870 4552 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
23:54:21.0879 4552 wcncsvc - ok
23:54:21.0908 4552 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
23:54:21.0913 4552 WcsPlugInService - ok
23:54:21.0962 4552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
23:54:21.0964 4552 Wd - ok
23:54:22.0021 4552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:54:22.0032 4552 Wdf01000 - ok
23:54:22.0050 4552 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:54:22.0055 4552 WdiServiceHost - ok
23:54:22.0061 4552 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:54:22.0065 4552 WdiSystemHost - ok
23:54:22.0120 4552 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
23:54:22.0128 4552 WebClient - ok
23:54:22.0182 4552 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
23:54:22.0189 4552 Wecsvc - ok
23:54:22.0213 4552 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
23:54:22.0217 4552 wercplsupport - ok
23:54:22.0245 4552 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
23:54:22.0245 4552 WerSvc - ok
23:54:22.0307 4552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:54:22.0307 4552 WfpLwf - ok
23:54:22.0338 4552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:54:22.0338 4552 WIMMount - ok
23:54:22.0373 4552 WinDefend - ok
23:54:22.0385 4552 WinHttpAutoProxySvc - ok
23:54:22.0456 4552 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
23:54:22.0460 4552 Winmgmt - ok
23:54:22.0499 4552 WinRing0_1_2_0 - ok
23:54:22.0682 4552 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
23:54:22.0716 4552 WinRM - ok
23:54:22.0915 4552 winusb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
23:54:22.0917 4552 winusb - ok
23:54:23.0016 4552 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
23:54:23.0033 4552 Wlansvc - ok
23:54:23.0157 4552 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:54:23.0159 4552 wlcrasvc - ok
23:54:23.0337 4552 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:54:23.0362 4552 wlidsvc - ok
23:54:23.0508 4552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
23:54:23.0510 4552 WmiAcpi - ok
23:54:23.0571 4552 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
23:54:23.0575 4552 wmiApSrv - ok
23:54:23.0611 4552 WMPNetworkSvc - ok
23:54:23.0734 4552 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe
23:54:23.0739 4552 WMZuneComm - ok
23:54:23.0767 4552 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
23:54:23.0771 4552 WPCSvc - ok
23:54:23.0823 4552 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
23:54:23.0829 4552 WPDBusEnum - ok
23:54:23.0862 4552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:54:23.0864 4552 ws2ifsl - ok
23:54:23.0907 4552 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(1).sys
23:54:23.0908 4552 WsAudio_DeviceS(1) - ok
23:54:23.0926 4552 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(2).sys
23:54:23.0927 4552 WsAudio_DeviceS(2) - ok
23:54:23.0952 4552 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(3).sys
23:54:23.0953 4552 WsAudio_DeviceS(3) - ok
23:54:23.0986 4552 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(4).sys
23:54:23.0987 4552 WsAudio_DeviceS(4) - ok
23:54:24.0002 4552 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(5).sys
23:54:24.0003 4552 WsAudio_DeviceS(5) - ok
23:54:24.0067 4552 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
23:54:24.0072 4552 wscsvc - ok
23:54:24.0077 4552 WSearch - ok
23:54:24.0284 4552 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
23:54:24.0325 4552 wuauserv - ok
23:54:24.0478 4552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:54:24.0478 4552 WudfPf - ok
23:54:24.0525 4552 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:54:24.0525 4552 WUDFRd - ok
23:54:24.0572 4552 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
23:54:24.0572 4552 wudfsvc - ok
23:54:24.0619 4552 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
23:54:24.0619 4552 WwanSvc - ok
23:54:24.0697 4552 yukonw7 (5140cf619cbf64ac0c1a17cf6555123a) C:\windows\system32\DRIVERS\yk62x64.sys
23:54:24.0712 4552 yukonw7 - ok
23:54:25.0412 4552 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe
23:54:25.0632 4552 ZuneNetworkSvc - ok
23:54:25.0810 4552 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
23:54:25.0818 4552 ZuneWlanCfgSvc - ok
23:54:25.0889 4552 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
23:54:26.0308 4552 \Device\Harddisk0\DR0 - ok
23:54:26.0313 4552 Boot (0x1200) (5abf29e54b001c4f3ed159b9a38f8f0c) \Device\Harddisk0\DR0\Partition0
23:54:26.0315 4552 \Device\Harddisk0\DR0\Partition0 - ok
23:54:26.0333 4552 Boot (0x1200) (295346056d65efe4dd90764576350544) \Device\Harddisk0\DR0\Partition1
23:54:26.0335 4552 \Device\Harddisk0\DR0\Partition1 - ok
23:54:26.0355 4552 Boot (0x1200) (df6d8900ef94577a5fb2932a8c956c8f) \Device\Harddisk0\DR0\Partition2
23:54:26.0358 4552 \Device\Harddisk0\DR0\Partition2 - ok
23:54:26.0359 4552 ============================================================
23:54:26.0359 4552 Scan finished
23:54:26.0359 4552 ============================================================
23:54:26.0377 4052 Detected object count: 0
23:54:26.0377 4052 Actual detected object count: 0
23:54:46.0413 5700 ============================================================
23:54:46.0413 5700 Scan started
23:54:46.0413 5700 Mode: Manual;
23:54:46.0413 5700 ============================================================
23:54:46.0689 5700 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:54:46.0692 5700 1394ohci - ok
23:54:46.0749 5700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:54:46.0754 5700 ACPI - ok
23:54:46.0774 5700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:54:46.0775 5700 AcpiPmi - ok
23:54:46.0901 5700 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:54:46.0902 5700 AdobeARMservice - ok
23:54:47.0078 5700 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:54:47.0081 5700 AdobeFlashPlayerUpdateSvc - ok
23:54:47.0162 5700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
23:54:47.0167 5700 adp94xx - ok
23:54:47.0202 5700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
23:54:47.0202 5700 adpahci - ok
23:54:47.0234 5700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
23:54:47.0234 5700 adpu320 - ok
23:54:47.0249 5700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
23:54:47.0265 5700 AeLookupSvc - ok
23:54:47.0329 5700 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
23:54:47.0335 5700 AFD - ok
23:54:47.0374 5700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:54:47.0376 5700 agp440 - ok
23:54:47.0397 5700 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
23:54:47.0399 5700 ALG - ok
23:54:47.0414 5700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:54:47.0415 5700 aliide - ok
23:54:47.0432 5700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:54:47.0432 5700 amdide - ok
23:54:47.0466 5700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
23:54:47.0467 5700 AmdK8 - ok
23:54:47.0491 5700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
23:54:47.0493 5700 AmdPPM - ok
23:54:47.0528 5700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:54:47.0529 5700 amdsata - ok
23:54:47.0572 5700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
23:54:47.0575 5700 amdsbs - ok
23:54:47.0611 5700 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:54:47.0612 5700 amdxata - ok
23:54:47.0669 5700 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\windows\system32\Drivers\AnyDVD.sys
23:54:47.0672 5700 AnyDVD - ok
23:54:47.0705 5700 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:54:47.0706 5700 AppID - ok
23:54:47.0732 5700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
23:54:47.0733 5700 AppIDSvc - ok
23:54:47.0768 5700 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
23:54:47.0769 5700 Appinfo - ok
23:54:47.0809 5700 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
23:54:47.0811 5700 arc - ok
23:54:47.0838 5700 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
23:54:47.0840 5700 arcsas - ok
23:54:47.0939 5700 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:54:47.0941 5700 aspnet_state - ok
23:54:47.0963 5700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:54:47.0964 5700 AsyncMac - ok
23:54:48.0008 5700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:54:48.0009 5700 atapi - ok
23:54:48.0138 5700 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
23:54:48.0156 5700 athr - ok
23:54:48.0335 5700 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:54:48.0335 5700 AudioEndpointBuilder - ok
23:54:48.0350 5700 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:54:48.0366 5700 AudioSrv - ok
23:54:48.0408 5700 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
23:54:48.0410 5700 AxInstSV - ok
23:54:48.0497 5700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
23:54:48.0503 5700 b06bdrv - ok
23:54:48.0551 5700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:54:48.0554 5700 b57nd60a - ok
23:54:48.0591 5700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
23:54:48.0593 5700 BDESVC - ok
23:54:48.0612 5700 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:54:48.0612 5700 Beep - ok
23:54:48.0685 5700 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
23:54:48.0694 5700 BFE - ok
23:54:48.0766 5700 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
23:54:48.0778 5700 BITS - ok
23:54:48.0833 5700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:54:48.0834 5700 blbdrive - ok
23:54:48.0859 5700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:54:48.0861 5700 bowser - ok
23:54:48.0887 5700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:54:48.0888 5700 BrFiltLo - ok
23:54:48.0905 5700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:54:48.0906 5700 BrFiltUp - ok
23:54:48.0934 5700 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
23:54:48.0935 5700 BridgeMP - ok
23:54:48.0990 5700 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
23:54:48.0992 5700 Browser - ok
23:54:49.0039 5700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:54:49.0042 5700 Brserid - ok
23:54:49.0064 5700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:54:49.0065 5700 BrSerWdm - ok
23:54:49.0087 5700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:54:49.0088 5700 BrUsbMdm - ok
23:54:49.0119 5700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:54:49.0120 5700 BrUsbSer - ok
23:54:49.0146 5700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
23:54:49.0147 5700 BTHMODEM - ok
23:54:49.0183 5700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
23:54:49.0185 5700 bthserv - ok
23:54:49.0190 5700 catchme - ok
23:54:49.0248 5700 cbfs3 (555fa105c22b1616094edad1cbfb0551) C:\windows\system32\drivers\cbfs3.sys
23:54:49.0252 5700 cbfs3 - ok
23:54:49.0285 5700 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:54:49.0286 5700 cdfs - ok
23:54:49.0332 5700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
23:54:49.0335 5700 cdrom - ok
23:54:49.0378 5700 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:54:49.0380 5700 CertPropSvc - ok
23:54:49.0412 5700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
23:54:49.0413 5700 circlass - ok
23:54:49.0467 5700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:54:49.0472 5700 CLFS - ok
23:54:49.0544 5700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:54:49.0546 5700 clr_optimization_v2.0.50727_32 - ok
23:54:49.0569 5700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:54:49.0571 5700 clr_optimization_v2.0.50727_64 - ok
23:54:49.0624 5700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:54:49.0626 5700 clr_optimization_v4.0.30319_32 - ok
23:54:49.0665 5700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:54:49.0667 5700 clr_optimization_v4.0.30319_64 - ok
23:54:49.0698 5700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:54:49.0698 5700 CmBatt - ok
23:54:49.0734 5700 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:54:49.0735 5700 cmdide - ok
23:54:49.0791 5700 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
23:54:49.0796 5700 CNG - ok
23:54:49.0831 5700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
23:54:49.0832 5700 Compbatt - ok
23:54:49.0863 5700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
23:54:49.0864 5700 CompositeBus - ok
23:54:49.0869 5700 COMSysApp - ok
23:54:49.0891 5700 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\windows\system32\drivers\cpuz135_x64.sys
23:54:49.0891 5700 cpuz135 - ok
23:54:49.0925 5700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
23:54:49.0926 5700 crcdisk - ok
23:54:49.0973 5700 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
23:54:49.0976 5700 CryptSvc - ok
23:54:50.0046 5700 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:54:50.0055 5700 DcomLaunch - ok
23:54:50.0107 5700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
23:54:50.0112 5700 defragsvc - ok
23:54:50.0155 5700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:54:50.0157 5700 DfsC - ok
23:54:50.0207 5700 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
23:54:50.0211 5700 Dhcp - ok
23:54:50.0230 5700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:54:50.0231 5700 discache - ok
23:54:50.0260 5700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
23:54:50.0261 5700 Disk - ok
23:54:50.0303 5700 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
23:54:50.0306 5700 Dnscache - ok
23:54:50.0363 5700 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
23:54:50.0367 5700 dot3svc - ok
23:54:50.0397 5700 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
23:54:50.0401 5700 DPS - ok
23:54:50.0429 5700 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:54:50.0430 5700 drmkaud - ok
23:54:50.0475 5700 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\windows\system32\DRIVERS\dtsoftbus01.sys
23:54:50.0479 5700 dtsoftbus01 - ok
23:54:50.0569 5700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:54:50.0581 5700 DXGKrnl - ok
23:54:50.0611 5700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
23:54:50.0614 5700 EapHost - ok
23:54:50.0914 5700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
23:54:50.0953 5700 ebdrv - ok
23:54:51.0083 5700 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
23:54:51.0085 5700 EFS - ok
23:54:51.0188 5700 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
23:54:51.0196 5700 ehRecvr - ok
23:54:51.0237 5700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
23:54:51.0239 5700 ehSched - ok
23:54:51.0314 5700 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\windows\system32\Drivers\ElbyCDIO.sys
23:54:51.0315 5700 ElbyCDIO - ok
23:54:51.0439 5700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
23:54:51.0446 5700 elxstor - ok
23:54:51.0477 5700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:54:51.0478 5700 ErrDev - ok
23:54:51.0542 5700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
23:54:51.0548 5700 EventSystem - ok
23:54:51.0588 5700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:54:51.0591 5700 exfat - ok
23:54:51.0622 5700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:54:51.0625 5700 fastfat - ok
23:54:51.0704 5700 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
23:54:51.0714 5700 Fax - ok
23:54:51.0753 5700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
23:54:51.0754 5700 fdc - ok
23:54:51.0772 5700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
23:54:51.0774 5700 fdPHost - ok
23:54:51.0793 5700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
23:54:51.0795 5700 FDResPub - ok
23:54:51.0813 5700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:54:51.0814 5700 FileInfo - ok
23:54:51.0835 5700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:54:51.0836 5700 Filetrace - ok
23:54:51.0874 5700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
23:54:51.0875 5700 flpydisk - ok
23:54:51.0925 5700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:54:51.0929 5700 FltMgr - ok
23:54:51.0990 5700 Folding@home-CPU-[2] - ok
23:54:52.0129 5700 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
23:54:52.0144 5700 FontCache - ok
23:54:52.0241 5700 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:54:52.0242 5700 FontCache3.0.0.0 - ok
23:54:52.0279 5700 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:54:52.0280 5700 FsDepends - ok
23:54:52.0313 5700 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
23:54:52.0314 5700 fssfltr - ok
23:54:52.0517 5700 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:54:52.0535 5700 fsssvc - ok
23:54:52.0678 5700 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
23:54:52.0678 5700 Fs_Rec - ok
23:54:52.0730 5700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:54:52.0733 5700 fvevol - ok
23:54:52.0760 5700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
23:54:52.0761 5700 gagp30kx - ok
23:54:52.0849 5700 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
23:54:52.0860 5700 gpsvc - ok
23:54:52.0938 5700 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:54:52.0940 5700 gupdate - ok
23:54:52.0947 5700 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:54:52.0949 5700 gupdatem - ok
23:54:52.0995 5700 hcmon (adb4348da1345877b04e22203afc8993) C:\windows\system32\drivers\hcmon.sys
23:54:52.0996 5700 hcmon - ok
23:54:53.0025 5700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:54:53.0026 5700 hcw85cir - ok
23:54:53.0085 5700 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:54:53.0090 5700 HdAudAddService - ok
23:54:53.0121 5700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
23:54:53.0123 5700 HDAudBus - ok
23:54:53.0152 5700 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
23:54:53.0154 5700 HECIx64 - ok
23:54:53.0179 5700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
23:54:53.0180 5700 HidBatt - ok
23:54:53.0223 5700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
23:54:53.0225 5700 HidBth - ok
23:54:53.0259 5700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
23:54:53.0260 5700 HidIr - ok
23:54:53.0285 5700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
23:54:53.0285 5700 hidserv - ok
23:54:53.0325 5700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
23:54:53.0326 5700 HidUsb - ok
23:54:53.0363 5700 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
23:54:53.0366 5700 hkmsvc - ok
23:54:53.0411 5700 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
23:54:53.0415 5700 HomeGroupListener - ok
23:54:53.0476 5700 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
23:54:53.0481 5700 HomeGroupProvider - ok
23:54:53.0528 5700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:54:53.0529 5700 HpSAMD - ok
23:54:53.0616 5700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:54:53.0625 5700 HTTP - ok
23:54:53.0659 5700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:54:53.0660 5700 hwpolicy - ok
23:54:53.0704 5700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
23:54:53.0707 5700 i8042prt - ok
23:54:53.0765 5700 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\windows\system32\DRIVERS\iaStor.sys
23:54:53.0772 5700 iaStor - ok
23:54:53.0825 5700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:54:53.0830 5700 iaStorV - ok
23:54:53.0986 5700 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:54:53.0998 5700 idsvc - ok
23:54:54.0965 5700 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\windows\system32\DRIVERS\igdkmd64.sys
23:54:55.0111 5700 igfx - ok
23:54:55.0359 5700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
23:54:55.0360 5700 iirsp - ok
23:54:55.0466 5700 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
23:54:55.0477 5700 IKEEXT - ok
23:54:55.0519 5700 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
23:54:55.0522 5700 Impcd - ok
23:54:55.0744 5700 IntcAzAudAddService (4bbb5a55eeb5ec11b20fcbb4cbb49357) C:\windows\system32\drivers\RTKVHD64.sys
23:54:55.0779 5700 IntcAzAudAddService - ok
23:54:55.0927 5700 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\windows\system32\DRIVERS\IntcDAud.sys
23:54:55.0931 5700 IntcDAud - ok
23:54:55.0974 5700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:54:55.0974 5700 intelide - ok
23:54:56.0011 5700 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
23:54:56.0012 5700 intelppm - ok
23:54:56.0055 5700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
23:54:56.0058 5700 IPBusEnum - ok
23:54:56.0101 5700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:54:56.0103 5700 IpFilterDriver - ok
23:54:56.0163 5700 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
23:54:56.0171 5700 iphlpsvc - ok
23:54:56.0212 5700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:54:56.0213 5700 IPMIDRV - ok
23:54:56.0241 5700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:54:56.0243 5700 IPNAT - ok
23:54:56.0262 5700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:54:56.0263 5700 IRENUM - ok
23:54:56.0287 5700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:54:56.0287 5700 isapnp - ok
23:54:56.0365 5700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:54:56.0365 5700 iScsiPrt - ok
23:54:56.0385 5700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:54:56.0385 5700 kbdclass - ok
23:54:56.0427 5700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
23:54:56.0428 5700 kbdhid - ok
23:54:56.0506 5700 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:54:56.0508 5700 KeyIso - ok
23:54:56.0529 5700 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
23:54:56.0531 5700 KSecDD - ok
23:54:56.0556 5700 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
23:54:56.0559 5700 KSecPkg - ok
23:54:56.0601 5700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:54:56.0601 5700 ksthunk - ok
23:54:56.0654 5700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
23:54:56.0660 5700 KtmRm - ok
23:54:56.0727 5700 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
23:54:56.0733 5700 LanmanServer - ok
23:54:56.0772 5700 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
23:54:56.0777 5700 LanmanWorkstation - ok
23:54:56.0797 5700 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:54:56.0798 5700 lltdio - ok
23:54:56.0849 5700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
23:54:56.0854 5700 lltdsvc - ok
23:54:56.0877 5700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
23:54:56.0879 5700 lmhosts - ok
23:54:57.0019 5700 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
23:54:57.0024 5700 LMIGuardianSvc - ok
23:54:57.0064 5700 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
23:54:57.0064 5700 LMIInfo - ok
23:54:57.0093 5700 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
23:54:57.0095 5700 LMIMaint - ok
23:54:57.0112 5700 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\windows\system32\DRIVERS\lmimirr.sys
23:54:57.0113 5700 lmimirr - ok
23:54:57.0118 5700 LMIRfsClientNP - ok
23:54:57.0154 5700 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\windows\system32\drivers\LMIRfsDriver.sys
23:54:57.0155 5700 LMIRfsDriver - ok
23:54:57.0246 5700 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:54:57.0250 5700 LMS - ok
23:54:57.0363 5700 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
23:54:57.0368 5700 LogMeIn - ok
23:54:57.0405 5700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
23:54:57.0407 5700 LSI_FC - ok
23:54:57.0432 5700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
23:54:57.0434 5700 LSI_SAS - ok
23:54:57.0458 5700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:54:57.0460 5700 LSI_SAS2 - ok
23:54:57.0501 5700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:54:57.0503 5700 LSI_SCSI - ok
23:54:57.0539 5700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:54:57.0541 5700 luafv - ok
23:54:57.0571 5700 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\windows\system32\DRIVERS\ManyCam_x64.sys
23:54:57.0572 5700 ManyCam - ok
23:54:57.0618 5700 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
23:54:57.0621 5700 Mcx2Svc - ok
23:54:57.0653 5700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
23:54:57.0654 5700 megasas - ok
23:54:57.0696 5700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
23:54:57.0700 5700 MegaSR - ok
23:54:57.0795 5700 Microsoft SharePoint Workspace Audit Service - ok
23:54:57.0834 5700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:54:57.0837 5700 MMCSS - ok
23:54:57.0866 5700 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:54:57.0867 5700 Modem - ok
23:54:57.0881 5700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:54:57.0882 5700 monitor - ok
23:54:57.0924 5700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
23:54:57.0925 5700 mouclass - ok
23:54:57.0952 5700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
23:54:57.0953 5700 mouhid - ok
23:54:58.0004 5700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:54:58.0006 5700 mountmgr - ok
23:54:58.0042 5700 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:54:58.0044 5700 MozillaMaintenance - ok
23:54:58.0083 5700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:54:58.0086 5700 mpio - ok
23:54:58.0121 5700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:54:58.0122 5700 mpsdrv - ok
23:54:58.0214 5700 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
23:54:58.0226 5700 MpsSvc - ok
23:54:58.0269 5700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:54:58.0271 5700 MRxDAV - ok
23:54:58.0317 5700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:54:58.0319 5700 mrxsmb - ok
23:54:58.0356 5700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:54:58.0360 5700 mrxsmb10 - ok
23:54:58.0381 5700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:54:58.0384 5700 mrxsmb20 - ok
23:54:58.0421 5700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
23:54:58.0422 5700 msahci - ok
23:54:58.0469 5700 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:54:58.0471 5700 msdsm - ok
23:54:58.0508 5700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
23:54:58.0512 5700 MSDTC - ok
23:54:58.0546 5700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:54:58.0547 5700 Msfs - ok
23:54:58.0565 5700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:54:58.0566 5700 mshidkmdf - ok
23:54:58.0600 5700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:54:58.0601 5700 msisadrv - ok
23:54:58.0640 5700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
23:54:58.0643 5700 MSiSCSI - ok
23:54:58.0648 5700 msiserver - ok
23:54:58.0685 5700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:54:58.0686 5700 MSKSSRV - ok
23:54:58.0703 5700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:54:58.0704 5700 MSPCLOCK - ok
23:54:58.0720 5700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:54:58.0721 5700 MSPQM - ok
23:54:58.0777 5700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:54:58.0782 5700 MsRPC - ok
23:54:58.0824 5700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
23:54:58.0825 5700 mssmbios - ok
23:54:58.0844 5700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:54:58.0845 5700 MSTEE - ok
23:54:59.0265 5700 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
23:54:59.0317 5700 msvsmon90 - ok
23:54:59.0447 5700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
23:54:59.0448 5700 MTConfig - ok
23:54:59.0470 5700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:54:59.0472 5700 Mup - ok
23:54:59.0527 5700 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
23:54:59.0534 5700 napagent - ok
23:54:59.0585 5700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:54:59.0589 5700 NativeWifiP - ok
23:54:59.0688 5700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
23:54:59.0699 5700 NDIS - ok
23:54:59.0730 5700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:54:59.0731 5700 NdisCap - ok
23:54:59.0753 5700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:54:59.0754 5700 NdisTapi - ok
23:54:59.0797 5700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:54:59.0799 5700 Ndisuio - ok
23:54:59.0850 5700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:54:59.0852 5700 NdisWan - ok
23:54:59.0877 5700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:54:59.0879 5700 NDProxy - ok
23:54:59.0905 5700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:54:59.0906 5700 NetBIOS - ok
23:54:59.0967 5700 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:54:59.0971 5700 NetBT - ok
23:55:00.0006 5700 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:55:00.0008 5700 Netlogon - ok
23:55:00.0052 5700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
23:55:00.0058 5700 Netman - ok
23:55:00.0160 5700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:55:00.0163 5700 NetMsmqActivator - ok
23:55:00.0169 5700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:55:00.0172 5700 NetPipeActivator - ok
23:55:00.0224 5700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
23:55:00.0232 5700 netprofm - ok
23:55:00.0240 5700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:55:00.0242 5700 NetTcpActivator - ok
23:55:00.0249 5700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:55:00.0252 5700 NetTcpPortSharing - ok
23:55:00.0319 5700 networx (3a02e2cf4cc836abe474b5bd63719772) C:\windows\system32\drivers\networx.sys
23:55:00.0320 5700 networx - ok
23:55:00.0351 5700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
23:55:00.0352 5700 nfrd960 - ok
23:55:00.0414 5700 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
23:55:00.0420 5700 NlaSvc - ok
23:55:00.0440 5700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:55:00.0441 5700 Npfs - ok
23:55:00.0469 5700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
23:55:00.0472 5700 nsi - ok
23:55:00.0486 5700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:55:00.0487 5700 nsiproxy - ok
23:55:00.0634 5700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:55:00.0653 5700 Ntfs - ok
23:55:00.0779 5700 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:55:00.0780 5700 Null - ok
23:55:00.0820 5700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:55:00.0822 5700 nvraid - ok
23:55:00.0854 5700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:55:00.0856 5700 nvstor - ok
23:55:00.0886 5700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:55:00.0888 5700 nv_agp - ok
23:55:00.0929 5700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:55:00.0930 5700 ohci1394 - ok
23:55:01.0069 5700 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:55:01.0071 5700 ose - ok
23:55:01.0122 5700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:55:01.0128 5700 p2pimsvc - ok
23:55:01.0178 5700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
23:55:01.0185 5700 p2psvc - ok
23:55:01.0275 5700 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
23:55:01.0277 5700 Parport - ok
23:55:01.0322 5700 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
23:55:01.0324 5700 partmgr - ok
23:55:01.0422 5700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
23:55:01.0426 5700 PcaSvc - ok
23:55:01.0474 5700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:55:01.0476 5700 pci - ok
23:55:01.0505 5700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
23:55:01.0506 5700 pciide - ok
23:55:01.0562 5700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
23:55:01.0565 5700 pcmcia - ok
23:55:01.0593 5700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:55:01.0594 5700 pcw - ok
23:55:01.0695 5700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:55:01.0704 5700 PEAUTH - ok
23:55:01.0777 5700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
23:55:01.0780 5700 PerfHost - ok
23:55:01.0977 5700 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
23:55:01.0996 5700 pla - ok
23:55:02.0050 5700 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
23:55:02.0057 5700 PlugPlay - ok
23:55:02.0121 5700 pneteth (a010f13d27c1033a8be09d5fa9bf348b) C:\windows\system32\DRIVERS\pneteth.sys
23:55:02.0122 5700 pneteth - ok
23:55:02.0153 5700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
23:55:02.0156 5700 PNRPAutoReg - ok
23:55:02.0189 5700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:55:02.0195 5700 PNRPsvc - ok
23:55:02.0271 5700 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
23:55:02.0278 5700 PolicyAgent - ok
23:55:02.0321 5700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
23:55:02.0326 5700 Power - ok
23:55:02.0370 5700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:55:02.0372 5700 PptpMiniport - ok
23:55:02.0405 5700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
23:55:02.0406 5700 Processor - ok
23:55:02.0454 5700 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
23:55:02.0459 5700 ProfSvc - ok
23:55:02.0495 5700 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:55:02.0498 5700 ProtectedStorage - ok
23:55:02.0537 5700 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:55:02.0539 5700 Psched - ok
23:55:02.0680 5700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
23:55:02.0699 5700 ql2300 - ok
23:55:02.0826 5700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
23:55:02.0828 5700 ql40xx - ok
23:55:02.0864 5700 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
23:55:02.0869 5700 QWAVE - ok
23:55:02.0905 5700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:55:02.0906 5700 QWAVEdrv - ok
23:55:02.0921 5700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:55:02.0922 5700 RasAcd - ok
23:55:02.0954 5700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:55:02.0955 5700 RasAgileVpn - ok
23:55:02.0995 5700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
23:55:03.0000 5700 RasAuto - ok
23:55:03.0096 5700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:55:03.0098 5700 Rasl2tp - ok
23:55:03.0153 5700 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
23:55:03.0160 5700 RasMan - ok
23:55:03.0195 5700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:55:03.0197 5700 RasPppoe - ok
23:55:03.0214 5700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:55:03.0216 5700 RasSstp - ok
23:55:03.0280 5700 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:55:03.0284 5700 rdbss - ok
23:55:03.0315 5700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
23:55:03.0316 5700 rdpbus - ok
23:55:03.0330 5700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:55:03.0331 5700 RDPCDD - ok
23:55:03.0340 5700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:55:03.0341 5700 RDPENCDD - ok
23:55:03.0353 5700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:55:03.0354 5700 RDPREFMP - ok
23:55:03.0411 5700 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
23:55:03.0415 5700 RDPWD - ok
23:55:03.0461 5700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:55:03.0465 5700 rdyboost - ok
23:55:03.0509 5700 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
23:55:03.0512 5700 RemoteAccess - ok
23:55:03.0548 5700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
23:55:03.0552 5700 RemoteRegistry - ok
23:55:03.0592 5700 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\windows\system32\DRIVERS\revoflt.sys
23:55:03.0594 5700 Revoflt - ok
23:55:03.0631 5700 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\windows\system32\DRIVERS\RMCAST.sys
23:55:03.0633 5700 RMCAST - ok
23:55:03.0664 5700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
23:55:03.0668 5700 RpcEptMapper - ok
23:55:03.0699 5700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
23:55:03.0701 5700 RpcLocator - ok
23:55:03.0765 5700 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
23:55:03.0775 5700 RpcSs - ok
23:55:03.0813 5700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:55:03.0814 5700 rspndr - ok
23:55:03.0839 5700 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
23:55:03.0842 5700 RTL8167 - ok
23:55:03.0872 5700 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
23:55:03.0873 5700 SABI - ok
23:55:03.0907 5700 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:55:03.0909 5700 SamSs - ok
23:55:03.0947 5700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:55:03.0949 5700 sbp2port - ok
23:55:03.0986 5700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
23:55:03.0991 5700 SCardSvr - ok
23:55:04.0018 5700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:55:04.0019 5700 scfilter - ok
23:55:04.0125 5700 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
23:55:04.0141 5700 Schedule - ok
23:55:04.0180 5700 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:55:04.0182 5700 SCPolicySvc - ok
23:55:04.0209 5700 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
23:55:04.0214 5700 SDRSVC - ok
23:55:04.0268 5700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:55:04.0269 5700 secdrv - ok
23:55:04.0310 5700 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
23:55:04.0314 5700 seclogon - ok
23:55:04.0345 5700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
23:55:04.0348 5700 SENS - ok
23:55:04.0363 5700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
23:55:04.0366 5700 SensrSvc - ok
23:55:04.0399 5700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
23:55:04.0400 5700 Serenum - ok
23:55:04.0421 5700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
23:55:04.0423 5700 Serial - ok
23:55:04.0467 5700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
23:55:04.0468 5700 sermouse - ok
23:55:04.0521 5700 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
23:55:04.0525 5700 SessionEnv - ok
23:55:04.0562 5700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:55:04.0563 5700 sffdisk - ok
23:55:04.0583 5700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:55:04.0584 5700 sffp_mmc - ok
23:55:04.0598 5700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:55:04.0599 5700 sffp_sd - ok
23:55:04.0625 5700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
23:55:04.0626 5700 sfloppy - ok
23:55:04.0678 5700 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
23:55:04.0684 5700 SharedAccess - ok
23:55:04.0748 5700 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
23:55:04.0755 5700 ShellHWDetection - ok
23:55:04.0785 5700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:55:04.0786 5700 SiSRaid2 - ok
23:55:04.0819 5700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
23:55:04.0821 5700 SiSRaid4 - ok
23:55:04.0845 5700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:55:04.0847 5700 Smb - ok
23:55:04.0888 5700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
23:55:04.0891 5700 SNMPTRAP - ok
23:55:04.0930 5700 Soluto (f9369327409492097b0bb7ce86bd29de) C:\windows\system32\DRIVERS\Soluto.sys
23:55:04.0931 5700 Soluto - ok
23:55:05.0100 5700 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
23:55:05.0108 5700 SolutoService - ok
23:55:05.0143 5700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:55:05.0144 5700 spldr - ok
23:55:05.0209 5700 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
23:55:05.0218 5700 Spooler - ok
23:55:05.0491 5700 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
23:55:05.0539 5700 sppsvc - ok
23:55:05.0655 5700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
23:55:05.0658 5700 sppuinotify - ok
23:55:05.0664 5700 sptd - ok
23:55:05.0757 5700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:55:05.0763 5700 srv - ok
23:55:05.0826 5700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:55:05.0831 5700 srv2 - ok
23:55:05.0868 5700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:55:05.0871 5700 srvnet - ok
23:55:05.0909 5700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
23:55:05.0914 5700 SSDPSRV - ok
23:55:05.0931 5700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
23:55:05.0935 5700 SstpSvc - ok
23:55:05.0998 5700 Steam Client Service - ok
23:55:06.0027 5700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
23:55:06.0028 5700 stexstor - ok
23:55:06.0102 5700 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
23:55:06.0112 5700 stisvc - ok
23:55:06.0146 5700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
23:55:06.0147 5700 swenum - ok
23:55:06.0212 5700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
23:55:06.0221 5700 swprv - ok
23:55:06.0311 5700 SynTP (2f827bb08cc7f1a17df2ead7b424d731) C:\windows\system32\DRIVERS\SynTP.sys
23:55:06.0315 5700 SynTP - ok
23:55:06.0492 5700 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
23:55:06.0515 5700 SysMain - ok
23:55:06.0652 5700 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
23:55:06.0656 5700 TabletInputService - ok
23:55:06.0696 5700 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
23:55:06.0703 5700 TapiSrv - ok
23:55:06.0730 5700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
23:55:06.0730 5700 TBS - ok
23:55:06.0923 5700 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
23:55:06.0946 5700 Tcpip - ok
23:55:07.0202 5700 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
23:55:07.0224 5700 TCPIP6 - ok
23:55:07.0373 5700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:55:07.0374 5700 tcpipreg - ok
23:55:07.0404 5700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:55:07.0405 5700 TDPIPE - ok
23:55:07.0433 5700 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
23:55:07.0434 5700 TDTCP - ok
23:55:07.0482 5700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:55:07.0484 5700 tdx - ok
23:55:07.0729 5700 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
23:55:07.0756 5700 TeamViewer6 - ok
23:55:07.0900 5700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
23:55:07.0901 5700 TermDD - ok
23:55:07.0974 5700 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
23:55:07.0984 5700 TermService - ok
23:55:08.0011 5700 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
23:55:08.0015 5700 Themes - ok
23:55:08.0046 5700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:55:08.0049 5700 THREADORDER - ok
23:55:08.0071 5700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
23:55:08.0075 5700 TrkWks - ok
23:55:08.0142 5700 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
23:55:08.0145 5700 TrustedInstaller - ok
23:55:08.0189 5700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:55:08.0190 5700 tssecsrv - ok
23:55:08.0222 5700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:55:08.0224 5700 TsUsbFlt - ok
23:55:08.0271 5700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:55:08.0273 5700 tunnel - ok
23:55:08.0309 5700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
23:55:08.0310 5700 uagp35 - ok
23:55:08.0360 5700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:55:08.0365 5700 udfs - ok
23:55:08.0399 5700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
23:55:08.0402 5700 UI0Detect - ok
23:55:08.0443 5700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:55:08.0445 5700 uliagpkx - ok
23:55:08.0481 5700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
23:55:08.0482 5700 umbus - ok
23:55:08.0515 5700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
23:55:08.0516 5700 UmPass - ok
23:55:08.0786 5700 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:55:08.0813 5700 UNS - ok
23:55:08.0967 5700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
23:55:08.0974 5700 upnphost - ok
23:55:09.0051 5700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
23:55:09.0053 5700 usbccgp - ok
23:55:09.0097 5700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:55:09.0098 5700 usbcir - ok
23:55:09.0118 5700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
23:55:09.0119 5700 usbehci - ok
23:55:09.0160 5700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:55:09.0165 5700 usbhub - ok
23:55:09.0204 5700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
23:55:09.0205 5700 usbohci - ok
23:55:09.0236 5700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
23:55:09.0237 5700 usbprint - ok
23:55:09.0260 5700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:55:09.0262 5700 USBSTOR - ok
23:55:09.0284 5700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
23:55:09.0285 5700 usbuhci - ok
23:55:09.0331 5700 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
23:55:09.0334 5700 usbvideo - ok
23:55:09.0374 5700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
23:55:09.0378 5700 UxSms - ok
23:55:09.0418 5700 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:55:09.0420 5700 VaultSvc - ok
23:55:09.0461 5700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:55:09.0462 5700 vdrvroot - ok
23:55:09.0525 5700 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
23:55:09.0534 5700 vds - ok
23:55:09.0563 5700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:55:09.0564 5700 vga - ok
23:55:09.0577 5700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:55:09.0579 5700 VgaSave - ok
23:55:09.0625 5700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:55:09.0628 5700 vhdmp - ok
23:55:09.0649 5700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:55:09.0650 5700 viaide - ok
23:55:09.0764 5700 VMAuthdService (1562a089b46c821487aff8d01ee5547e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
23:55:09.0766 5700 VMAuthdService - ok
23:55:09.0805 5700 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\windows\system32\DRIVERS\vmci.sys
23:55:09.0807 5700 vmci - ok
23:55:09.0843 5700 vmkbd (de41918b7abae9056eb1e62540d229d3) C:\windows\system32\drivers\VMkbd.sys
23:55:09.0845 5700 vmkbd - ok
23:55:09.0866 5700 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\windows\system32\DRIVERS\vmnetadapter.sys
23:55:09.0867 5700 VMnetAdapter - ok
23:55:09.0886 5700 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\windows\system32\DRIVERS\vmnetbridge.sys
23:55:09.0887 5700 VMnetBridge - ok
23:55:09.0892 5700 VMnetDHCP - ok
23:55:09.0917 5700 VMnetuserif (0ab32d9f175c015d97eb712f5e636313) C:\windows\system32\drivers\vmnetuserif.sys
23:55:09.0918 5700 VMnetuserif - ok
23:55:10.0046 5700 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
23:55:10.0056 5700 VMUSBArbService - ok
23:55:10.0066 5700 VMware NAT Service - ok
23:55:10.0097 5700 vmx86 (840dd8ad9b1e26f82c598242369ea770) C:\windows\system32\drivers\vmx86.sys
23:55:10.0107 5700 vmx86 - ok
23:55:10.0137 5700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:55:10.0147 5700 volmgr - ok
23:55:10.0207 5700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:55:10.0207 5700 volmgrx - ok
23:55:10.0257 5700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
23:55:10.0267 5700 volsnap - ok
23:55:10.0316 5700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
23:55:10.0318 5700 vsmraid - ok
23:55:10.0463 5700 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
23:55:10.0484 5700 VSS - ok
23:55:10.0618 5700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:55:10.0619 5700 vwifibus - ok
23:55:10.0644 5700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:55:10.0646 5700 vwififlt - ok
23:55:10.0659 5700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
23:55:10.0660 5700 vwifimp - ok
23:55:10.0711 5700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
23:55:10.0718 5700 W32Time - ok
23:55:10.0751 5700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
23:55:10.0752 5700 WacomPen - ok
23:55:10.0788 5700 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:55:10.0790 5700 WANARP - ok
23:55:10.0796 5700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:55:10.0798 5700 Wanarpv6 - ok
23:55:10.0919 5700 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
23:55:10.0934 5700 WatAdminSvc - ok
23:55:11.0059 5700 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
23:55:11.0080 5700 wbengine - ok
23:55:11.0219 5700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
23:55:11.0224 5700 WbioSrvc - ok
23:55:11.0286 5700 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
23:55:11.0294 5700 wcncsvc - ok
23:55:11.0321 5700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
23:55:11.0321 5700 WcsPlugInService - ok
23:55:11.0391 5700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
23:55:11.0391 5700 Wd - ok
23:55:11.0471 5700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:55:11.0471 5700 Wdf01000 - ok
23:55:11.0511 5700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:55:11.0511 5700 WdiServiceHost - ok
23:55:11.0521 5700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:55:11.0521 5700 WdiSystemHost - ok
23:55:11.0581 5700 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
23:55:11.0581 5700 WebClient - ok
23:55:11.0631 5700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
23:55:11.0631 5700 Wecsvc - ok
23:55:11.0661 5700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
23:55:11.0661 5700 wercplsupport - ok
23:55:11.0691 5700 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
23:55:11.0691 5700 WerSvc - ok
23:55:11.0741 5700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:55:11.0741 5700 WfpLwf - ok
23:55:11.0751 5700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:55:11.0761 5700 WIMMount - ok
23:55:11.0781 5700 WinDefend - ok
23:55:11.0801 5700 WinHttpAutoProxySvc - ok
23:55:11.0871 5700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
23:55:11.0871 5700 Winmgmt - ok
23:55:11.0901 5700 WinRing0_1_2_0 - ok
23:55:12.0061 5700 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
23:55:12.0097 5700 WinRM - ok
23:55:12.0254 5700 winusb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
23:55:12.0256 5700 winusb - ok
23:55:12.0333 5700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
23:55:12.0346 5700 Wlansvc - ok
23:55:12.0452 5700 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:55:12.0453 5700 wlcrasvc - ok
23:55:12.0655 5700 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:55:12.0683 5700 wlidsvc - ok
23:55:12.0825 5700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
23:55:12.0827 5700 WmiAcpi - ok
23:55:12.0888 5700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
23:55:12.0891 5700 wmiApSrv - ok
23:55:12.0940 5700 WMPNetworkSvc - ok
23:55:13.0094 5700 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe
23:55:13.0098 5700 WMZuneComm - ok
23:55:13.0128 5700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
23:55:13.0132 5700 WPCSvc - ok
23:55:13.0185 5700 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
23:55:13.0190 5700 WPDBusEnum - ok
23:55:13.0224 5700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:55:13.0225 5700 ws2ifsl - ok
23:55:13.0257 5700 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(1).sys
23:55:13.0259 5700 WsAudio_DeviceS(1) - ok
23:55:13.0277 5700 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(2).sys
23:55:13.0278 5700 WsAudio_DeviceS(2) - ok
23:55:13.0292 5700 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(3).sys
23:55:13.0293 5700 WsAudio_DeviceS(3) - ok
23:55:13.0325 5700 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(4).sys
23:55:13.0326 5700 WsAudio_DeviceS(4) - ok
23:55:13.0341 5700 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(5).sys
23:55:13.0342 5700 WsAudio_DeviceS(5) - ok
23:55:13.0395 5700 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
23:55:13.0399 5700 wscsvc - ok
23:55:13.0404 5700 WSearch - ok
23:55:13.0601 5700 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
23:55:13.0633 5700 wuauserv - ok
23:55:13.0790 5700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:55:13.0792 5700 WudfPf - ok
23:55:13.0815 5700 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:55:13.0817 5700 WUDFRd - ok
23:55:13.0867 5700 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
23:55:13.0871 5700 wudfsvc - ok
23:55:13.0915 5700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
23:55:13.0921 5700 WwanSvc - ok
23:55:13.0995 5700 yukonw7 (5140cf619cbf64ac0c1a17cf6555123a) C:\windows\system32\DRIVERS\yk62x64.sys
23:55:14.0000 5700 yukonw7 - ok
23:55:14.0675 5700 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe
23:55:14.0771 5700 ZuneNetworkSvc - ok
23:55:14.0941 5700 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
23:55:14.0947 5700 ZuneWlanCfgSvc - ok
23:55:14.0985 5700 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
23:55:15.0403 5700 \Device\Harddisk0\DR0 - ok
23:55:15.0409 5700 Boot (0x1200) (5abf29e54b001c4f3ed159b9a38f8f0c) \Device\Harddisk0\DR0\Partition0
23:55:15.0411 5700 \Device\Harddisk0\DR0\Partition0 - ok
23:55:15.0429 5700 Boot (0x1200) (295346056d65efe4dd90764576350544) \Device\Harddisk0\DR0\Partition1
23:55:15.0431 5700 \Device\Harddisk0\DR0\Partition1 - ok
23:55:15.0450 5700 Boot (0x1200) (df6d8900ef94577a5fb2932a8c956c8f) \Device\Harddisk0\DR0\Partition2
23:55:15.0453 5700 \Device\Harddisk0\DR0\Partition2 - ok
23:55:15.0454 5700 ============================================================
23:55:15.0454 5700 Scan finished
23:55:15.0454 5700 ============================================================
23:55:15.0473 4536 Detected object count: 0
23:55:15.0474 4536 Actual detected object count: 0
23:55:28.0851 5336 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 21:25:24
-----------------------------
21:25:24.819 OS Version: Windows x64 6.1.7601 Service Pack 1
21:25:24.820 Number of processors: 4 586 0x2502
21:25:24.821 ComputerName: RED_NOVA UserName: goose
21:25:25.991 Initialize success
21:25:38.228 AVAST engine defs: 12070901
21:26:12.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:26:12.750 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
21:26:12.770 Disk 0 MBR read successfully
21:26:12.775 Disk 0 MBR scan
21:26:12.783 Disk 0 unknown MBR code
21:26:12.805 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
21:26:12.828 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
21:26:12.847 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
21:26:12.902 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 359077 MB offset 241379328
21:26:12.939 Disk 0 scanning C:\windows\system32\drivers
21:26:31.399 Service scanning
21:27:32.859 Modules scanning
21:27:32.877 Disk 0 trace - called modules:
21:27:33.235 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
21:27:33.245 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c6f060]
21:27:33.256 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004986050]
21:27:34.018 AVAST engine scan C:\windows
21:27:38.631 AVAST engine scan C:\windows\system32
21:30:22.027 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:30:27.559 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:32:34.293 AVAST engine scan C:\windows\system32\drivers
21:32:51.866 AVAST engine scan C:\Users\goose
21:35:23.136 File: C:\Users\goose\AppData\Local\{c45ff06d-2bbd-3310-2edf-da1f62fe0082}\n **INFECTED** Win32:Sirefef-PL [Rtk]
21:37:30.492 AVAST engine scan C:\ProgramData
21:38:18.144 Scan finished successfully
21:39:32.531 Disk 0 MBR has been saved successfully to "C:\Users\goose\Desktop\MBR.dat"
21:39:32.542 The log file has been saved successfully to "C:\Users\goose\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 00:02:09
-----------------------------
00:02:09.610 OS Version: Windows x64 6.1.7601 Service Pack 1
00:02:09.610 Number of processors: 4 586 0x2502
00:02:09.610 ComputerName: RED_NOVA UserName: goose
00:02:11.177 Initialize success
00:02:21.890 AVAST engine defs: 12071001
00:02:30.311 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:02:30.315 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
00:02:30.381 Disk 0 MBR read successfully
00:02:30.386 Disk 0 MBR scan
00:02:30.394 Disk 0 unknown MBR code
00:02:30.426 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
00:02:30.438 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
00:02:30.469 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
00:02:30.500 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 359077 MB offset 241379328
00:02:30.549 Disk 0 scanning C:\windows\system32\drivers
00:02:47.444 Service scanning
00:03:56.037 Modules scanning
00:03:56.054 Disk 0 trace - called modules:
00:03:56.680 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:03:56.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006995060]
00:03:56.702 3 CLASSPNP.SYS[fffff88001b5b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004952050]
00:03:57.964 AVAST engine scan C:\windows
00:04:02.795 AVAST engine scan C:\windows\system32
00:09:40.616 AVAST engine scan C:\windows\system32\drivers
00:09:58.544 AVAST engine scan C:\Users\goose
00:14:33.005 AVAST engine scan C:\ProgramData
00:15:18.038 Scan finished successfully
00:17:01.655 Disk 0 MBR has been saved successfully to "C:\Users\goose\Desktop\MBR.dat"
00:17:01.666 The log file has been saved successfully to "C:\Users\goose\Desktop\aswMBR.txt"

Edited by goose90proof, 11 July 2012 - 12:22 AM.

for3ver,
goose90proof

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 11 July 2012 - 12:40 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:11:02 AM

Posted 11 July 2012 - 10:01 AM

ComboFix updated to a newer version when I started it, so I ran it twice just in case the new version didn't take the script I had first started it with. Other than that, everything went fine. Everything appears to be back to normal on this machine.


ComboFix 12-07-11.03 - goose 07/11/2012 9:29.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2372 [GMT -5:00]
Running from: c:\users\goose\Desktop\ComboFix.exe
Command switches used :: c:\users\goose\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 14:38 . 2012-07-11 14:38 -------- d-----w- c:\users\WindowsAnswers\AppData\Local\temp
2012-07-11 14:38 . 2012-07-11 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 14:38 . 2012-07-11 14:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-10 16:06 . 2012-07-10 16:06 -------- d-----w- C:\FRST
2012-07-10 01:52 . 2012-07-10 01:52 -------- d-----w- c:\users\goose\AppData\Roaming\Malwarebytes
2012-07-09 13:23 . 2012-07-09 13:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-08 16:54 . 2012-07-08 16:54 -------- d-----w- c:\programdata\SlySoft
2012-07-08 16:54 . 2012-07-08 16:54 -------- d-----w- c:\program files (x86)\SlySoft
2012-07-01 19:12 . 2012-07-01 19:12 -------- d-----w- c:\users\goose\AppData\Local\WBFSManager
2012-07-01 19:11 . 2012-07-01 19:11 -------- d-----w- c:\program files\WBFS
2012-06-27 19:03 . 2012-06-27 19:03 -------- d-----w- c:\programdata\IObit
2012-06-27 19:03 . 2012-06-27 19:03 -------- d-----w- c:\program files (x86)\IObit
2012-06-27 14:43 . 2012-06-27 15:38 -------- d-----w- c:\users\goose\AppData\Roaming\AVG
2012-06-27 14:40 . 2012-06-27 14:40 -------- d-----w- c:\program files (x86)\AVG
2012-06-27 13:50 . 2012-06-09 07:37 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-06-27 13:49 . 2012-06-09 07:37 433816 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-06-27 13:49 . 2012-06-09 07:36 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-06-27 13:49 . 2012-06-09 07:35 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-06-27 13:49 . 2012-06-09 07:37 942744 ----a-w- c:\windows\system32\vnetlib64.dll
2012-06-27 13:49 . 2012-06-09 07:36 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-06-27 13:49 . 2011-08-30 04:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-06-27 13:49 . 2012-06-27 13:49 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-06-27 13:48 . 2012-06-27 13:48 -------- d-----w- c:\program files\Common Files\VMware
2012-06-25 15:10 . 2012-06-25 15:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-25 15:10 . 2012-06-25 15:10 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-25 15:10 . 2012-06-25 15:10 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-25 15:10 . 2012-06-25 15:10 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-25 15:10 . 2012-06-25 15:10 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-22 14:38 . 2012-06-22 14:38 -------- d-----w- c:\users\goose\AppData\Roaming\TuneUp Software
2012-06-22 14:37 . 2012-06-22 14:38 -------- d-----w- c:\programdata\TuneUp Software
2012-06-22 14:37 . 2012-06-22 14:37 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-22 14:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 14:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 14:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 14:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 14:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 14:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 14:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 14:08 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 14:08 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:00 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-21 15:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-20 19:45 . 2012-06-20 19:45 -------- d-----w- c:\users\goose\AppData\Local\Macromedia
2012-06-15 16:02 . 2012-06-25 15:10 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-15 16:02 . 2012-06-25 15:10 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-15 16:02 . 2012-06-25 15:10 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-13 18:25 . 2012-06-13 18:25 -------- d-----w- C:\CEF
2012-06-11 14:49 . 2012-06-11 14:49 -------- d-----w- c:\windows\SysWow64\wbem\Logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 13:12 . 2012-04-04 21:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-09 13:12 . 2011-05-27 22:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 15:55 . 2012-04-06 13:37 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-09 05:29 . 2012-06-09 05:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-06-09 04:52 . 2012-06-09 04:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-06-09 04:52 . 2012-06-09 04:52 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-06-09 04:52 . 2012-06-09 04:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-06-09 04:52 . 2012-06-09 04:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-06-09 04:52 . 2012-06-09 04:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-05-31 20:05 . 2012-05-31 20:05 288732698 ----a-w- C:\registry_backup.reg
2012-05-23 13:08 . 2011-07-18 15:44 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-23 13:08 . 2011-07-18 15:44 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-23 13:08 . 2011-07-18 15:44 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-17 20:15 . 2012-05-17 20:15 743760 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2012-05-17 13:45 . 2012-05-21 14:07 24968 ----a-w- c:\windows\system32\dopdfmn7.dll
2012-05-17 13:45 . 2012-05-21 14:07 21384 ----a-w- c:\windows\system32\dopdfmi7.dll
2012-04-24 22:13 . 2011-07-14 13:28 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-16 16:32 . 2012-04-16 16:32 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_03.54.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-22 11:20 . 2012-07-11 04:07 60846 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-11 05:01 38294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-16 22:30 . 2012-07-11 05:01 13638 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-869458049-3439261390-4181497819-1001_UserData.bin
+ 2011-01-16 07:24 . 2012-07-11 05:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-16 07:24 . 2012-07-11 03:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-16 07:24 . 2012-07-11 05:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-16 07:24 . 2012-07-11 03:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-11 05:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-11 03:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-11 03:53 . 2012-07-11 03:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-11 04:04 . 2012-07-11 04:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-11 04:04 . 2012-07-11 04:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-11 03:53 . 2012-07-11 03:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-18 04:49 . 2012-07-11 13:56 299372 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-01-17 01:35 . 2012-07-11 11:34 363074 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-07-11 04:04 445540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-11 03:52 445540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-15 17:23 . 2012-07-11 03:52 3200240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-15 17:23 . 2012-07-11 04:04 3200240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
"MusicManager"="c:\users\goose\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"F.lux"="c:\users\goose\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\users\WindowsAnswers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\goose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\program files (x86)\BoxCryptor\BoxCryptor.exe [2012-4-12 1179136]
Dropbox.lnk - c:\users\goose\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 129976]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 352144]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 279616]
S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-02-08 56968]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-23 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-12 15928]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-05-20 394016]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:12]
.
2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001Core.job
- c:\users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 03:44]
.
2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001UA.job
- c:\users\goose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 03:44]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 22:36]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 22:36]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001Core.job
- c:\users\goose\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 17:53]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869458049-3439261390-4181497819-1001UA.job
- c:\users\goose\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 17:53]
.
2012-07-09 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-04-26 19:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\goose\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12666984]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-12 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hotmail.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.5.1
FF - ProfilePath - c:\users\goose\AppData\Roaming\Mozilla\Firefox\Profiles\60wvszyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Folding@home-CPU-[2]]
"ImagePath"="c:\users\goose\FAH\fah6 -svcstart -d \"c:\users\goose\FAH\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-11 09:42:19
ComboFix-quarantined-files.txt 2012-07-11 14:42
ComboFix2.txt 2012-07-11 14:18
ComboFix3.txt 2012-07-11 04:01
.
Pre-Run: 10,351,149,056 bytes free
Post-Run: 10,279,645,184 bytes free
.
- - End Of File - - 0E39CB0A2C233F4B93D7A4DC602763FE
for3ver,
goose90proof

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 11 July 2012 - 10:17 PM

Hello

:P2P Warning!:
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 22
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users