Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkits and svchost.exe file corruption with Google redirecting


  • This topic is locked This topic is locked
14 replies to this topic

#1 stewieisall

stewieisall

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 24 July 2012 - 04:39 AM

Hi, this is my first post here at BleepingComputer forums so please let me know if I am doing any of my reporting incorrectly. :)

I began to notice my computer troubles about 2 weeks ago. As I would browse the internet and use Google search, my Firefox browser would occasionally redirect to a site that was unrelated to my search results, specifically newsfudge.com. This was unusual considering that I clean installed Windows 7 HP 64-bit only a month ago. So I did research and adjusted my DNS settings. Things did not change. I gave up and went away for a week. When I came back the problem was still there so I became more persistent in my search for a removal of the problem. So I used AVG 2012 Free Edition to scan my entire computer and Trojan Remover to scan for Malware. I've also been using Eusing Free Registry Cleaner to check my registry for problems as well as ComboFix. My AVG scans have detected rootkits for the past 3 days. The Trojan Remover scans have also detected that C:/Windows/svchost.exe appears to contain "Suspicious.Entry". I have somewhat fixed my redirecting problem by installing Chrome and using it instead of Firefox, but I would like to make sure that Firefox is safe to use again.

As a side note before I post my DDS and GMER logs, I have installed GMER, but I am unable to change the settings in the Rootkit Tab as most of the checkboxes are greyed out and unclickable. The only boxes that are clickable are Services, Registry, Files, ADS, and the letter drives. Services, Registry, Files, ADS, and C:\ are the only boxes checked. I am running GMER version 1.0.15.15641.





.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Asa at 23:25:01 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.4199 [GMT -10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
-netsvcs
C:\Windows\system32\conhost.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1853E733-BAF2-41EF-9FF1-578860E494B3} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-25 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-25 13336]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 SmbDrv;SmbDrv;C:\Windows\system32\DRIVERS\Smb_driver.sys --> C:\Windows\system32\DRIVERS\Smb_driver.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 250056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-23 02:01:39 20480 ----a-w- C:\Windows\svchost.exe.vir
2012-07-23 02:00:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-22 02:24:34 -------- d-----w- C:\Users\Asa\AppData\Local\Google
2012-07-22 01:54:21 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\938B.tmp
2012-07-22 01:54:21 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\938A.tmp
2012-07-16 01:30:47 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\48D5.tmp
2012-07-12 04:02:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 03:29:23 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 01:58:46 -------- d-----w- C:\Users\Asa\AppData\Roaming\Simply Super Software
2012-07-11 01:58:43 -------- d-----w- C:\ProgramData\Simply Super Software
2012-07-11 01:58:43 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-07-11 01:28:07 -------- d-----w- C:\Users\Asa\AppData\Roaming\Gensokyo.org
2012-07-11 01:26:04 -------- d-----w- C:\Users\Asa\AppData\Roaming\ShanghaiAlice
2012-07-10 08:41:28 -------- d-----w- C:\Users\Asa\AppData\Roaming\redsn0w
2012-07-09 08:03:44 98816 ----a-w- C:\Windows\sed.exe
2012-07-09 08:03:44 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-09 08:03:44 256000 ----a-w- C:\Windows\PEV.exe
2012-07-09 08:03:44 208896 ----a-w- C:\Windows\MBR.exe
2012-07-09 01:33:35 -------- d-----w- C:\Users\Asa\AppData\Roaming\AVG2012
2012-07-09 01:33:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-09 01:33:12 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-09 01:33:12 -------- d-----w- C:\ProgramData\AVG2012
2012-07-09 01:33:12 -------- d-----w- C:\$AVG
2012-07-09 01:33:05 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-09 01:27:25 -------- d--h--w- C:\ProgramData\Common Files
2012-07-09 01:27:25 -------- d-----w- C:\ProgramData\MFAData
2012-07-09 00:38:34 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-07-09 00:21:45 -------- d-----w- C:\sh4ldr
2012-07-09 00:21:45 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-09 00:21:34 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-09 00:21:34 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-08 23:44:00 -------- d-----w- C:\Users\Asa\AppData\Roaming\Malwarebytes
2012-07-08 23:43:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-08 23:43:03 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-08 23:31:55 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-08 23:31:55 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-08 23:31:20 -------- d-----w- C:\Users\Asa\AppData\Roaming\TestApp
2012-07-08 23:31:20 -------- d-----w- C:\ProgramData\PC Tools
2012-07-08 23:18:29 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-07-08 23:07:01 328704 ----a-w- C:\Windows\System32\services.exe.E72CA86FB398E002
2012-07-08 23:03:24 328704 ----a-w- C:\Windows\System32\services.exe.4A1D979C7334B466
2012-07-08 22:59:00 328704 ----a-w- C:\Windows\System32\services.exe.65218AF29987513C
2012-07-08 22:54:18 328704 ----a-w- C:\Windows\System32\services.exe.16570F4A952963B1
2012-07-08 22:51:19 328704 ----a-w- C:\Windows\System32\services.exe.D633764534B592FD
2012-07-08 22:48:22 328704 ----a-w- C:\Windows\System32\services.exe.B4BBC1DF71B4D1B2
2012-07-08 22:44:57 328704 ----a-w- C:\Windows\System32\services.exe.1B8CFD4F42891B1A
2012-07-08 22:42:03 328704 ----a-w- C:\Windows\System32\services.exe.85E9B8B7D6849D6B
2012-07-07 23:09:31 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-30 19:59:34 -------- d-----w- C:\Games
2012-06-29 09:19:23 1652 ----a-w- C:\Windows\System32\ASOROSet.bin
2012-06-29 08:59:53 -------- d-----w- C:\Users\Asa\AppData\Roaming\Systweak
2012-06-29 04:46:05 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-06-27 04:21:49 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-06-24 10:38:06 -------- d-----w- C:\ProgramData\IObit
2012-06-24 10:38:06 -------- d-----w- C:\Program Files (x86)\IObit
.
==================== Find3M ====================
.
2012-07-12 06:11:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 06:11:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 00:30:10 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-03 01:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-03 01:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 09:46:28 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-25 10:24:41 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 23:25:30.29 ===============


Attached File  Attach.txt   7.64KB   1 downloads
Attached File  ark.txt   686bytes   0 downloads

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 24 July 2012 - 11:16 AM

please run the following

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 stewieisall

stewieisall
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 24 July 2012 - 06:31 PM

Thank you for your quick reply! Here are the files you requested.

Attached File  FRST.txt   37.81KB   2 downloads
Attached File  Search.txt   754bytes   1 downloads

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 24 July 2012 - 06:37 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-07-24 01:42 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-22 18:01 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe.vir
2012-07-08 15:07 - 2012-07-08 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E72CA86FB398E002
2012-07-08 15:03 - 2012-07-08 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A1D979C7334B466
2012-07-08 14:59 - 2012-07-08 14:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65218AF29987513C
2012-07-08 14:54 - 2012-07-08 14:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16570F4A952963B1
2012-07-08 14:51 - 2012-07-08 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D633764534B592FD
2012-07-08 14:48 - 2012-07-08 14:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4BBC1DF71B4D1B2
2012-07-08 14:44 - 2012-07-08 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B8CFD4F42891B1A
2012-07-08 14:42 - 2012-07-08 14:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E9B8B7D6849D6B
C:\Windows\Installer\{54169144-5db0-7738-dd2a-f6159f471f49}
C:\Users\Asa\AppData\Local\{54169144-5db0-7738-dd2a-f6159f471f49}
C:\Windows\svchost.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 stewieisall

stewieisall
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 24 July 2012 - 07:11 PM

When I used TDSS Killer, there was no Reboot Now option to select to I rebooted manually...if that makes any difference.




Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-07-2012 02
Ran by SYSTEM at 2012-07-24 13:45:20 Run:1
Running from K:\

==============================================

C:\Windows\svchost.exe moved successfully.
C:\Windows\svchost.exe.vir moved successfully.
C:\Windows\System32\services.exe.E72CA86FB398E002 moved successfully.
C:\Windows\System32\services.exe.4A1D979C7334B466 moved successfully.
C:\Windows\System32\services.exe.65218AF29987513C moved successfully.
C:\Windows\System32\services.exe.16570F4A952963B1 moved successfully.
C:\Windows\System32\services.exe.D633764534B592FD moved successfully.
C:\Windows\System32\services.exe.B4BBC1DF71B4D1B2 moved successfully.
C:\Windows\System32\services.exe.1B8CFD4F42891B1A moved successfully.
C:\Windows\System32\services.exe.85E9B8B7D6849D6B moved successfully.
C:\Windows\Installer\{54169144-5db0-7738-dd2a-f6159f471f49} moved successfully.
C:\Users\Asa\AppData\Local\{54169144-5db0-7738-dd2a-f6159f471f49} moved successfully.
C:\Windows\svchost.exe not found.

==== End of Fixlog ====





ComboFix 12-07-25.04 - Asa 07/24/2012 13:50:21.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.6510 [GMT -10:00]
Running from: c:\users\Asa\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 23:54 . 2012-07-24 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 21:26 . 2012-07-24 21:27 -------- d-----w- C:\FRST
2012-07-22 23:31 . 2012-07-22 23:31 -------- d-----w- c:\windows\Sun
2012-07-22 02:24 . 2012-07-22 02:35 -------- d-----w- c:\users\Asa\AppData\Local\Google
2012-07-22 01:54 . 2012-07-22 01:54 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\938B.tmp
2012-07-22 01:54 . 2012-07-22 01:54 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\938A.tmp
2012-07-16 01:30 . 2012-07-16 01:30 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\48D5.tmp
2012-07-12 04:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\users\Asa\AppData\Roaming\Simply Super Software
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\programdata\Simply Super Software
2012-07-11 01:28 . 2012-07-11 01:28 -------- d-----w- c:\users\Asa\AppData\Roaming\Gensokyo.org
2012-07-11 01:26 . 2012-07-11 01:26 -------- d-----w- c:\users\Asa\AppData\Roaming\ShanghaiAlice
2012-07-10 08:41 . 2012-07-10 08:56 -------- d-----w- c:\users\Asa\AppData\Roaming\redsn0w
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\users\Asa\AppData\Roaming\AVG2012
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-09 01:33 . 2012-07-24 22:22 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-09 01:33 . 2012-07-23 01:47 -------- d-----w- c:\programdata\AVG2012
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- C:\$AVG
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\program files (x86)\AVG
2012-07-09 01:27 . 2012-07-24 22:22 -------- d-----w- c:\programdata\MFAData
2012-07-09 01:27 . 2012-07-09 01:27 -------- d--h--w- c:\programdata\Common Files
2012-07-09 00:38 . 2012-01-12 19:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-07-09 00:21 . 2012-07-09 00:29 -------- d-----w- C:\sh4ldr
2012-07-09 00:21 . 2012-07-09 00:21 -------- d-----w- c:\program files\Enigma Software Group
2012-07-09 00:21 . 2012-07-09 00:29 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-09 00:21 . 2012-07-09 00:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-08 23:44 . 2012-07-08 23:44 -------- d-----w- c:\users\Asa\AppData\Roaming\Malwarebytes
2012-07-08 23:43 . 2012-07-08 23:43 -------- d-----w- c:\programdata\Malwarebytes
2012-07-08 23:43 . 2012-07-09 00:03 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-08 23:31 . 2012-07-09 00:03 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-08 23:31 . 2012-05-11 21:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-08 23:31 . 2012-07-08 23:55 -------- d-----w- c:\programdata\PC Tools
2012-07-08 23:31 . 2012-07-08 23:31 -------- d-----w- c:\users\Asa\AppData\Roaming\TestApp
2012-07-08 23:18 . 2012-07-08 23:27 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-07-07 23:09 . 2012-07-07 23:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-30 19:59 . 2012-07-09 02:25 -------- d-----w- C:\Games
2012-06-29 09:19 . 2012-06-29 09:22 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2012-06-29 08:59 . 2012-07-08 22:57 -------- d-----w- c:\users\Asa\AppData\Roaming\Systweak
2012-06-29 04:46 . 2012-07-08 23:14 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-27 04:21 . 2012-06-28 06:07 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:11 . 2012-04-25 12:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 06:11 . 2012-04-25 12:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:00 . 2012-04-25 09:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-17 00:30 . 2012-06-17 00:30 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-03 01:19 . 2012-06-23 02:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-03 01:15 . 2012-06-23 02:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:19 . 2012-06-23 02:38 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 02:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 02:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 02:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 02:38 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 02:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 02:38 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-04 11:06 . 2012-06-14 23:39 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 23:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 23:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 23:39 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 09:46 . 2012-04-28 09:46 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-04-28 03:55 . 2012-06-14 23:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 02:49 . 2011-03-29 04:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-26 05:41 . 2012-06-14 23:39 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 23:39 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 23:39 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_01.57.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-22 01:59 . 2012-07-23 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-22 01:59 . 2012-07-24 23:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-07 23:15 . 2012-07-22 23:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-07 23:15 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-24 22:51 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072420120725\index.dat
+ 2012-07-24 22:51 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071620120723\index.dat
- 2012-07-07 23:09 . 2012-07-23 00:46 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-07 23:09 . 2012-07-24 23:31 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-07-24 23:49 49802 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-24 23:49 37144 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-25 08:57 . 2012-07-24 23:49 8556 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3735085434-2647837941-2787061843-1000_UserData.bin
- 2012-07-23 01:55 . 2012-07-23 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-24 23:54 . 2012-07-24 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-24 23:54 . 2012-07-24 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 01:55 . 2012-07-23 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-23 01:56 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-24 23:55 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-23 01:53 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-24 23:50 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-24 23:50 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-23 01:53 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-24 23:54 479712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-23 01:55 479712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-23 01:56 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 23:55 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-08 12:08 . 2012-07-24 23:54 7528988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-07-24 23:55 16039936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-25 10:52 . 2012-07-23 01:55 36120384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3735085434-2647837941-2787061843-1000-8192.dat
+ 2012-04-25 10:52 . 2012-07-24 23:54 36120384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3735085434-2647837941-2787061843-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-21 210208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-04 1244432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-25 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-10 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-10 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-10 279040]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-29 10610400]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-02 45416]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2011-12-02 20528]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 06:11]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3735085434-2647837941-2787061843-1000Core.job
- c:\users\Asa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 02:24]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3735085434-2647837941-2787061843-1000UA.job
- c:\users\Asa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 02:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-02 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\
FF - user.js: general.useragent.extra.brc - BRI/1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-07-24 13:58:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 23:58
ComboFix2.txt 2012-07-23 01:58
ComboFix3.txt 2012-07-22 02:10
ComboFix4.txt 2012-07-10 09:41
ComboFix5.txt 2012-07-24 23:49
.
Pre-Run: 200,852,471,808 bytes free
Post-Run: 200,825,561,088 bytes free
.
- - End Of File - - FF81BB2BEAADC2908A6DC932845C8CC8










14:04:20.0822 5696 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:04:21.0647 5696 ============================================================
14:04:21.0647 5696 Current date / time: 2012/07/24 14:04:21.0647
14:04:21.0647 5696 SystemInfo:
14:04:21.0647 5696
14:04:21.0647 5696 OS Version: 6.1.7601 ServicePack: 1.0
14:04:21.0647 5696 Product type: Workstation
14:04:21.0647 5696 ComputerName: HOME-PC
14:04:21.0648 5696 UserName: Asa
14:04:21.0648 5696 Windows directory: C:\Windows
14:04:21.0648 5696 System windows directory: C:\Windows
14:04:21.0648 5696 Running under WOW64
14:04:21.0648 5696 Processor architecture: Intel x64
14:04:21.0648 5696 Number of processors: 4
14:04:21.0648 5696 Page size: 0x1000
14:04:21.0648 5696 Boot type: Normal boot
14:04:21.0648 5696 ============================================================
14:04:21.0860 5696 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:21.0861 5696 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:21.0865 5696 Drive \Device\Harddisk2\DR2 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:04:21.0867 5696 ============================================================
14:04:21.0867 5696 \Device\Harddisk0\DR0:
14:04:21.0867 5696 MBR partitions:
14:04:21.0867 5696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:04:21.0867 5696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
14:04:21.0867 5696 \Device\Harddisk1\DR1:
14:04:21.0868 5696 MBR partitions:
14:04:21.0868 5696 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
14:04:21.0868 5696 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xC800000
14:04:21.0868 5696 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x19000800, BlocksNum 0x6400000
14:04:21.0868 5696 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1F401000, BlocksNum 0x19000000
14:04:21.0868 5696 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x38401800, BlocksNum 0x6400000
14:04:21.0868 5696 \Device\Harddisk2\DR2:
14:04:21.0869 5696 MBR partitions:
14:04:21.0869 5696 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xEE8000
14:04:21.0869 5696 ============================================================
14:04:21.0871 5696 C: <-> \Device\Harddisk0\DR0\Partition1
14:04:21.0872 5696 A: <-> \Device\Harddisk1\DR1\Partition0
14:04:21.0872 5696 B: <-> \Device\Harddisk1\DR1\Partition1
14:04:21.0873 5696 E: <-> \Device\Harddisk1\DR1\Partition2
14:04:21.0874 5696 F: <-> \Device\Harddisk1\DR1\Partition3
14:04:21.0874 5696 G: <-> \Device\Harddisk1\DR1\Partition4
14:04:21.0874 5696 ============================================================
14:04:21.0874 5696 Initialize success
14:04:21.0874 5696 ============================================================
14:04:38.0980 6128 ============================================================
14:04:38.0980 6128 Scan started
14:04:38.0980 6128 Mode: Manual; TDLFS;
14:04:38.0980 6128 ============================================================
14:04:39.0222 6128 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:04:39.0224 6128 1394ohci - ok
14:04:39.0228 6128 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:04:39.0229 6128 Accelerometer - ok
14:04:39.0247 6128 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:04:39.0249 6128 ACPI - ok
14:04:39.0252 6128 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:04:39.0252 6128 AcpiPmi - ok
14:04:39.0260 6128 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:04:39.0261 6128 AdobeARMservice - ok
14:04:39.0304 6128 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:04:39.0306 6128 AdobeFlashPlayerUpdateSvc - ok
14:04:39.0330 6128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:04:39.0333 6128 adp94xx - ok
14:04:39.0350 6128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:04:39.0352 6128 adpahci - ok
14:04:39.0362 6128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:04:39.0363 6128 adpu320 - ok
14:04:39.0370 6128 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:04:39.0371 6128 AeLookupSvc - ok
14:04:39.0379 6128 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
14:04:39.0380 6128 AESTFilters - ok
14:04:39.0404 6128 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:04:39.0407 6128 AFD - ok
14:04:39.0412 6128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:04:39.0413 6128 agp440 - ok
14:04:39.0418 6128 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:04:39.0419 6128 ALG - ok
14:04:39.0423 6128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:04:39.0423 6128 aliide - ok
14:04:39.0433 6128 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
14:04:39.0435 6128 AMD External Events Utility - ok
14:04:39.0438 6128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:04:39.0438 6128 amdide - ok
14:04:39.0443 6128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:04:39.0444 6128 AmdK8 - ok
14:04:39.0791 6128 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
14:04:39.0826 6128 amdkmdag - ok
14:04:39.0873 6128 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
14:04:39.0875 6128 amdkmdap - ok
14:04:39.0879 6128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:04:39.0880 6128 AmdPPM - ok
14:04:39.0887 6128 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:04:39.0888 6128 amdsata - ok
14:04:39.0899 6128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:04:39.0900 6128 amdsbs - ok
14:04:39.0904 6128 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:04:39.0905 6128 amdxata - ok
14:04:39.0909 6128 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:04:39.0910 6128 AppID - ok
14:04:39.0914 6128 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:04:39.0915 6128 AppIDSvc - ok
14:04:39.0920 6128 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:04:39.0920 6128 Appinfo - ok
14:04:39.0930 6128 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:04:39.0931 6128 Apple Mobile Device - ok
14:04:39.0941 6128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:04:39.0941 6128 arc - ok
14:04:39.0948 6128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:04:39.0949 6128 arcsas - ok
14:04:39.0952 6128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:04:39.0953 6128 AsyncMac - ok
14:04:39.0957 6128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:04:39.0958 6128 atapi - ok
14:04:39.0967 6128 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:04:39.0968 6128 AtiHdmiService - ok
14:04:39.0997 6128 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:04:40.0000 6128 AudioEndpointBuilder - ok
14:04:40.0006 6128 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:04:40.0010 6128 AudioSrv - ok
14:04:40.0240 6128 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:04:40.0263 6128 AVGIDSAgent - ok
14:04:40.0302 6128 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:04:40.0303 6128 AVGIDSDriver - ok
14:04:40.0307 6128 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:04:40.0307 6128 AVGIDSFilter - ok
14:04:40.0311 6128 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
14:04:40.0312 6128 AVGIDSHA - ok
14:04:40.0326 6128 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:04:40.0328 6128 Avgldx64 - ok
14:04:40.0333 6128 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:04:40.0334 6128 Avgmfx64 - ok
14:04:40.0337 6128 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:04:40.0338 6128 Avgrkx64 - ok
14:04:40.0356 6128 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
14:04:40.0358 6128 Avgtdia - ok
14:04:40.0373 6128 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:04:40.0374 6128 avgwd - ok
14:04:40.0381 6128 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:04:40.0382 6128 AxInstSV - ok
14:04:40.0403 6128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:04:40.0405 6128 b06bdrv - ok
14:04:40.0418 6128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:04:40.0419 6128 b57nd60a - ok
14:04:40.0552 6128 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:04:40.0566 6128 BCM43XX - ok
14:04:40.0601 6128 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:04:40.0602 6128 BDESVC - ok
14:04:40.0610 6128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:04:40.0611 6128 Beep - ok
14:04:40.0643 6128 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:04:40.0647 6128 BFE - ok
14:04:40.0684 6128 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:04:40.0689 6128 BITS - ok
14:04:40.0699 6128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:04:40.0699 6128 blbdrive - ok
14:04:40.0721 6128 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:04:40.0723 6128 Bonjour Service - ok
14:04:40.0730 6128 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:04:40.0731 6128 bowser - ok
14:04:40.0734 6128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:04:40.0735 6128 BrFiltLo - ok
14:04:40.0738 6128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:04:40.0738 6128 BrFiltUp - ok
14:04:40.0745 6128 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:04:40.0746 6128 BridgeMP - ok
14:04:40.0756 6128 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:04:40.0757 6128 Browser - ok
14:04:40.0770 6128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:04:40.0772 6128 Brserid - ok
14:04:40.0777 6128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:04:40.0777 6128 BrSerWdm - ok
14:04:40.0783 6128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:04:40.0784 6128 BrUsbMdm - ok
14:04:40.0787 6128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:04:40.0788 6128 BrUsbSer - ok
14:04:40.0792 6128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:04:40.0793 6128 BTHMODEM - ok
14:04:40.0800 6128 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:04:40.0801 6128 bthserv - ok
14:04:40.0806 6128 catchme - ok
14:04:40.0811 6128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:04:40.0812 6128 cdfs - ok
14:04:40.0819 6128 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:04:40.0820 6128 cdrom - ok
14:04:40.0825 6128 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:04:40.0826 6128 CertPropSvc - ok
14:04:40.0831 6128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:04:40.0832 6128 circlass - ok
14:04:40.0844 6128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:04:40.0846 6128 CLFS - ok
14:04:40.0854 6128 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:04:40.0855 6128 clr_optimization_v2.0.50727_32 - ok
14:04:40.0862 6128 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:04:40.0863 6128 clr_optimization_v2.0.50727_64 - ok
14:04:40.0872 6128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:04:40.0874 6128 clr_optimization_v4.0.30319_32 - ok
14:04:40.0882 6128 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:04:40.0884 6128 clr_optimization_v4.0.30319_64 - ok
14:04:40.0887 6128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:04:40.0887 6128 CmBatt - ok
14:04:40.0891 6128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:04:40.0891 6128 cmdide - ok
14:04:40.0907 6128 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:04:40.0909 6128 CNG - ok
14:04:40.0913 6128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:04:40.0913 6128 Compbatt - ok
14:04:40.0918 6128 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:04:40.0919 6128 CompositeBus - ok
14:04:40.0922 6128 COMSysApp - ok
14:04:40.0926 6128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:04:40.0927 6128 crcdisk - ok
14:04:40.0939 6128 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:04:40.0941 6128 CryptSvc - ok
14:04:40.0947 6128 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
14:04:40.0948 6128 dc3d - ok
14:04:40.0973 6128 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:04:40.0976 6128 DcomLaunch - ok
14:04:40.0992 6128 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:04:40.0994 6128 defragsvc - ok
14:04:41.0001 6128 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:04:41.0002 6128 DfsC - ok
14:04:41.0018 6128 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:04:41.0020 6128 Dhcp - ok
14:04:41.0025 6128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:04:41.0025 6128 discache - ok
14:04:41.0031 6128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:04:41.0031 6128 Disk - ok
14:04:41.0042 6128 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:04:41.0043 6128 Dnscache - ok
14:04:41.0057 6128 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:04:41.0059 6128 dot3svc - ok
14:04:41.0081 6128 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
14:04:41.0084 6128 DpHost - ok
14:04:41.0093 6128 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:04:41.0095 6128 DPS - ok
14:04:41.0098 6128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:04:41.0099 6128 drmkaud - ok
14:04:41.0114 6128 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:04:41.0116 6128 dtsoftbus01 - ok
14:04:41.0156 6128 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:04:41.0160 6128 DXGKrnl - ok
14:04:41.0164 6128 EagleX64 - ok
14:04:41.0172 6128 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:04:41.0173 6128 EapHost - ok
14:04:41.0313 6128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:04:41.0327 6128 ebdrv - ok
14:04:41.0363 6128 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:04:41.0364 6128 EFS - ok
14:04:41.0394 6128 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:04:41.0398 6128 ehRecvr - ok
14:04:41.0406 6128 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:04:41.0407 6128 ehSched - ok
14:04:41.0438 6128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:04:41.0440 6128 elxstor - ok
14:04:41.0444 6128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:04:41.0445 6128 ErrDev - ok
14:04:41.0467 6128 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:04:41.0470 6128 EventSystem - ok
14:04:41.0480 6128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:04:41.0482 6128 exfat - ok
14:04:41.0492 6128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:04:41.0493 6128 fastfat - ok
14:04:41.0524 6128 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:04:41.0528 6128 Fax - ok
14:04:41.0532 6128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:04:41.0533 6128 fdc - ok
14:04:41.0536 6128 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:04:41.0537 6128 fdPHost - ok
14:04:41.0540 6128 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:04:41.0541 6128 FDResPub - ok
14:04:41.0546 6128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:04:41.0547 6128 FileInfo - ok
14:04:41.0551 6128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:04:41.0551 6128 Filetrace - ok
14:04:41.0555 6128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:04:41.0556 6128 flpydisk - ok
14:04:41.0569 6128 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:04:41.0571 6128 FltMgr - ok
14:04:41.0618 6128 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:04:41.0624 6128 FontCache - ok
14:04:41.0630 6128 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:04:41.0630 6128 FontCache3.0.0.0 - ok
14:04:41.0640 6128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:04:41.0641 6128 FsDepends - ok
14:04:41.0645 6128 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:04:41.0646 6128 Fs_Rec - ok
14:04:41.0658 6128 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:04:41.0660 6128 fvevol - ok
14:04:41.0666 6128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:04:41.0666 6128 gagp30kx - ok
14:04:41.0671 6128 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:04:41.0671 6128 GEARAspiWDM - ok
14:04:41.0706 6128 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:04:41.0710 6128 gpsvc - ok
14:04:41.0714 6128 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:04:41.0715 6128 hamachi - ok
14:04:41.0719 6128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:04:41.0720 6128 hcw85cir - ok
14:04:41.0736 6128 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:04:41.0738 6128 HdAudAddService - ok
14:04:41.0746 6128 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:04:41.0747 6128 HDAudBus - ok
14:04:41.0751 6128 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:04:41.0752 6128 HECIx64 - ok
14:04:41.0756 6128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:04:41.0757 6128 HidBatt - ok
14:04:41.0764 6128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:04:41.0765 6128 HidBth - ok
14:04:41.0769 6128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:04:41.0770 6128 HidIr - ok
14:04:41.0774 6128 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:04:41.0776 6128 hidserv - ok
14:04:41.0780 6128 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:04:41.0781 6128 HidUsb - ok
14:04:41.0787 6128 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:04:41.0789 6128 hkmsvc - ok
14:04:41.0798 6128 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:04:41.0801 6128 HomeGroupListener - ok
14:04:41.0809 6128 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:04:41.0811 6128 HomeGroupProvider - ok
14:04:41.0816 6128 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:04:41.0816 6128 hpdskflt - ok
14:04:41.0821 6128 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:04:41.0822 6128 HpSAMD - ok
14:04:41.0825 6128 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
14:04:41.0826 6128 hpsrv - ok
14:04:41.0830 6128 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:04:41.0831 6128 HPWMISVC - ok
14:04:41.0852 6128 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:04:41.0856 6128 HTTP - ok
14:04:41.0859 6128 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:04:41.0860 6128 hwpolicy - ok
14:04:41.0866 6128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:04:41.0867 6128 i8042prt - ok
14:04:41.0884 6128 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
14:04:41.0887 6128 iaStor - ok
14:04:41.0892 6128 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:04:41.0892 6128 IAStorDataMgrSvc - ok
14:04:41.0906 6128 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:04:41.0908 6128 iaStorV - ok
14:04:41.0934 6128 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:04:41.0938 6128 idsvc - ok
14:04:41.0944 6128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:04:41.0945 6128 iirsp - ok
14:04:41.0981 6128 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:04:41.0986 6128 IKEEXT - ok
14:04:41.0991 6128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:04:41.0991 6128 intelide - ok
14:04:42.0461 6128 intelkmd (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:04:42.0507 6128 intelkmd - ok
14:04:42.0550 6128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:04:42.0550 6128 intelppm - ok
14:04:42.0557 6128 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:04:42.0558 6128 IPBusEnum - ok
14:04:42.0564 6128 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:04:42.0566 6128 IpFilterDriver - ok
14:04:42.0592 6128 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:04:42.0596 6128 iphlpsvc - ok
14:04:42.0601 6128 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:04:42.0602 6128 IPMIDRV - ok
14:04:42.0609 6128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:04:42.0610 6128 IPNAT - ok
14:04:42.0650 6128 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:04:42.0655 6128 iPod Service - ok
14:04:42.0659 6128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:04:42.0659 6128 IRENUM - ok
14:04:42.0663 6128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:04:42.0664 6128 isapnp - ok
14:04:42.0677 6128 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:04:42.0679 6128 iScsiPrt - ok
14:04:42.0683 6128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:04:42.0684 6128 kbdclass - ok
14:04:42.0688 6128 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:04:42.0689 6128 kbdhid - ok
14:04:42.0692 6128 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:04:42.0693 6128 KeyIso - ok
14:04:42.0701 6128 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:04:42.0702 6128 KSecDD - ok
14:04:42.0711 6128 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:04:42.0712 6128 KSecPkg - ok
14:04:42.0716 6128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:04:42.0717 6128 ksthunk - ok
14:04:42.0733 6128 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:04:42.0735 6128 KtmRm - ok
14:04:42.0747 6128 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:04:42.0749 6128 LanmanServer - ok
14:04:42.0756 6128 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:04:42.0758 6128 LanmanWorkstation - ok
14:04:42.0765 6128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:04:42.0766 6128 lltdio - ok
14:04:42.0781 6128 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:04:42.0783 6128 lltdsvc - ok
14:04:42.0786 6128 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:04:42.0787 6128 lmhosts - ok
14:04:42.0796 6128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:04:42.0797 6128 LSI_FC - ok
14:04:42.0805 6128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:04:42.0806 6128 LSI_SAS - ok
14:04:42.0812 6128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:04:42.0813 6128 LSI_SAS2 - ok
14:04:42.0819 6128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:04:42.0820 6128 LSI_SCSI - ok
14:04:42.0827 6128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:04:42.0828 6128 luafv - ok
14:04:42.0835 6128 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:04:42.0837 6128 Mcx2Svc - ok
14:04:42.0840 6128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:04:42.0841 6128 megasas - ok
14:04:42.0854 6128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:04:42.0855 6128 MegaSR - ok
14:04:42.0864 6128 Microsoft SharePoint Workspace Audit Service - ok
14:04:42.0869 6128 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:04:42.0870 6128 MMCSS - ok
14:04:42.0874 6128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:04:42.0875 6128 Modem - ok
14:04:42.0878 6128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:04:42.0879 6128 monitor - ok
14:04:42.0882 6128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:04:42.0883 6128 mouclass - ok
14:04:42.0886 6128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:04:42.0887 6128 mouhid - ok
14:04:42.0892 6128 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:04:42.0893 6128 mountmgr - ok
14:04:42.0899 6128 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:04:42.0900 6128 MozillaMaintenance - ok
14:04:42.0910 6128 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:04:42.0911 6128 mpio - ok
14:04:42.0915 6128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:04:42.0916 6128 mpsdrv - ok
14:04:42.0955 6128 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:04:42.0959 6128 MpsSvc - ok
14:04:42.0969 6128 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:04:42.0970 6128 MRxDAV - ok
14:04:42.0979 6128 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:04:42.0980 6128 mrxsmb - ok
14:04:42.0995 6128 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:04:42.0997 6128 mrxsmb10 - ok
14:04:43.0005 6128 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:04:43.0006 6128 mrxsmb20 - ok
14:04:43.0010 6128 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:04:43.0011 6128 msahci - ok
14:04:43.0019 6128 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:04:43.0021 6128 msdsm - ok
14:04:43.0029 6128 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:04:43.0031 6128 MSDTC - ok
14:04:43.0037 6128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:04:43.0038 6128 Msfs - ok
14:04:43.0041 6128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:04:43.0042 6128 mshidkmdf - ok
14:04:43.0046 6128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:04:43.0046 6128 msisadrv - ok
14:04:43.0056 6128 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:04:43.0058 6128 MSiSCSI - ok
14:04:43.0061 6128 msiserver - ok
14:04:43.0065 6128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:04:43.0066 6128 MSKSSRV - ok
14:04:43.0069 6128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:04:43.0070 6128 MSPCLOCK - ok
14:04:43.0073 6128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:04:43.0074 6128 MSPQM - ok
14:04:43.0093 6128 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:04:43.0095 6128 MsRPC - ok
14:04:43.0101 6128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:04:43.0102 6128 mssmbios - ok
14:04:43.0105 6128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:04:43.0105 6128 MSTEE - ok
14:04:43.0109 6128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:04:43.0110 6128 MTConfig - ok
14:04:43.0114 6128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:04:43.0115 6128 Mup - ok
14:04:43.0138 6128 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:04:43.0141 6128 napagent - ok
14:04:43.0158 6128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:04:43.0160 6128 NativeWifiP - ok
14:04:43.0204 6128 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:04:43.0209 6128 NDIS - ok
14:04:43.0213 6128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:04:43.0213 6128 NdisCap - ok
14:04:43.0217 6128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:04:43.0217 6128 NdisTapi - ok
14:04:43.0221 6128 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:04:43.0222 6128 Ndisuio - ok
14:04:43.0231 6128 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:04:43.0233 6128 NdisWan - ok
14:04:43.0237 6128 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:04:43.0238 6128 NDProxy - ok
14:04:43.0243 6128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:04:43.0244 6128 NetBIOS - ok
14:04:43.0257 6128 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:04:43.0259 6128 NetBT - ok
14:04:43.0264 6128 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:04:43.0265 6128 Netlogon - ok
14:04:43.0282 6128 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:04:43.0285 6128 Netman - ok
14:04:43.0306 6128 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:04:43.0309 6128 netprofm - ok
14:04:43.0319 6128 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:04:43.0320 6128 NetTcpPortSharing - ok
14:04:43.0325 6128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:04:43.0326 6128 nfrd960 - ok
14:04:43.0342 6128 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:04:43.0345 6128 NlaSvc - ok
14:04:43.0349 6128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:04:43.0350 6128 Npfs - ok
14:04:43.0354 6128 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:04:43.0355 6128 nsi - ok
14:04:43.0359 6128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:04:43.0360 6128 nsiproxy - ok
14:04:43.0435 6128 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:04:43.0443 6128 Ntfs - ok
14:04:43.0484 6128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:04:43.0485 6128 Null - ok
14:04:43.0494 6128 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:04:43.0495 6128 nvraid - ok
14:04:43.0505 6128 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:04:43.0506 6128 nvstor - ok
14:04:43.0514 6128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:04:43.0515 6128 nv_agp - ok
14:04:43.0521 6128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:04:43.0522 6128 ohci1394 - ok
14:04:43.0532 6128 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:04:43.0533 6128 ose - ok
14:04:43.0749 6128 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:04:43.0771 6128 osppsvc - ok
14:04:43.0822 6128 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:04:43.0824 6128 p2pimsvc - ok
14:04:43.0842 6128 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:04:43.0846 6128 p2psvc - ok
14:04:43.0858 6128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:04:43.0859 6128 Parport - ok
14:04:43.0865 6128 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:04:43.0866 6128 partmgr - ok
14:04:43.0876 6128 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:04:43.0878 6128 PcaSvc - ok
14:04:43.0889 6128 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:04:43.0890 6128 pci - ok
14:04:43.0894 6128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:04:43.0895 6128 pciide - ok
14:04:43.0907 6128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:04:43.0908 6128 pcmcia - ok
14:04:43.0913 6128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:04:43.0914 6128 pcw - ok
14:04:43.0943 6128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:04:43.0946 6128 PEAUTH - ok
14:04:43.0982 6128 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:04:43.0983 6128 PerfHost - ok
14:04:44.0081 6128 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:04:44.0088 6128 pla - ok
14:04:44.0109 6128 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:04:44.0112 6128 PlugPlay - ok
14:04:44.0117 6128 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:04:44.0119 6128 PNRPAutoReg - ok
14:04:44.0135 6128 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:04:44.0137 6128 PNRPsvc - ok
14:04:44.0149 6128 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:04:44.0149 6128 Point64 - ok
14:04:44.0173 6128 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:04:44.0176 6128 PolicyAgent - ok
14:04:44.0188 6128 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:04:44.0190 6128 Power - ok
14:04:44.0197 6128 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:04:44.0198 6128 PptpMiniport - ok
14:04:44.0204 6128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:04:44.0205 6128 Processor - ok
14:04:44.0217 6128 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:04:44.0219 6128 ProfSvc - ok
14:04:44.0225 6128 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:04:44.0226 6128 ProtectedStorage - ok
14:04:44.0233 6128 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:04:44.0234 6128 Psched - ok
14:04:44.0298 6128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:04:44.0305 6128 ql2300 - ok
14:04:44.0353 6128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:04:44.0355 6128 ql40xx - ok
14:04:44.0367 6128 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:04:44.0369 6128 QWAVE - ok
14:04:44.0374 6128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:04:44.0375 6128 QWAVEdrv - ok
14:04:44.0378 6128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:04:44.0379 6128 RasAcd - ok
14:04:44.0384 6128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:04:44.0384 6128 RasAgileVpn - ok
14:04:44.0391 6128 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:04:44.0392 6128 RasAuto - ok
14:04:44.0401 6128 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:04:44.0402 6128 Rasl2tp - ok
14:04:44.0419 6128 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:04:44.0422 6128 RasMan - ok
14:04:44.0428 6128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:04:44.0429 6128 RasPppoe - ok
14:04:44.0435 6128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:04:44.0436 6128 RasSstp - ok
14:04:44.0451 6128 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:04:44.0453 6128 rdbss - ok
14:04:44.0457 6128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:04:44.0458 6128 rdpbus - ok
14:04:44.0460 6128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:04:44.0461 6128 RDPCDD - ok
14:04:44.0466 6128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:04:44.0467 6128 RDPENCDD - ok
14:04:44.0472 6128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:04:44.0472 6128 RDPREFMP - ok
14:04:44.0484 6128 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:04:44.0486 6128 RDPWD - ok
14:04:44.0497 6128 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:04:44.0498 6128 rdyboost - ok
14:04:44.0505 6128 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:04:44.0507 6128 RemoteAccess - ok
14:04:44.0516 6128 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:04:44.0518 6128 RemoteRegistry - ok
14:04:44.0523 6128 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:04:44.0525 6128 RpcEptMapper - ok
14:04:44.0528 6128 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:04:44.0529 6128 RpcLocator - ok
14:04:44.0551 6128 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:04:44.0555 6128 RpcSs - ok
14:04:44.0560 6128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:04:44.0561 6128 rspndr - ok
14:04:44.0584 6128 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:04:44.0585 6128 RTL8167 - ok
14:04:44.0590 6128 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:04:44.0591 6128 SamSs - ok
14:04:44.0597 6128 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:04:44.0598 6128 sbp2port - ok
14:04:44.0610 6128 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:04:44.0612 6128 SCardSvr - ok
14:04:44.0616 6128 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:04:44.0617 6128 scfilter - ok
14:04:44.0665 6128 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:04:44.0671 6128 Schedule - ok
14:04:44.0678 6128 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:04:44.0679 6128 SCPolicySvc - ok
14:04:44.0688 6128 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:04:44.0690 6128 SDRSVC - ok
14:04:44.0701 6128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:04:44.0701 6128 secdrv - ok
14:04:44.0705 6128 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:04:44.0707 6128 seclogon - ok
14:04:44.0712 6128 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:04:44.0713 6128 SENS - ok
14:04:44.0717 6128 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:04:44.0718 6128 SensrSvc - ok
14:04:44.0723 6128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:04:44.0724 6128 Serenum - ok
14:04:44.0730 6128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:04:44.0731 6128 Serial - ok
14:04:44.0735 6128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:04:44.0735 6128 sermouse - ok
14:04:44.0746 6128 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:04:44.0748 6128 SessionEnv - ok
14:04:44.0751 6128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:04:44.0752 6128 sffdisk - ok
14:04:44.0755 6128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:04:44.0756 6128 sffp_mmc - ok
14:04:44.0759 6128 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:04:44.0760 6128 sffp_sd - ok
14:04:44.0763 6128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:04:44.0764 6128 sfloppy - ok
14:04:44.0777 6128 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:04:44.0779 6128 SharedAccess - ok
14:04:44.0793 6128 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:04:44.0796 6128 ShellHWDetection - ok
14:04:44.0799 6128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:04:44.0800 6128 SiSRaid2 - ok
14:04:44.0805 6128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:04:44.0806 6128 SiSRaid4 - ok
14:04:44.0811 6128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:04:44.0812 6128 Smb - ok
14:04:44.0815 6128 SmbDrv (01086d104eb92c99e5340d457d00d397) C:\Windows\system32\DRIVERS\Smb_driver.sys
14:04:44.0816 6128 SmbDrv - ok
14:04:44.0822 6128 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:04:44.0825 6128 SNMPTRAP - ok
14:04:44.0829 6128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:04:44.0830 6128 spldr - ok
14:04:44.0848 6128 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:04:44.0852 6128 Spooler - ok
14:04:44.0979 6128 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:04:44.0996 6128 sppsvc - ok
14:04:45.0033 6128 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:04:45.0034 6128 sppuinotify - ok
14:04:45.0061 6128 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:04:45.0064 6128 srv - ok
14:04:45.0084 6128 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:04:45.0087 6128 srv2 - ok
14:04:45.0097 6128 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:04:45.0098 6128 srvnet - ok
14:04:45.0108 6128 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:04:45.0110 6128 SSDPSRV - ok
14:04:45.0116 6128 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:04:45.0118 6128 SstpSvc - ok
14:04:45.0134 6128 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
14:04:45.0136 6128 STacSV - ok
14:04:45.0141 6128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:04:45.0141 6128 stexstor - ok
14:04:45.0167 6128 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
14:04:45.0169 6128 STHDA - ok
14:04:45.0198 6128 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:04:45.0202 6128 stisvc - ok
14:04:45.0205 6128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:04:45.0206 6128 swenum - ok
14:04:45.0233 6128 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:04:45.0236 6128 SwitchBoard - ok
14:04:45.0261 6128 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:04:45.0265 6128 swprv - ok
14:04:45.0285 6128 SynTP (3b9f01b06e9c65bc182131b673dd03da) C:\Windows\system32\DRIVERS\SynTP.sys
14:04:45.0287 6128 SynTP - ok
14:04:45.0362 6128 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:04:45.0371 6128 SysMain - ok
14:04:45.0410 6128 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:04:45.0412 6128 TabletInputService - ok
14:04:45.0428 6128 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:04:45.0431 6128 TapiSrv - ok
14:04:45.0436 6128 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:04:45.0437 6128 TBS - ok
14:04:45.0528 6128 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:04:45.0536 6128 Tcpip - ok
14:04:45.0662 6128 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:04:45.0670 6128 TCPIP6 - ok
14:04:45.0716 6128 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:04:45.0717 6128 tcpipreg - ok
14:04:45.0722 6128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:04:45.0723 6128 TDPIPE - ok
14:04:45.0727 6128 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:04:45.0727 6128 TDTCP - ok
14:04:45.0734 6128 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:04:45.0735 6128 tdx - ok
14:04:45.0741 6128 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:04:45.0742 6128 TermDD - ok
14:04:45.0774 6128 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:04:45.0779 6128 TermService - ok
14:04:45.0785 6128 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:04:45.0786 6128 Themes - ok
14:04:45.0793 6128 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:04:45.0794 6128 THREADORDER - ok
14:04:45.0802 6128 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:04:45.0804 6128 TrkWks - ok
14:04:45.0816 6128 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:04:45.0817 6128 TrustedInstaller - ok
14:04:45.0824 6128 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:04:45.0825 6128 tssecsrv - ok
14:04:45.0830 6128 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:04:45.0831 6128 TsUsbFlt - ok
14:04:45.0834 6128 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:04:45.0835 6128 TsUsbGD - ok
14:04:45.0845 6128 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:04:45.0846 6128 tunnel - ok
14:04:45.0851 6128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:04:45.0852 6128 uagp35 - ok
14:04:45.0866 6128 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:04:45.0867 6128 udfs - ok
14:04:45.0876 6128 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:04:45.0877 6128 UI0Detect - ok
14:04:45.0882 6128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:04:45.0883 6128 uliagpkx - ok
14:04:45.0887 6128 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:04:45.0887 6128 umbus - ok
14:04:45.0891 6128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:04:45.0891 6128 UmPass - ok
14:04:45.0904 6128 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:04:45.0907 6128 upnphost - ok
14:04:45.0911 6128 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:04:45.0912 6128 USBAAPL64 - ok
14:04:45.0917 6128 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:04:45.0918 6128 usbccgp - ok
14:04:45.0924 6128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:04:45.0925 6128 usbcir - ok
14:04:45.0929 6128 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:04:45.0930 6128 usbehci - ok
14:04:45.0942 6128 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:04:45.0943 6128 usbhub - ok
14:04:45.0947 6128 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:04:45.0948 6128 usbohci - ok
14:04:45.0953 6128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:04:45.0953 6128 usbprint - ok
14:04:45.0958 6128 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:04:45.0958 6128 usbscan - ok
14:04:45.0964 6128 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:04:45.0965 6128 USBSTOR - ok
14:04:45.0969 6128 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:04:45.0970 6128 usbuhci - ok
14:04:45.0979 6128 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:04:45.0980 6128 usbvideo - ok
14:04:45.0983 6128 usj - ok
14:04:45.0987 6128 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:04:45.0989 6128 UxSms - ok
14:04:45.0992 6128 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:04:45.0994 6128 VaultSvc - ok
14:04:46.0086 6128 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
14:04:46.0097 6128 vcsFPService - ok
14:04:46.0140 6128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:04:46.0141 6128 vdrvroot - ok
14:04:46.0167 6128 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:04:46.0170 6128 vds - ok
14:04:46.0175 6128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:04:46.0176 6128 vga - ok
14:04:46.0180 6128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:04:46.0181 6128 VgaSave - ok
14:04:46.0193 6128 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:04:46.0194 6128 vhdmp - ok
14:04:46.0197 6128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:04:46.0198 6128 viaide - ok
14:04:46.0203 6128 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:04:46.0204 6128 volmgr - ok
14:04:46.0223 6128 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:04:46.0225 6128 volmgrx - ok
14:04:46.0239 6128 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:04:46.0241 6128 volsnap - ok
14:04:46.0252 6128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:04:46.0253 6128 vsmraid - ok
14:04:46.0320 6128 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:04:46.0328 6128 VSS - ok
14:04:46.0371 6128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:04:46.0371 6128 vwifibus - ok
14:04:46.0376 6128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:04:46.0377 6128 vwififlt - ok
14:04:46.0380 6128 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:04:46.0381 6128 vwifimp - ok
14:04:46.0402 6128 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:04:46.0405 6128 W32Time - ok
14:04:46.0411 6128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:04:46.0411 6128 WacomPen - ok
14:04:46.0417 6128 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:46.0418 6128 WANARP - ok
14:04:46.0421 6128 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:46.0422 6128 Wanarpv6 - ok
14:04:46.0478 6128 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:04:46.0485 6128 WatAdminSvc - ok
14:04:46.0553 6128 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:04:46.0561 6128 wbengine - ok
14:04:46.0606 6128 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:04:46.0609 6128 WbioSrvc - ok
14:04:46.0627 6128 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:04:46.0630 6128 wcncsvc - ok
14:04:46.0634 6128 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:04:46.0636 6128 WcsPlugInService - ok
14:04:46.0646 6128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:04:46.0647 6128 Wd - ok
14:04:46.0676 6128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:04:46.0680 6128 Wdf01000 - ok
14:04:46.0687 6128 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:04:46.0689 6128 WdiServiceHost - ok
14:04:46.0692 6128 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:04:46.0693 6128 WdiSystemHost - ok
14:04:46.0708 6128 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:04:46.0710 6128 WebClient - ok
14:04:46.0723 6128 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:04:46.0725 6128 Wecsvc - ok
14:04:46.0731 6128 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:04:46.0733 6128 wercplsupport - ok
14:04:46.0738 6128 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:04:46.0740 6128 WerSvc - ok
14:04:46.0749 6128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:04:46.0749 6128 WfpLwf - ok
14:04:46.0753 6128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:04:46.0753 6128 WIMMount - ok
14:04:46.0758 6128 WinDefend - ok
14:04:46.0763 6128 WinHttpAutoProxySvc - ok
14:04:46.0781 6128 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:04:46.0783 6128 Winmgmt - ok
14:04:46.0786 6128 WinRing0_1_2_0 - ok
14:04:46.0873 6128 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:04:46.0883 6128 WinRM - ok
14:04:46.0927 6128 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
14:04:46.0928 6128 WinUSB - ok
14:04:46.0967 6128 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:04:46.0973 6128 Wlansvc - ok
14:04:47.0074 6128 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:04:47.0085 6128 wlidsvc - ok
14:04:47.0128 6128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:04:47.0129 6128 WmiAcpi - ok
14:04:47.0147 6128 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:04:47.0149 6128 wmiApSrv - ok
14:04:47.0153 6128 WMPNetworkSvc - ok
14:04:47.0158 6128 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:04:47.0160 6128 WPCSvc - ok
14:04:47.0167 6128 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:04:47.0169 6128 WPDBusEnum - ok
14:04:47.0174 6128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:04:47.0175 6128 ws2ifsl - ok
14:04:47.0181 6128 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:04:47.0183 6128 wscsvc - ok
14:04:47.0186 6128 WSearch - ok
14:04:47.0294 6128 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:04:47.0305 6128 wuauserv - ok
14:04:47.0351 6128 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:04:47.0352 6128 WudfPf - ok
14:04:47.0362 6128 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:04:47.0363 6128 WUDFRd - ok
14:04:47.0370 6128 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:04:47.0372 6128 wudfsvc - ok
14:04:47.0384 6128 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:04:47.0387 6128 WwanSvc - ok
14:04:47.0397 6128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:04:47.0400 6128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:04:47.0400 6128 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:04:47.0446 6128 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:04:47.0446 6128 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:04:47.0449 6128 MBR (0x1B8) (fd4fa460b86e4f6187ebf9b45dfb2bce) \Device\Harddisk1\DR1
14:04:49.0184 6128 \Device\Harddisk1\DR1 - ok
14:04:49.0189 6128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:04:54.0816 6128 \Device\Harddisk2\DR2 - ok
14:04:54.0818 6128 Boot (0x1200) (603a4d392d4bc3a81c6570c8aa435609) \Device\Harddisk0\DR0\Partition0
14:04:54.0820 6128 \Device\Harddisk0\DR0\Partition0 - ok
14:04:54.0823 6128 Boot (0x1200) (19125e893852943dccb293b595b0b9ef) \Device\Harddisk0\DR0\Partition1
14:04:54.0824 6128 \Device\Harddisk0\DR0\Partition1 - ok
14:04:54.0827 6128 Boot (0x1200) (e5242554bec4f12d726f5de6119d2a8b) \Device\Harddisk1\DR1\Partition0
14:04:54.0828 6128 \Device\Harddisk1\DR1\Partition0 - ok
14:04:54.0830 6128 Boot (0x1200) (d6f70958d4678a643f0600a180fbc573) \Device\Harddisk1\DR1\Partition1
14:04:54.0831 6128 \Device\Harddisk1\DR1\Partition1 - ok
14:04:54.0833 6128 Boot (0x1200) (a6422d8f82d0794e213d095f3d91c0a9) \Device\Harddisk1\DR1\Partition2
14:04:54.0834 6128 \Device\Harddisk1\DR1\Partition2 - ok
14:04:54.0837 6128 Boot (0x1200) (9153533df0462c574eed20c051cf0646) \Device\Harddisk1\DR1\Partition3
14:04:54.0837 6128 \Device\Harddisk1\DR1\Partition3 - ok
14:04:54.0840 6128 Boot (0x1200) (bc5808e81e57e6ba22ebb1e736b6ab96) \Device\Harddisk1\DR1\Partition4
14:04:54.0841 6128 \Device\Harddisk1\DR1\Partition4 - ok
14:04:54.0845 6128 Boot (0x1200) (3d031a914f660b9b156c7cf9da600d2c) \Device\Harddisk2\DR2\Partition0
14:04:54.0846 6128 \Device\Harddisk2\DR2\Partition0 - ok
14:04:54.0847 6128 ============================================================
14:04:54.0847 6128 Scan finished
14:04:54.0847 6128 ============================================================
14:04:54.0854 1256 Detected object count: 2
14:04:54.0854 1256 Actual detected object count: 2
14:05:12.0497 1256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
14:05:12.0497 1256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
14:05:12.0499 1256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:05:12.0499 1256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:05:14.0484 5704 Deinitialize success

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 24 July 2012 - 07:23 PM

Please do the following:

Please re-run TDSSKiller and allow it to "cure" what it finds - post the resulting log


NEXT

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
c:\programdata\Microsoft\Windows\DRM\938B.tmp
c:\programdata\Microsoft\Windows\DRM\938A.tmp
c:\programdata\Microsoft\Windows\DRM\48D5.tmp

Folder::
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 stewieisall

stewieisall
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 24 July 2012 - 07:43 PM

14:24:16.0746 6720 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:24:17.0341 6720 ============================================================
14:24:17.0341 6720 Current date / time: 2012/07/24 14:24:17.0341
14:24:17.0341 6720 SystemInfo:
14:24:17.0341 6720
14:24:17.0341 6720 OS Version: 6.1.7601 ServicePack: 1.0
14:24:17.0341 6720 Product type: Workstation
14:24:17.0341 6720 ComputerName: HOME-PC
14:24:17.0341 6720 UserName: Asa
14:24:17.0341 6720 Windows directory: C:\Windows
14:24:17.0341 6720 System windows directory: C:\Windows
14:24:17.0341 6720 Running under WOW64
14:24:17.0341 6720 Processor architecture: Intel x64
14:24:17.0341 6720 Number of processors: 4
14:24:17.0341 6720 Page size: 0x1000
14:24:17.0341 6720 Boot type: Normal boot
14:24:17.0341 6720 ============================================================
14:24:17.0558 6720 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:24:17.0908 6720 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:24:17.0913 6720 Drive \Device\Harddisk2\DR2 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:24:17.0915 6720 ============================================================
14:24:17.0915 6720 \Device\Harddisk0\DR0:
14:24:17.0915 6720 MBR partitions:
14:24:17.0915 6720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:24:17.0915 6720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
14:24:17.0915 6720 \Device\Harddisk1\DR1:
14:24:17.0916 6720 MBR partitions:
14:24:17.0916 6720 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
14:24:17.0916 6720 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xC800000
14:24:17.0916 6720 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x19000800, BlocksNum 0x6400000
14:24:17.0929 6720 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1F401000, BlocksNum 0x19000000
14:24:17.0952 6720 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x38401800, BlocksNum 0x6400000
14:24:17.0952 6720 \Device\Harddisk2\DR2:
14:24:17.0953 6720 MBR partitions:
14:24:17.0953 6720 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xEE8000
14:24:17.0953 6720 ============================================================
14:24:17.0956 6720 C: <-> \Device\Harddisk0\DR0\Partition1
14:24:17.0985 6720 A: <-> \Device\Harddisk1\DR1\Partition0
14:24:18.0026 6720 B: <-> \Device\Harddisk1\DR1\Partition1
14:24:18.0061 6720 E: <-> \Device\Harddisk1\DR1\Partition2
14:24:18.0101 6720 F: <-> \Device\Harddisk1\DR1\Partition3
14:24:18.0150 6720 G: <-> \Device\Harddisk1\DR1\Partition4
14:24:18.0150 6720 ============================================================
14:24:18.0150 6720 Initialize success
14:24:18.0150 6720 ============================================================
14:24:18.0958 1496 ============================================================
14:24:18.0958 1496 Scan started
14:24:18.0958 1496 Mode: Manual;
14:24:18.0958 1496 ============================================================
14:24:19.0079 1496 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:24:19.0080 1496 1394ohci - ok
14:24:19.0084 1496 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:24:19.0085 1496 Accelerometer - ok
14:24:19.0098 1496 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:24:19.0100 1496 ACPI - ok
14:24:19.0104 1496 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:24:19.0105 1496 AcpiPmi - ok
14:24:19.0111 1496 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:19.0112 1496 AdobeARMservice - ok
14:24:19.0146 1496 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:19.0147 1496 AdobeFlashPlayerUpdateSvc - ok
14:24:19.0165 1496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:24:19.0168 1496 adp94xx - ok
14:24:19.0182 1496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:24:19.0184 1496 adpahci - ok
14:24:19.0192 1496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:24:19.0194 1496 adpu320 - ok
14:24:19.0199 1496 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:24:19.0200 1496 AeLookupSvc - ok
14:24:19.0207 1496 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
14:24:19.0208 1496 AESTFilters - ok
14:24:19.0229 1496 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:24:19.0231 1496 AFD - ok
14:24:19.0236 1496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:24:19.0237 1496 agp440 - ok
14:24:19.0242 1496 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:24:19.0243 1496 ALG - ok
14:24:19.0246 1496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:24:19.0246 1496 aliide - ok
14:24:19.0254 1496 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
14:24:19.0256 1496 AMD External Events Utility - ok
14:24:19.0259 1496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:24:19.0259 1496 amdide - ok
14:24:19.0263 1496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:24:19.0264 1496 AmdK8 - ok
14:24:19.0568 1496 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
14:24:19.0604 1496 amdkmdag - ok
14:24:19.0654 1496 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
14:24:19.0655 1496 amdkmdap - ok
14:24:19.0660 1496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:24:19.0660 1496 AmdPPM - ok
14:24:19.0666 1496 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:24:19.0667 1496 amdsata - ok
14:24:19.0677 1496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:24:19.0678 1496 amdsbs - ok
14:24:19.0683 1496 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:24:19.0684 1496 amdxata - ok
14:24:19.0688 1496 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:24:19.0689 1496 AppID - ok
14:24:19.0693 1496 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:24:19.0693 1496 AppIDSvc - ok
14:24:19.0699 1496 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:24:19.0700 1496 Appinfo - ok
14:24:19.0706 1496 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:24:19.0708 1496 Apple Mobile Device - ok
14:24:19.0716 1496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:24:19.0717 1496 arc - ok
14:24:19.0722 1496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:24:19.0723 1496 arcsas - ok
14:24:19.0726 1496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:19.0727 1496 AsyncMac - ok
14:24:19.0730 1496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:24:19.0731 1496 atapi - ok
14:24:19.0738 1496 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:24:19.0739 1496 AtiHdmiService - ok
14:24:19.0759 1496 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:24:19.0762 1496 AudioEndpointBuilder - ok
14:24:19.0767 1496 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:24:19.0771 1496 AudioSrv - ok
14:24:19.0958 1496 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:24:19.0982 1496 AVGIDSAgent - ok
14:24:20.0030 1496 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:24:20.0032 1496 AVGIDSDriver - ok
14:24:20.0037 1496 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:24:20.0037 1496 AVGIDSFilter - ok
14:24:20.0041 1496 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
14:24:20.0042 1496 AVGIDSHA - ok
14:24:20.0056 1496 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:24:20.0057 1496 Avgldx64 - ok
14:24:20.0062 1496 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:24:20.0063 1496 Avgmfx64 - ok
14:24:20.0067 1496 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:24:20.0068 1496 Avgrkx64 - ok
14:24:20.0086 1496 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
14:24:20.0088 1496 Avgtdia - ok
14:24:20.0104 1496 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:24:20.0106 1496 avgwd - ok
14:24:20.0113 1496 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:24:20.0115 1496 AxInstSV - ok
14:24:20.0138 1496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:24:20.0140 1496 b06bdrv - ok
14:24:20.0154 1496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:24:20.0156 1496 b57nd60a - ok
14:24:20.0291 1496 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:24:20.0305 1496 BCM43XX - ok
14:24:20.0344 1496 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:24:20.0345 1496 BDESVC - ok
14:24:20.0355 1496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:24:20.0356 1496 Beep - ok
14:24:20.0392 1496 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:24:20.0396 1496 BFE - ok
14:24:20.0437 1496 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:24:20.0442 1496 BITS - ok
14:24:20.0453 1496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:24:20.0453 1496 blbdrive - ok
14:24:20.0475 1496 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:24:20.0477 1496 Bonjour Service - ok
14:24:20.0484 1496 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:24:20.0485 1496 bowser - ok
14:24:20.0488 1496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:24:20.0489 1496 BrFiltLo - ok
14:24:20.0492 1496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:24:20.0493 1496 BrFiltUp - ok
14:24:20.0499 1496 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:24:20.0500 1496 BridgeMP - ok
14:24:20.0508 1496 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:24:20.0509 1496 Browser - ok
14:24:20.0521 1496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:24:20.0523 1496 Brserid - ok
14:24:20.0527 1496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:20.0528 1496 BrSerWdm - ok
14:24:20.0531 1496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:20.0531 1496 BrUsbMdm - ok
14:24:20.0535 1496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:24:20.0536 1496 BrUsbSer - ok
14:24:20.0540 1496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:24:20.0541 1496 BTHMODEM - ok
14:24:20.0548 1496 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:24:20.0549 1496 bthserv - ok
14:24:20.0553 1496 catchme - ok
14:24:20.0558 1496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:24:20.0559 1496 cdfs - ok
14:24:20.0566 1496 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:24:20.0567 1496 cdrom - ok
14:24:20.0572 1496 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:24:20.0573 1496 CertPropSvc - ok
14:24:20.0578 1496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:24:20.0579 1496 circlass - ok
14:24:20.0591 1496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:24:20.0593 1496 CLFS - ok
14:24:20.0601 1496 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:20.0602 1496 clr_optimization_v2.0.50727_32 - ok
14:24:20.0608 1496 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:24:20.0608 1496 clr_optimization_v2.0.50727_64 - ok
14:24:20.0608 1496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:20.0624 1496 clr_optimization_v4.0.30319_32 - ok
14:24:20.0624 1496 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:24:20.0624 1496 clr_optimization_v4.0.30319_64 - ok
14:24:20.0639 1496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:24:20.0639 1496 CmBatt - ok
14:24:20.0639 1496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:24:20.0639 1496 cmdide - ok
14:24:20.0655 1496 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:24:20.0655 1496 CNG - ok
14:24:20.0655 1496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:24:20.0655 1496 Compbatt - ok
14:24:20.0670 1496 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:24:20.0670 1496 CompositeBus - ok
14:24:20.0670 1496 COMSysApp - ok
14:24:20.0670 1496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:24:20.0670 1496 crcdisk - ok
14:24:20.0691 1496 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:24:20.0693 1496 CryptSvc - ok
14:24:20.0698 1496 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
14:24:20.0699 1496 dc3d - ok
14:24:20.0723 1496 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:24:20.0726 1496 DcomLaunch - ok
14:24:20.0740 1496 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:24:20.0742 1496 defragsvc - ok
14:24:20.0747 1496 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:24:20.0748 1496 DfsC - ok
14:24:20.0763 1496 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:24:20.0765 1496 Dhcp - ok
14:24:20.0769 1496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:24:20.0770 1496 discache - ok
14:24:20.0775 1496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:24:20.0776 1496 Disk - ok
14:24:20.0786 1496 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:24:20.0787 1496 Dnscache - ok
14:24:20.0798 1496 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:24:20.0800 1496 dot3svc - ok
14:24:20.0819 1496 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
14:24:20.0821 1496 DpHost - ok
14:24:20.0830 1496 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:24:20.0832 1496 DPS - ok
14:24:20.0835 1496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:24:20.0836 1496 drmkaud - ok
14:24:20.0850 1496 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:24:20.0852 1496 dtsoftbus01 - ok
14:24:20.0890 1496 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:24:20.0894 1496 DXGKrnl - ok
14:24:20.0899 1496 EagleX64 - ok
14:24:20.0907 1496 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:24:20.0909 1496 EapHost - ok
14:24:21.0038 1496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:24:21.0053 1496 ebdrv - ok
14:24:21.0090 1496 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:24:21.0091 1496 EFS - ok
14:24:21.0126 1496 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:24:21.0130 1496 ehRecvr - ok
14:24:21.0138 1496 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:24:21.0139 1496 ehSched - ok
14:24:21.0170 1496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:24:21.0173 1496 elxstor - ok
14:24:21.0176 1496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:24:21.0176 1496 ErrDev - ok
14:24:21.0200 1496 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:24:21.0202 1496 EventSystem - ok
14:24:21.0212 1496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:24:21.0215 1496 exfat - ok
14:24:21.0226 1496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:24:21.0228 1496 fastfat - ok
14:24:21.0261 1496 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:24:21.0265 1496 Fax - ok
14:24:21.0270 1496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:24:21.0271 1496 fdc - ok
14:24:21.0274 1496 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:24:21.0275 1496 fdPHost - ok
14:24:21.0279 1496 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:24:21.0280 1496 FDResPub - ok
14:24:21.0286 1496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:24:21.0287 1496 FileInfo - ok
14:24:21.0291 1496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:24:21.0291 1496 Filetrace - ok
14:24:21.0295 1496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:24:21.0295 1496 flpydisk - ok
14:24:21.0310 1496 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:24:21.0311 1496 FltMgr - ok
14:24:21.0355 1496 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:24:21.0361 1496 FontCache - ok
14:24:21.0366 1496 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:24:21.0367 1496 FontCache3.0.0.0 - ok
14:24:21.0376 1496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:24:21.0377 1496 FsDepends - ok
14:24:21.0380 1496 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:24:21.0381 1496 Fs_Rec - ok
14:24:21.0393 1496 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:24:21.0394 1496 fvevol - ok
14:24:21.0398 1496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:24:21.0399 1496 gagp30kx - ok
14:24:21.0403 1496 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:24:21.0403 1496 GEARAspiWDM - ok
14:24:21.0434 1496 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:24:21.0439 1496 gpsvc - ok
14:24:21.0443 1496 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:24:21.0444 1496 hamachi - ok
14:24:21.0447 1496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:24:21.0447 1496 hcw85cir - ok
14:24:21.0461 1496 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:24:21.0464 1496 HdAudAddService - ok
14:24:21.0471 1496 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:24:21.0472 1496 HDAudBus - ok
14:24:21.0477 1496 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:24:21.0478 1496 HECIx64 - ok
14:24:21.0481 1496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:24:21.0482 1496 HidBatt - ok
14:24:21.0487 1496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:24:21.0488 1496 HidBth - ok
14:24:21.0492 1496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:24:21.0493 1496 HidIr - ok
14:24:21.0497 1496 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:24:21.0499 1496 hidserv - ok
14:24:21.0502 1496 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:24:21.0503 1496 HidUsb - ok
14:24:21.0509 1496 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:24:21.0510 1496 hkmsvc - ok
14:24:21.0520 1496 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:24:21.0522 1496 HomeGroupListener - ok
14:24:21.0530 1496 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:24:21.0531 1496 HomeGroupProvider - ok
14:24:21.0535 1496 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:24:21.0536 1496 hpdskflt - ok
14:24:21.0541 1496 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:24:21.0542 1496 HpSAMD - ok
14:24:21.0545 1496 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
14:24:21.0546 1496 hpsrv - ok
14:24:21.0551 1496 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:24:21.0551 1496 HPWMISVC - ok
14:24:21.0573 1496 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:24:21.0577 1496 HTTP - ok
14:24:21.0580 1496 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:24:21.0581 1496 hwpolicy - ok
14:24:21.0586 1496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:24:21.0587 1496 i8042prt - ok
14:24:21.0605 1496 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
14:24:21.0608 1496 iaStor - ok
14:24:21.0613 1496 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:24:21.0614 1496 IAStorDataMgrSvc - ok
14:24:21.0627 1496 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:24:21.0629 1496 iaStorV - ok
14:24:21.0655 1496 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:24:21.0660 1496 idsvc - ok
14:24:21.0666 1496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:24:21.0667 1496 iirsp - ok
14:24:21.0685 1496 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:24:21.0695 1496 IKEEXT - ok
14:24:21.0695 1496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:24:21.0695 1496 intelide - ok
14:24:22.0110 1496 intelkmd (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:24:22.0158 1496 intelkmd - ok
14:24:22.0197 1496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:24:22.0198 1496 intelppm - ok
14:24:22.0207 1496 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:24:22.0209 1496 IPBusEnum - ok
14:24:22.0213 1496 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:24:22.0214 1496 IpFilterDriver - ok
14:24:22.0238 1496 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:24:22.0241 1496 iphlpsvc - ok
14:24:22.0250 1496 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:24:22.0251 1496 IPMIDRV - ok
14:24:22.0257 1496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:24:22.0258 1496 IPNAT - ok
14:24:22.0296 1496 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:24:22.0301 1496 iPod Service - ok
14:24:22.0304 1496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:24:22.0305 1496 IRENUM - ok
14:24:22.0308 1496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:24:22.0309 1496 isapnp - ok
14:24:22.0322 1496 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:24:22.0324 1496 iScsiPrt - ok
14:24:22.0328 1496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:24:22.0329 1496 kbdclass - ok
14:24:22.0333 1496 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:24:22.0333 1496 kbdhid - ok
14:24:22.0337 1496 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:24:22.0338 1496 KeyIso - ok
14:24:22.0343 1496 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:24:22.0344 1496 KSecDD - ok
14:24:22.0353 1496 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:24:22.0354 1496 KSecPkg - ok
14:24:22.0358 1496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:24:22.0359 1496 ksthunk - ok
14:24:22.0374 1496 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:24:22.0377 1496 KtmRm - ok
14:24:22.0388 1496 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:24:22.0390 1496 LanmanServer - ok
14:24:22.0397 1496 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:24:22.0399 1496 LanmanWorkstation - ok
14:24:22.0406 1496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:24:22.0407 1496 lltdio - ok
14:24:22.0420 1496 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:24:22.0423 1496 lltdsvc - ok
14:24:22.0426 1496 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:24:22.0427 1496 lmhosts - ok
14:24:22.0437 1496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:24:22.0438 1496 LSI_FC - ok
14:24:22.0443 1496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:24:22.0444 1496 LSI_SAS - ok
14:24:22.0449 1496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:24:22.0450 1496 LSI_SAS2 - ok
14:24:22.0457 1496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:24:22.0458 1496 LSI_SCSI - ok
14:24:22.0465 1496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:24:22.0466 1496 luafv - ok
14:24:22.0473 1496 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:24:22.0475 1496 Mcx2Svc - ok
14:24:22.0478 1496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:24:22.0479 1496 megasas - ok
14:24:22.0489 1496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:24:22.0491 1496 MegaSR - ok
14:24:22.0499 1496 Microsoft SharePoint Workspace Audit Service - ok
14:24:22.0504 1496 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:24:22.0506 1496 MMCSS - ok
14:24:22.0509 1496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:24:22.0510 1496 Modem - ok
14:24:22.0514 1496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:24:22.0515 1496 monitor - ok
14:24:22.0519 1496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:24:22.0520 1496 mouclass - ok
14:24:22.0524 1496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:24:22.0525 1496 mouhid - ok
14:24:22.0531 1496 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:24:22.0532 1496 mountmgr - ok
14:24:22.0538 1496 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:24:22.0539 1496 MozillaMaintenance - ok
14:24:22.0547 1496 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:24:22.0548 1496 mpio - ok
14:24:22.0553 1496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:24:22.0554 1496 mpsdrv - ok
14:24:22.0581 1496 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:24:22.0586 1496 MpsSvc - ok
14:24:22.0592 1496 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:24:22.0593 1496 MRxDAV - ok
14:24:22.0600 1496 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:24:22.0601 1496 mrxsmb - ok
14:24:22.0611 1496 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:24:22.0613 1496 mrxsmb10 - ok
14:24:22.0619 1496 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:24:22.0620 1496 mrxsmb20 - ok
14:24:22.0623 1496 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:24:22.0624 1496 msahci - ok
14:24:22.0630 1496 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:24:22.0631 1496 msdsm - ok
14:24:22.0637 1496 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:24:22.0639 1496 MSDTC - ok
14:24:22.0645 1496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:24:22.0646 1496 Msfs - ok
14:24:22.0649 1496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:24:22.0650 1496 mshidkmdf - ok
14:24:22.0654 1496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:24:22.0654 1496 msisadrv - ok
14:24:22.0662 1496 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:24:22.0664 1496 MSiSCSI - ok
14:24:22.0667 1496 msiserver - ok
14:24:22.0671 1496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:24:22.0672 1496 MSKSSRV - ok
14:24:22.0675 1496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:24:22.0676 1496 MSPCLOCK - ok
14:24:22.0679 1496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:24:22.0680 1496 MSPQM - ok
14:24:22.0693 1496 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:24:22.0695 1496 MsRPC - ok
14:24:22.0698 1496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:24:22.0698 1496 mssmbios - ok
14:24:22.0698 1496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:24:22.0698 1496 MSTEE - ok
14:24:22.0708 1496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:24:22.0708 1496 MTConfig - ok
14:24:22.0708 1496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:24:22.0708 1496 Mup - ok
14:24:22.0728 1496 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:24:22.0728 1496 napagent - ok
14:24:22.0738 1496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:24:22.0738 1496 NativeWifiP - ok
14:24:22.0772 1496 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:24:22.0776 1496 NDIS - ok
14:24:22.0780 1496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:24:22.0781 1496 NdisCap - ok
14:24:22.0784 1496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:24:22.0785 1496 NdisTapi - ok
14:24:22.0789 1496 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:24:22.0790 1496 Ndisuio - ok
14:24:22.0796 1496 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:24:22.0798 1496 NdisWan - ok
14:24:22.0802 1496 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:24:22.0803 1496 NDProxy - ok
14:24:22.0807 1496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:24:22.0808 1496 NetBIOS - ok
14:24:22.0817 1496 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:24:22.0818 1496 NetBT - ok
14:24:22.0823 1496 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:24:22.0824 1496 Netlogon - ok
14:24:22.0836 1496 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:24:22.0839 1496 Netman - ok
14:24:22.0853 1496 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:24:22.0856 1496 netprofm - ok
14:24:22.0863 1496 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:24:22.0866 1496 NetTcpPortSharing - ok
14:24:22.0869 1496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:24:22.0870 1496 nfrd960 - ok
14:24:22.0880 1496 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:24:22.0883 1496 NlaSvc - ok
14:24:22.0887 1496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:24:22.0888 1496 Npfs - ok
14:24:22.0891 1496 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:24:22.0893 1496 nsi - ok
14:24:22.0896 1496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:24:22.0897 1496 nsiproxy - ok
14:24:22.0942 1496 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:24:22.0950 1496 Ntfs - ok
14:24:22.0978 1496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:24:22.0979 1496 Null - ok
14:24:22.0986 1496 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:24:22.0987 1496 nvraid - ok
14:24:22.0994 1496 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:24:22.0995 1496 nvstor - ok
14:24:23.0002 1496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:24:23.0004 1496 nv_agp - ok
14:24:23.0008 1496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:24:23.0009 1496 ohci1394 - ok
14:24:23.0018 1496 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:24:23.0019 1496 ose - ok
14:24:23.0239 1496 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:24:23.0262 1496 osppsvc - ok
14:24:23.0266 1496 Scan interrupted by user!
14:24:23.0266 1496 Scan interrupted by user!
14:24:23.0266 1496 Scan interrupted by user!
14:24:23.0266 1496 ============================================================
14:24:23.0266 1496 Scan finished
14:24:23.0266 1496 ============================================================
14:24:23.0273 6808 Detected object count: 0
14:24:23.0273 6808 Actual detected object count: 0
14:24:26.0747 1176 ============================================================
14:24:26.0748 1176 Scan started
14:24:26.0748 1176 Mode: Manual; TDLFS;
14:24:26.0748 1176 ============================================================
14:24:26.0861 1176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:24:26.0862 1176 1394ohci - ok
14:24:26.0866 1176 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:24:26.0867 1176 Accelerometer - ok
14:24:26.0884 1176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:24:26.0885 1176 ACPI - ok
14:24:26.0889 1176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:24:26.0889 1176 AcpiPmi - ok
14:24:26.0897 1176 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:26.0898 1176 AdobeARMservice - ok
14:24:26.0941 1176 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:26.0941 1176 AdobeFlashPlayerUpdateSvc - ok
14:24:26.0956 1176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:24:26.0956 1176 adp94xx - ok
14:24:26.0983 1176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:24:26.0985 1176 adpahci - ok
14:24:26.0995 1176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:24:26.0996 1176 adpu320 - ok
14:24:27.0004 1176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:24:27.0005 1176 AeLookupSvc - ok
14:24:27.0013 1176 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
14:24:27.0014 1176 AESTFilters - ok
14:24:27.0034 1176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:24:27.0036 1176 AFD - ok
14:24:27.0041 1176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:24:27.0042 1176 agp440 - ok
14:24:27.0047 1176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:24:27.0048 1176 ALG - ok
14:24:27.0051 1176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:24:27.0052 1176 aliide - ok
14:24:27.0062 1176 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
14:24:27.0063 1176 AMD External Events Utility - ok
14:24:27.0067 1176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:24:27.0067 1176 amdide - ok
14:24:27.0072 1176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:24:27.0073 1176 AmdK8 - ok
14:24:27.0417 1176 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
14:24:27.0451 1176 amdkmdag - ok
14:24:27.0495 1176 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
14:24:27.0497 1176 amdkmdap - ok
14:24:27.0501 1176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:24:27.0502 1176 AmdPPM - ok
14:24:27.0508 1176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:24:27.0509 1176 amdsata - ok
14:24:27.0519 1176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:24:27.0520 1176 amdsbs - ok
14:24:27.0524 1176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:24:27.0525 1176 amdxata - ok
14:24:27.0530 1176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:24:27.0531 1176 AppID - ok
14:24:27.0534 1176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:24:27.0535 1176 AppIDSvc - ok
14:24:27.0540 1176 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:24:27.0541 1176 Appinfo - ok
14:24:27.0549 1176 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:24:27.0550 1176 Apple Mobile Device - ok
14:24:27.0557 1176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:24:27.0557 1176 arc - ok
14:24:27.0563 1176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:24:27.0563 1176 arcsas - ok
14:24:27.0568 1176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:27.0568 1176 AsyncMac - ok
14:24:27.0572 1176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:24:27.0572 1176 atapi - ok
14:24:27.0581 1176 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
14:24:27.0582 1176 AtiHdmiService - ok
14:24:27.0610 1176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:24:27.0614 1176 AudioEndpointBuilder - ok
14:24:27.0619 1176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:24:27.0622 1176 AudioSrv - ok
14:24:27.0851 1176 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:24:27.0873 1176 AVGIDSAgent - ok
14:24:27.0920 1176 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:24:27.0921 1176 AVGIDSDriver - ok
14:24:27.0925 1176 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:24:27.0925 1176 AVGIDSFilter - ok
14:24:27.0929 1176 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
14:24:27.0930 1176 AVGIDSHA - ok
14:24:27.0944 1176 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:24:27.0946 1176 Avgldx64 - ok
14:24:27.0951 1176 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:24:27.0952 1176 Avgmfx64 - ok
14:24:27.0955 1176 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:24:27.0956 1176 Avgrkx64 - ok
14:24:27.0973 1176 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
14:24:27.0975 1176 Avgtdia - ok
14:24:27.0980 1176 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:24:27.0980 1176 avgwd - ok
14:24:27.0996 1176 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:24:27.0996 1176 AxInstSV - ok
14:24:28.0011 1176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:24:28.0011 1176 b06bdrv - ok
14:24:28.0027 1176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:24:28.0027 1176 b57nd60a - ok
14:24:28.0146 1176 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:24:28.0160 1176 BCM43XX - ok
14:24:28.0200 1176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:24:28.0201 1176 BDESVC - ok
14:24:28.0210 1176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:24:28.0211 1176 Beep - ok
14:24:28.0245 1176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:24:28.0249 1176 BFE - ok
14:24:28.0288 1176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:24:28.0293 1176 BITS - ok
14:24:28.0304 1176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:24:28.0305 1176 blbdrive - ok
14:24:28.0327 1176 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:24:28.0329 1176 Bonjour Service - ok
14:24:28.0336 1176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:24:28.0337 1176 bowser - ok
14:24:28.0340 1176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:24:28.0341 1176 BrFiltLo - ok
14:24:28.0344 1176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:24:28.0345 1176 BrFiltUp - ok
14:24:28.0352 1176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:24:28.0352 1176 BridgeMP - ok
14:24:28.0360 1176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:24:28.0361 1176 Browser - ok
14:24:28.0374 1176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:24:28.0376 1176 Brserid - ok
14:24:28.0381 1176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:28.0381 1176 BrSerWdm - ok
14:24:28.0384 1176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:28.0385 1176 BrUsbMdm - ok
14:24:28.0388 1176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:24:28.0389 1176 BrUsbSer - ok
14:24:28.0393 1176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:24:28.0394 1176 BTHMODEM - ok
14:24:28.0401 1176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:24:28.0402 1176 bthserv - ok
14:24:28.0406 1176 catchme - ok
14:24:28.0412 1176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:24:28.0412 1176 cdfs - ok
14:24:28.0420 1176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:24:28.0421 1176 cdrom - ok
14:24:28.0427 1176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:24:28.0428 1176 CertPropSvc - ok
14:24:28.0435 1176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:24:28.0435 1176 circlass - ok
14:24:28.0447 1176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:24:28.0449 1176 CLFS - ok
14:24:28.0457 1176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:28.0458 1176 clr_optimization_v2.0.50727_32 - ok
14:24:28.0465 1176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:24:28.0466 1176 clr_optimization_v2.0.50727_64 - ok
14:24:28.0476 1176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:28.0477 1176 clr_optimization_v4.0.30319_32 - ok
14:24:28.0485 1176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:24:28.0487 1176 clr_optimization_v4.0.30319_64 - ok
14:24:28.0489 1176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:24:28.0491 1176 CmBatt - ok
14:24:28.0494 1176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:24:28.0494 1176 cmdide - ok
14:24:28.0509 1176 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:24:28.0511 1176 CNG - ok
14:24:28.0514 1176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:24:28.0515 1176 Compbatt - ok
14:24:28.0519 1176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:24:28.0519 1176 CompositeBus - ok
14:24:28.0522 1176 COMSysApp - ok
14:24:28.0526 1176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:24:28.0527 1176 crcdisk - ok
14:24:28.0535 1176 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:24:28.0537 1176 CryptSvc - ok
14:24:28.0542 1176 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
14:24:28.0543 1176 dc3d - ok
14:24:28.0560 1176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:24:28.0563 1176 DcomLaunch - ok
14:24:28.0575 1176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:24:28.0577 1176 defragsvc - ok
14:24:28.0582 1176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:24:28.0583 1176 DfsC - ok
14:24:28.0594 1176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:24:28.0596 1176 Dhcp - ok
14:24:28.0600 1176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:24:28.0601 1176 discache - ok
14:24:28.0605 1176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:24:28.0606 1176 Disk - ok
14:24:28.0613 1176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:24:28.0615 1176 Dnscache - ok
14:24:28.0623 1176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:24:28.0625 1176 dot3svc - ok
14:24:28.0639 1176 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
14:24:28.0642 1176 DpHost - ok
14:24:28.0648 1176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:24:28.0650 1176 DPS - ok
14:24:28.0652 1176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:24:28.0653 1176 drmkaud - ok
14:24:28.0663 1176 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:24:28.0665 1176 dtsoftbus01 - ok
14:24:28.0692 1176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:24:28.0697 1176 DXGKrnl - ok
14:24:28.0700 1176 EagleX64 - ok
14:24:28.0706 1176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:24:28.0707 1176 EapHost - ok
14:24:28.0815 1176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:24:28.0830 1176 ebdrv - ok
14:24:28.0866 1176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:24:28.0867 1176 EFS - ok
14:24:28.0901 1176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:24:28.0904 1176 ehRecvr - ok
14:24:28.0912 1176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:24:28.0913 1176 ehSched - ok
14:24:28.0946 1176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:24:28.0949 1176 elxstor - ok
14:24:28.0952 1176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:24:28.0953 1176 ErrDev - ok
14:24:28.0977 1176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:24:28.0979 1176 EventSystem - ok
14:24:28.0992 1176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:24:28.0993 1176 exfat - ok
14:24:29.0006 1176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:24:29.0008 1176 fastfat - ok
14:24:29.0025 1176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:24:29.0035 1176 Fax - ok
14:24:29.0035 1176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:24:29.0035 1176 fdc - ok
14:24:29.0045 1176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:24:29.0045 1176 fdPHost - ok
14:24:29.0045 1176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:24:29.0045 1176 FDResPub - ok
14:24:29.0055 1176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:24:29.0055 1176 FileInfo - ok
14:24:29.0055 1176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:24:29.0055 1176 Filetrace - ok
14:24:29.0055 1176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:24:29.0065 1176 flpydisk - ok
14:24:29.0065 1176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:24:29.0075 1176 FltMgr - ok
14:24:29.0108 1176 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:24:29.0114 1176 FontCache - ok
14:24:29.0119 1176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:24:29.0120 1176 FontCache3.0.0.0 - ok
14:24:29.0129 1176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:24:29.0130 1176 FsDepends - ok
14:24:29.0133 1176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:24:29.0134 1176 Fs_Rec - ok
14:24:29.0145 1176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:24:29.0146 1176 fvevol - ok
14:24:29.0151 1176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:24:29.0152 1176 gagp30kx - ok
14:24:29.0156 1176 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:24:29.0157 1176 GEARAspiWDM - ok
14:24:29.0190 1176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:24:29.0194 1176 gpsvc - ok
14:24:29.0198 1176 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:24:29.0199 1176 hamachi - ok
14:24:29.0203 1176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:24:29.0203 1176 hcw85cir - ok
14:24:29.0218 1176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:24:29.0220 1176 HdAudAddService - ok
14:24:29.0226 1176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:24:29.0227 1176 HDAudBus - ok
14:24:29.0231 1176 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:24:29.0232 1176 HECIx64 - ok
14:24:29.0236 1176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:24:29.0236 1176 HidBatt - ok
14:24:29.0241 1176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:24:29.0242 1176 HidBth - ok
14:24:29.0246 1176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:24:29.0247 1176 HidIr - ok
14:24:29.0251 1176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:24:29.0252 1176 hidserv - ok
14:24:29.0255 1176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:24:29.0256 1176 HidUsb - ok
14:24:29.0261 1176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:24:29.0262 1176 hkmsvc - ok
14:24:29.0273 1176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:24:29.0275 1176 HomeGroupListener - ok
14:24:29.0283 1176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:24:29.0285 1176 HomeGroupProvider - ok
14:24:29.0289 1176 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:24:29.0290 1176 hpdskflt - ok
14:24:29.0294 1176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:24:29.0295 1176 HpSAMD - ok
14:24:29.0299 1176 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
14:24:29.0300 1176 hpsrv - ok
14:24:29.0306 1176 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:24:29.0307 1176 HPWMISVC - ok
14:24:29.0338 1176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:24:29.0341 1176 HTTP - ok
14:24:29.0345 1176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:24:29.0346 1176 hwpolicy - ok
14:24:29.0352 1176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:24:29.0353 1176 i8042prt - ok
14:24:29.0380 1176 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
14:24:29.0383 1176 iaStor - ok
14:24:29.0388 1176 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:24:29.0389 1176 IAStorDataMgrSvc - ok
14:24:29.0407 1176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:24:29.0410 1176 iaStorV - ok
14:24:29.0449 1176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:24:29.0453 1176 idsvc - ok
14:24:29.0460 1176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:24:29.0460 1176 iirsp - ok
14:24:29.0499 1176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:24:29.0503 1176 IKEEXT - ok
14:24:29.0509 1176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:24:29.0510 1176 intelide - ok
14:24:29.0986 1176 intelkmd (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:24:30.0034 1176 intelkmd - ok
14:24:30.0073 1176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:24:30.0074 1176 intelppm - ok
14:24:30.0080 1176 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:24:30.0081 1176 IPBusEnum - ok
14:24:30.0087 1176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:24:30.0088 1176 IpFilterDriver - ok
14:24:30.0108 1176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:24:30.0108 1176 iphlpsvc - ok
14:24:30.0123 1176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:24:30.0123 1176 IPMIDRV - ok
14:24:30.0123 1176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:24:30.0123 1176 IPNAT - ok
14:24:30.0170 1176 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:24:30.0170 1176 iPod Service - ok
14:24:30.0170 1176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:24:30.0170 1176 IRENUM - ok
14:24:30.0189 1176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:24:30.0190 1176 isapnp - ok
14:24:30.0204 1176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:24:30.0206 1176 iScsiPrt - ok
14:24:30.0211 1176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:24:30.0212 1176 kbdclass - ok
14:24:30.0216 1176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:24:30.0217 1176 kbdhid - ok
14:24:30.0220 1176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:24:30.0222 1176 KeyIso - ok
14:24:30.0228 1176 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:24:30.0229 1176 KSecDD - ok
14:24:30.0237 1176 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:24:30.0239 1176 KSecPkg - ok
14:24:30.0242 1176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:24:30.0243 1176 ksthunk - ok
14:24:30.0261 1176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:24:30.0263 1176 KtmRm - ok
14:24:30.0275 1176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:24:30.0277 1176 LanmanServer - ok
14:24:30.0284 1176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:24:30.0286 1176 LanmanWorkstation - ok
14:24:30.0293 1176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:24:30.0293 1176 lltdio - ok
14:24:30.0308 1176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:24:30.0310 1176 lltdsvc - ok
14:24:30.0314 1176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:24:30.0315 1176 lmhosts - ok
14:24:30.0323 1176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:24:30.0324 1176 LSI_FC - ok
14:24:30.0331 1176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:24:30.0332 1176 LSI_SAS - ok
14:24:30.0337 1176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:24:30.0338 1176 LSI_SAS2 - ok
14:24:30.0346 1176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:24:30.0347 1176 LSI_SCSI - ok
14:24:30.0355 1176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:24:30.0356 1176 luafv - ok
14:24:30.0363 1176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:24:30.0364 1176 Mcx2Svc - ok
14:24:30.0368 1176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:24:30.0369 1176 megasas - ok
14:24:30.0381 1176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:24:30.0383 1176 MegaSR - ok
14:24:30.0391 1176 Microsoft SharePoint Workspace Audit Service - ok
14:24:30.0396 1176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:24:30.0398 1176 MMCSS - ok
14:24:30.0401 1176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:24:30.0402 1176 Modem - ok
14:24:30.0406 1176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:24:30.0407 1176 monitor - ok
14:24:30.0411 1176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:24:30.0411 1176 mouclass - ok
14:24:30.0415 1176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:24:30.0416 1176 mouhid - ok
14:24:30.0421 1176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:24:30.0422 1176 mountmgr - ok
14:24:30.0429 1176 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:24:30.0430 1176 MozillaMaintenance - ok
14:24:30.0436 1176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:24:30.0437 1176 mpio - ok
14:24:30.0442 1176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:24:30.0443 1176 mpsdrv - ok
14:24:30.0468 1176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:24:30.0472 1176 MpsSvc - ok
14:24:30.0479 1176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:24:30.0480 1176 MRxDAV - ok
14:24:30.0486 1176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:24:30.0487 1176 mrxsmb - ok
14:24:30.0503 1176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:24:30.0505 1176 mrxsmb10 - ok
14:24:30.0511 1176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:24:30.0513 1176 mrxsmb20 - ok
14:24:30.0516 1176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:24:30.0517 1176 msahci - ok
14:24:30.0523 1176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:24:30.0524 1176 msdsm - ok
14:24:30.0530 1176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:24:30.0532 1176 MSDTC - ok
14:24:30.0538 1176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:24:30.0539 1176 Msfs - ok
14:24:30.0542 1176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:24:30.0542 1176 mshidkmdf - ok
14:24:30.0546 1176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:24:30.0547 1176 msisadrv - ok
14:24:30.0554 1176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:24:30.0555 1176 MSiSCSI - ok
14:24:30.0558 1176 msiserver - ok
14:24:30.0562 1176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:24:30.0563 1176 MSKSSRV - ok
14:24:30.0567 1176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:24:30.0568 1176 MSPCLOCK - ok
14:24:30.0571 1176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:24:30.0572 1176 MSPQM - ok
14:24:30.0584 1176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:24:30.0586 1176 MsRPC - ok
14:24:30.0592 1176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:24:30.0593 1176 mssmbios - ok
14:24:30.0595 1176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:24:30.0596 1176 MSTEE - ok
14:24:30.0599 1176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:24:30.0600 1176 MTConfig - ok
14:24:30.0604 1176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:24:30.0605 1176 Mup - ok
14:24:30.0620 1176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:24:30.0623 1176 napagent - ok
14:24:30.0634 1176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:24:30.0636 1176 NativeWifiP - ok
14:24:30.0663 1176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:24:30.0667 1176 NDIS - ok
14:24:30.0671 1176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:24:30.0672 1176 NdisCap - ok
14:24:30.0675 1176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:24:30.0676 1176 NdisTapi - ok
14:24:30.0680 1176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:24:30.0681 1176 Ndisuio - ok
14:24:30.0689 1176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:24:30.0690 1176 NdisWan - ok
14:24:30.0695 1176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:24:30.0696 1176 NDProxy - ok
14:24:30.0700 1176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:24:30.0701 1176 NetBIOS - ok
14:24:30.0713 1176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:24:30.0715 1176 NetBT - ok
14:24:30.0719 1176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:24:30.0720 1176 Netlogon - ok
14:24:30.0736 1176 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:24:30.0739 1176 Netman - ok
14:24:30.0760 1176 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:24:30.0762 1176 netprofm - ok
14:24:30.0771 1176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:24:30.0772 1176 NetTcpPortSharing - ok
14:24:30.0778 1176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:24:30.0779 1176 nfrd960 - ok
14:24:30.0794 1176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:24:30.0797 1176 NlaSvc - ok
14:24:30.0801 1176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:24:30.0802 1176 Npfs - ok
14:24:30.0806 1176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:24:30.0807 1176 nsi - ok
14:24:30.0810 1176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:24:30.0811 1176 nsiproxy - ok
14:24:30.0889 1176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:24:30.0897 1176 Ntfs - ok
14:24:30.0940 1176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:24:30.0940 1176 Null - ok
14:24:30.0949 1176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:24:30.0950 1176 nvraid - ok
14:24:30.0961 1176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:24:30.0962 1176 nvstor - ok
14:24:30.0971 1176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:24:30.0972 1176 nv_agp - ok
14:24:30.0978 1176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:24:30.0979 1176 ohci1394 - ok
14:24:30.0989 1176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:24:30.0990 1176 ose - ok
14:24:31.0196 1176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:24:31.0225 1176 osppsvc - ok
14:24:31.0279 1176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:24:31.0281 1176 p2pimsvc - ok
14:24:31.0304 1176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:24:31.0306 1176 p2psvc - ok
14:24:31.0319 1176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:24:31.0320 1176 Parport - ok
14:24:31.0326 1176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:24:31.0327 1176 partmgr - ok
14:24:31.0337 1176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:24:31.0339 1176 PcaSvc - ok
14:24:31.0350 1176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:24:31.0351 1176 pci - ok
14:24:31.0355 1176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:24:31.0356 1176 pciide - ok
14:24:31.0368 1176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:24:31.0369 1176 pcmcia - ok
14:24:31.0375 1176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:24:31.0376 1176 pcw - ok
14:24:31.0406 1176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:24:31.0410 1176 PEAUTH - ok
14:24:31.0447 1176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:24:31.0448 1176 PerfHost - ok
14:24:31.0547 1176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:24:31.0554 1176 pla - ok
14:24:31.0576 1176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:24:31.0579 1176 PlugPlay - ok
14:24:31.0582 1176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:24:31.0584 1176 PNRPAutoReg - ok
14:24:31.0600 1176 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:24:31.0602 1176 PNRPsvc - ok
14:24:31.0613 1176 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:24:31.0614 1176 Point64 - ok
14:24:31.0637 1176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:24:31.0640 1176 PolicyAgent - ok
14:24:31.0652 1176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:24:31.0654 1176 Power - ok
14:24:31.0661 1176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:24:31.0662 1176 PptpMiniport - ok
14:24:31.0667 1176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:24:31.0668 1176 Processor - ok
14:24:31.0679 1176 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:24:31.0681 1176 ProfSvc - ok
14:24:31.0685 1176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:24:31.0686 1176 ProtectedStorage - ok
14:24:31.0696 1176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:24:31.0697 1176 Psched - ok
14:24:31.0767 1176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:24:31.0774 1176 ql2300 - ok
14:24:31.0822 1176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:24:31.0823 1176 ql40xx - ok
14:24:31.0836 1176 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:24:31.0838 1176 QWAVE - ok
14:24:31.0843 1176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:24:31.0844 1176 QWAVEdrv - ok
14:24:31.0847 1176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:24:31.0848 1176 RasAcd - ok
14:24:31.0854 1176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:24:31.0855 1176 RasAgileVpn - ok
14:24:31.0861 1176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:24:31.0863 1176 RasAuto - ok
14:24:31.0871 1176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:24:31.0873 1176 Rasl2tp - ok
14:24:31.0888 1176 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:24:31.0891 1176 RasMan - ok
14:24:31.0897 1176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:24:31.0898 1176 RasPppoe - ok
14:24:31.0903 1176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:24:31.0904 1176 RasSstp - ok
14:24:31.0914 1176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:24:31.0916 1176 rdbss - ok
14:24:31.0919 1176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:24:31.0920 1176 rdpbus - ok
14:24:31.0923 1176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:24:31.0924 1176 RDPCDD - ok
14:24:31.0928 1176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:24:31.0929 1176 RDPENCDD - ok
14:24:31.0934 1176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:24:31.0935 1176 RDPREFMP - ok
14:24:31.0944 1176 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:24:31.0947 1176 RDPWD - ok
14:24:31.0955 1176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:24:31.0956 1176 rdyboost - ok
14:24:31.0962 1176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:24:31.0964 1176 RemoteAccess - ok
14:24:31.0970 1176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:24:31.0972 1176 RemoteRegistry - ok
14:24:31.0977 1176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:24:31.0979 1176 RpcEptMapper - ok
14:24:31.0981 1176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:24:31.0983 1176 RpcLocator - ok
14:24:31.0998 1176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:24:32.0001 1176 RpcSs - ok
14:24:32.0006 1176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:24:32.0007 1176 rspndr - ok
14:24:32.0024 1176 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:24:32.0026 1176 RTL8167 - ok
14:24:32.0032 1176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:24:32.0033 1176 SamSs - ok
14:24:32.0040 1176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:24:32.0041 1176 sbp2port - ok
14:24:32.0051 1176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:24:32.0053 1176 SCardSvr - ok
14:24:32.0057 1176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:24:32.0058 1176 scfilter - ok
14:24:32.0106 1176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:24:32.0113 1176 Schedule - ok
14:24:32.0119 1176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:24:32.0120 1176 SCPolicySvc - ok
14:24:32.0130 1176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:24:32.0132 1176 SDRSVC - ok
14:24:32.0142 1176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:24:32.0143 1176 secdrv - ok
14:24:32.0147 1176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:24:32.0148 1176 seclogon - ok
14:24:32.0153 1176 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:24:32.0155 1176 SENS - ok
14:24:32.0158 1176 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:24:32.0160 1176 SensrSvc - ok
14:24:32.0164 1176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:24:32.0164 1176 Serenum - ok
14:24:32.0170 1176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:24:32.0171 1176 Serial - ok
14:24:32.0175 1176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:24:32.0176 1176 sermouse - ok
14:24:32.0188 1176 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:24:32.0190 1176 SessionEnv - ok
14:24:32.0193 1176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:24:32.0194 1176 sffdisk - ok
14:24:32.0197 1176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:24:32.0198 1176 sffp_mmc - ok
14:24:32.0201 1176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:24:32.0202 1176 sffp_sd - ok
14:24:32.0205 1176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:24:32.0206 1176 sfloppy - ok
14:24:32.0224 1176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:24:32.0226 1176 SharedAccess - ok
14:24:32.0246 1176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:24:32.0246 1176 ShellHWDetection - ok
14:24:32.0246 1176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:24:32.0246 1176 SiSRaid2 - ok
14:24:32.0256 1176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:24:32.0256 1176 SiSRaid4 - ok
14:24:32.0256 1176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:24:32.0256 1176 Smb - ok
14:24:32.0256 1176 SmbDrv (01086d104eb92c99e5340d457d00d397) C:\Windows\system32\DRIVERS\Smb_driver.sys
14:24:32.0271 1176 SmbDrv - ok
14:24:32.0271 1176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:24:32.0271 1176 SNMPTRAP - ok
14:24:32.0271 1176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:24:32.0271 1176 spldr - ok
14:24:32.0310 1176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:24:32.0313 1176 Spooler - ok
14:24:32.0471 1176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:24:32.0487 1176 sppsvc - ok
14:24:32.0524 1176 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:24:32.0526 1176 sppuinotify - ok
14:24:32.0552 1176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:24:32.0554 1176 srv - ok
14:24:32.0574 1176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:24:32.0576 1176 srv2 - ok
14:24:32.0586 1176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:24:32.0587 1176 srvnet - ok
14:24:32.0599 1176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:24:32.0601 1176 SSDPSRV - ok
14:24:32.0608 1176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:24:32.0609 1176 SstpSvc - ok
14:24:32.0626 1176 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
14:24:32.0628 1176 STacSV - ok
14:24:32.0632 1176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:24:32.0632 1176 stexstor - ok
14:24:32.0657 1176 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
14:24:32.0660 1176 STHDA - ok
14:24:32.0689 1176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:24:32.0693 1176 stisvc - ok
14:24:32.0696 1176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:24:32.0697 1176 swenum - ok
14:24:32.0724 1176 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:24:32.0727 1176 SwitchBoard - ok
14:24:32.0752 1176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:24:32.0755 1176 swprv - ok
14:24:32.0775 1176 SynTP (3b9f01b06e9c65bc182131b673dd03da) C:\Windows\system32\DRIVERS\SynTP.sys
14:24:32.0778 1176 SynTP - ok
14:24:32.0855 1176 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:24:32.0864 1176 SysMain - ok
14:24:32.0905 1176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:24:32.0907 1176 TabletInputService - ok
14:24:32.0924 1176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:24:32.0926 1176 TapiSrv - ok
14:24:32.0932 1176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:24:32.0933 1176 TBS - ok
14:24:33.0028 1176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:24:33.0036 1176 Tcpip - ok
14:24:33.0149 1176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:24:33.0158 1176 TCPIP6 - ok
14:24:33.0204 1176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:24:33.0205 1176 tcpipreg - ok
14:24:33.0210 1176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:24:33.0211 1176 TDPIPE - ok
14:24:33.0215 1176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:24:33.0216 1176 TDTCP - ok
14:24:33.0223 1176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:24:33.0224 1176 tdx - ok
14:24:33.0230 1176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:24:33.0231 1176 TermDD - ok
14:24:33.0261 1176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:24:33.0265 1176 TermService - ok
14:24:33.0270 1176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:24:33.0272 1176 Themes - ok
14:24:33.0276 1176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:24:33.0277 1176 THREADORDER - ok
14:24:33.0285 1176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:24:33.0287 1176 TrkWks - ok
14:24:33.0297 1176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:24:33.0298 1176 TrustedInstaller - ok
14:24:33.0304 1176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:24:33.0305 1176 tssecsrv - ok
14:24:33.0310 1176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:24:33.0310 1176 TsUsbFlt - ok
14:24:33.0314 1176 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:24:33.0315 1176 TsUsbGD - ok
14:24:33.0321 1176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:24:33.0322 1176 tunnel - ok
14:24:33.0327 1176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:24:33.0327 1176 uagp35 - ok
14:24:33.0339 1176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:24:33.0341 1176 udfs - ok
14:24:33.0348 1176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:24:33.0350 1176 UI0Detect - ok
14:24:33.0354 1176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:24:33.0355 1176 uliagpkx - ok
14:24:33.0359 1176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:24:33.0360 1176 umbus - ok
14:24:33.0363 1176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:24:33.0364 1176 UmPass - ok
14:24:33.0376 1176 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:24:33.0379 1176 upnphost - ok
14:24:33.0383 1176 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:24:33.0384 1176 USBAAPL64 - ok
14:24:33.0390 1176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:24:33.0391 1176 usbccgp - ok
14:24:33.0396 1176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:24:33.0397 1176 usbcir - ok
14:24:33.0402 1176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:24:33.0402 1176 usbehci - ok
14:24:33.0414 1176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:24:33.0416 1176 usbhub - ok
14:24:33.0420 1176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:24:33.0421 1176 usbohci - ok
14:24:33.0424 1176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:24:33.0425 1176 usbprint - ok
14:24:33.0429 1176 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:24:33.0430 1176 usbscan - ok
14:24:33.0436 1176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:24:33.0437 1176 USBSTOR - ok
14:24:33.0442 1176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:24:33.0443 1176 usbuhci - ok
14:24:33.0452 1176 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:24:33.0453 1176 usbvideo - ok
14:24:33.0455 1176 usj - ok
14:24:33.0461 1176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:24:33.0462 1176 UxSms - ok
14:24:33.0466 1176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:24:33.0467 1176 VaultSvc - ok
14:24:33.0559 1176 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
14:24:33.0570 1176 vcsFPService - ok
14:24:33.0614 1176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:24:33.0615 1176 vdrvroot - ok
14:24:33.0640 1176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:24:33.0644 1176 vds - ok
14:24:33.0649 1176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:24:33.0650 1176 vga - ok
14:24:33.0654 1176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:24:33.0655 1176 VgaSave - ok
14:24:33.0667 1176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:24:33.0669 1176 vhdmp - ok
14:24:33.0673 1176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:24:33.0673 1176 viaide - ok
14:24:33.0679 1176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:24:33.0680 1176 volmgr - ok
14:24:33.0697 1176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:24:33.0699 1176 volmgrx - ok
14:24:33.0714 1176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:24:33.0715 1176 volsnap - ok
14:24:33.0725 1176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:24:33.0727 1176 vsmraid - ok
14:24:33.0792 1176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:24:33.0800 1176 VSS - ok
14:24:33.0841 1176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:24:33.0842 1176 vwifibus - ok
14:24:33.0847 1176 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:24:33.0848 1176 vwififlt - ok
14:24:33.0851 1176 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:24:33.0852 1176 vwifimp - ok
14:24:33.0872 1176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:24:33.0875 1176 W32Time - ok
14:24:33.0880 1176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:24:33.0881 1176 WacomPen - ok
14:24:33.0887 1176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:24:33.0888 1176 WANARP - ok
14:24:33.0890 1176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:24:33.0891 1176 Wanarpv6 - ok
14:24:33.0947 1176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:24:33.0953 1176 WatAdminSvc - ok
14:24:34.0017 1176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:24:34.0025 1176 wbengine - ok
14:24:34.0064 1176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:24:34.0066 1176 WbioSrvc - ok
14:24:34.0082 1176 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:24:34.0085 1176 wcncsvc - ok
14:24:34.0089 1176 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:24:34.0091 1176 WcsPlugInService - ok
14:24:34.0100 1176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:24:34.0101 1176 Wd - ok
14:24:34.0130 1176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:24:34.0134 1176 Wdf01000 - ok
14:24:34.0139 1176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:24:34.0141 1176 WdiServiceHost - ok
14:24:34.0143 1176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:24:34.0145 1176 WdiSystemHost - ok
14:24:34.0158 1176 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:24:34.0161 1176 WebClient - ok
14:24:34.0173 1176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:24:34.0175 1176 Wecsvc - ok
14:24:34.0182 1176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:24:34.0184 1176 wercplsupport - ok
14:24:34.0189 1176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:24:34.0191 1176 WerSvc - ok
14:24:34.0199 1176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:24:34.0200 1176 WfpLwf - ok
14:24:34.0205 1176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:24:34.0205 1176 WIMMount - ok
14:24:34.0210 1176 WinDefend - ok
14:24:34.0214 1176 WinHttpAutoProxySvc - ok
14:24:34.0231 1176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:24:34.0233 1176 Winmgmt - ok
14:24:34.0236 1176 WinRing0_1_2_0 - ok
14:24:34.0323 1176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:24:34.0333 1176 WinRM - ok
14:24:34.0374 1176 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
14:24:34.0374 1176 WinUSB - ok
14:24:34.0423 1176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:24:34.0428 1176 Wlansvc - ok
14:24:34.0536 1176 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:24:34.0548 1176 wlidsvc - ok
14:24:34.0591 1176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:24:34.0592 1176 WmiAcpi - ok
14:24:34.0610 1176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:24:34.0612 1176 wmiApSrv - ok
14:24:34.0616 1176 WMPNetworkSvc - ok
14:24:34.0621 1176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:24:34.0623 1176 WPCSvc - ok
14:24:34.0630 1176 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:24:34.0632 1176 WPDBusEnum - ok
14:24:34.0636 1176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:24:34.0637 1176 ws2ifsl - ok
14:24:34.0644 1176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:24:34.0646 1176 wscsvc - ok
14:24:34.0648 1176 WSearch - ok
14:24:34.0757 1176 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:24:34.0769 1176 wuauserv - ok
14:24:34.0814 1176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:24:34.0815 1176 WudfPf - ok
14:24:34.0825 1176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:24:34.0826 1176 WUDFRd - ok
14:24:34.0833 1176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:24:34.0835 1176 wudfsvc - ok
14:24:34.0847 1176 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:24:34.0850 1176 WwanSvc - ok
14:24:34.0862 1176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:24:34.0864 1176 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:24:34.0864 1176 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:24:34.0910 1176 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:24:34.0910 1176 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:24:34.0915 1176 MBR (0x1B8) (fd4fa460b86e4f6187ebf9b45dfb2bce) \Device\Harddisk1\DR1
14:24:36.0989 1176 \Device\Harddisk1\DR1 - ok
14:24:36.0994 1176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:24:43.0679 1176 \Device\Harddisk2\DR2 - ok
14:24:43.0682 1176 Boot (0x1200) (603a4d392d4bc3a81c6570c8aa435609) \Device\Harddisk0\DR0\Partition0
14:24:43.0683 1176 \Device\Harddisk0\DR0\Partition0 - ok
14:24:43.0686 1176 Boot (0x1200) (19125e893852943dccb293b595b0b9ef) \Device\Harddisk0\DR0\Partition1
14:24:43.0687 1176 \Device\Harddisk0\DR0\Partition1 - ok
14:24:43.0691 1176 Boot (0x1200) (e5242554bec4f12d726f5de6119d2a8b) \Device\Harddisk1\DR1\Partition0
14:24:43.0692 1176 \Device\Harddisk1\DR1\Partition0 - ok
14:24:43.0694 1176 Boot (0x1200) (d6f70958d4678a643f0600a180fbc573) \Device\Harddisk1\DR1\Partition1
14:24:43.0695 1176 \Device\Harddisk1\DR1\Partition1 - ok
14:24:43.0698 1176 Boot (0x1200) (a6422d8f82d0794e213d095f3d91c0a9) \Device\Harddisk1\DR1\Partition2
14:24:43.0699 1176 \Device\Harddisk1\DR1\Partition2 - ok
14:24:43.0702 1176 Boot (0x1200) (9153533df0462c574eed20c051cf0646) \Device\Harddisk1\DR1\Partition3
14:24:43.0703 1176 \Device\Harddisk1\DR1\Partition3 - ok
14:24:43.0706 1176 Boot (0x1200) (bc5808e81e57e6ba22ebb1e736b6ab96) \Device\Harddisk1\DR1\Partition4
14:24:43.0707 1176 \Device\Harddisk1\DR1\Partition4 - ok
14:24:43.0711 1176 Boot (0x1200) (76941d5e7a3832a063523ff378c0087f) \Device\Harddisk2\DR2\Partition0
14:24:43.0712 1176 \Device\Harddisk2\DR2\Partition0 - ok
14:24:43.0712 1176 ============================================================
14:24:43.0712 1176 Scan finished
14:24:43.0712 1176 ============================================================
14:24:43.0724 1096 Detected object count: 2
14:24:43.0724 1096 Actual detected object count: 2
14:25:15.0263 1096 \Device\Harddisk0\DR0\# - copied to quarantine
14:25:15.0263 1096 \Device\Harddisk0\DR0 - copied to quarantine
14:25:15.0331 1096 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:25:15.0333 1096 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:25:15.0341 1096 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:25:15.0348 1096 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:25:15.0368 1096 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:25:15.0380 1096 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:25:15.0381 1096 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:25:15.0383 1096 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:25:15.0385 1096 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:25:15.0388 1096 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:25:15.0391 1096 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:25:15.0392 1096 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:25:15.0394 1096 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:25:15.0396 1096 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:25:15.0398 1096 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:25:15.0401 1096 \Device\Harddisk0\DR0 - ok
14:25:15.0403 1096 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:25:15.0404 1096 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:25:15.0404 1096 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:25:20.0912 6864 Deinitialize success











ComboFix 12-07-25.04 - Asa 07/24/2012 14:31:41.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.6513 [GMT -10:00]
Running from: c:\users\Asa\Desktop\ComboFix.exe
Command switches used :: c:\users\Asa\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\48D5.tmp"
"c:\programdata\Microsoft\Windows\DRM\938A.tmp"
"c:\programdata\Microsoft\Windows\DRM\938B.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\48D5.tmp
c:\programdata\Microsoft\Windows\DRM\938A.tmp
c:\programdata\Microsoft\Windows\DRM\938B.tmp
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCall.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla2.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla21.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla31.exe
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla32.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla33.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla34.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla36.dll
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla36.exe
c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseData.ini
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 00:34 . 2012-07-25 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 00:25 . 2012-07-25 00:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 21:26 . 2012-07-24 21:27 -------- d-----w- C:\FRST
2012-07-22 23:31 . 2012-07-22 23:31 -------- d-----w- c:\windows\Sun
2012-07-22 02:24 . 2012-07-22 02:35 -------- d-----w- c:\users\Asa\AppData\Local\Google
2012-07-12 04:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\users\Asa\AppData\Roaming\Simply Super Software
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\programdata\Simply Super Software
2012-07-11 01:28 . 2012-07-11 01:28 -------- d-----w- c:\users\Asa\AppData\Roaming\Gensokyo.org
2012-07-11 01:26 . 2012-07-11 01:26 -------- d-----w- c:\users\Asa\AppData\Roaming\ShanghaiAlice
2012-07-10 08:41 . 2012-07-10 08:56 -------- d-----w- c:\users\Asa\AppData\Roaming\redsn0w
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\users\Asa\AppData\Roaming\AVG2012
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-09 01:33 . 2012-07-24 22:22 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-09 01:33 . 2012-07-23 01:47 -------- d-----w- c:\programdata\AVG2012
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- C:\$AVG
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\program files (x86)\AVG
2012-07-09 01:27 . 2012-07-24 22:22 -------- d-----w- c:\programdata\MFAData
2012-07-09 01:27 . 2012-07-09 01:27 -------- d--h--w- c:\programdata\Common Files
2012-07-09 00:38 . 2012-01-12 19:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-07-09 00:21 . 2012-07-09 00:29 -------- d-----w- C:\sh4ldr
2012-07-09 00:21 . 2012-07-09 00:21 -------- d-----w- c:\program files\Enigma Software Group
2012-07-09 00:21 . 2012-07-09 00:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-08 23:44 . 2012-07-08 23:44 -------- d-----w- c:\users\Asa\AppData\Roaming\Malwarebytes
2012-07-08 23:43 . 2012-07-08 23:43 -------- d-----w- c:\programdata\Malwarebytes
2012-07-08 23:43 . 2012-07-09 00:03 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-08 23:31 . 2012-07-09 00:03 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-08 23:31 . 2012-05-11 21:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-08 23:31 . 2012-07-08 23:55 -------- d-----w- c:\programdata\PC Tools
2012-07-08 23:31 . 2012-07-08 23:31 -------- d-----w- c:\users\Asa\AppData\Roaming\TestApp
2012-07-08 23:18 . 2012-07-08 23:27 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-07-07 23:09 . 2012-07-07 23:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-30 19:59 . 2012-07-09 02:25 -------- d-----w- C:\Games
2012-06-29 09:19 . 2012-06-29 09:22 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2012-06-29 08:59 . 2012-07-08 22:57 -------- d-----w- c:\users\Asa\AppData\Roaming\Systweak
2012-06-29 04:46 . 2012-07-08 23:14 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-27 04:21 . 2012-06-28 06:07 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:11 . 2012-04-25 12:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 06:11 . 2012-04-25 12:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:00 . 2012-04-25 09:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-17 00:30 . 2012-06-17 00:30 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-03 01:19 . 2012-06-23 02:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-03 01:15 . 2012-06-23 02:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:19 . 2012-06-23 02:38 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 02:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 02:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 02:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 02:38 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 02:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 02:38 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-04 11:06 . 2012-06-14 23:39 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 23:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 23:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 23:39 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 09:46 . 2012-04-28 09:46 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-04-28 03:55 . 2012-06-14 23:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 02:49 . 2011-03-29 04:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-26 05:41 . 2012-06-14 23:39 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 23:39 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 23:39 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_01.57.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-22 01:59 . 2012-07-23 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-22 01:59 . 2012-07-25 00:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-07 23:15 . 2012-07-22 23:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-07 23:15 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-24 22:51 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072420120725\index.dat
+ 2012-07-24 22:51 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071620120723\index.dat
- 2012-07-07 23:09 . 2012-07-23 00:46 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-07 23:09 . 2012-07-25 00:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-07-25 00:28 50080 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 00:28 37144 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-25 08:57 . 2012-07-25 00:28 8556 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3735085434-2647837941-2787061843-1000_UserData.bin
- 2012-07-23 01:55 . 2012-07-23 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 00:35 . 2012-07-25 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 00:35 . 2012-07-25 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 01:55 . 2012-07-23 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-23 01:56 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-25 00:07 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-23 01:53 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 00:30 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 00:30 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-23 01:53 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-25 00:34 479712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-23 01:55 479712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-23 01:56 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-25 00:07 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-08 12:08 . 2012-07-25 00:25 7528988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-07-25 00:07 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-25 10:52 . 2012-07-23 01:55 36120384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3735085434-2647837941-2787061843-1000-8192.dat
+ 2012-04-25 10:52 . 2012-07-25 00:34 36120384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3735085434-2647837941-2787061843-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-21 210208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-25 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-10 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-10 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-10 279040]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-29 10610400]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-02 45416]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2011-12-02 20528]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 06:11]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3735085434-2647837941-2787061843-1000Core.job
- c:\users\Asa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 02:24]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3735085434-2647837941-2787061843-1000UA.job
- c:\users\Asa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 02:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-02 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\
FF - user.js: general.useragent.extra.brc - BRI/1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-24 14:38:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 00:38
ComboFix2.txt 2012-07-24 23:58
ComboFix3.txt 2012-07-23 01:58
ComboFix4.txt 2012-07-22 02:10
ComboFix5.txt 2012-07-25 00:30
.
Pre-Run: 200,520,077,312 bytes free
Post-Run: 200,786,833,408 bytes free
.
- - End Of File - - FF9A4E10F964F1B3F5F8C5E9C73B1339

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 24 July 2012 - 07:54 PM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 stewieisall

stewieisall
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 24 July 2012 - 09:12 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Asa :: HOME-PC [administrator]

7/24/2012 3:03:28 PM
mbam-log-2012-07-24 (15-03-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192090
Time elapsed: 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)










C:\FRST\Quarantine\{54169144-5db0-7738-dd2a-f6159f471f49}\{54169144-5db0-7738-dd2a-f6159f471f49}\U\80000032.@ a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\48D5.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\938A.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\938B.tmp.vir Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\Users\Asa\AppData\Local\Apple Computer\Apple\xpbjxuqd.dll.vir a variant of Win32/Kryptik.AIGB trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{54169144-5db0-7738-dd2a-f6159f471f49}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{54169144-5db0-7738-dd2a-f6159f471f49}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{54169144-5db0-7738-dd2a-f6159f471f49}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{54169144-5db0-7738-dd2a-f6159f471f49}\U\80000064.@.vir Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\24.07.2012_14.24.17\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\Users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\extensions\sjhwgigule@sjhwgigule.org.xpi JS/Redirector.NCA trojan
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd60015c89bc8b.0000 Win64/Patched.B.Gen trojan
F:\Daemon Tools Lite\DTLite4454-0315.exe Win32/OpenCandy application
G:\Torrents\Windows 7 HP 32\Windows 7 all editions xXxVIGNESHxXx\Windows.7.SP1.ENG.x86-x64.xXxVIGNESH26xXx.iso multiple threats

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 24 July 2012 - 09:34 PM

please do the following:


G:\Torrents\Windows 7 HP 32\Windows 7 all editions xXxVIGNESHxXx\Windows.7.SP1.ENG.x86-x64.xXxVIGNESH26xXx.iso



is your version of Win7 genuine?

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\extensions\sjhwgigule@sjhwgigule.org.xpi 
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd60015c89bc8b.0000 
F:\Daemon Tools Lite\DTLite4454-0315.exe 
G:\Torrents\Windows 7 HP 32\Windows 7 all editions xXxVIGNESHxXx\Windows.7.SP1.ENG.x86-x64.xXxVIGNESH26xXx.iso 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 stewieisall

stewieisall
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 24 July 2012 - 10:11 PM

I recently bought an SSD and wanted to clean install my Windows 7 HP 64-bit on it, but my computer didn't come with a disc. So I put that Vignesh iso file on a disc and used it to reinstall Windows 7 onto my SSD. I used the same license key that came with my computer. Is that the cause of my problems?





ComboFix 12-07-25.04 - Asa 07/24/2012 16:48:02.10.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.6471 [GMT -10:00]
Running from: c:\users\Asa\Desktop\ComboFix.exe
Command switches used :: c:\users\Asa\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\extensions\sjhwgigule@sjhwgigule.org.xpi"
"c:\windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd60015c89bc8b.0000"
"f:\daemon tools lite\DTLite4454-0315.exe"
"g:\torrents\Windows 7 HP 32\Windows 7 all editions xXxVIGNESHxXx\Windows.7.SP1.ENG.x86-x64.xXxVIGNESH26xXx.iso"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\extensions\sjhwgigule@sjhwgigule.org.xpi
c:\windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd60015c89bc8b.0000
f:\daemon tools lite\DTLite4454-0315.exe
g:\torrents\Windows 7 HP 32\Windows 7 all editions xXxVIGNESHxXx\Windows.7.SP1.ENG.x86-x64.xXxVIGNESH26xXx.iso
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 02:51 . 2012-07-25 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 01:08 . 2012-07-25 01:08 -------- d-----w- c:\program files (x86)\ESET
2012-07-25 00:59 . 2012-07-25 00:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-25 00:59 . 2012-07-03 23:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 00:25 . 2012-07-25 00:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 21:26 . 2012-07-24 21:27 -------- d-----w- C:\FRST
2012-07-22 23:31 . 2012-07-22 23:31 -------- d-----w- c:\windows\Sun
2012-07-22 02:24 . 2012-07-22 02:35 -------- d-----w- c:\users\Asa\AppData\Local\Google
2012-07-12 04:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\users\Asa\AppData\Roaming\Simply Super Software
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\programdata\Simply Super Software
2012-07-11 01:28 . 2012-07-11 01:28 -------- d-----w- c:\users\Asa\AppData\Roaming\Gensokyo.org
2012-07-11 01:26 . 2012-07-11 01:26 -------- d-----w- c:\users\Asa\AppData\Roaming\ShanghaiAlice
2012-07-10 08:41 . 2012-07-10 08:56 -------- d-----w- c:\users\Asa\AppData\Roaming\redsn0w
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\users\Asa\AppData\Roaming\AVG2012
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-09 01:33 . 2012-07-24 22:22 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-09 01:33 . 2012-07-23 01:47 -------- d-----w- c:\programdata\AVG2012
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- C:\$AVG
2012-07-09 01:33 . 2012-07-09 01:33 -------- d-----w- c:\program files (x86)\AVG
2012-07-09 01:27 . 2012-07-24 22:22 -------- d-----w- c:\programdata\MFAData
2012-07-09 01:27 . 2012-07-09 01:27 -------- d--h--w- c:\programdata\Common Files
2012-07-09 00:38 . 2012-01-12 19:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-07-09 00:21 . 2012-07-09 00:29 -------- d-----w- C:\sh4ldr
2012-07-09 00:21 . 2012-07-09 00:21 -------- d-----w- c:\program files\Enigma Software Group
2012-07-09 00:21 . 2012-07-09 00:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-08 23:44 . 2012-07-08 23:44 -------- d-----w- c:\users\Asa\AppData\Roaming\Malwarebytes
2012-07-08 23:43 . 2012-07-08 23:43 -------- d-----w- c:\programdata\Malwarebytes
2012-07-08 23:43 . 2012-07-09 00:03 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-08 23:31 . 2012-07-09 00:03 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-08 23:31 . 2012-05-11 21:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-08 23:31 . 2012-07-08 23:55 -------- d-----w- c:\programdata\PC Tools
2012-07-08 23:31 . 2012-07-08 23:31 -------- d-----w- c:\users\Asa\AppData\Roaming\TestApp
2012-07-08 23:18 . 2012-07-08 23:27 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-07-07 23:09 . 2012-07-07 23:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-30 19:59 . 2012-07-09 02:25 -------- d-----w- C:\Games
2012-06-29 09:19 . 2012-06-29 09:22 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2012-06-29 08:59 . 2012-07-08 22:57 -------- d-----w- c:\users\Asa\AppData\Roaming\Systweak
2012-06-29 04:46 . 2012-07-08 23:14 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-27 04:21 . 2012-06-28 06:07 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:11 . 2012-04-25 12:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 06:11 . 2012-04-25 12:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:00 . 2012-04-25 09:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-17 00:30 . 2012-06-17 00:30 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-03 01:19 . 2012-06-23 02:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-03 01:15 . 2012-06-23 02:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:19 . 2012-06-23 02:38 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 02:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 02:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 02:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 02:38 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 02:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 02:38 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-04 11:06 . 2012-06-14 23:39 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 23:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 23:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 23:39 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 09:46 . 2012-04-28 09:46 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-04-28 03:55 . 2012-06-14 23:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 02:49 . 2011-03-29 04:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-26 05:41 . 2012-06-14 23:39 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 23:39 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 23:39 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_01.57.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-22 01:59 . 2012-07-23 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-22 01:59 . 2012-07-25 00:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-07 23:15 . 2012-07-22 23:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-07 23:15 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-24 22:51 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072420120725\index.dat
+ 2012-07-24 22:51 . 2012-07-24 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071620120723\index.dat
- 2012-07-07 23:09 . 2012-07-23 00:46 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-07 23:09 . 2012-07-25 00:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-07-25 02:55 50396 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 02:55 37144 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-25 08:57 . 2012-07-25 02:55 8556 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3735085434-2647837941-2787061843-1000_UserData.bin
- 2012-07-23 01:55 . 2012-07-23 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 02:51 . 2012-07-25 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 02:51 . 2012-07-25 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 01:55 . 2012-07-23 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-23 01:56 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-25 00:07 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-23 01:53 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 02:58 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 02:58 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-23 01:53 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-25 02:51 479712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-23 01:55 479712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-23 01:56 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-25 00:07 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-08 12:08 . 2012-07-25 00:25 7528988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-07-25 00:07 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-25 10:52 . 2012-07-23 01:55 36120384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3735085434-2647837941-2787061843-1000-8192.dat
+ 2012-04-25 10:52 . 2012-07-25 02:51 36120384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3735085434-2647837941-2787061843-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-21 210208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-25 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-10 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-10 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-10 279040]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-29 10610400]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-02 45416]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2011-12-02 20528]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 06:11]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3735085434-2647837941-2787061843-1000Core.job
- c:\users\Asa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 02:24]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3735085434-2647837941-2787061843-1000UA.job
- c:\users\Asa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 02:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-02 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Asa\AppData\Roaming\Mozilla\Firefox\Profiles\qzi2r38x.default\
FF - user.js: general.useragent.extra.brc - BRI/1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-24 17:00:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 03:00
ComboFix2.txt 2012-07-25 00:38
ComboFix3.txt 2012-07-24 23:58
ComboFix4.txt 2012-07-23 01:58
ComboFix5.txt 2012-07-25 02:47
.
Pre-Run: 201,081,036,800 bytes free
Post-Run: 196,465,459,200 bytes free
.
- - End Of File - - F74D43BA69D05F572C86559D36C856A4

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 24 July 2012 - 10:30 PM

Is that the cause of my problems?

G:\Torrents\Windows 7 HP 32\Windows 7 all editions xXxVIGNESHxXx\Windows.7.SP1.ENG.x86-x64.xXxVIGNESH26xXx.iso multiple threats


It's hard to know for certain, but that that would be my guess, yes, you really can't trust the source of a torrent file.

If you're ever faced with that situation again, it would be worth contacting the manufacturer of your machine and ask for an installation disk, they will usually send one for a nominal cost.

How is the computer running now?

Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 stewieisall

stewieisall
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 24 July 2012 - 11:05 PM

From the AVG scan and Trojan Remover scan I did, it seems like everything is back to normal again! The redirecting issue in Firefox seems to have disappeared as well! According to task manager, svchost.exe is back to normal as well. Thank you so much! I really appreciate all of your help with this! :D

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 24 July 2012 - 11:29 PM

That's good to hear

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 29 July 2012 - 04:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users