Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Sirefef & keeps restarting after 60 sec


  • This topic is locked This topic is locked
26 replies to this topic

#1 Crisux

Crisux

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 29 August 2012 - 02:33 AM

Hey!

Wanted to clean my brothers computer before school begins because it was very slow. During that found that windows update, MS Security Essentials and firewall are not working. It said that the services aren't running.
So I uninstalled and reinstalled MSSE and it couldn't update itself but found a trojan called Sirefef.A and Sirefef.AB and maybe other versions too. But during cleaning windows started to restart itself saying that there was a critical error and it will restart in 60seconds. Now can't do anything anymore and I have 2 options - reinstall windows or get it working somehow before next week :(

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 29 August 2012 - 09:27 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Crisux

Crisux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 29 August 2012 - 12:04 PM

Hey again, thank you for the fast reply. The infected PC is Vista 32bit. So I downloaded both - the 32bit and 64bit versions on farbar recovery scan tool. Copied them to flash drive but I dont get the "Repair your computer" option in the advanced boot options.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 29 August 2012 - 02:40 PM

do you have the install CD?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Crisux

Crisux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 30 August 2012 - 12:36 AM

Sadly not, it's factory preinstalled and the recovery cd is long lost :(
So better I get myself Win7 and start from the beginning with that computer`?

Edit:
BTW SecurityEssentials says there are the followoing trojans: Sirefef.AB, Sirefef.AH, Sirefef.AZ, Sirefef.AN, Sirefef.AG, Sirefef.AO and viruses Sirefef and Sirefef.R

Edited by Crisux, 30 August 2012 - 01:05 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 30 August 2012 - 12:51 AM

Hello

there are a few things to try .

we need to remove MSE or at least stop it that is what is causing the reboots

try and turn off MSE before it reboots and then uninstall it we will put it back on later

even if you cannot turn off MSE I want you to try and run combofix below, even if you need to run it multipal times I want want you to try and get it to run

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Crisux

Crisux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 30 August 2012 - 02:30 AM

Disabling MSSE didn't work but after i finally (after an hour) realized it and uninstalled MSSE the computer doesn't restart anymore and is offering updates (yay!)
Here comes the combofix log:

ComboFix 12-08-28.03 - Kasutaja 30.08.2012 10:10:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1257.372.1033.18.3068.2422 [GMT 3:00]
Running from: c:\users\Kasutaja\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bhoclass.dll
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\data\content.js
c:\programdata\TheBflix\data\jsondb.js
c:\programdata\TheBflix\opnkkfjdnhgkjefnnohgfackfninikjo.crx
c:\programdata\TheBflix\settings.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 07:18 . 2012-08-30 07:21 -------- d-----w- c:\users\Kasutaja\AppData\Local\temp
2012-08-30 07:18 . 2012-08-30 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-24 10:51 . 2012-08-24 10:52 -------- d-----w- C:\8e5c703cd9dd14e158c2906947aaf3
2012-08-24 10:50 . 2012-08-19 22:53 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CAA60F6-8644-4D48-B884-59B40EAEA218}\mpengine.dll
2012-08-24 10:47 . 2012-08-30 07:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-24 10:14 . 2012-08-24 10:26 -------- d-----w- c:\users\Kasutaja\AppData\Roaming\SumatraPDF
2012-08-24 10:14 . 2012-08-24 10:14 -------- d-----w- c:\program files\SumatraPDF
2012-08-24 09:56 . 2011-09-05 15:14 178744 ----a-w- c:\windows\system32\drivers\cumon.sys
2012-08-24 09:56 . 2011-09-05 15:15 17520 ----a-w- c:\windows\system32\drivers\evdd.sys
2012-08-24 09:49 . 2012-08-24 09:49 -------- d-----w- c:\program files\COMODO
2012-08-24 09:49 . 2012-08-24 09:49 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-24 09:42 . 2012-08-24 09:42 -------- d-----w- c:\users\Kasutaja\AppData\Roaming\Canneverbe Limited
2012-08-24 09:42 . 2012-08-24 09:42 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-24 09:40 . 2012-08-24 09:40 -------- d-----w- c:\users\Kasutaja\AppData\Local\Macromedia
2012-08-24 09:36 . 2012-08-24 10:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 09:29 . 2012-08-24 09:29 0 ---ha-w- c:\users\Kasutaja\AppData\Roaming\ztddttud.sys
2012-08-23 18:44 . 2012-08-23 18:44 -------- d-sh--r- c:\users\Kasutaja\M-10-7960-8588-3464
2012-08-21 19:04 . 2012-08-21 19:04 -------- d-sh--r- c:\users\Kasutaja\M-0-5778-6436-2457
2012-08-21 00:16 . 2012-08-24 09:35 0 ---ha-w- c:\users\Kasutaja\AppData\Roaming\winbras.sys
2012-08-19 22:19 . 2012-08-19 22:19 -------- d-sh--r- c:\users\Kasutaja\M-10-6897-8685-3464
2012-08-16 22:16 . 2012-08-16 22:16 -------- d-----w- c:\programdata\RegClean
2012-08-16 22:07 . 2012-08-24 10:05 -------- d-----w- c:\program files\SmartTweak Software
2012-08-16 22:07 . 2012-08-16 22:07 -------- d-----w- c:\users\Kasutaja\AppData\Local\PackageAware
2012-08-15 00:27 . 2012-08-15 00:27 -------- d-----w- c:\users\Kasutaja\AppData\Local\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 10:02 . 2012-01-25 14:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 17:59 . 2012-06-06 17:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-07-18 11:10 . 2012-06-26 21:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2012-01-26 08:12 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:36 19549320 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 10:02]
.
2012-08-30 c:\windows\Tasks\User_Feed_Synchronization-{7240247D-E2B3-4280-97FC-1232716A95B9}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.postimees.ee/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.253.0.130 85.253.0.2
FF - ProfilePath - c:\users\Kasutaja\AppData\Roaming\Mozilla\Firefox\Profiles\8pvqim2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-30 10:21
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\COMODO Programs Manager\CPMService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-30 10:25:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 07:25
.
Pre-Run: 247 710 306 304 bytes free
Post-Run: 247 711 772 672 bytes free
.
- - End Of File - - A5C6CFFF2D0C3FC575F81F116BF8C3D4

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 30 August 2012 - 02:39 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Crisux

Crisux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 30 August 2012 - 03:16 AM

It seems to get better now.
During the first attempt to scan with aswMBR i got a BSOD but didn't have time to write the error down. But after the restart it completed the scan.


Here's the TDSSKiller report:


10:43:43.0619 1928 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:43:43.0846 1928 ============================================================
10:43:43.0846 1928 Current date / time: 2012/08/30 10:43:43.0846
10:43:43.0846 1928 SystemInfo:
10:43:43.0846 1928
10:43:43.0846 1928 OS Version: 6.0.6000 ServicePack: 0.0
10:43:43.0846 1928 Product type: Workstation
10:43:43.0846 1928 ComputerName: HPCOMPAQ
10:43:43.0847 1928 UserName: Kasutaja
10:43:43.0847 1928 Windows directory: C:\Windows
10:43:43.0847 1928 System windows directory: C:\Windows
10:43:43.0847 1928 Processor architecture: Intel x86
10:43:43.0847 1928 Number of processors: 2
10:43:43.0847 1928 Page size: 0x1000
10:43:43.0847 1928 Boot type: Normal boot
10:43:43.0847 1928 ============================================================
10:43:45.0729 1928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:43:45.0736 1928 ============================================================
10:43:45.0736 1928 \Device\Harddisk0\DR0:
10:43:45.0738 1928 MBR partitions:
10:43:45.0738 1928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
10:43:45.0738 1928 ============================================================
10:43:45.0782 1928 C: <-> \Device\Harddisk0\DR0\Partition1
10:43:45.0782 1928 ============================================================
10:43:45.0782 1928 Initialize success
10:43:45.0782 1928 ============================================================
10:43:50.0015 3344 ============================================================
10:43:50.0015 3344 Scan started
10:43:50.0015 3344 Mode: Manual;
10:43:50.0015 3344 ============================================================
10:43:50.0921 3344 ================ Scan system memory ========================
10:43:50.0921 3344 System memory - ok
10:43:50.0927 3344 ================ Scan services =============================
10:43:51.0160 3344 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys
10:43:51.0164 3344 ACPI - ok
10:43:51.0236 3344 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:51.0240 3344 AdobeFlashPlayerUpdateSvc - ok
10:43:51.0280 3344 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:43:51.0286 3344 adp94xx - ok
10:43:51.0312 3344 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:43:51.0316 3344 adpahci - ok
10:43:51.0327 3344 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:43:51.0329 3344 adpu160m - ok
10:43:51.0341 3344 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:43:51.0344 3344 adpu320 - ok
10:43:51.0380 3344 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:43:51.0381 3344 AeLookupSvc - ok
10:43:51.0417 3344 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
10:43:51.0421 3344 AFD - ok
10:43:51.0440 3344 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:43:51.0442 3344 agp440 - ok
10:43:51.0472 3344 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:43:51.0474 3344 aic78xx - ok
10:43:51.0483 3344 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
10:43:51.0485 3344 ALG - ok
10:43:51.0494 3344 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
10:43:51.0496 3344 aliide - ok
10:43:51.0506 3344 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:43:51.0508 3344 amdagp - ok
10:43:51.0517 3344 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
10:43:51.0519 3344 amdide - ok
10:43:51.0533 3344 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:43:51.0535 3344 AmdK7 - ok
10:43:51.0544 3344 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:43:51.0545 3344 AmdK8 - ok
10:43:51.0565 3344 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
10:43:51.0567 3344 Appinfo - ok
10:43:51.0664 3344 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:43:51.0666 3344 Apple Mobile Device - ok
10:43:51.0682 3344 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
10:43:51.0684 3344 arc - ok
10:43:51.0694 3344 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:43:51.0696 3344 arcsas - ok
10:43:51.0718 3344 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:51.0720 3344 AsyncMac - ok
10:43:51.0769 3344 [ B35CFCEF838382AB6490B321C87EDF17 ] atapi C:\Windows\system32\drivers\atapi.sys
10:43:51.0770 3344 atapi - ok
10:43:51.0862 3344 [ C8BB2E935A5D195692140E795EA9AC14 ] athr C:\Windows\system32\DRIVERS\athr.sys
10:43:51.0889 3344 athr - ok
10:43:51.0934 3344 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:43:51.0942 3344 AudioEndpointBuilder - ok
10:43:51.0955 3344 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:43:51.0960 3344 Audiosrv - ok
10:43:52.0006 3344 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
10:43:52.0007 3344 Beep - ok
10:43:52.0067 3344 [ 98EBDFFB824A7C265337D68DD480E45C ] BFE C:\Windows\System32\bfe.dll
10:43:52.0078 3344 BFE - ok
10:43:52.0112 3344 blbdrive - ok
10:43:52.0171 3344 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:43:52.0176 3344 Bonjour Service - ok
10:43:52.0200 3344 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:43:52.0201 3344 bowser - ok
10:43:52.0226 3344 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:43:52.0227 3344 BrFiltLo - ok
10:43:52.0235 3344 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:43:52.0236 3344 BrFiltUp - ok
10:43:52.0257 3344 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
10:43:52.0259 3344 Browser - ok
10:43:52.0268 3344 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:43:52.0271 3344 Brserid - ok
10:43:52.0283 3344 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:43:52.0285 3344 BrSerWdm - ok
10:43:52.0297 3344 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:43:52.0298 3344 BrUsbMdm - ok
10:43:52.0321 3344 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:43:52.0322 3344 BrUsbSer - ok
10:43:52.0334 3344 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:43:52.0335 3344 BTHMODEM - ok
10:43:52.0613 3344 catchme - ok
10:43:53.0629 3344 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:43:53.0631 3344 cdfs - ok
10:43:53.0794 3344 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:43:53.0796 3344 cdrom - ok
10:43:54.0336 3344 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
10:43:54.0341 3344 CertPropSvc - ok
10:43:54.0571 3344 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
10:43:54.0573 3344 circlass - ok
10:43:54.0629 3344 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys
10:43:54.0636 3344 CLFS - ok
10:43:54.0703 3344 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:54.0705 3344 clr_optimization_v2.0.50727_32 - ok
10:43:54.0742 3344 [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:43:54.0744 3344 CmBatt - ok
10:43:54.0762 3344 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:43:54.0763 3344 cmdide - ok
10:43:54.0803 3344 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
10:43:54.0806 3344 CnxtHdAudService - ok
10:43:54.0825 3344 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:43:54.0826 3344 Compbatt - ok
10:43:54.0837 3344 COMSysApp - ok
10:43:54.0901 3344 [ F736D4BAC02F5CE012A3CEEA011F6C4A ] CPMService C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
10:43:54.0903 3344 CPMService - ok
10:43:54.0912 3344 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:43:54.0913 3344 crcdisk - ok
10:43:54.0928 3344 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:43:54.0929 3344 Crusoe - ok
10:43:54.0981 3344 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:43:54.0984 3344 CryptSvc - ok
10:43:55.0005 3344 [ 9978DF1CCB0D9109F89C76CE44AFCA1D ] cumon C:\Windows\system32\drivers\cumon.sys
10:43:55.0008 3344 cumon - ok
10:43:55.0058 3344 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll
10:43:55.0068 3344 DcomLaunch - ok
10:43:55.0081 3344 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:43:55.0083 3344 DfsC - ok
10:43:55.0171 3344 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
10:43:55.0202 3344 DFSR - ok
10:43:55.0256 3344 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:43:55.0263 3344 Dhcp - ok
10:43:55.0274 3344 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
10:43:55.0276 3344 disk - ok
10:43:55.0325 3344 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:43:55.0327 3344 Dnscache - ok
10:43:55.0365 3344 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
10:43:55.0372 3344 dot3svc - ok
10:43:55.0394 3344 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll
10:43:55.0398 3344 DPS - ok
10:43:55.0432 3344 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:43:55.0435 3344 drmkaud - ok
10:43:55.0462 3344 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:43:55.0472 3344 DXGKrnl - ok
10:43:55.0508 3344 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:43:55.0510 3344 E1G60 - ok
10:43:55.0535 3344 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
10:43:55.0538 3344 EapHost - ok
10:43:55.0598 3344 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
10:43:55.0601 3344 Ecache - ok
10:43:55.0794 3344 [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:43:55.0798 3344 ehRecvr - ok
10:43:55.0840 3344 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:43:55.0842 3344 ehSched - ok
10:43:55.0857 3344 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:43:55.0859 3344 ehstart - ok
10:43:55.0901 3344 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:43:55.0905 3344 elxstor - ok
10:43:55.0940 3344 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:43:55.0960 3344 EMDMgmt - ok
10:43:55.0995 3344 [ 38E07F6B27FB2D52855CA57C80BF2828 ] Evdd C:\Windows\system32\drivers\evdd.sys
10:43:55.0996 3344 Evdd - ok
10:43:56.0034 3344 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll
10:43:56.0039 3344 EventSystem - ok
10:43:56.0055 3344 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:43:56.0058 3344 fastfat - ok
10:43:56.0067 3344 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:43:56.0068 3344 fdc - ok
10:43:56.0099 3344 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
10:43:56.0101 3344 fdPHost - ok
10:43:56.0111 3344 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:43:56.0114 3344 FDResPub - ok
10:43:56.0135 3344 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:43:56.0137 3344 FileInfo - ok
10:43:56.0175 3344 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:43:56.0178 3344 Filetrace - ok
10:43:56.0186 3344 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:56.0187 3344 flpydisk - ok
10:43:56.0216 3344 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:43:56.0219 3344 FltMgr - ok
10:43:56.0286 3344 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:56.0288 3344 FontCache3.0.0.0 - ok
10:43:56.0312 3344 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:43:56.0314 3344 Fs_Rec - ok
10:43:56.0324 3344 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:43:56.0326 3344 gagp30kx - ok
10:43:56.0393 3344 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:56.0394 3344 GEARAspiWDM - ok
10:43:56.0455 3344 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
10:43:56.0484 3344 gpsvc - ok
10:43:56.0564 3344 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:43:56.0568 3344 gusvc - ok
10:43:56.0623 3344 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:56.0625 3344 HDAudBus - ok
10:43:56.0646 3344 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:43:56.0648 3344 HidBth - ok
10:43:56.0657 3344 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:43:56.0658 3344 HidIr - ok
10:43:56.0690 3344 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
10:43:56.0694 3344 hidserv - ok
10:43:56.0707 3344 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:43:56.0710 3344 HidUsb - ok
10:43:56.0722 3344 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
10:43:56.0727 3344 hkmsvc - ok
10:43:56.0736 3344 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:43:56.0738 3344 HpCISSs - ok
10:43:56.0801 3344 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:43:56.0814 3344 HSF_DPV - ok
10:43:56.0858 3344 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:43:56.0861 3344 HSXHWAZL - ok
10:43:56.0900 3344 [ EA24FE637D974A8A31BC650F478E3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:43:56.0905 3344 HTTP - ok
10:43:56.0917 3344 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:43:56.0919 3344 i2omp - ok
10:43:56.0972 3344 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:56.0975 3344 i8042prt - ok
10:43:57.0041 3344 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
10:43:57.0063 3344 ialm - ok
10:43:57.0116 3344 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:43:57.0119 3344 iaStorV - ok
10:43:57.0186 3344 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:43:57.0198 3344 idsvc - ok
10:43:57.0208 3344 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:43:57.0210 3344 iirsp - ok
10:43:57.0268 3344 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
10:43:57.0287 3344 IKEEXT - ok
10:43:57.0309 3344 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
10:43:57.0310 3344 intelide - ok
10:43:57.0330 3344 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:43:57.0331 3344 intelppm - ok
10:43:57.0342 3344 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:43:57.0347 3344 IPBusEnum - ok
10:43:57.0359 3344 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:57.0361 3344 IpFilterDriver - ok
10:43:57.0398 3344 [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:43:57.0404 3344 iphlpsvc - ok
10:43:57.0415 3344 IpInIp - ok
10:43:57.0430 3344 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:43:57.0432 3344 IPMIDRV - ok
10:43:57.0450 3344 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:43:57.0452 3344 IPNAT - ok
10:43:57.0837 3344 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:43:57.0847 3344 iPod Service - ok
10:43:57.0856 3344 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:43:57.0858 3344 IRENUM - ok
10:43:57.0870 3344 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:43:57.0872 3344 isapnp - ok
10:43:57.0982 3344 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:43:57.0985 3344 iScsiPrt - ok
10:43:57.0994 3344 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:43:57.0996 3344 iteatapi - ok
10:43:58.0009 3344 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:43:58.0011 3344 iteraid - ok
10:43:58.0209 3344 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:58.0211 3344 kbdclass - ok
10:43:58.0359 3344 [ ED61DBC6603F612B7338283EDBACBC4B ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:43:58.0361 3344 kbdhid - ok
10:43:58.0425 3344 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe
10:43:58.0427 3344 KeyIso - ok
10:43:58.0489 3344 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:43:58.0496 3344 KSecDD - ok
10:43:58.0544 3344 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
10:43:58.0565 3344 KtmRm - ok
10:43:58.0629 3344 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\System32\srvsvc.dll
10:43:58.0634 3344 LanmanServer - ok
10:43:58.0663 3344 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:43:58.0669 3344 LanmanWorkstation - ok
10:43:58.0748 3344 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:43:58.0749 3344 lltdio - ok
10:43:58.0777 3344 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:43:58.0785 3344 lltdsvc - ok
10:43:58.0793 3344 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:43:58.0799 3344 lmhosts - ok
10:43:58.0850 3344 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:43:58.0852 3344 LSI_FC - ok
10:43:58.0866 3344 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:43:58.0868 3344 LSI_SAS - ok
10:43:58.0877 3344 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:43:58.0880 3344 LSI_SCSI - ok
10:43:58.0920 3344 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
10:43:58.0922 3344 luafv - ok
10:44:00.0315 3344 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:44:00.0320 3344 Mcx2Svc - ok
10:44:00.0365 3344 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:44:00.0366 3344 mdmxsdk - ok
10:44:00.0393 3344 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
10:44:00.0394 3344 megasas - ok
10:44:00.0430 3344 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
10:44:00.0433 3344 MMCSS - ok
10:44:00.0446 3344 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
10:44:00.0448 3344 Modem - ok
10:44:00.0486 3344 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:44:00.0487 3344 monitor - ok
10:44:00.0520 3344 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:44:00.0521 3344 mouclass - ok
10:44:00.0536 3344 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:44:00.0538 3344 mouhid - ok
10:44:00.0555 3344 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:44:00.0557 3344 MountMgr - ok
10:44:00.0606 3344 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:44:00.0612 3344 MozillaMaintenance - ok
10:44:00.0652 3344 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:44:00.0655 3344 MpFilter - ok
10:44:00.0675 3344 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
10:44:00.0677 3344 mpio - ok
10:44:00.0699 3344 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:44:00.0701 3344 mpsdrv - ok
10:44:00.0747 3344 [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc C:\Windows\system32\mpssvc.dll
10:44:00.0756 3344 MpsSvc - ok
10:44:00.0765 3344 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:44:00.0767 3344 Mraid35x - ok
10:44:00.0819 3344 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:44:00.0821 3344 MRxDAV - ok
10:44:00.0885 3344 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:44:00.0887 3344 mrxsmb - ok
10:44:00.0907 3344 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:44:00.0911 3344 mrxsmb10 - ok
10:44:00.0920 3344 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:44:00.0922 3344 mrxsmb20 - ok
10:44:00.0944 3344 [ B2EFB263600314BABCF9DADB1CBBA994 ] msahci C:\Windows\system32\drivers\msahci.sys
10:44:00.0945 3344 msahci - ok
10:44:00.0958 3344 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:44:00.0960 3344 msdsm - ok
10:44:01.0022 3344 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
10:44:01.0026 3344 MSDTC - ok
10:44:01.0039 3344 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:44:01.0041 3344 Msfs - ok
10:44:01.0081 3344 [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:44:01.0082 3344 msisadrv - ok
10:44:01.0127 3344 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:44:01.0132 3344 MSiSCSI - ok
10:44:01.0140 3344 msiserver - ok
10:44:01.0154 3344 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:44:01.0156 3344 MSKSSRV - ok
10:44:01.0236 3344 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:44:01.0237 3344 MsMpSvc - ok
10:44:01.0264 3344 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:44:01.0267 3344 MSPCLOCK - ok
10:44:01.0276 3344 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:44:01.0279 3344 MSPQM - ok
10:44:01.0339 3344 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:44:01.0342 3344 MsRPC - ok
10:44:01.0363 3344 [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:44:01.0364 3344 mssmbios - ok
10:44:01.0380 3344 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:44:01.0382 3344 MSTEE - ok
10:44:01.0435 3344 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
10:44:01.0436 3344 Mup - ok
10:44:01.0513 3344 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
10:44:01.0519 3344 napagent - ok
10:44:01.0564 3344 [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:44:01.0566 3344 NativeWifiP - ok
10:44:01.0609 3344 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:44:01.0615 3344 NDIS - ok
10:44:01.0637 3344 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:44:01.0639 3344 NdisTapi - ok
10:44:01.0655 3344 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:44:01.0658 3344 Ndisuio - ok
10:44:01.0670 3344 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:44:01.0672 3344 NdisWan - ok
10:44:01.0690 3344 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:44:01.0691 3344 NDProxy - ok
10:44:01.0731 3344 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:44:01.0734 3344 NetBIOS - ok
10:44:01.0799 3344 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:44:01.0802 3344 netbt - ok
10:44:01.0816 3344 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe
10:44:01.0818 3344 Netlogon - ok
10:44:01.0851 3344 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
10:44:01.0857 3344 Netman - ok
10:44:01.0913 3344 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
10:44:01.0920 3344 netprofm - ok
10:44:01.0947 3344 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:44:01.0949 3344 NetTcpPortSharing - ok
10:44:01.0971 3344 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:44:01.0972 3344 nfrd960 - ok
10:44:01.0998 3344 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
10:44:02.0003 3344 NlaSvc - ok
10:44:02.0053 3344 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
10:44:02.0055 3344 nmwcd - ok
10:44:02.0076 3344 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
10:44:02.0077 3344 nmwcdc - ok
10:44:02.0103 3344 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:44:02.0105 3344 Npfs - ok
10:44:02.0115 3344 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
10:44:02.0119 3344 nsi - ok
10:44:02.0173 3344 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:44:02.0175 3344 nsiproxy - ok
10:44:02.0263 3344 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:44:02.0278 3344 Ntfs - ok
10:44:02.0290 3344 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:44:02.0291 3344 ntrigdigi - ok
10:44:02.0334 3344 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
10:44:02.0335 3344 Null - ok
10:44:02.0385 3344 [ 11BE4B269549173CFF542591E4BE2C08 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
10:44:02.0386 3344 NVHDA - ok
10:44:02.0629 3344 [ 440690DA4358D9682DBCC56DA7D419AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:44:02.0731 3344 nvlddmkm - ok
10:44:02.0743 3344 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:44:02.0745 3344 nvraid - ok
10:44:02.0757 3344 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:44:02.0759 3344 nvstor - ok
10:44:02.0796 3344 [ 11E1DC466C3E384C1A697B95DC5AA785 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:44:02.0801 3344 nvsvc - ok
10:44:02.0810 3344 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:44:02.0813 3344 nv_agp - ok
10:44:02.0829 3344 NwlnkFlt - ok
10:44:02.0842 3344 NwlnkFwd - ok
10:44:02.0926 3344 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:44:02.0933 3344 odserv - ok
10:44:02.0958 3344 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:44:02.0959 3344 ohci1394 - ok
10:44:03.0007 3344 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:44:03.0011 3344 ose - ok
10:44:03.0104 3344 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:44:03.0159 3344 p2pimsvc - ok
10:44:03.0191 3344 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
10:44:03.0201 3344 p2psvc - ok
10:44:03.0262 3344 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:44:03.0264 3344 Parport - ok
10:44:03.0285 3344 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:44:03.0287 3344 partmgr - ok
10:44:03.0296 3344 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:44:03.0297 3344 Parvdm - ok
10:44:03.0308 3344 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:44:03.0313 3344 PcaSvc - ok
10:44:03.0326 3344 [ 1085D75657807E0E8B32F9E19A1647C3 ] pci C:\Windows\system32\drivers\pci.sys
10:44:03.0328 3344 pci - ok
10:44:03.0392 3344 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
10:44:03.0394 3344 pciide - ok
10:44:03.0406 3344 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:44:03.0409 3344 pcmcia - ok
10:44:03.0467 3344 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:44:03.0479 3344 PEAUTH - ok
10:44:03.0543 3344 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
10:44:03.0587 3344 pla - ok
10:44:03.0615 3344 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:44:03.0623 3344 PlugPlay - ok
10:44:03.0653 3344 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:44:03.0663 3344 PNRPAutoReg - ok
10:44:03.0702 3344 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:44:03.0713 3344 PNRPsvc - ok
10:44:03.0763 3344 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:44:03.0769 3344 PolicyAgent - ok
10:44:03.0792 3344 [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:44:03.0794 3344 PptpMiniport - ok
10:44:03.0805 3344 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
10:44:03.0807 3344 Processor - ok
10:44:03.0819 3344 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
10:44:03.0825 3344 ProfSvc - ok
10:44:03.0886 3344 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:44:03.0889 3344 ProtectedStorage - ok
10:44:03.0906 3344 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:44:03.0908 3344 PSched - ok
10:44:03.0959 3344 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:44:03.0971 3344 ql2300 - ok
10:44:03.0980 3344 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:44:03.0984 3344 ql40xx - ok
10:44:04.0019 3344 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
10:44:04.0040 3344 QWAVE - ok
10:44:04.0049 3344 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:44:04.0053 3344 QWAVEdrv - ok
10:44:04.0070 3344 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:44:04.0072 3344 RasAcd - ok
10:44:04.0082 3344 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
10:44:04.0088 3344 RasAuto - ok
10:44:04.0104 3344 [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:44:04.0106 3344 Rasl2tp - ok
10:44:04.0118 3344 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
10:44:04.0127 3344 RasMan - ok
10:44:04.0136 3344 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:44:04.0137 3344 RasPppoe - ok
10:44:04.0159 3344 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:44:04.0163 3344 rdbss - ok
10:44:04.0174 3344 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:44:04.0177 3344 RDPCDD - ok
10:44:04.0196 3344 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:44:04.0200 3344 rdpdr - ok
10:44:04.0210 3344 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:44:04.0212 3344 RDPENCDD - ok
10:44:04.0230 3344 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:44:04.0233 3344 RDPWD - ok
10:44:04.0278 3344 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
10:44:04.0282 3344 RemoteAccess - ok
10:44:04.0293 3344 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:44:04.0297 3344 RemoteRegistry - ok
10:44:04.0310 3344 rksrruto - ok
10:44:04.0332 3344 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:44:04.0334 3344 RpcLocator - ok
10:44:04.0372 3344 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll
10:44:04.0382 3344 RpcSs - ok
10:44:04.0399 3344 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:44:04.0400 3344 rspndr - ok
10:44:04.0438 3344 [ 125C504A34D0A2E152517E342E7E432C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
10:44:04.0440 3344 RTL8169 - ok
10:44:04.0485 3344 [ 08C3394391AB0AFF65D75AE65D4207E1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
10:44:04.0487 3344 RTSTOR - ok
10:44:04.0505 3344 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe
10:44:04.0508 3344 SamSs - ok
10:44:04.0526 3344 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:44:04.0528 3344 sbp2port - ok
10:44:04.0551 3344 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:44:04.0557 3344 SCardSvr - ok
10:44:04.0614 3344 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll
10:44:04.0624 3344 Schedule - ok
10:44:04.0640 3344 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:44:04.0641 3344 SCPolicySvc - ok
10:44:04.0651 3344 [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:44:04.0654 3344 sdbus - ok
10:44:04.0665 3344 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:44:04.0671 3344 SDRSVC - ok
10:44:04.0692 3344 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:44:04.0694 3344 secdrv - ok
10:44:04.0703 3344 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
10:44:04.0707 3344 seclogon - ok
10:44:04.0717 3344 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\system32\sens.dll
10:44:04.0721 3344 SENS - ok
10:44:04.0731 3344 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:44:04.0733 3344 Serenum - ok
10:44:04.0743 3344 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:44:04.0746 3344 Serial - ok
10:44:04.0755 3344 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:44:04.0758 3344 sermouse - ok
10:44:04.0785 3344 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
10:44:04.0792 3344 SessionEnv - ok
10:44:04.0801 3344 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:44:04.0802 3344 sffdisk - ok
10:44:04.0813 3344 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:44:04.0814 3344 sffp_mmc - ok
10:44:04.0825 3344 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:44:04.0826 3344 sffp_sd - ok
10:44:04.0836 3344 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:44:04.0839 3344 sfloppy - ok
10:44:04.0898 3344 [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:44:04.0908 3344 SharedAccess - ok
10:44:04.0923 3344 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:44:04.0929 3344 ShellHWDetection - ok
10:44:04.0959 3344 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:44:04.0961 3344 sisagp - ok
10:44:04.0970 3344 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:44:04.0972 3344 SiSRaid2 - ok
10:44:04.0984 3344 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:44:04.0986 3344 SiSRaid4 - ok
10:44:05.0072 3344 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe
10:44:05.0117 3344 slsvc - ok
10:44:05.0130 3344 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:44:05.0135 3344 SLUINotify - ok
10:44:05.0155 3344 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:44:05.0157 3344 Smb - ok
10:44:05.0202 3344 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
10:44:05.0221 3344 smserial - ok
10:44:05.0235 3344 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:44:05.0239 3344 SNMPTRAP - ok
10:44:05.0259 3344 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
10:44:05.0261 3344 spldr - ok
10:44:05.0272 3344 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
10:44:05.0278 3344 Spooler - ok
10:44:05.0314 3344 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys
10:44:05.0320 3344 srv - ok
10:44:05.0344 3344 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:44:05.0347 3344 srv2 - ok
10:44:05.0357 3344 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:44:05.0359 3344 srvnet - ok
10:44:05.0372 3344 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:44:05.0379 3344 SSDPSRV - ok
10:44:05.0401 3344 Steam Client Service - ok
10:44:05.0444 3344 [ 7A95B5DEB594616F1693486B8161411E ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:44:05.0445 3344 StillCam - ok
10:44:05.0482 3344 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
10:44:05.0492 3344 stisvc - ok
10:44:05.0501 3344 [ 1379BDB336F8158C176A465E30759F57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:44:05.0503 3344 swenum - ok
10:44:05.0526 3344 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
10:44:05.0543 3344 swprv - ok
10:44:05.0557 3344 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:44:05.0559 3344 Symc8xx - ok
10:44:05.0579 3344 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:44:05.0580 3344 Sym_hi - ok
10:44:05.0605 3344 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:44:05.0607 3344 Sym_u3 - ok
10:44:05.0650 3344 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:44:05.0653 3344 SynTP - ok
10:44:05.0689 3344 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll
10:44:05.0708 3344 SysMain - ok
10:44:05.0732 3344 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:44:05.0738 3344 TabletInputService - ok
10:44:05.0752 3344 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:44:05.0759 3344 TapiSrv - ok
10:44:05.0775 3344 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
10:44:05.0782 3344 TBS - ok
10:44:05.0845 3344 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:44:05.0857 3344 Tcpip - ok
10:44:05.0905 3344 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:44:05.0916 3344 Tcpip6 - ok
10:44:05.0969 3344 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:44:05.0971 3344 tcpipreg - ok
10:44:05.0983 3344 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:44:05.0985 3344 TDPIPE - ok
10:44:05.0998 3344 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:44:06.0001 3344 TDTCP - ok
10:44:06.0019 3344 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:44:06.0020 3344 tdx - ok
10:44:06.0038 3344 [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:44:06.0039 3344 TermDD - ok
10:44:06.0084 3344 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
10:44:06.0094 3344 TermService - ok
10:44:06.0146 3344 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
10:44:06.0152 3344 Themes - ok
10:44:06.0172 3344 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
10:44:06.0176 3344 THREADORDER - ok
10:44:06.0192 3344 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
10:44:06.0198 3344 TrkWks - ok
10:44:06.0242 3344 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:44:06.0243 3344 TrustedInstaller - ok
10:44:06.0258 3344 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:44:06.0260 3344 tssecsrv - ok
10:44:06.0286 3344 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:44:06.0289 3344 tunmp - ok
10:44:06.0297 3344 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:44:06.0299 3344 tunnel - ok
10:44:06.0311 3344 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:44:06.0313 3344 uagp35 - ok
10:44:06.0338 3344 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:44:06.0342 3344 udfs - ok
10:44:06.0362 3344 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:44:06.0367 3344 UI0Detect - ok
10:44:06.0386 3344 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:44:06.0388 3344 uliagpkx - ok
10:44:06.0418 3344 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:44:06.0427 3344 uliahci - ok
10:44:06.0442 3344 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:44:06.0444 3344 UlSata - ok
10:44:06.0463 3344 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:44:06.0466 3344 ulsata2 - ok
10:44:06.0503 3344 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:44:06.0505 3344 umbus - ok
10:44:06.0519 3344 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
10:44:06.0527 3344 upnphost - ok
10:44:06.0572 3344 [ 78B74AF8727A28C128E164E9B53A5413 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:44:06.0573 3344 upperdev - ok
10:44:06.0644 3344 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:44:06.0646 3344 USBAAPL - ok
10:44:06.0678 3344 [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:44:06.0680 3344 usbccgp - ok
10:44:06.0692 3344 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:44:06.0695 3344 usbcir - ok
10:44:06.0728 3344 [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:44:06.0733 3344 usbehci - ok
10:44:06.0762 3344 [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:44:06.0767 3344 usbhub - ok
10:44:06.0776 3344 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:44:06.0777 3344 usbohci - ok
10:44:06.0789 3344 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:44:06.0791 3344 usbprint - ok
10:44:06.0808 3344 [ C0488CC01A1C686B08A3D360C7F50324 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
10:44:06.0809 3344 usbser - ok
10:44:06.0829 3344 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:44:06.0831 3344 UsbserFilt - ok
10:44:06.0850 3344 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:44:06.0852 3344 USBSTOR - ok
10:44:06.0865 3344 [ D864735B0BFCB65440960A0B7CC1A38D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:44:06.0868 3344 usbuhci - ok
10:44:06.0879 3344 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:44:06.0883 3344 usbvideo - ok
10:44:06.0913 3344 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
10:44:06.0917 3344 UxSms - ok
10:44:06.0943 3344 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
10:44:06.0951 3344 vds - ok
10:44:07.0012 3344 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:44:07.0013 3344 vga - ok
10:44:07.0030 3344 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:44:07.0033 3344 VgaSave - ok
10:44:07.0044 3344 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:44:07.0046 3344 viaagp - ok
10:44:07.0056 3344 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:44:07.0058 3344 ViaC7 - ok
10:44:07.0069 3344 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
10:44:07.0071 3344 viaide - ok
10:44:07.0096 3344 [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:44:07.0098 3344 volmgr - ok
10:44:07.0114 3344 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:44:07.0119 3344 volmgrx - ok
10:44:07.0173 3344 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:44:07.0177 3344 volsnap - ok
10:44:07.0208 3344 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:44:07.0210 3344 vsmraid - ok
10:44:07.0246 3344 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
10:44:07.0261 3344 VSS - ok
10:44:07.0284 3344 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
10:44:07.0291 3344 W32Time - ok
10:44:07.0306 3344 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:44:07.0308 3344 WacomPen - ok
10:44:07.0322 3344 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:44:07.0324 3344 Wanarp - ok
10:44:07.0332 3344 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:44:07.0334 3344 Wanarpv6 - ok
10:44:07.0349 3344 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:44:07.0359 3344 wcncsvc - ok
10:44:07.0369 3344 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:44:07.0375 3344 WcsPlugInService - ok
10:44:07.0385 3344 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
10:44:07.0386 3344 Wd - ok
10:44:07.0406 3344 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:44:07.0412 3344 Wdf01000 - ok
10:44:07.0424 3344 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:44:07.0430 3344 WdiServiceHost - ok
10:44:07.0442 3344 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:44:07.0447 3344 WdiSystemHost - ok
10:44:07.0471 3344 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll
10:44:07.0479 3344 WebClient - ok
10:44:07.0492 3344 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
10:44:07.0500 3344 Wecsvc - ok
10:44:07.0513 3344 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:44:07.0518 3344 wercplsupport - ok
10:44:07.0530 3344 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
10:44:07.0537 3344 WerSvc - ok
10:44:07.0579 3344 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:44:07.0588 3344 winachsf - ok
10:44:07.0669 3344 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:44:07.0680 3344 WinDefend - ok
10:44:07.0692 3344 WinHttpAutoProxySvc - ok
10:44:07.0801 3344 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:44:07.0804 3344 Winmgmt - ok
10:44:07.0823 3344 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
10:44:07.0842 3344 WinRM - ok
10:44:07.0882 3344 [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:44:07.0900 3344 Wlansvc - ok
10:44:07.0939 3344 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:44:07.0941 3344 WmiAcpi - ok
10:44:07.0959 3344 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:44:07.0962 3344 wmiApSrv - ok
10:44:08.0009 3344 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:44:08.0035 3344 WMPNetworkSvc - ok
10:44:08.0049 3344 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:44:08.0062 3344 WPCSvc - ok
10:44:08.0073 3344 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:44:08.0080 3344 WPDBusEnum - ok
10:44:08.0118 3344 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:44:08.0122 3344 WpdUsb - ok
10:44:08.0132 3344 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:44:08.0134 3344 ws2ifsl - ok
10:44:08.0147 3344 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\system32\wscsvc.dll
10:44:08.0152 3344 wscsvc - ok
10:44:08.0161 3344 WSearch - ok
10:44:08.0241 3344 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
10:44:08.0294 3344 wuauserv - ok
10:44:08.0326 3344 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:44:08.0328 3344 WUDFRd - ok
10:44:08.0339 3344 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:44:08.0345 3344 wudfsvc - ok
10:44:08.0364 3344 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
10:44:08.0365 3344 XAudio - ok
10:44:08.0410 3344 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
10:44:08.0415 3344 XAudioService - ok
10:44:08.0450 3344 ================ Scan global ===============================
10:44:08.0483 3344 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
10:44:08.0507 3344 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
10:44:08.0548 3344 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
10:44:08.0595 3344 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
10:44:08.0601 3344 [Global] - ok
10:44:08.0602 3344 ================ Scan MBR ==================================
10:44:08.0614 3344 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:44:09.0206 3344 \Device\Harddisk0\DR0 - ok
10:44:09.0206 3344 ================ Scan VBR ==================================
10:44:09.0212 3344 [ 5B57C66116D92262C23C491928C71FF7 ] \Device\Harddisk0\DR0\Partition1
10:44:09.0216 3344 \Device\Harddisk0\DR0\Partition1 - ok
10:44:09.0217 3344 ============================================================
10:44:09.0217 3344 Scan finished
10:44:09.0217 3344 ============================================================
10:44:09.0235 3016 Detected object count: 0
10:44:09.0235 3016 Actual detected object count: 0



Here's the aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 10:53:17
-----------------------------
10:53:17.678 OS Version: Windows 6.0.6000
10:53:17.678 Number of processors: 2 586 0xF0D
10:53:17.678 ComputerName: HPCOMPAQ UserName: Kasutaja
10:53:35.277 Initialize success
10:53:55.138 AVAST engine defs: 12082901
10:54:00.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:54:00.770 Disk 0 Vendor: ST9320423AS 0002SDM1 Size: 305245MB BusType: 3
10:54:00.770 Disk 0 MBR read successfully
10:54:00.786 Disk 0 MBR scan
10:54:00.786 Disk 0 Windows VISTA default MBR code
10:54:00.817 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
10:54:00.832 Disk 0 scanning sectors +625139712
10:54:00.926 Disk 0 scanning C:\Windows\system32\drivers
10:54:13.282 Service scanning
10:54:34.564 Modules scanning
10:54:42.443 Disk 0 trace - called modules:
10:54:42.459 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
10:54:42.474 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853e48f0]
10:54:42.490 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84aecbb0]
10:54:46.453 AVAST engine scan C:\Windows
10:55:05.798 AVAST engine scan C:\Windows\system32
10:58:03.947 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:58:54.011 AVAST engine scan C:\Windows\system32\drivers
10:59:36.556 AVAST engine scan C:\Users\Kasutaja
11:00:07.650 File: C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L\00000008.@ **INFECTED** Win32:Trojan-gen
11:00:56.856 File: C:\Users\Kasutaja\Downloads\IMG00578459406-JPG.scr **INFECTED** Win32:Trojan-gen
11:01:02.566 File: C:\Users\Kasutaja\M-10-6897-8685-3464\winmgr.exe **INFECTED** Win32:Trojan-gen
11:01:02.644 File: C:\Users\Kasutaja\M-10-7960-8588-3464\winsvc.exe **INFECTED** Win32:Crypt-NRV [Trj]
11:03:04.568 AVAST engine scan C:\ProgramData
11:04:34.869 Scan finished successfully
11:12:10.068 Disk 0 MBR has been saved successfully to "C:\Users\Kasutaja\Desktop\MBR.dat"
11:12:10.083 The log file has been saved successfully to "C:\Users\Kasutaja\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 30 August 2012 - 03:21 AM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Crisux

Crisux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 30 August 2012 - 03:27 AM

Here's the RogueKiller report:


RogueKiller V8.0.1 [08/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Kasutaja [Admin rights]
Mode : Scan -- Date : 08/30/2012 11:25:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\n --> FOUND
[ZeroAccess][FILE] @ : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS ATA Device +++++
--- User ---
[MBR] b0584ac4672ec7beb46f47dff4373d3f
[BSP] 2472e4c3037c3db5813df14d7efee1af : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 30 August 2012 - 07:03 AM

greetings


Now lets fix what rougekiller found

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Crisux

Crisux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 30 August 2012 - 07:28 AM

Hey again
Here's the report:

RogueKiller V8.0.1 [08/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Kasutaja [Admin rights]
Mode : Remove -- Date : 08/30/2012 12:17:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\n --> REMOVED
[ZeroAccess][FILE] @ : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L\00000008.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L\00000008.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Kasutaja\AppData\Local\{12d28fb1-c0fc-8843-6274-86c6dc9bda32}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS ATA Device +++++
--- User ---
[MBR] b0584ac4672ec7beb46f47dff4373d3f
[BSP] 2472e4c3037c3db5813df14d7efee1af : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 30 August 2012 - 07:35 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Firefox::
FF - ProfilePath - c:\users\Kasutaja\AppData\Roaming\Mozilla\Firefox\Profiles\8pvqim2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Crisux

Crisux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:12:30 AM

Posted 30 August 2012 - 02:31 PM

Hey

Ran Spybot S&D it found Facebook.Messenger, Babylon.Toolbar, IncrediBar, DoubleClick but it seems that it removed them during the scan after boot.
MSE doesn't show anything anymore
Everything else seems to be fine but Windows Update fails and gives error 80246008, it's a little frustrating cause I discovered that it hasn't been updated since the HDD got changed in january, though i managed to install SP1.

But here's the ComboFix log:

ComboFix 12-08-29.03 - Kasutaja 30.08.2012 15:42:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1257.372.1033.18.3068.2224 [GMT 3:00]
Running from: c:\users\Kasutaja\Desktop\ComboFix.exe
Command switches used :: c:\users\Kasutaja\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 12:49 . 2012-08-30 12:50 -------- d-----w- c:\users\Kasutaja\AppData\Local\temp
2012-08-30 12:49 . 2012-08-30 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-30 07:25 . 2012-08-30 07:25 -------- d-----w- c:\users\Crisux
2012-08-24 10:51 . 2012-08-24 10:52 -------- d-----w- C:\8e5c703cd9dd14e158c2906947aaf3
2012-08-24 10:50 . 2012-08-19 22:53 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CAA60F6-8644-4D48-B884-59B40EAEA218}\mpengine.dll
2012-08-24 10:47 . 2012-08-30 07:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-24 10:14 . 2012-08-24 10:26 -------- d-----w- c:\users\Kasutaja\AppData\Roaming\SumatraPDF
2012-08-24 10:14 . 2012-08-24 10:14 -------- d-----w- c:\program files\SumatraPDF
2012-08-24 09:56 . 2011-09-05 15:14 178744 ----a-w- c:\windows\system32\drivers\cumon.sys
2012-08-24 09:56 . 2011-09-05 15:15 17520 ----a-w- c:\windows\system32\drivers\evdd.sys
2012-08-24 09:49 . 2012-08-24 09:49 -------- d-----w- c:\program files\COMODO
2012-08-24 09:49 . 2012-08-24 09:49 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-24 09:42 . 2012-08-24 09:42 -------- d-----w- c:\users\Kasutaja\AppData\Roaming\Canneverbe Limited
2012-08-24 09:42 . 2012-08-24 09:42 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-24 09:40 . 2012-08-24 09:40 -------- d-----w- c:\users\Kasutaja\AppData\Local\Macromedia
2012-08-24 09:36 . 2012-08-24 10:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 09:29 . 2012-08-24 09:29 0 ---ha-w- c:\users\Kasutaja\AppData\Roaming\ztddttud.sys
2012-08-23 18:44 . 2012-08-23 18:44 -------- d-sh--r- c:\users\Kasutaja\M-10-7960-8588-3464
2012-08-21 19:04 . 2012-08-21 19:04 -------- d-sh--r- c:\users\Kasutaja\M-0-5778-6436-2457
2012-08-21 00:16 . 2012-08-24 09:35 0 ---ha-w- c:\users\Kasutaja\AppData\Roaming\winbras.sys
2012-08-19 22:19 . 2012-08-19 22:19 -------- d-sh--r- c:\users\Kasutaja\M-10-6897-8685-3464
2012-08-16 22:16 . 2012-08-16 22:16 -------- d-----w- c:\programdata\RegClean
2012-08-16 22:07 . 2012-08-24 10:05 -------- d-----w- c:\program files\SmartTweak Software
2012-08-16 22:07 . 2012-08-16 22:07 -------- d-----w- c:\users\Kasutaja\AppData\Local\PackageAware
2012-08-15 00:27 . 2012-08-15 00:27 -------- d-----w- c:\users\Kasutaja\AppData\Local\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 10:02 . 2012-01-25 14:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 17:59 . 2012-06-06 17:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-07-18 11:10 . 2012-06-26 21:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2012-01-26 08:12 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:36 19549320 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CPUZ135
*Deregistered* - cpuz135
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 10:02]
.
2012-08-30 c:\windows\Tasks\User_Feed_Synchronization-{7240247D-E2B3-4280-97FC-1232716A95B9}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.postimees.ee/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.253.0.130 85.253.0.2
FF - ProfilePath - c:\users\Kasutaja\AppData\Roaming\Mozilla\Firefox\Profiles\8pvqim2u.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-30 15:50
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-30 15:52:54
ComboFix-quarantined-files.txt 2012-08-30 12:52
ComboFix2.txt 2012-08-30 07:25
.
Pre-Run: 246 997 192 704 bytes free
Post-Run: 247 110 389 760 bytes free
.
- - End Of File - - B5105C2000702D86AEF8CA264B380042




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users