Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess! rootkit infection in tcp/ip stack


  • This topic is locked This topic is locked
10 replies to this topic

#1 lucaspeed

lucaspeed

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 18 September 2012 - 07:40 PM

Hi, I am trying to clean a friend's PC, it was starting with a white screen and was inaccessible. I gained access to the desktop using Kaspersky Rescue Disk and now I am trying to eliminate the infections.
After 3-4 runs of combofix it keeps finding the rootkit even after a reboot.
As per instructions, here's my DDS and GMER logs, thanks for your help.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 2:03:40 on 2012-09-19
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.39.1040.18.3000.1819 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CarboniteSetupLite] "c:\program files\packard bell\carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{7A746911-078F-430C-8A0E-44C65DB8B445} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DDCCF1B3-765D-44C3-AEC6-BF4C1C54FED7} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R3 NETw5v32;Driver scheda Intel® Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-16 54632]
S3 fsssvc;Servizio Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-19 00:02:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-18 21:41:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 21:27:26 -------- d-s---w- C:\ComboFix
2012-09-18 20:01:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-18 20:01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-18 19:15:12 98816 ----a-w- c:\windows\sed.exe
2012-09-18 19:15:12 518144 ----a-w- c:\windows\SWREG.exe
2012-09-18 19:15:12 256000 ----a-w- c:\windows\PEV.exe
2012-09-18 19:15:12 208896 ----a-w- c:\windows\MBR.exe
2012-09-18 17:25:49 -------- d-----r- c:\program files\Skype
2012-09-18 17:24:59 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-09-18 17:06:05 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-09-18 17:06:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-09-18 17:05:59 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-09-18 17:05:51 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-09-18 13:37:10 -------- d-----w- C:\$HBCDTmp
2012-09-17 23:48:19 -------- d-----w- C:\Quarantine
2012-09-13 23:22:37 1659808 ----a-w- C:\rkill.com
2012-08-29 22:08:46 623616 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-09-18 17:35:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 17:35:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 2.04.12,50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 21 September 2012 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 September 2012 - 11:29 AM

17:48:44.0433 3312 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:48:44.0805 3312 ============================================================
17:48:44.0805 3312 Current date / time: 2012/09/21 17:48:44.0805
17:48:44.0805 3312 SystemInfo:
17:48:44.0805 3312
17:48:44.0805 3312 OS Version: 6.0.6002 ServicePack: 2.0
17:48:44.0805 3312 Product type: Workstation
17:48:44.0805 3312 ComputerName: PC-PACKARDBELL
17:48:44.0805 3312 UserName: Administrator
17:48:44.0805 3312 Windows directory: C:\Windows
17:48:44.0805 3312 System windows directory: C:\Windows
17:48:44.0805 3312 Processor architecture: Intel x86
17:48:44.0805 3312 Number of processors: 2
17:48:44.0805 3312 Page size: 0x1000
17:48:44.0805 3312 Boot type: Normal boot
17:48:44.0805 3312 ============================================================
17:48:46.0601 3312 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:48:46.0629 3312 ============================================================
17:48:46.0629 3312 \Device\Harddisk0\DR0:
17:48:46.0645 3312 MBR partitions:
17:48:46.0645 3312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x23C2C351
17:48:46.0645 3312 ============================================================
17:48:46.0728 3312 C: <-> \Device\Harddisk0\DR0\Partition1
17:48:46.0728 3312 ============================================================
17:48:46.0728 3312 Initialize success
17:48:46.0728 3312 ============================================================
17:48:48.0818 3016 ============================================================
17:48:48.0818 3016 Scan started
17:48:48.0818 3016 Mode: Manual;
17:48:48.0818 3016 ============================================================
17:48:51.0015 3016 ================ Scan system memory ========================
17:48:51.0015 3016 System memory - ok
17:48:51.0016 3016 ================ Scan services =============================
17:48:52.0033 3016 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:48:52.0045 3016 ACPI - ok
17:48:52.0304 3016 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
17:48:52.0320 3016 AdobeActiveFileMonitor6.0 - ok
17:48:52.0599 3016 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:48:52.0617 3016 AdobeFlashPlayerUpdateSvc - ok
17:48:52.0747 3016 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:48:52.0770 3016 adp94xx - ok
17:48:52.0868 3016 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:48:52.0904 3016 adpahci - ok
17:48:52.0929 3016 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:48:52.0947 3016 adpu160m - ok
17:48:53.0025 3016 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:48:53.0064 3016 adpu320 - ok
17:48:53.0127 3016 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:48:53.0128 3016 AeLookupSvc - ok
17:48:53.0308 3016 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:48:53.0367 3016 AFD - ok
17:48:53.0437 3016 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:48:53.0452 3016 agp440 - ok
17:48:53.0530 3016 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:48:53.0582 3016 aic78xx - ok
17:48:53.0610 3016 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:48:53.0620 3016 ALG - ok
17:48:53.0638 3016 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
17:48:53.0644 3016 aliide - ok
17:48:53.0696 3016 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:48:53.0718 3016 amdagp - ok
17:48:53.0750 3016 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
17:48:53.0752 3016 amdide - ok
17:48:53.0767 3016 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:48:53.0774 3016 AmdK7 - ok
17:48:53.0818 3016 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:48:53.0827 3016 AmdK8 - ok
17:48:53.0884 3016 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:48:53.0885 3016 Appinfo - ok
17:48:54.0020 3016 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:48:54.0030 3016 Apple Mobile Device - ok
17:48:54.0135 3016 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
17:48:54.0156 3016 arc - ok
17:48:54.0205 3016 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:48:54.0240 3016 arcsas - ok
17:48:54.0277 3016 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:48:54.0279 3016 AsyncMac - ok
17:48:54.0341 3016 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:48:54.0342 3016 atapi - ok
17:48:54.0441 3016 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:48:54.0457 3016 AudioEndpointBuilder - ok
17:48:54.0486 3016 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:48:54.0490 3016 Audiosrv - ok
17:48:54.0515 3016 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:48:54.0529 3016 Beep - ok
17:48:54.0820 3016 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:48:54.0917 3016 BITS - ok
17:48:54.0934 3016 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:48:54.0951 3016 blbdrive - ok
17:48:55.0145 3016 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:48:55.0149 3016 Bonjour Service - ok
17:48:55.0228 3016 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:48:55.0241 3016 bowser - ok
17:48:55.0275 3016 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:48:55.0288 3016 BrFiltLo - ok
17:48:55.0306 3016 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:48:55.0308 3016 BrFiltUp - ok
17:48:55.0362 3016 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:48:55.0409 3016 Browser - ok
17:48:55.0491 3016 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:48:55.0534 3016 Brserid - ok
17:48:55.0581 3016 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:48:55.0609 3016 BrSerWdm - ok
17:48:55.0630 3016 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:48:55.0632 3016 BrUsbMdm - ok
17:48:55.0663 3016 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:48:55.0664 3016 BrUsbSer - ok
17:48:55.0711 3016 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:48:55.0713 3016 BTHMODEM - ok
17:48:55.0996 3016 catchme - ok
17:48:56.0040 3016 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:48:56.0056 3016 cdfs - ok
17:48:56.0113 3016 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:48:56.0131 3016 CertPropSvc - ok
17:48:56.0169 3016 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
17:48:56.0186 3016 circlass - ok
17:48:56.0252 3016 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:48:56.0281 3016 CLFS - ok
17:48:56.0465 3016 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:48:56.0497 3016 clr_optimization_v2.0.50727_32 - ok
17:48:56.0790 3016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:48:56.0805 3016 clr_optimization_v4.0.30319_32 - ok
17:48:56.0898 3016 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:48:56.0909 3016 CmBatt - ok
17:48:56.0936 3016 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:48:56.0952 3016 cmdide - ok
17:48:56.0976 3016 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:48:56.0977 3016 Compbatt - ok
17:48:56.0984 3016 COMSysApp - ok
17:48:57.0026 3016 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:48:57.0027 3016 crcdisk - ok
17:48:57.0048 3016 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:48:57.0060 3016 Crusoe - ok
17:48:57.0149 3016 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:48:57.0190 3016 CryptSvc - ok
17:48:57.0310 3016 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:48:57.0340 3016 DcomLaunch - ok
17:48:57.0426 3016 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:48:57.0453 3016 DfsC - ok
17:48:57.0771 3016 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:48:57.0992 3016 DFSR - ok
17:48:58.0171 3016 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:48:58.0204 3016 Dhcp - ok
17:48:58.0270 3016 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:48:58.0287 3016 disk - ok
17:48:58.0334 3016 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:48:58.0350 3016 Dnscache - ok
17:48:58.0443 3016 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:48:58.0518 3016 dot3svc - ok
17:48:58.0570 3016 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:48:58.0610 3016 DPS - ok
17:48:58.0734 3016 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:48:58.0740 3016 drmkaud - ok
17:48:58.0898 3016 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:48:58.0905 3016 DXGKrnl - ok
17:48:58.0948 3016 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:48:58.0976 3016 E1G60 - ok
17:48:59.0016 3016 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:48:59.0031 3016 EapHost - ok
17:48:59.0126 3016 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:48:59.0151 3016 Ecache - ok
17:48:59.0253 3016 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:48:59.0282 3016 ehRecvr - ok
17:48:59.0299 3016 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:48:59.0303 3016 ehSched - ok
17:48:59.0336 3016 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:48:59.0337 3016 ehstart - ok
17:48:59.0396 3016 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:48:59.0416 3016 elxstor - ok
17:48:59.0553 3016 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:48:59.0586 3016 EMDMgmt - ok
17:48:59.0620 3016 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:48:59.0633 3016 ErrDev - ok
17:48:59.0691 3016 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:48:59.0711 3016 EventSystem - ok
17:48:59.0793 3016 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:48:59.0825 3016 exfat - ok
17:48:59.0909 3016 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:48:59.0919 3016 fastfat - ok
17:49:00.0008 3016 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:49:00.0046 3016 fdc - ok
17:49:00.0071 3016 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:49:00.0073 3016 fdPHost - ok
17:49:00.0093 3016 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:49:00.0096 3016 FDResPub - ok
17:49:00.0128 3016 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:49:00.0130 3016 FileInfo - ok
17:49:00.0163 3016 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:49:00.0176 3016 Filetrace - ok
17:49:00.0215 3016 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:00.0229 3016 flpydisk - ok
17:49:00.0312 3016 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:49:00.0342 3016 FltMgr - ok
17:49:00.0588 3016 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:49:00.0639 3016 FontCache - ok
17:49:00.0766 3016 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:00.0785 3016 FontCache3.0.0.0 - ok
17:49:00.0902 3016 [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:49:00.0926 3016 fssfltr - ok
17:49:01.0307 3016 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:49:01.0401 3016 fsssvc - ok
17:49:01.0459 3016 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:49:01.0461 3016 Fs_Rec - ok
17:49:01.0507 3016 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:49:01.0528 3016 gagp30kx - ok
17:49:01.0650 3016 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:49:01.0661 3016 GEARAspiWDM - ok
17:49:01.0786 3016 Giraffic - ok
17:49:01.0917 3016 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:49:01.0973 3016 gpsvc - ok
17:49:02.0082 3016 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:49:02.0143 3016 HDAudBus - ok
17:49:02.0189 3016 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:49:02.0195 3016 HidBth - ok
17:49:02.0254 3016 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:49:02.0268 3016 HidIr - ok
17:49:02.0329 3016 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
17:49:02.0332 3016 hidserv - ok
17:49:02.0374 3016 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:49:02.0381 3016 HidUsb - ok
17:49:02.0415 3016 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:49:02.0530 3016 hkmsvc - ok
17:49:02.0560 3016 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:49:02.0570 3016 HpCISSs - ok
17:49:02.0691 3016 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:49:02.0721 3016 HTTP - ok
17:49:02.0747 3016 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:49:02.0749 3016 i2omp - ok
17:49:02.0845 3016 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:49:02.0853 3016 i8042prt - ok
17:49:02.0904 3016 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:49:02.0943 3016 iaStorV - ok
17:49:03.0264 3016 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:03.0394 3016 idsvc - ok
17:49:03.0793 3016 [ 0627FC0C422CD6E0F23E1B0D1D9F0899 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:49:04.0122 3016 igfx - ok
17:49:04.0178 3016 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:49:04.0195 3016 iirsp - ok
17:49:04.0299 3016 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:49:04.0339 3016 IKEEXT - ok
17:49:04.0774 3016 [ 9B89F2E3D705651DEC1F01033B9D6B24 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:49:04.0795 3016 IntcAzAudAddService - ok
17:49:04.0858 3016 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:49:04.0859 3016 intelide - ok
17:49:04.0948 3016 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:49:04.0949 3016 intelppm - ok
17:49:05.0002 3016 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:49:05.0018 3016 IPBusEnum - ok
17:49:05.0073 3016 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:05.0081 3016 IpFilterDriver - ok
17:49:05.0101 3016 IpInIp - ok
17:49:05.0133 3016 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:49:05.0135 3016 IPMIDRV - ok
17:49:05.0192 3016 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:49:05.0216 3016 IPNAT - ok
17:49:05.0371 3016 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:49:05.0379 3016 iPod Service - ok
17:49:05.0400 3016 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:49:05.0407 3016 IRENUM - ok
17:49:05.0453 3016 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:49:05.0473 3016 isapnp - ok
17:49:05.0517 3016 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:49:05.0519 3016 iScsiPrt - ok
17:49:05.0555 3016 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:49:05.0556 3016 iteatapi - ok
17:49:05.0621 3016 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:49:05.0638 3016 iteraid - ok
17:49:05.0661 3016 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:49:05.0662 3016 kbdclass - ok
17:49:05.0680 3016 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:49:05.0688 3016 kbdhid - ok
17:49:05.0737 3016 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:49:05.0740 3016 KeyIso - ok
17:49:05.0820 3016 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:49:05.0868 3016 KSecDD - ok
17:49:05.0996 3016 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:49:06.0038 3016 KtmRm - ok
17:49:06.0109 3016 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
17:49:06.0125 3016 LanmanServer - ok
17:49:06.0199 3016 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:49:06.0233 3016 LanmanWorkstation - ok
17:49:06.0275 3016 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:49:06.0284 3016 lltdio - ok
17:49:06.0395 3016 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:49:06.0413 3016 lltdsvc - ok
17:49:06.0440 3016 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:49:06.0456 3016 lmhosts - ok
17:49:06.0489 3016 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:49:06.0539 3016 LSI_FC - ok
17:49:06.0570 3016 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:49:06.0586 3016 LSI_SAS - ok
17:49:06.0621 3016 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:49:06.0643 3016 LSI_SCSI - ok
17:49:06.0671 3016 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:49:06.0683 3016 luafv - ok
17:49:06.0725 3016 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:49:06.0751 3016 Mcx2Svc - ok
17:49:06.0783 3016 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
17:49:06.0791 3016 megasas - ok
17:49:06.0882 3016 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:49:06.0912 3016 MegaSR - ok
17:49:07.0051 3016 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:49:07.0078 3016 Microsoft Office Groove Audit Service - ok
17:49:07.0128 3016 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:49:07.0153 3016 MMCSS - ok
17:49:07.0184 3016 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:49:07.0192 3016 Modem - ok
17:49:07.0227 3016 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:49:07.0228 3016 monitor - ok
17:49:07.0259 3016 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:49:07.0260 3016 mouclass - ok
17:49:07.0308 3016 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:49:07.0318 3016 mouhid - ok
17:49:07.0339 3016 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:49:07.0341 3016 MountMgr - ok
17:49:07.0440 3016 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
17:49:07.0460 3016 mpio - ok
17:49:07.0491 3016 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:49:07.0500 3016 mpsdrv - ok
17:49:07.0531 3016 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:49:07.0553 3016 Mraid35x - ok
17:49:07.0632 3016 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:49:07.0641 3016 MRxDAV - ok
17:49:07.0707 3016 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:07.0734 3016 mrxsmb - ok
17:49:07.0826 3016 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:07.0844 3016 mrxsmb10 - ok
17:49:07.0888 3016 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:07.0910 3016 mrxsmb20 - ok
17:49:07.0947 3016 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
17:49:07.0948 3016 msahci - ok
17:49:07.0970 3016 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:49:07.0987 3016 msdsm - ok
17:49:08.0023 3016 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:49:08.0141 3016 MSDTC - ok
17:49:08.0189 3016 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:49:08.0201 3016 Msfs - ok
17:49:08.0233 3016 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:49:08.0234 3016 msisadrv - ok
17:49:08.0281 3016 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:49:08.0300 3016 MSiSCSI - ok
17:49:08.0305 3016 msiserver - ok
17:49:08.0340 3016 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:49:08.0341 3016 MSKSSRV - ok
17:49:08.0360 3016 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:08.0378 3016 MSPCLOCK - ok
17:49:08.0394 3016 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:49:08.0395 3016 MSPQM - ok
17:49:08.0504 3016 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:49:08.0531 3016 MsRPC - ok
17:49:08.0549 3016 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:49:08.0550 3016 mssmbios - ok
17:49:08.0580 3016 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:49:08.0594 3016 MSTEE - ok
17:49:08.0657 3016 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:49:08.0669 3016 Mup - ok
17:49:08.0723 3016 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:49:08.0769 3016 napagent - ok
17:49:08.0854 3016 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:49:08.0873 3016 NativeWifiP - ok
17:49:09.0016 3016 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:49:09.0067 3016 NDIS - ok
17:49:09.0109 3016 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:09.0124 3016 NdisTapi - ok
17:49:09.0153 3016 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:09.0167 3016 Ndisuio - ok
17:49:09.0259 3016 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:09.0261 3016 NdisWan - ok
17:49:09.0285 3016 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:49:09.0300 3016 NDProxy - ok
17:49:09.0598 3016 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:49:09.0608 3016 Nero BackItUp Scheduler 3 - ok
17:49:09.0718 3016 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:49:09.0726 3016 NetBIOS - ok
17:49:09.0805 3016 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:49:09.0855 3016 netbt - ok
17:49:09.0895 3016 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:49:09.0898 3016 Netlogon - ok
17:49:09.0990 3016 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:49:10.0054 3016 Netman - ok
17:49:10.0104 3016 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:49:10.0118 3016 netprofm - ok
17:49:10.0183 3016 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:10.0199 3016 NetTcpPortSharing - ok
17:49:10.0931 3016 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
17:49:11.0277 3016 NETw5v32 - ok
17:49:11.0339 3016 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:49:11.0353 3016 nfrd960 - ok
17:49:11.0433 3016 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:49:11.0445 3016 NlaSvc - ok
17:49:11.0643 3016 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:49:11.0671 3016 NMIndexingService - ok
17:49:11.0743 3016 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:49:11.0759 3016 Npfs - ok
17:49:11.0825 3016 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:49:11.0841 3016 nsi - ok
17:49:11.0860 3016 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:49:11.0880 3016 nsiproxy - ok
17:49:12.0138 3016 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:49:12.0255 3016 Ntfs - ok
17:49:12.0309 3016 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:49:12.0323 3016 ntrigdigi - ok
17:49:12.0347 3016 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:49:12.0369 3016 Null - ok
17:49:12.0417 3016 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:49:12.0442 3016 nvraid - ok
17:49:12.0462 3016 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:49:12.0474 3016 nvstor - ok
17:49:12.0502 3016 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:49:12.0521 3016 nv_agp - ok
17:49:12.0527 3016 NwlnkFlt - ok
17:49:12.0535 3016 NwlnkFwd - ok
17:49:12.0845 3016 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:49:12.0912 3016 odserv - ok
17:49:13.0004 3016 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:49:13.0022 3016 ohci1394 - ok
17:49:13.0100 3016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:13.0105 3016 ose - ok
17:49:13.0275 3016 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:49:13.0325 3016 p2pimsvc - ok
17:49:13.0388 3016 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:49:13.0397 3016 p2psvc - ok
17:49:13.0423 3016 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:49:13.0447 3016 Parport - ok
17:49:13.0518 3016 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:49:13.0524 3016 partmgr - ok
17:49:13.0543 3016 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:49:13.0555 3016 Parvdm - ok
17:49:13.0587 3016 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:49:13.0604 3016 PcaSvc - ok
17:49:13.0662 3016 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:49:13.0681 3016 pci - ok
17:49:13.0701 3016 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
17:49:13.0718 3016 pciide - ok
17:49:13.0798 3016 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:49:13.0834 3016 pcmcia - ok
17:49:13.0995 3016 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:49:14.0086 3016 PEAUTH - ok
17:49:14.0298 3016 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:49:14.0385 3016 pla - ok
17:49:14.0438 3016 PLFlash DeviceIoControl Service - ok
17:49:14.0551 3016 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:49:14.0601 3016 PlugPlay - ok
17:49:14.0643 3016 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:49:14.0652 3016 PNRPAutoReg - ok
17:49:14.0683 3016 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:49:14.0692 3016 PNRPsvc - ok
17:49:14.0779 3016 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:49:14.0808 3016 PolicyAgent - ok
17:49:14.0850 3016 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:49:14.0852 3016 PptpMiniport - ok
17:49:14.0891 3016 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
17:49:14.0893 3016 Processor - ok
17:49:15.0031 3016 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:49:15.0037 3016 ProfSvc - ok
17:49:15.0076 3016 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:49:15.0079 3016 ProtectedStorage - ok
17:49:15.0156 3016 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:49:15.0170 3016 PSched - ok
17:49:15.0211 3016 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
17:49:15.0219 3016 PxHelp20 - ok
17:49:15.0393 3016 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:49:15.0544 3016 ql2300 - ok
17:49:15.0582 3016 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:49:15.0626 3016 ql40xx - ok
17:49:15.0678 3016 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:49:15.0694 3016 QWAVE - ok
17:49:15.0722 3016 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:49:15.0734 3016 QWAVEdrv - ok
17:49:15.0788 3016 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:49:15.0789 3016 RasAcd - ok
17:49:15.0851 3016 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:49:15.0868 3016 RasAuto - ok
17:49:15.0894 3016 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:15.0897 3016 Rasl2tp - ok
17:49:15.0986 3016 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:49:16.0020 3016 RasMan - ok
17:49:16.0078 3016 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:16.0095 3016 RasPppoe - ok
17:49:16.0120 3016 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:49:16.0123 3016 RasSstp - ok
17:49:16.0175 3016 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:49:16.0194 3016 rdbss - ok
17:49:16.0220 3016 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:16.0221 3016 RDPCDD - ok
17:49:16.0248 3016 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:49:16.0260 3016 rdpdr - ok
17:49:16.0271 3016 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:49:16.0279 3016 RDPENCDD - ok
17:49:16.0321 3016 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:49:16.0349 3016 RDPWD - ok
17:49:16.0409 3016 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:49:16.0437 3016 RemoteAccess - ok
17:49:16.0512 3016 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:49:16.0544 3016 RemoteRegistry - ok
17:49:16.0579 3016 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:49:16.0591 3016 RpcLocator - ok
17:49:16.0645 3016 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:49:16.0653 3016 RpcSs - ok
17:49:16.0681 3016 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:49:16.0683 3016 rspndr - ok
17:49:16.0777 3016 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
17:49:16.0780 3016 RTL8169 - ok
17:49:16.0800 3016 [ 01C64783DB1F40E1E3DF67DD36199B35 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
17:49:16.0811 3016 RTSTOR - ok
17:49:16.0833 3016 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:49:16.0836 3016 SamSs - ok
17:49:16.0872 3016 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:49:16.0900 3016 sbp2port - ok
17:49:16.0949 3016 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:49:16.0964 3016 SCardSvr - ok
17:49:17.0143 3016 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:49:17.0173 3016 Schedule - ok
17:49:17.0193 3016 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:49:17.0194 3016 SCPolicySvc - ok
17:49:17.0213 3016 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:49:17.0227 3016 SDRSVC - ok
17:49:17.0280 3016 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:49:17.0281 3016 secdrv - ok
17:49:17.0310 3016 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:49:17.0325 3016 seclogon - ok
17:49:17.0344 3016 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
17:49:17.0358 3016 SENS - ok
17:49:17.0398 3016 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:49:17.0414 3016 Serenum - ok
17:49:17.0448 3016 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
17:49:17.0463 3016 Serial - ok
17:49:17.0483 3016 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:49:17.0500 3016 sermouse - ok
17:49:17.0535 3016 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:49:17.0556 3016 SessionEnv - ok
17:49:17.0581 3016 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:49:17.0582 3016 sffdisk - ok
17:49:17.0609 3016 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:49:17.0625 3016 sffp_mmc - ok
17:49:17.0648 3016 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:49:17.0655 3016 sffp_sd - ok
17:49:17.0669 3016 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:49:17.0670 3016 sfloppy - ok
17:49:17.0730 3016 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:49:17.0755 3016 SharedAccess - ok
17:49:17.0811 3016 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:49:17.0828 3016 ShellHWDetection - ok
17:49:17.0859 3016 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:49:17.0881 3016 sisagp - ok
17:49:17.0901 3016 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:49:17.0919 3016 SiSRaid2 - ok
17:49:17.0974 3016 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:49:17.0991 3016 SiSRaid4 - ok
17:49:18.0064 3016 [ A61BEC28D555B65D1CE2604AF85AD9BE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:49:18.0137 3016 SkypeUpdate - ok
17:49:18.0515 3016 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:49:19.0282 3016 slsvc - ok
17:49:19.0352 3016 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:49:19.0368 3016 SLUINotify - ok
17:49:19.0433 3016 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:49:19.0479 3016 Smb - ok
17:49:19.0542 3016 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:49:19.0555 3016 SNMPTRAP - ok
17:49:19.0601 3016 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:49:19.0602 3016 spldr - ok
17:49:19.0719 3016 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:49:19.0742 3016 Spooler - ok
17:49:19.0780 3016 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:49:19.0833 3016 srv - ok
17:49:19.0899 3016 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:49:19.0916 3016 srv2 - ok
17:49:19.0982 3016 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:49:20.0009 3016 srvnet - ok
17:49:20.0062 3016 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:49:20.0072 3016 SSDPSRV - ok
17:49:20.0098 3016 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:49:20.0119 3016 SstpSvc - ok
17:49:20.0292 3016 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:49:20.0364 3016 stisvc - ok
17:49:20.0414 3016 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:49:20.0415 3016 swenum - ok
17:49:20.0536 3016 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:49:20.0600 3016 swprv - ok
17:49:20.0653 3016 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:49:20.0674 3016 Symc8xx - ok
17:49:20.0697 3016 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:49:20.0710 3016 Sym_hi - ok
17:49:20.0767 3016 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:49:20.0787 3016 Sym_u3 - ok
17:49:20.0851 3016 [ D2AA5D5FDB821EB5F9366C5E3BC2D9EA ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:49:20.0853 3016 SynTP - ok
17:49:20.0963 3016 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:49:21.0014 3016 SysMain - ok
17:49:21.0065 3016 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:49:21.0085 3016 TabletInputService - ok
17:49:21.0193 3016 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:49:21.0293 3016 TapiSrv - ok
17:49:21.0335 3016 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:49:21.0339 3016 TBS - ok
17:49:21.0543 3016 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:49:21.0649 3016 Tcpip - ok
17:49:21.0758 3016 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:49:21.0767 3016 Tcpip6 - ok
17:49:21.0843 3016 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:49:21.0851 3016 tcpipreg - ok
17:49:21.0899 3016 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:49:21.0901 3016 TDPIPE - ok
17:49:21.0918 3016 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:49:21.0920 3016 TDTCP - ok
17:49:21.0983 3016 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:49:22.0067 3016 tdx - ok
17:49:22.0177 3016 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:49:22.0179 3016 TermDD - ok
17:49:22.0452 3016 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:49:22.0594 3016 TermService - ok
17:49:22.0637 3016 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:49:22.0643 3016 Themes - ok
17:49:22.0660 3016 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:49:22.0662 3016 THREADORDER - ok
17:49:22.0698 3016 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:49:22.0778 3016 TrkWks - ok
17:49:22.0980 3016 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:49:23.0024 3016 TrustedInstaller - ok
17:49:23.0095 3016 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:49:23.0137 3016 tssecsrv - ok
17:49:23.0188 3016 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:49:23.0199 3016 tunmp - ok
17:49:23.0260 3016 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:49:23.0280 3016 tunnel - ok
17:49:23.0313 3016 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:49:23.0336 3016 uagp35 - ok
17:49:23.0428 3016 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:49:23.0546 3016 udfs - ok
17:49:23.0576 3016 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:49:23.0591 3016 UI0Detect - ok
17:49:23.0637 3016 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:49:23.0663 3016 uliagpkx - ok
17:49:23.0701 3016 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:49:23.0722 3016 uliahci - ok
17:49:23.0747 3016 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:49:23.0773 3016 UlSata - ok
17:49:23.0794 3016 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:49:23.0806 3016 ulsata2 - ok
17:49:23.0826 3016 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:49:23.0842 3016 umbus - ok
17:49:23.0924 3016 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:49:23.0941 3016 upnphost - ok
17:49:24.0030 3016 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:49:24.0065 3016 USBAAPL - ok
17:49:24.0095 3016 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:24.0172 3016 usbccgp - ok
17:49:24.0197 3016 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:49:24.0200 3016 usbcir - ok
17:49:24.0284 3016 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:49:24.0297 3016 usbehci - ok
17:49:24.0391 3016 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:49:24.0405 3016 usbhub - ok
17:49:24.0444 3016 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:49:24.0452 3016 usbohci - ok
17:49:24.0475 3016 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:49:24.0481 3016 usbprint - ok
17:49:24.0502 3016 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:49:24.0518 3016 USBSTOR - ok
17:49:24.0542 3016 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:49:24.0556 3016 usbuhci - ok
17:49:24.0627 3016 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:49:24.0645 3016 usbvideo - ok
17:49:24.0713 3016 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:49:24.0727 3016 UxSms - ok
17:49:24.0858 3016 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:49:24.0920 3016 vds - ok
17:49:25.0014 3016 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:49:25.0033 3016 vga - ok
17:49:25.0094 3016 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:49:25.0127 3016 VgaSave - ok
17:49:25.0163 3016 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:49:25.0180 3016 viaagp - ok
17:49:25.0203 3016 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:49:25.0218 3016 ViaC7 - ok
17:49:25.0240 3016 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
17:49:25.0258 3016 viaide - ok
17:49:25.0327 3016 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:49:25.0340 3016 volmgr - ok
17:49:25.0459 3016 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:49:25.0509 3016 volmgrx - ok
17:49:25.0573 3016 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:49:25.0596 3016 volsnap - ok
17:49:25.0624 3016 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:49:25.0665 3016 vsmraid - ok
17:49:25.0891 3016 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:49:25.0992 3016 VSS - ok
17:49:26.0131 3016 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:49:26.0160 3016 W32Time - ok
17:49:26.0228 3016 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:49:26.0235 3016 WacomPen - ok
17:49:26.0255 3016 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:49:26.0262 3016 Wanarp - ok
17:49:26.0271 3016 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:49:26.0273 3016 Wanarpv6 - ok
17:49:26.0384 3016 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:49:26.0414 3016 wcncsvc - ok
17:49:26.0436 3016 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:49:26.0450 3016 WcsPlugInService - ok
17:49:26.0468 3016 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
17:49:26.0470 3016 Wd - ok
17:49:26.0571 3016 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:49:26.0602 3016 Wdf01000 - ok
17:49:26.0622 3016 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:49:26.0635 3016 WdiServiceHost - ok
17:49:26.0657 3016 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:49:26.0666 3016 WdiSystemHost - ok
17:49:26.0776 3016 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:49:26.0816 3016 WebClient - ok
17:49:26.0895 3016 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:49:26.0923 3016 Wecsvc - ok
17:49:26.0968 3016 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:49:26.0973 3016 wercplsupport - ok
17:49:27.0001 3016 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:49:27.0018 3016 WerSvc - ok
17:49:27.0154 3016 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:49:27.0160 3016 WinDefend - ok
17:49:27.0169 3016 WinHttpAutoProxySvc - ok
17:49:27.0293 3016 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:49:27.0297 3016 Winmgmt - ok
17:49:27.0528 3016 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:49:27.0609 3016 WinRM - ok
17:49:27.0735 3016 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:49:27.0781 3016 Wlansvc - ok
17:49:27.0839 3016 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:49:27.0854 3016 WmiAcpi - ok
17:49:27.0911 3016 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:49:27.0930 3016 wmiApSrv - ok
17:49:28.0129 3016 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:49:28.0163 3016 WMPNetworkSvc - ok
17:49:28.0307 3016 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:49:28.0359 3016 WPCSvc - ok
17:49:28.0448 3016 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:49:28.0476 3016 WPDBusEnum - ok
17:49:28.0576 3016 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:49:28.0609 3016 WpdUsb - ok
17:49:28.0987 3016 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:49:29.0032 3016 WPFFontCache_v0400 - ok
17:49:29.0052 3016 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:49:29.0075 3016 ws2ifsl - ok
17:49:29.0146 3016 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
17:49:29.0161 3016 wscsvc - ok
17:49:29.0168 3016 WSearch - ok
17:49:29.0359 3016 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:49:29.0549 3016 wuauserv - ok
17:49:29.0598 3016 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:49:29.0641 3016 WUDFRd - ok
17:49:29.0696 3016 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:49:29.0709 3016 wudfsvc - ok
17:49:29.0731 3016 ================ Scan global ===============================
17:49:29.0779 3016 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:49:29.0886 3016 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:49:29.0948 3016 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:49:30.0023 3016 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:49:30.0042 3016 [Global] - ok
17:49:30.0042 3016 ================ Scan MBR ==================================
17:49:30.0061 3016 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:49:31.0713 3016 \Device\Harddisk0\DR0 - ok
17:49:31.0714 3016 ================ Scan VBR ==================================
17:49:31.0735 3016 [ FF0006F216D4EFAAE715D2645D324BAB ] \Device\Harddisk0\DR0\Partition1
17:49:31.0770 3016 \Device\Harddisk0\DR0\Partition1 - ok
17:49:31.0770 3016 ============================================================
17:49:31.0770 3016 Scan finished
17:49:31.0770 3016 ============================================================
17:49:31.0785 2120 Detected object count: 0
17:49:31.0785 2120 Actual detected object count: 0
17:49:43.0701 3924 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-21 17:51:20
-----------------------------
17:51:20.387 OS Version: Windows 6.0.6002 Service Pack 2
17:51:20.387 Number of processors: 2 586 0xF0D
17:51:20.388 ComputerName: PC-PACKARDBELL UserName: Administrator
17:51:49.144 Initialize success
17:54:45.916 AVAST engine defs: 12092100
17:54:57.686 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
17:54:57.690 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
17:54:57.742 Disk 0 MBR read successfully
17:54:57.746 Disk 0 MBR scan
17:54:57.752 Disk 0 Windows VISTA default MBR code
17:54:57.757 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
17:54:57.771 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 292952 MB offset 25173855
17:54:57.779 Disk 0 scanning sectors +625140400
17:54:57.859 Disk 0 scanning C:\Windows\system32\drivers
17:55:08.829 Service scanning
17:55:32.161 Modules scanning
17:55:37.558 Disk 0 trace - called modules:
17:55:37.610 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys
17:55:37.616 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85614ac8]
17:55:37.622 3 CLASSPNP.SYS[89fa18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x84edfb98]
17:55:39.602 AVAST engine scan C:\Windows
17:55:44.650 AVAST engine scan C:\Windows\system32
17:59:05.268 AVAST engine scan C:\Windows\system32\drivers
17:59:19.544 AVAST engine scan C:\Users\Administrator
18:19:03.026 AVAST engine scan C:\ProgramData
18:22:23.774 Scan finished successfully
18:24:25.520 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Documents\Desktop\MBR.dat"
18:24:25.528 The log file has been saved successfully to "C:\Users\Administrator\Documents\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   554bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 21 September 2012 - 12:26 PM

Your logs are clean.

You may be asked to update your version of ComboFox please do.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review.

#5 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 September 2012 - 02:31 PM

Combofix still detects ZeroAccess in the tcp/ip stack, asks to reboot and after the reboot there is no combofix.txt log in c:/
I also noticed that there are two "desktop" folders, one in /Users/<user>/Desktop and one in /Users/<user>/Documents/Desktop.
This is a Vista PC and I don't know if this is the correct locations as I am a Linux/Unix user.
Remaining logs following.

Regards




Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versione 1.65.0.1400
Java™ 6 Update 20
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


# AdwCleaner v2.002 - Logfile created 09/21/2012 at 21:26:50
# Updated 16/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Administrator - PC-PACKARDBELL
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Documents\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\fast.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Veoh_Web_Player
Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Folder Deleted : C:\Users\Administrator\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Administrator\AppData\Local\SanctionedMedia
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Users\Administrator\AppData\Roaming\FissaSearch
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hu5ozeh2.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\Administrator\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\FissaSearch
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BarDiscover
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotbarsa
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smad
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Veoh_Web_Player Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E114CB1-93AE-480A-8D89-2921B5F3C857}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad
Key Deleted : HKCU\Software\SanctionedMedia
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E114CB1-93AE-480A-8D89-2921B5F3C857}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2102507
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AB94E67-BB35-48F5-8054-497328FE846E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96EC1D90-6413-4417-BE1B-4AB461023550}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8E114CB1-93AE-480A-8D89-2921B5F3C857}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Key Deleted : HKLM\Software\Veoh_Web_Player
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hu5ozeh2.default\prefs.js

Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8184 octets] - [21/09/2012 21:26:50]

########## EOF - C:\AdwCleaner[S1].txt - [8244 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 22 September 2012 - 08:02 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 20


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

I also noticed that there are two "desktop" folders, one in /Users/<user>/Desktop and one in /Users/<user>/Documents/Desktop.

Is there any files in these folders?
What are they?

===

Rootkit Zeroaccess inserts itself into the TCP/IP stack and it’s extremely tough to get rid of. The TCP/IP stack is usually corrupted and needs to be repaired/reinstalled.


Lets see what I can find.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Please post the logs for my review.

#7 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 22 September 2012 - 03:44 PM

Hi, I updated Java and Reader.
Regarding the two Desktop folders, they are "complementary" to each other. Each folders contains different documents and files, written by my friend and apparently legit.
I moved them all in one folder withou problems.

Here's the logs you requested, OTL created only one log OTL.txt, there is no Extras.txt.

Thank you again for your help.



Farbar Service Scanner Version: 19-09-2012
Ran by Administrator (administrator) on 22-09-2012 at 22:20:40
Running from "C:\Users\Administrator\Documents\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


OTL logfile created on: 22/09/2012 22.22.21 - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Administrator\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,93 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,61% Memory free
6,06 Gb Paging File | 5,10 Gb Available in Paging File | 84,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 189,34 Gb Free Space | 66,18% Space Free | Partition Type: NTFS

Computer Name: PC-PACKARDBELL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Documents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Programmi\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programmi\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programmi\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmi\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Programmi\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Programmi\IZArc\IZArcCM.dll ()
MOD - C:\Programmi\Common Files\Nero\Lib\log4cxx.dll ()


========== Services (SafeList) ==========

SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\system32\IoctlSvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Giraffic) -- C:\Programmi\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (odserv) -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programmi\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (ose) -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_it&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)


[2010/09/24 01.23.24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011/01/17 22.46.38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\7l84ikhy.default\extensions
[2010/09/24 11.54.40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\7l84ikhy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/24 01.23.30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\7l84ikhy.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2012/09/21 21.26.52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\hu5ozeh2.default\extensions
[2011/01/20 10.50.49 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2009/12/13 18.28.14 | 000,000,000 | ---D | M] (Seekdns) -- C:\Programmi\Mozilla Firefox\extensions\{7BA9F755-DCD4-4B60-8AE8-EE3662C7C733}
[2009/03/31 22.47.26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2010/09/24 01.23.30 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/12/13 18.28.14 | 000,002,385 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seekdns127.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2011/03/24 20.24.24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A746911-078F-430C-8A0E-44C65DB8B445}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDCCF1B3-765D-44C3-AEC6-BF4C1C54FED7}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2006/09/18 23.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 22.18.54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/22 22.02.54 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/22 22.02.54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/22 22.02.31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/22 22.02.31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/22 22.02.31 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/22 21.57.42 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Documents\Desktop\OTL.exe
[2012/09/22 21.57.26 | 000,693,265 | ---- | C] (Farbar) -- C:\Users\Administrator\Documents\Desktop\FSS.exe
[2012/09/22 00.00.10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/09/22 00.00.08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 21.03.14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/21 21.03.14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/21 21.03.14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/21 21.02.59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/21 20.58.22 | 004,754,243 | R--- | C] (Swearware) -- C:\Users\Administrator\Documents\Desktop\ComboFix.exe
[2012/09/21 17.50.51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Documents\Desktop\aswMBR.exe
[2012/09/19 16.04.38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/09/19 02.00.06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Documents\Desktop\dds.com
[2012/09/19 00.22.52 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Documents\Desktop\TDSSKiller.exe
[2012/09/18 23.41.36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/18 22.01.29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/18 22.01.28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/18 22.01.28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/18 20.41.36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/09/18 19.25.50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/18 19.25.50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/18 19.25.49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/18 19.06.00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/09/18 19.05.59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/09/18 19.05.51 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/09/18 15.37.10 | 000,000,000 | ---D | C] -- C:\$HBCDTmp
[2012/09/18 01.48.19 | 000,000,000 | ---D | C] -- C:\Quarantine
[2012/09/14 01.22.37 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.com
[2012/08/30 00.16.57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/30 00.16.56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/30 00.16.55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/30 00.16.54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/30 00.16.54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/30 00.16.53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/30 00.16.52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/30 00.16.38 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/27 18.59.33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Desktop\foto rosi

========== Files - Modified Within 30 Days ==========

[2012/09/22 22.19.27 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/22 22.02.14 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/22 22.02.09 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/22 22.02.09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/22 22.02.08 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/22 22.02.08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/22 22.00.00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Garanzia estesa-Packard Bell.job
[2012/09/22 21.59.59 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Packard Bell.job
[2012/09/22 21.57.42 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Documents\Desktop\OTL.exe
[2012/09/22 21.57.26 | 000,693,265 | ---- | M] (Farbar) -- C:\Users\Administrator\Documents\Desktop\FSS.exe
[2012/09/22 21.48.49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 21.48.49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 21.48.44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 21.48.39 | 3146,674,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/21 23.58.44 | 004,754,243 | R--- | M] (Swearware) -- C:\Users\Administrator\Documents\Desktop\ComboFix.exe
[2012/09/21 22.34.59 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/21 21.15.13 | 000,512,737 | ---- | M] () -- C:\Users\Administrator\Documents\Desktop\adwcleaner.exe
[2012/09/21 21.15.02 | 000,881,724 | ---- | M] () -- C:\Users\Administrator\Documents\Desktop\SecurityCheck.exe
[2012/09/21 20.55.34 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 20.55.34 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/21 20.54.54 | 000,001,210 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-514333706-690882925-158650653-500UA.job
[2012/09/21 18.25.01 | 000,000,554 | ---- | M] () -- C:\Users\Administrator\Documents\Desktop\MBR.zip
[2012/09/21 17.51.06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Documents\Desktop\aswMBR.exe
[2012/09/19 22.36.27 | 001,382,912 | ---- | M] () -- C:\Users\Administrator\Documents\Desktop\RogueKiller.exe
[2012/09/19 18.46.41 | 000,000,069 | ---- | M] () -- C:\Windows\System32\.directory
[2012/09/19 02.00.22 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Documents\Desktop\nfgrjs8e.exe
[2012/09/19 02.00.07 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Documents\Desktop\dds.com
[2012/09/18 23.41.10 | 000,674,800 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/09/18 23.41.10 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/18 23.41.10 | 000,124,440 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/09/18 23.41.10 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/18 23.40.00 | 000,001,188 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-514333706-690882925-158650653-500Core.job
[2012/09/18 22.01.29 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/18 21.08.45 | 094,820,904 | ---- | M] () -- C:\Users\Administrator\Documents\Desktop\avira_free_antivirus_it.exe
[2012/09/18 20.53.27 | 000,384,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/18 14.46.59 | 000,000,045 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\msconfig.ini
[2012/09/18 14.42.13 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/09/17 19.25.14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Documents\Desktop\TDSSKiller.exe
[2012/09/14 01.22.36 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.com
[2012/09/07 17.04.46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/09/22 22.19.27 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/22 22.19.27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/21 21.15.13 | 000,512,737 | ---- | C] () -- C:\Users\Administrator\Documents\Desktop\adwcleaner.exe
[2012/09/21 21.15.00 | 000,881,724 | ---- | C] () -- C:\Users\Administrator\Documents\Desktop\SecurityCheck.exe
[2012/09/21 21.03.14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/21 21.03.14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/21 21.03.14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/21 21.03.14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/21 21.03.14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/21 18.25.01 | 000,000,554 | ---- | C] () -- C:\Users\Administrator\Documents\Desktop\MBR.zip
[2012/09/19 22.36.06 | 001,382,912 | ---- | C] () -- C:\Users\Administrator\Documents\Desktop\RogueKiller.exe
[2012/09/19 22.33.40 | 3146,674,176 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/19 18.46.41 | 000,000,069 | ---- | C] () -- C:\Windows\System32\.directory
[2012/09/19 02.00.20 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Documents\Desktop\nfgrjs8e.exe
[2012/09/18 22.01.29 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/18 21.05.46 | 094,820,904 | ---- | C] () -- C:\Users\Administrator\Documents\Desktop\avira_free_antivirus_it.exe
[2012/08/30 00.47.49 | 000,000,045 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\msconfig.ini
[2012/01/31 23.17.54 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2012/01/10 09.10.59 | 000,012,606 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\767t3m7h5421
[2012/01/10 09.10.59 | 000,012,606 | -HS- | C] () -- C:\ProgramData\767t3m7h5421
[2011/03/24 17.49.28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/16 16.15.43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/16 16.13.06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/20 11.37.25 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010/09/23 17.22.09 | 000,000,112 | ---- | C] () -- C:\ProgramData\gMyOKx.dat
[2010/01/05 13.58.35 | 000,075,264 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/09/18 21.18.04 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB50656$\3108142242\L
[2012/01/10 09.10.48 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB50656$\3108142242\U
[2010/09/21 15.32.20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\LocalLow\Microsoft\Silverlight\is\k555wl1j.k5c\ivihat3c.sq5\1\l
[2012/04/04 17.42.12 | 000,000,082 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CM2XN4F9\t.cxt.ms\lso.swf\u.sol
[2012/01/22 00.31.00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CM2XN4F9\www8.agame.com\games\flash\l
[2006/11/02 14.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2010/09/24 01.26.22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\78D52A08C47C0F9E511720FDD5BA9EA8
[2010/09/27 11.34.26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azze
[2010/09/25 21.04.09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\banshee-1
[2011/03/14 19.38.28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Codye
[2011/01/20 19.00.07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dev-Cpp
[2010/09/24 01.08.00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\download
[2010/03/20 12.42.29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Enuz
[2011/03/24 17.19.47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hokua
[2010/09/29 16.00.24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mirah
[2011/03/24 17.19.47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opcaet
[2011/01/20 19.21.35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ucda
[2010/09/30 19.05.39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Veoced

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/07 17.04.46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/09/22 00.00.14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-514333706-690882925-158650653-500\$I91MH86.lnk
[2012/09/22 22.20.01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-514333706-690882925-158650653-500\$IGENNYQ.exe
[2012/09/22 00.00.14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-514333706-690882925-158650653-500\$IOFOV7E.lnk
[2010/01/09 13.02.48 | 000,001,186 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-514333706-690882925-158650653-500\$R91MH86.lnk
[2012/09/22 22.01.19 | 031,175,144 | ---- | M] (Oracle Corporation) -- c:\$recycle.bin\S-1-5-21-514333706-690882925-158650653-500\$RGENNYQ.exe
[2011/09/10 15.19.54 | 000,001,995 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-514333706-690882925-158650653-500\$ROFOV7E.lnk
[2012/09/22 00.00.08 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-514333706-690882925-158650653-500\desktop.ini
[2006/11/02 15.01.49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 15.01.49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/31 11.09.33 | 000,000,354 | ---- | C] () -- C:\Windows\Tasks\Recovery DVD Creator-Packard Bell.job
[2009/12/31 11.09.34 | 000,000,354 | ---- | C] () -- C:\Windows\Tasks\Garanzia estesa-Packard Bell.job
[2012/04/19 19.25.57 | 000,000,978 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/04/28 19.54.58 | 000,001,188 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-514333706-690882925-158650653-500Core.job
[2012/04/28 19.54.59 | 000,001,210 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-514333706-690882925-158650653-500UA.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-18 17:38:31

< MD5 for: AGP440.SYS >
[2008/01/21 04.23.01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 04.23.01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04.23.01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04.23.01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04.23.01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04.23.01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11.49.52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 08.32.26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 08.32.26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 08.32.26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08.32.26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04.23.00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04.23.00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11.49.36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 08.27.20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 08.27.20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/21 04.24.45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/21 04.23.44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\ERDNT\cache\beep.sys
[2008/01/21 04.23.44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/21 04.23.44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11.46.03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 11.46.03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11.46.03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 08.20.29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08.29.41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05.59.17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 08.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04.15.02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04.24.24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/21 04.23.23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04.23.23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04.23.23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11.51.25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009/02/13 10.21.09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2011/04/12 16.53.05 | 000,890,368 | ---- | M] (Microsoft Corporation) MD5=306835D4E74E49A5D10F0FCA0B422EB1 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[2011/04/12 16.30.37 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=497A2DA8181560B3E2F8FFE0092FD1E6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[2011/04/12 17.08.23 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=7062DEB220FA1CCB1B65FC40D6E7D807 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[2009/02/13 09.26.37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 09.13.01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/04/11 08.28.20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\ERDNT\cache\kernel32.dll
[2009/04/11 08.28.20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[2009/02/13 10.49.05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/21 04.24.13 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2011/04/12 18.07.38 | 000,892,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2011/04/12 18.07.38 | 000,892,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/04/11 08.28.22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/11 08.28.22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 08.28.22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 04.24.02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/04/11 08.32.49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009/04/11 08.32.49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08.32.49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/21 04.23.50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 08.28.23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 08.28.23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08.28.23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04.24.05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/11 08.32.49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\ERDNT\cache\ntfs.sys
[2009/04/11 08.32.49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/11 08.32.49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008/01/21 04.23.51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/21 04.25.28 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 11.50.13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04.23.21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04.23.21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04.23.21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 11.45.33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 11.45.33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/21 04.25.00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 08.28.23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 08.28.23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 08.28.23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/21 04.24.50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08.28.24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 08.28.24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08.28.24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 15.32.33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[2009/04/11 08.28.05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008/01/21 04.24.45 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2010/08/17 16.11.37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/08/17 16.11.37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\System32\spoolsv.exe
[2010/08/17 16.11.37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[2010/08/17 16.20.09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[2010/08/17 15.27.48 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 04.23.43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 04.23.43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04.23.43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17.04.42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 08.28.24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\ERDNT\cache\termsrv.dll
[2009/04/11 08.28.24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\System32\termsrv.dll
[2009/04/11 08.28.24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008/01/21 04.24.12 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 04.24.49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 04.24.49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04.24.49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< End of report >

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 23 September 2012 - 08:15 AM

Please download Vista.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
bit.reg
bfe.reg
mpssvc.reg
nsiproxy.reg
sdrsvc.reg
tdx.reg
wscsvc.reg
windefend.reg
wuauserv.reg

legacy_afd.reg
legacy_bfe.reg
Legacy_bit.reg
legacy_mpssvc.reg
legacy_nsiproxy.reg
legacy_sdrsvc.reg
legacy_tdx.reg
Legacy_windefend.reg
legacy_wscsvc.reg
legacy_wuauserv.reg

start_services.bat


Double-click each one of the 4 .reg files in turn
bfe.reg
mpssvc.reg
legacy_bfe.reg
legacy_mpssvc.reg
and click Yes to add it to the Registry
Allow registry merge.
When the 4 file have been executed.

Restart computer.

Note: Ignore this error:
"Cannot import C:\...\Desktop\Legacy_xxx.reg:
Not all data was successfully written to the registry. Some keys are open by the system or other processes."
Just continue executing the remaining .reg files.
===

Click Start and in "Search Box" type in:
regedit
Press Enter.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Allow" in "Full control" row.
Click "Apply" then "OK".

Close regedit and go back to your Desktop find start_services.bat Right click on it, click "Run As Administrator" to run the fix. Agree any alerts, then re-boot.
===

Run the Farbar Service Scanner again and post a fresh FSS.txt log.
===

This fix should reset your Windows Firewall.

Any other issues?

#9 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 23 September 2012 - 09:30 AM

Hi, the error:

"Cannot import C:\...\Desktop\Legacy_xxx.reg" tells me that is impossible to open system registry (in italian)
Btw, here's my fss log, should I try to run combofix again?

Regards

Edit: waiting for your reply I updated and run Combofix again and it gave me the same error, ZeroAccess infected tcp/ip stack


Farbar Service Scanner Version: 19-09-2012
Ran by Administrator (administrator) on 23-09-2012 at 16:26:15
Running from "C:\Users\Administrator\Documents\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by lucaspeed, 23 September 2012 - 10:21 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 23 September 2012 - 10:44 AM

"Cannot import C:\...\Desktop\Legacy_xxx.reg" tells me that is impossible to open system registry (in italian)
Btw, here's my fss log.

That's ok. I did mentioned it in my note.
===

Your TCIP stack is corrupted. That is not my forte.

I suggest you start a new topic in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

An expert in that field should be able to help you.
===


If all is well here:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#11 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 23 September 2012 - 12:18 PM

Thank you very much for your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users