Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Homepage has been HiJacked!!!


  • This topic is locked This topic is locked
27 replies to this topic

#1 Djsmoov

Djsmoov

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 30 September 2012 - 09:01 PM

Hi,

I am hoping someone can help me with this issue. I have tried everything and i mean everything to try and rid this trojan from my computer with no luck at all, but doesnt matter what I do, my homepage is still stuck at
(http://home.webalta.ru/).

I have scanned my computer with countless programs

Noted in other post : http://www.bleepingcomputer.com/forums/topic470287.html

I have also tried removing (webalta) entries in the registry both in normal and safemodes, but this damn website still keeps popping up everyone. I dont know what else to do. Changing homepage in internet options does nothing at all.

Any HELP would be much appreciated

Thanks in advance

DDS LOG

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mrsmoov at 11:51:17 on 2012-10-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.12250.9818 [GMT 10:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.Google.com/
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Mrsmoov\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
StartupFolder: C:\Users\Mrsmoov\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E525E9C6-4145-4F33-BC4A-F75306A6F7A8} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
BHO-X64: MyAshampoo - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mrsmoov\AppData\Roaming\Mozilla\Firefox\Profiles\at2me4is.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Mrsmoov\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\drivers\iusb3hcs.sys --> C:\Windows\system32\drivers\iusb3hcs.sys [?]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-20 676936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-23 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-20 250288]
S3 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
S3 AMDCIR64;AMDCIR64;C:\Windows\system32\drivers\AMDCIR64.sys --> C:\Windows\system32\drivers\AMDCIR64.sys [?]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\drivers\amdhub30.sys --> C:\Windows\system32\drivers\amdhub30.sys [?]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\amdxhc.sys --> C:\Windows\system32\drivers\amdxhc.sys [?]
S3 asahci64;asahci64;C:\Windows\system32\drivers\asahci64.sys --> C:\Windows\system32\drivers\asahci64.sys [?]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\drivers\asmthub3.sys --> C:\Windows\system32\drivers\asmthub3.sys [?]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\drivers\asmtxhci.sys --> C:\Windows\system32\drivers\asmtxhci.sys [?]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\drivers\b57xdbd.sys --> C:\Windows\system32\drivers\b57xdbd.sys [?]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\drivers\b57xdmp.sys --> C:\Windows\system32\drivers\b57xdmp.sys [?]
S3 bScsiMSa;bScsiMSa;C:\Windows\system32\drivers\bScsiMSa.sys --> C:\Windows\system32\drivers\bScsiMSa.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-6-20 135584]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-23 116648]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\IAMTVE.sys --> C:\Windows\system32\drivers\IAMTVE.sys [?]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\IAMTXPE.sys --> C:\Windows\system32\drivers\IAMTXPE.sys [?]
S3 IFCoEMP;IFCoEMP;C:\Windows\system32\drivers\ifM52x64.sys --> C:\Windows\system32\drivers\ifM52x64.sys [?]
S3 IFCoEVB;IFCoEVB;C:\Windows\system32\drivers\ifP52X64.sys --> C:\Windows\system32\drivers\ifP52X64.sys [?]
S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\system32\drivers\ISCTD64.sys --> C:\Windows\system32\drivers\ISCTD64.sys [?]
S3 iSSetup;iSSetup;C:\Windows\system32\drivers\iSSetup.sys --> C:\Windows\system32\drivers\iSSetup.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-20 114144]
S3 mv91cons;mv91cons;C:\Windows\system32\drivers\mv91cons.sys --> C:\Windows\system32\drivers\mv91cons.sys [?]
S3 mv91xx;mv91xx;C:\Windows\system32\drivers\mv91xx.sys --> C:\Windows\system32\drivers\mv91xx.sys [?]
S3 mvs91xx;mvs91xx;C:\Windows\system32\drivers\mvs91xx.sys --> C:\Windows\system32\drivers\mvs91xx.sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 nvamacpi;nvamacpi;C:\Windows\system32\drivers\NVAMACPI.sys --> C:\Windows\system32\drivers\NVAMACPI.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-30 06:20:56 -------- d-----w- C:\ProgramData\GFI Software
2012-09-30 06:01:07 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2012-09-30 05:49:20 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-30 05:48:45 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-30 05:48:45 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-09-30 05:42:34 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-30 05:34:22 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2012-09-30 05:34:20 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-09-30 03:58:40 -------- d-----w- C:\JRT
2012-09-26 09:35:55 -------- d-----w- C:\Users\Mrsmoov\AppData\Local\ElevatedDiagnostics
2012-09-26 03:01:04 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 17:00:44 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-09-23 04:26:33 -------- d-----w- C:\Users\Mrsmoov\AppData\Roaming\Ad-Aware Antivirus
2012-09-22 16:18:13 -------- d-----w- C:\ProgramData\RELOADED
2012-09-20 06:39:07 -------- d-----w- C:\Users\Mrsmoov\AppData\Local\Macromedia
2012-09-20 06:03:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-20 04:29:11 -------- d-----w- C:\Users\Mrsmoov\AppData\Roaming\EuroTB
2012-09-19 12:08:58 -------- d-----w- C:\Users\Mrsmoov\AppData\Local\FLT
2012-09-16 05:21:07 -------- d-----w- C:\Users\Mrsmoov\AppData\Local\GameStop
2012-09-13 11:01:29 -------- d-----w- C:\temp
2012-09-13 11:00:17 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-09-13 11:00:17 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-09-12 07:04:57 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 07:04:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 07:04:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 07:04:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:04:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 07:04:54 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 07:04:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 12:50:19 -------- d-sh--w- C:\ProgramData\DSS
2012-09-11 12:04:43 -------- d-----w- C:\Users\Mrsmoov\AppData\Roaming\Origin
2012-09-11 12:04:43 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-09-11 12:04:42 -------- d-----w- C:\Users\Mrsmoov\AppData\Local\Origin
2012-09-11 12:02:04 -------- d-----w- C:\ProgramData\Origin
2012-09-11 12:02:04 -------- d-----w- C:\ProgramData\Electronic Arts
2012-09-11 12:02:02 -------- d-----w- C:\Program Files (x86)\Origin
.
==================== Find3M ====================
.
2012-09-21 13:07:22 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 13:07:22 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 07:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-30 00:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-24 05:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-03 05:28:02 70800 ----a-w- C:\Windows\System32\VtSrdAPO.dll
2012-08-03 05:27:58 681104 ----a-w- C:\Windows\System32\VIASysFx.dll
2012-08-03 05:27:56 2993296 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2012-08-03 05:27:54 95376 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2012-08-03 05:27:52 1119376 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2012-08-03 05:27:50 27792 ----a-w- C:\Windows\System32\ViakaraokeSrv.exe
2012-08-03 05:27:48 123536 ----a-w- C:\Windows\System32\ViaKaraokePropPageExt.dll
2012-08-03 05:27:46 1161360 ----a-w- C:\Windows\System32\ViaKaraokeApo.dll
2012-08-03 05:27:44 2206352 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2012-08-03 05:27:38 55440 ----a-w- C:\Windows\System32\PropPageExt.dll
2012-08-03 05:27:36 92304 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2012-08-03 05:27:34 248976 ----a-w- C:\Windows\System32\Dts2APO.dll
2012-07-25 17:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 07:37:57 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 11:51:51.04 ===============


I noticed the GMER log is for 32 bit systems only if I read correctly >

Any help would be much appreciated :)

BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 30 September 2012 - 11:51 PM

Hello Djsmoov :)

  • I will be helping you with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

  • Please download and install CCleaner Slim
  • Open CCleaner and click the Options button
  • Now choose Advanced
  • Uncheck everything here except for Skip User Account Control warning
  • Now click the Cleaner button and press the Run Cleaner button at the bottom right of the program.
  • If this is your first time running this program, a prompt may appear asking for confirmation to delete temporary files. Go ahead and proceed.

__

Posted Image Please download and run TDSSKiller
  • VERY IMPORTANT: In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the Continue button.
  • Do NOT change the default action on your own unless instructed by a malware helper! Doing so may render your computer unbootable.
  • If threats were detected, TDSSKiller will require a reboot in order to attempt to clean the system.
  • After the scan is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Please attach this file to your next message.

__

Posted Image Please download RogueKiller to your desktop.
  • Now rename RogueKiller.exe to winlogon.exe
  • Double-click winlogon.exe to run. Right-click winlogon.exe and select "Run as administrator"
  • When it opens, press the Scan button
  • When the scan is finished, press the Delete button.
  • Attach the latest numbered RKreport.txt from your desktop to your next post.
__

Posted Image Please download Junkware Removal Tool to your desktop.
  • I noticed you ran this in your earlier thread, the tool has been updated to detect some of the entries you wish to remove.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please attach JRT.txt to your next message

__

Posted Image Please download OTL.

  • Save it to your desktop.
  • Right mouse click on the OTL icon on your desktop and select Run as Administrator
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Posted Image text-field.
    activex
    netsvcs
    %windir%\system32\drivers\*.sys /lockedfiles
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Attach both OTL.txt and Extras.txt for review.

Edited by thisisu, 01 October 2012 - 12:09 AM.
updated scans


#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 01 October 2012 - 12:08 AM

Djsmoov,

Please refresh this page as I have updated the instructions. :wink:

#4 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 12:50 AM

Thanks for the response!

I have attached the logs as per requested :

TDSSKiller

15:17:35.0650 5772 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:17:37.0650 5772 ============================================================
15:17:37.0650 5772 Current date / time: 2012/10/01 15:17:37.0650
15:17:37.0650 5772 SystemInfo:
15:17:37.0650 5772
15:17:37.0650 5772 OS Version: 6.1.7601 ServicePack: 1.0
15:17:37.0650 5772 Product type: Workstation
15:17:37.0650 5772 ComputerName: MRSMOOV-PC
15:17:37.0650 5772 UserName: Mrsmoov
15:17:37.0650 5772 Windows directory: C:\Windows
15:17:37.0650 5772 System windows directory: C:\Windows
15:17:37.0650 5772 Running under WOW64
15:17:37.0650 5772 Processor architecture: Intel x64
15:17:37.0650 5772 Number of processors: 8
15:17:37.0650 5772 Page size: 0x1000
15:17:37.0650 5772 Boot type: Normal boot
15:17:37.0650 5772 ============================================================
15:17:39.0428 5772 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:39.0441 5772 ============================================================
15:17:39.0441 5772 \Device\Harddisk0\DR0:
15:17:39.0441 5772 MBR partitions:
15:17:39.0441 5772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:17:39.0441 5772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19001000
15:17:39.0441 5772 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19033800, BlocksNum 0xCFDD4800
15:17:39.0441 5772 ============================================================
15:17:39.0487 5772 C: <-> \Device\Harddisk0\DR0\Partition2
15:17:39.0523 5772 D: <-> \Device\Harddisk0\DR0\Partition3
15:17:39.0523 5772 ============================================================
15:17:39.0523 5772 Initialize success
15:17:39.0523 5772 ============================================================
15:17:41.0074 2444 ============================================================
15:17:41.0074 2444 Scan started
15:17:41.0074 2444 Mode: Manual;
15:17:41.0074 2444 ============================================================
15:17:43.0263 2444 ================ Scan system memory ========================
15:17:43.0263 2444 System memory - ok
15:17:43.0263 2444 ================ Scan services =============================
15:17:43.0663 2444 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:17:43.0665 2444 1394ohci - ok
15:17:43.0670 2444 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:17:43.0672 2444 ACPI - ok
15:17:43.0681 2444 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:17:43.0682 2444 AcpiPmi - ok
15:17:43.0843 2444 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:43.0844 2444 AdobeARMservice - ok
15:17:44.0014 2444 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:44.0015 2444 AdobeFlashPlayerUpdateSvc - ok
15:17:44.0038 2444 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:17:44.0041 2444 adp94xx - ok
15:17:44.0056 2444 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:17:44.0059 2444 adpahci - ok
15:17:44.0071 2444 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:17:44.0072 2444 adpu320 - ok
15:17:44.0172 2444 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:17:44.0173 2444 AeLookupSvc - ok
15:17:44.0210 2444 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:17:44.0215 2444 AFD - ok
15:17:44.0217 2444 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:17:44.0218 2444 agp440 - ok
15:17:44.0239 2444 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:17:44.0240 2444 ALG - ok
15:17:44.0242 2444 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:17:44.0243 2444 aliide - ok
15:17:44.0271 2444 [ B107921C04A361FC487177340600D9F3 ] AMDCIR64 C:\Windows\system32\drivers\AMDCIR64.sys
15:17:44.0272 2444 AMDCIR64 - ok
15:17:44.0274 2444 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\drivers\amdhub30.sys
15:17:44.0276 2444 amdhub30 - ok
15:17:44.0277 2444 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:17:44.0278 2444 amdide - ok
15:17:44.0280 2444 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:17:44.0281 2444 AmdK8 - ok
15:17:44.0284 2444 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:17:44.0284 2444 AmdPPM - ok
15:17:44.0311 2444 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:17:44.0312 2444 amdsata - ok
15:17:44.0316 2444 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:17:44.0318 2444 amdsbs - ok
15:17:44.0329 2444 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:17:44.0330 2444 amdxata - ok
15:17:44.0333 2444 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\drivers\amdxhc.sys
15:17:44.0335 2444 amdxhc - ok
15:17:44.0351 2444 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
15:17:44.0352 2444 amd_sata - ok
15:17:44.0354 2444 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
15:17:44.0355 2444 amd_xata - ok
15:17:44.0356 2444 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:17:44.0357 2444 AppID - ok
15:17:44.0366 2444 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:17:44.0367 2444 AppIDSvc - ok
15:17:44.0373 2444 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:17:44.0374 2444 Appinfo - ok
15:17:44.0513 2444 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:44.0522 2444 Apple Mobile Device - ok
15:17:44.0551 2444 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:17:44.0553 2444 AppMgmt - ok
15:17:44.0556 2444 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:17:44.0557 2444 arc - ok
15:17:44.0559 2444 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:17:44.0560 2444 arcsas - ok
15:17:44.0563 2444 [ EB6DC008A1F36DFD7999EB57E97EAACE ] asahci64 C:\Windows\system32\drivers\asahci64.sys
15:17:44.0563 2444 asahci64 - ok
15:17:44.0566 2444 [ 0D721BEDC99072972A1C09C9FE549B07 ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
15:17:44.0568 2444 asmthub3 - ok
15:17:44.0577 2444 [ C401B8F26490DC3E5E47D3A91F87CD00 ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
15:17:44.0580 2444 asmtxhci - ok
15:17:44.0790 2444 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:17:44.0791 2444 aspnet_state - ok
15:17:44.0802 2444 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:44.0803 2444 AsyncMac - ok
15:17:44.0805 2444 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:17:44.0806 2444 atapi - ok
15:17:44.0823 2444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:17:44.0828 2444 AudioEndpointBuilder - ok
15:17:44.0834 2444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:17:44.0836 2444 AudioSrv - ok
15:17:44.0894 2444 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
15:17:44.0895 2444 Avgfwfd - ok
15:17:45.0060 2444 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
15:17:45.0109 2444 avgfws - ok
15:17:45.0215 2444 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:17:45.0232 2444 AVGIDSAgent - ok
15:17:45.0260 2444 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:17:45.0275 2444 AVGIDSDriver - ok
15:17:45.0294 2444 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:17:45.0295 2444 AVGIDSFilter - ok
15:17:45.0338 2444 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
15:17:45.0339 2444 AVGIDSHA - ok
15:17:45.0358 2444 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
15:17:45.0360 2444 Avgldx64 - ok
15:17:45.0381 2444 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
15:17:45.0382 2444 Avgmfx64 - ok
15:17:45.0408 2444 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
15:17:45.0409 2444 Avgrkx64 - ok
15:17:45.0444 2444 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
15:17:45.0447 2444 Avgtdia - ok
15:17:45.0473 2444 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:17:45.0474 2444 avgwd - ok
15:17:45.0505 2444 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:17:45.0506 2444 AxInstSV - ok
15:17:45.0512 2444 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:17:45.0515 2444 b06bdrv - ok
15:17:45.0527 2444 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:17:45.0529 2444 b57nd60a - ok
15:17:45.0531 2444 [ EDA290720D7F1850C37D9804D4DA00A8 ] b57xdbd C:\Windows\system32\drivers\b57xdbd.sys
15:17:45.0533 2444 b57xdbd - ok
15:17:45.0535 2444 [ 3EFF83B98B7975E4D76F59232FFBA3B4 ] b57xdmp C:\Windows\system32\drivers\b57xdmp.sys
15:17:45.0535 2444 b57xdmp - ok
15:17:45.0565 2444 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:17:45.0566 2444 BDESVC - ok
15:17:45.0568 2444 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:17:45.0569 2444 Beep - ok
15:17:45.0603 2444 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:17:45.0608 2444 BFE - ok
15:17:45.0638 2444 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:17:45.0667 2444 BITS - ok
15:17:45.0669 2444 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:17:45.0670 2444 blbdrive - ok
15:17:45.0778 2444 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:17:45.0780 2444 Bonjour Service - ok
15:17:45.0799 2444 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:17:45.0800 2444 bowser - ok
15:17:45.0802 2444 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:17:45.0803 2444 BrFiltLo - ok
15:17:45.0805 2444 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:17:45.0806 2444 BrFiltUp - ok
15:17:45.0829 2444 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:17:45.0830 2444 Browser - ok
15:17:45.0834 2444 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:17:45.0836 2444 Brserid - ok
15:17:45.0838 2444 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:17:45.0839 2444 BrSerWdm - ok
15:17:45.0841 2444 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:17:45.0841 2444 BrUsbMdm - ok
15:17:45.0843 2444 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:17:45.0844 2444 BrUsbSer - ok
15:17:45.0851 2444 [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa C:\Windows\system32\drivers\bScsiMSa.sys
15:17:45.0852 2444 bScsiMSa - ok
15:17:45.0900 2444 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:17:45.0901 2444 BthEnum - ok
15:17:45.0903 2444 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:17:45.0904 2444 BTHMODEM - ok
15:17:45.0921 2444 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:17:45.0922 2444 BthPan - ok
15:17:45.0950 2444 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:17:45.0955 2444 BTHPORT - ok
15:17:45.0973 2444 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:17:45.0974 2444 bthserv - ok
15:17:45.0990 2444 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:17:45.0991 2444 BTHUSB - ok
15:17:45.0993 2444 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:17:45.0994 2444 cdfs - ok
15:17:45.0997 2444 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:17:45.0998 2444 cdrom - ok
15:17:46.0017 2444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:17:46.0018 2444 CertPropSvc - ok
15:17:46.0020 2444 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:17:46.0021 2444 circlass - ok
15:17:46.0032 2444 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:17:46.0034 2444 CLFS - ok
15:17:46.0138 2444 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:46.0139 2444 clr_optimization_v2.0.50727_32 - ok
15:17:46.0216 2444 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:46.0217 2444 clr_optimization_v2.0.50727_64 - ok
15:17:46.0379 2444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:46.0380 2444 clr_optimization_v4.0.30319_32 - ok
15:17:46.0390 2444 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:46.0391 2444 clr_optimization_v4.0.30319_64 - ok
15:17:46.0393 2444 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:17:46.0394 2444 CmBatt - ok
15:17:46.0396 2444 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:17:46.0397 2444 cmdide - ok
15:17:46.0447 2444 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:17:46.0450 2444 CNG - ok
15:17:46.0464 2444 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:17:46.0465 2444 Compbatt - ok
15:17:46.0467 2444 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:17:46.0468 2444 CompositeBus - ok
15:17:46.0482 2444 COMSysApp - ok
15:17:46.0549 2444 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
15:17:46.0565 2444 cpuz135 - ok
15:17:46.0567 2444 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:17:46.0568 2444 crcdisk - ok
15:17:46.0589 2444 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:17:46.0591 2444 CryptSvc - ok
15:17:46.0614 2444 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:17:46.0618 2444 CSC - ok
15:17:46.0635 2444 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:17:46.0640 2444 CscService - ok
15:17:46.0667 2444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:17:46.0670 2444 DcomLaunch - ok
15:17:46.0699 2444 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:17:46.0701 2444 defragsvc - ok
15:17:46.0714 2444 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:17:46.0716 2444 DfsC - ok
15:17:46.0728 2444 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:17:46.0730 2444 Dhcp - ok
15:17:46.0732 2444 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:17:46.0733 2444 discache - ok
15:17:46.0735 2444 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:17:46.0736 2444 Disk - ok
15:17:46.0748 2444 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:17:46.0767 2444 dmvsc - ok
15:17:46.0792 2444 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:17:46.0794 2444 Dnscache - ok
15:17:46.0811 2444 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:17:46.0814 2444 dot3svc - ok
15:17:46.0822 2444 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:17:46.0823 2444 DPS - ok
15:17:46.0849 2444 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:17:46.0850 2444 drmkaud - ok
15:17:46.0900 2444 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:17:46.0902 2444 dtsoftbus01 - ok
15:17:46.0923 2444 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:17:46.0929 2444 DXGKrnl - ok
15:17:46.0960 2444 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:17:46.0961 2444 EapHost - ok
15:17:47.0010 2444 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:17:47.0060 2444 ebdrv - ok
15:17:47.0085 2444 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:17:47.0086 2444 EFS - ok
15:17:47.0146 2444 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:17:47.0151 2444 ehRecvr - ok
15:17:47.0155 2444 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:17:47.0156 2444 ehSched - ok
15:17:47.0187 2444 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:17:47.0191 2444 elxstor - ok
15:17:47.0193 2444 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:17:47.0194 2444 ErrDev - ok
15:17:47.0208 2444 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys
15:17:47.0209 2444 EtronHub3 - ok
15:17:47.0219 2444 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys
15:17:47.0221 2444 EtronXHCI - ok
15:17:47.0238 2444 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:17:47.0241 2444 EventSystem - ok
15:17:47.0243 2444 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:17:47.0245 2444 exfat - ok
15:17:47.0248 2444 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:17:47.0249 2444 fastfat - ok
15:17:47.0268 2444 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:17:47.0273 2444 Fax - ok
15:17:47.0275 2444 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:17:47.0276 2444 fdc - ok
15:17:47.0288 2444 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:17:47.0289 2444 fdPHost - ok
15:17:47.0294 2444 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:17:47.0294 2444 FDResPub - ok
15:17:47.0296 2444 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:17:47.0297 2444 FileInfo - ok
15:17:47.0299 2444 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:17:47.0300 2444 Filetrace - ok
15:17:47.0302 2444 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:17:47.0302 2444 flpydisk - ok
15:17:47.0306 2444 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:17:47.0308 2444 FltMgr - ok
15:17:47.0352 2444 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:17:47.0359 2444 FontCache - ok
15:17:47.0395 2444 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:47.0396 2444 FontCache3.0.0.0 - ok
15:17:47.0398 2444 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:17:47.0399 2444 FsDepends - ok
15:17:47.0418 2444 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:17:47.0419 2444 Fs_Rec - ok
15:17:47.0518 2444 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
15:17:47.0519 2444 Futuremark SystemInfo Service - ok
15:17:47.0523 2444 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:17:47.0524 2444 fvevol - ok
15:17:47.0538 2444 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:17:47.0539 2444 gagp30kx - ok
15:17:47.0668 2444 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:17:47.0669 2444 GEARAspiWDM - ok
15:17:47.0695 2444 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:17:47.0700 2444 gpsvc - ok
15:17:47.0774 2444 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:47.0774 2444 gupdate - ok
15:17:47.0783 2444 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:47.0783 2444 gupdatem - ok
15:17:47.0832 2444 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:17:47.0834 2444 gusvc - ok
15:17:47.0836 2444 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:17:47.0837 2444 hcw85cir - ok
15:17:47.0864 2444 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:17:47.0867 2444 HdAudAddService - ok
15:17:47.0875 2444 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:47.0876 2444 HDAudBus - ok
15:17:47.0878 2444 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:17:47.0878 2444 HidBatt - ok
15:17:47.0881 2444 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:17:47.0882 2444 HidBth - ok
15:17:47.0884 2444 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:17:47.0885 2444 HidIr - ok
15:17:47.0894 2444 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:17:47.0895 2444 hidserv - ok
15:17:47.0901 2444 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:17:47.0902 2444 HidUsb - ok
15:17:47.0922 2444 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:17:47.0923 2444 hkmsvc - ok
15:17:47.0940 2444 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:17:47.0942 2444 HomeGroupListener - ok
15:17:47.0963 2444 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:17:47.0965 2444 HomeGroupProvider - ok
15:17:47.0968 2444 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:17:47.0969 2444 HpSAMD - ok
15:17:47.0975 2444 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:17:47.0980 2444 HTTP - ok
15:17:47.0982 2444 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:17:47.0983 2444 hwpolicy - ok
15:17:47.0986 2444 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:17:47.0987 2444 i8042prt - ok
15:17:48.0005 2444 [ 87A72502C8AC5E89B5A46FF6E874F5C5 ] IAMTVE C:\Windows\system32\drivers\IAMTVE.sys
15:17:48.0006 2444 IAMTVE - ok
15:17:48.0008 2444 [ 5516F8E518A2F6A8755498F3E73957CF ] IAMTXPE C:\Windows\system32\drivers\IAMTXPE.sys
15:17:48.0009 2444 IAMTXPE - ok
15:17:48.0029 2444 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:17:48.0032 2444 iaStorV - ok
15:17:48.0076 2444 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:48.0081 2444 idsvc - ok
15:17:48.0094 2444 [ 09658B643F47A741DE15AA85AE3BB988 ] IFCoEMP C:\Windows\system32\drivers\ifM52x64.sys
15:17:48.0097 2444 IFCoEMP - ok
15:17:48.0102 2444 [ C80B05911245771F4E2CE824ABC71594 ] IFCoEVB C:\Windows\system32\drivers\ifP52X64.sys
15:17:48.0103 2444 IFCoEVB - ok
15:17:48.0106 2444 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:17:48.0107 2444 iirsp - ok
15:17:48.0134 2444 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:17:48.0139 2444 IKEEXT - ok
15:17:48.0142 2444 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:17:48.0142 2444 intelide - ok
15:17:48.0144 2444 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:17:48.0145 2444 intelppm - ok
15:17:48.0146 2444 [ 4DC8ED5A6A5AFFDC68F9371032B5424B ] ioatdma C:\Windows\system32\Drivers\ioatdma.sys
15:17:48.0147 2444 ioatdma - ok
15:17:48.0161 2444 [ E45575812630B049CE0F679D87561A4D ] ioatdma1 C:\Windows\System32\Drivers\qd162x64.sys
15:17:48.0163 2444 ioatdma1 - ok
15:17:48.0167 2444 [ 2C23820DD9E81199E60F553EB50BC449 ] ioatdma2 C:\Windows\System32\Drivers\qd262x64.sys
15:17:48.0168 2444 ioatdma2 - ok
15:17:48.0178 2444 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:17:48.0179 2444 IPBusEnum - ok
15:17:48.0181 2444 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:48.0182 2444 IpFilterDriver - ok
15:17:48.0192 2444 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:17:48.0197 2444 iphlpsvc - ok
15:17:48.0199 2444 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:17:48.0200 2444 IPMIDRV - ok
15:17:48.0202 2444 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:17:48.0204 2444 IPNAT - ok
15:17:48.0261 2444 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:17:48.0266 2444 iPod Service - ok
15:17:48.0269 2444 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:17:48.0270 2444 IRENUM - ok
15:17:48.0272 2444 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:17:48.0273 2444 isapnp - ok
15:17:48.0292 2444 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:17:48.0418 2444 iScsiPrt - ok
15:17:48.0421 2444 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\drivers\ISCTD64.sys
15:17:48.0421 2444 ISCT - ok
15:17:48.0424 2444 [ 3264F75FFCBF8BAB3D9E00F4B9B1EC8A ] iSSetup C:\Windows\system32\drivers\iSSetup.sys
15:17:48.0425 2444 iSSetup - ok
15:17:48.0437 2444 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
15:17:48.0438 2444 iusb3hcs - ok
15:17:48.0488 2444 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
15:17:48.0490 2444 iusb3hub - ok
15:17:48.0598 2444 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:17:48.0603 2444 iusb3xhc - ok
15:17:48.0605 2444 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:48.0606 2444 kbdclass - ok
15:17:48.0622 2444 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:48.0622 2444 kbdhid - ok
15:17:48.0633 2444 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:17:48.0634 2444 KeyIso - ok
15:17:48.0663 2444 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:17:48.0664 2444 KSecDD - ok
15:17:48.0674 2444 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:17:48.0676 2444 KSecPkg - ok
15:17:48.0678 2444 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:17:48.0678 2444 ksthunk - ok
15:17:48.0703 2444 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:17:48.0706 2444 KtmRm - ok
15:17:48.0745 2444 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:17:48.0746 2444 L1C - ok
15:17:48.0765 2444 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:17:48.0767 2444 LanmanServer - ok
15:17:48.0790 2444 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:17:48.0792 2444 LanmanWorkstation - ok
15:17:48.0798 2444 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:17:48.0799 2444 lltdio - ok
15:17:48.0830 2444 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:17:48.0833 2444 lltdsvc - ok
15:17:48.0835 2444 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:17:48.0836 2444 lmhosts - ok
15:17:48.0847 2444 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:17:48.0848 2444 LSI_FC - ok
15:17:48.0851 2444 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:17:48.0852 2444 LSI_SAS - ok
15:17:48.0854 2444 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:17:48.0855 2444 LSI_SAS2 - ok
15:17:48.0870 2444 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:17:48.0872 2444 LSI_SCSI - ok
15:17:48.0874 2444 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:17:48.0875 2444 luafv - ok
15:17:49.0050 2444 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:17:49.0051 2444 MBAMProtector - ok
15:17:49.0122 2444 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:17:49.0125 2444 MBAMScheduler - ok
15:17:49.0178 2444 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:17:49.0182 2444 MBAMService - ok
15:17:49.0205 2444 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:17:49.0207 2444 Mcx2Svc - ok
15:17:49.0209 2444 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:17:49.0210 2444 megasas - ok
15:17:49.0213 2444 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:17:49.0215 2444 MegaSR - ok
15:17:49.0238 2444 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:17:49.0239 2444 MEIx64 - ok
15:17:49.0256 2444 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:17:49.0258 2444 MMCSS - ok
15:17:49.0261 2444 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:17:49.0261 2444 Modem - ok
15:17:49.0263 2444 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:17:49.0264 2444 monitor - ok
15:17:49.0266 2444 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:17:49.0267 2444 mouclass - ok
15:17:49.0278 2444 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:17:49.0279 2444 mouhid - ok
15:17:49.0281 2444 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:17:49.0282 2444 mountmgr - ok
15:17:49.0348 2444 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:17:49.0350 2444 MozillaMaintenance - ok
15:17:49.0353 2444 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:17:49.0354 2444 mpio - ok
15:17:49.0356 2444 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:17:49.0357 2444 mpsdrv - ok
15:17:49.0383 2444 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:17:49.0389 2444 MpsSvc - ok
15:17:49.0392 2444 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:17:49.0393 2444 MRxDAV - ok
15:17:49.0418 2444 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:49.0420 2444 mrxsmb - ok
15:17:49.0433 2444 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:49.0435 2444 mrxsmb10 - ok
15:17:49.0440 2444 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:49.0442 2444 mrxsmb20 - ok
15:17:49.0444 2444 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:17:49.0444 2444 msahci - ok
15:17:49.0447 2444 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:17:49.0449 2444 msdsm - ok
15:17:49.0466 2444 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:17:49.0468 2444 MSDTC - ok
15:17:49.0484 2444 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:17:49.0484 2444 Msfs - ok
15:17:49.0498 2444 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:17:49.0498 2444 mshidkmdf - ok
15:17:49.0500 2444 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:17:49.0501 2444 msisadrv - ok
15:17:49.0519 2444 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:17:49.0521 2444 MSiSCSI - ok
15:17:49.0523 2444 msiserver - ok
15:17:49.0529 2444 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:17:49.0530 2444 MSKSSRV - ok
15:17:49.0532 2444 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:49.0532 2444 MSPCLOCK - ok
15:17:49.0534 2444 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:17:49.0534 2444 MSPQM - ok
15:17:49.0538 2444 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:17:49.0541 2444 MsRPC - ok
15:17:49.0544 2444 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:49.0544 2444 mssmbios - ok
15:17:49.0546 2444 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:17:49.0546 2444 MSTEE - ok
15:17:49.0548 2444 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:17:49.0549 2444 MTConfig - ok
15:17:49.0551 2444 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:17:49.0552 2444 Mup - ok
15:17:49.0578 2444 [ E9B77A93F5D905E4482BD75A27F05A30 ] mv91cons C:\Windows\system32\drivers\mv91cons.sys
15:17:49.0579 2444 mv91cons - ok
15:17:49.0597 2444 [ D72CFFB7AF56CBB37FD8D6686A33E6C7 ] mv91xx C:\Windows\system32\drivers\mv91xx.sys
15:17:49.0599 2444 mv91xx - ok
15:17:49.0614 2444 [ 1AF5922003B6801BFCE2478BC8F5C014 ] mvs91xx C:\Windows\system32\drivers\mvs91xx.sys
15:17:49.0616 2444 mvs91xx - ok
15:17:49.0641 2444 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:17:49.0645 2444 napagent - ok
15:17:49.0658 2444 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:17:49.0660 2444 NativeWifiP - ok
15:17:49.0713 2444 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:17:49.0718 2444 NDIS - ok
15:17:49.0721 2444 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:17:49.0722 2444 NdisCap - ok
15:17:49.0723 2444 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:49.0724 2444 NdisTapi - ok
15:17:49.0726 2444 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:49.0727 2444 Ndisuio - ok
15:17:49.0729 2444 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:49.0730 2444 NdisWan - ok
15:17:49.0732 2444 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:17:49.0733 2444 NDProxy - ok
15:17:49.0750 2444 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:17:49.0751 2444 NetBIOS - ok
15:17:49.0754 2444 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:17:49.0756 2444 NetBT - ok
15:17:49.0773 2444 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:17:49.0774 2444 Netlogon - ok
15:17:49.0816 2444 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:17:49.0819 2444 Netman - ok
15:17:49.0840 2444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:49.0841 2444 NetMsmqActivator - ok
15:17:49.0843 2444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:49.0844 2444 NetPipeActivator - ok
15:17:49.0862 2444 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:17:49.0866 2444 netprofm - ok
15:17:49.0868 2444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:49.0869 2444 NetTcpActivator - ok
15:17:49.0871 2444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:49.0871 2444 NetTcpPortSharing - ok
15:17:49.0873 2444 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:17:49.0874 2444 nfrd960 - ok
15:17:49.0895 2444 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:17:49.0897 2444 NlaSvc - ok
15:17:49.0900 2444 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:17:49.0900 2444 Npfs - ok
15:17:49.0912 2444 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:17:49.0913 2444 nsi - ok
15:17:49.0915 2444 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:17:49.0916 2444 nsiproxy - ok
15:17:49.0955 2444 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:17:49.0966 2444 Ntfs - ok
15:17:49.0968 2444 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:17:49.0969 2444 Null - ok
15:17:49.0971 2444 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
15:17:49.0972 2444 nusb3hub - ok
15:17:49.0991 2444 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
15:17:49.0993 2444 nusb3xhc - ok
15:17:49.0995 2444 [ D60EB33D07A8C0D9CCA4265480A6CAB6 ] nvamacpi C:\Windows\system32\drivers\NVAMACPI.sys
15:17:49.0996 2444 nvamacpi - ok
15:17:50.0029 2444 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:17:50.0031 2444 NVHDA - ok
15:17:50.0202 2444 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:17:50.0361 2444 nvlddmkm - ok
15:17:50.0386 2444 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:17:50.0388 2444 nvraid - ok
15:17:50.0391 2444 [ 6F2D9D7F339F0C9EF358793F92BA3393 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
15:17:50.0392 2444 nvrd64 - ok
15:17:50.0394 2444 [ 61A59FB62864EB3F32D24985A505CE03 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
15:17:50.0395 2444 nvsmu - ok
15:17:50.0425 2444 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:17:50.0427 2444 nvstor - ok
15:17:50.0430 2444 [ 71B6ECD3C56FBF12FB1968DA3953B703 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
15:17:50.0432 2444 nvstor64 - ok
15:17:50.0464 2444 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
15:17:50.0469 2444 nvsvc - ok
15:17:50.0481 2444 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:17:50.0482 2444 nv_agp - ok
15:17:50.0485 2444 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:17:50.0486 2444 ohci1394 - ok
15:17:50.0499 2444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:17:50.0502 2444 p2pimsvc - ok
15:17:50.0510 2444 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:17:50.0513 2444 p2psvc - ok
15:17:50.0525 2444 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:17:50.0527 2444 Parport - ok
15:17:50.0543 2444 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:17:50.0544 2444 partmgr - ok
15:17:50.0607 2444 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
15:17:50.0608 2444 pavboot - ok
15:17:50.0620 2444 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:17:50.0622 2444 PcaSvc - ok
15:17:50.0625 2444 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:17:50.0627 2444 pci - ok
15:17:50.0629 2444 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:17:50.0629 2444 pciide - ok
15:17:50.0644 2444 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:17:50.0646 2444 pcmcia - ok
15:17:50.0648 2444 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:17:50.0649 2444 pcw - ok
15:17:50.0654 2444 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:17:50.0659 2444 PEAUTH - ok
15:17:50.0692 2444 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:17:50.0700 2444 PeerDistSvc - ok
15:17:50.0885 2444 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:17:50.0887 2444 PerfHost - ok
15:17:50.0921 2444 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:17:50.0930 2444 pla - ok
15:17:50.0960 2444 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:17:50.0963 2444 PlugPlay - ok
15:17:50.0977 2444 PnkBstrA - ok
15:17:50.0988 2444 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:17:50.0989 2444 PNRPAutoReg - ok
15:17:50.0993 2444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:17:50.0995 2444 PNRPsvc - ok
15:17:51.0025 2444 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:17:51.0028 2444 PolicyAgent - ok
15:17:51.0039 2444 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:17:51.0041 2444 Power - ok
15:17:51.0058 2444 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:17:51.0059 2444 PptpMiniport - ok
15:17:51.0062 2444 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:17:51.0063 2444 Processor - ok
15:17:51.0083 2444 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:17:51.0085 2444 ProfSvc - ok
15:17:51.0094 2444 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:17:51.0094 2444 ProtectedStorage - ok
15:17:51.0114 2444 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:17:51.0115 2444 Psched - ok
15:17:51.0197 2444 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:17:51.0206 2444 ql2300 - ok
15:17:51.0236 2444 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:17:51.0237 2444 ql40xx - ok
15:17:51.0266 2444 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:17:51.0268 2444 QWAVE - ok
15:17:51.0270 2444 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:17:51.0272 2444 QWAVEdrv - ok
15:17:51.0273 2444 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:17:51.0274 2444 RasAcd - ok
15:17:51.0292 2444 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:17:51.0293 2444 RasAgileVpn - ok
15:17:51.0299 2444 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:17:51.0301 2444 RasAuto - ok
15:17:51.0304 2444 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:17:51.0305 2444 Rasl2tp - ok
15:17:51.0322 2444 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:17:51.0327 2444 RasMan - ok
15:17:51.0332 2444 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:17:51.0333 2444 RasPppoe - ok
15:17:51.0336 2444 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:17:51.0338 2444 RasSstp - ok
15:17:51.0342 2444 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:17:51.0344 2444 rdbss - ok
15:17:51.0346 2444 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:17:51.0347 2444 rdpbus - ok
15:17:51.0357 2444 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:17:51.0358 2444 RDPCDD - ok
15:17:51.0382 2444 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:17:51.0384 2444 RDPDR - ok
15:17:51.0386 2444 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:17:51.0387 2444 RDPENCDD - ok
15:17:51.0390 2444 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:17:51.0390 2444 RDPREFMP - ok
15:17:51.0410 2444 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:17:51.0412 2444 RDPWD - ok
15:17:51.0439 2444 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:17:51.0441 2444 rdyboost - ok
15:17:51.0562 2444 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:17:51.0563 2444 RemoteAccess - ok
15:17:51.0576 2444 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:17:51.0578 2444 RemoteRegistry - ok
15:17:51.0603 2444 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:17:51.0605 2444 RFCOMM - ok
15:17:51.0614 2444 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:17:51.0616 2444 RpcEptMapper - ok
15:17:51.0639 2444 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:17:51.0640 2444 RpcLocator - ok
15:17:51.0671 2444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:17:51.0673 2444 RpcSs - ok
15:17:51.0676 2444 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:17:51.0678 2444 rspndr - ok
15:17:51.0688 2444 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:17:51.0689 2444 s3cap - ok
15:17:51.0691 2444 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:17:51.0692 2444 SamSs - ok
15:17:51.0694 2444 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:17:51.0695 2444 sbp2port - ok
15:17:51.0730 2444 SBRE - ok
15:17:51.0745 2444 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:17:51.0747 2444 SCardSvr - ok
15:17:51.0749 2444 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:17:51.0750 2444 scfilter - ok
15:17:51.0777 2444 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:17:51.0784 2444 Schedule - ok
15:17:51.0813 2444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:17:51.0814 2444 SCPolicySvc - ok
15:17:51.0821 2444 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:17:51.0823 2444 SDRSVC - ok
15:17:51.0825 2444 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:17:51.0826 2444 secdrv - ok
15:17:51.0841 2444 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:17:51.0842 2444 seclogon - ok
15:17:51.0854 2444 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:17:51.0856 2444 SENS - ok
15:17:51.0863 2444 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:17:51.0864 2444 SensrSvc - ok
15:17:51.0866 2444 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:17:51.0867 2444 Serenum - ok
15:17:51.0869 2444 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:17:51.0870 2444 Serial - ok
15:17:51.0872 2444 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:17:51.0873 2444 sermouse - ok
15:17:51.0879 2444 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:17:51.0881 2444 SessionEnv - ok
15:17:51.0883 2444 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:17:51.0883 2444 sffdisk - ok
15:17:51.0885 2444 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:17:51.0886 2444 sffp_mmc - ok
15:17:51.0888 2444 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:17:51.0888 2444 sffp_sd - ok
15:17:51.0890 2444 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:17:51.0891 2444 sfloppy - ok
15:17:51.0903 2444 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:17:51.0906 2444 SharedAccess - ok
15:17:51.0924 2444 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:17:51.0927 2444 ShellHWDetection - ok
15:17:51.0929 2444 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:17:51.0930 2444 SiSRaid2 - ok
15:17:51.0932 2444 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:17:51.0933 2444 SiSRaid4 - ok
15:17:51.0947 2444 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:17:51.0949 2444 Smb - ok
15:17:51.0959 2444 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:17:51.0961 2444 SNMPTRAP - ok
15:17:51.0963 2444 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:17:51.0963 2444 spldr - ok
15:17:51.0988 2444 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:17:51.0992 2444 Spooler - ok
15:17:52.0058 2444 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:17:52.0106 2444 sppsvc - ok
15:17:52.0108 2444 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:17:52.0110 2444 sppuinotify - ok
15:17:52.0146 2444 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:17:52.0149 2444 srv - ok
15:17:52.0160 2444 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:17:52.0163 2444 srv2 - ok
15:17:52.0177 2444 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:17:52.0179 2444 srvnet - ok
15:17:52.0199 2444 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:17:52.0202 2444 SSDPSRV - ok
15:17:52.0207 2444 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:17:52.0209 2444 SstpSvc - ok
15:17:52.0234 2444 Steam Client Service - ok
15:17:52.0313 2444 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:17:52.0316 2444 Stereo Service - ok
15:17:52.0318 2444 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:17:52.0319 2444 stexstor - ok
15:17:52.0340 2444 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:17:52.0345 2444 stisvc - ok
15:17:52.0347 2444 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:17:52.0348 2444 storflt - ok
15:17:52.0360 2444 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:17:52.0361 2444 StorSvc - ok
15:17:52.0368 2444 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:17:52.0369 2444 storvsc - ok
15:17:52.0372 2444 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:17:52.0372 2444 swenum - ok
15:17:52.0489 2444 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:17:52.0506 2444 SwitchBoard - ok
15:17:52.0525 2444 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:17:52.0530 2444 swprv - ok
15:17:52.0559 2444 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:17:52.0571 2444 SysMain - ok
15:17:52.0583 2444 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:17:52.0585 2444 TabletInputService - ok
15:17:52.0599 2444 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:17:52.0602 2444 TapiSrv - ok
15:17:52.0606 2444 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:17:52.0607 2444 TBS - ok
15:17:52.0661 2444 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:17:52.0673 2444 Tcpip - ok
15:17:52.0701 2444 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:17:52.0707 2444 TCPIP6 - ok
15:17:52.0711 2444 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:17:52.0712 2444 tcpipreg - ok
15:17:52.0715 2444 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:17:52.0716 2444 TDPIPE - ok
15:17:52.0726 2444 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:17:52.0727 2444 TDTCP - ok
15:17:52.0730 2444 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:17:52.0731 2444 tdx - ok
15:17:52.0733 2444 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:17:52.0734 2444 TermDD - ok
15:17:52.0753 2444 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:17:52.0758 2444 TermService - ok
15:17:52.0762 2444 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:17:52.0764 2444 Themes - ok
15:17:52.0773 2444 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:17:52.0774 2444 THREADORDER - ok
15:17:52.0791 2444 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:17:52.0792 2444 TrkWks - ok
15:17:52.0835 2444 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:17:52.0837 2444 TrustedInstaller - ok
15:17:52.0840 2444 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:17:52.0841 2444 tssecsrv - ok
15:17:52.0843 2444 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:17:52.0844 2444 TsUsbFlt - ok
15:17:52.0845 2444 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:17:52.0846 2444 TsUsbGD - ok
15:17:52.0862 2444 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:17:52.0863 2444 tunnel - ok
15:17:52.0865 2444 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:17:52.0866 2444 uagp35 - ok
15:17:52.0870 2444 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:17:52.0872 2444 udfs - ok
15:17:52.0886 2444 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:17:52.0888 2444 UI0Detect - ok
15:17:52.0901 2444 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:17:52.0903 2444 uliagpkx - ok
15:17:52.0905 2444 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:17:52.0906 2444 umbus - ok
15:17:52.0908 2444 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:17:52.0908 2444 UmPass - ok
15:17:52.0916 2444 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:17:52.0919 2444 UmRdpService - ok
15:17:52.0930 2444 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:17:52.0933 2444 upnphost - ok
15:17:52.0985 2444 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:17:52.0986 2444 USBAAPL64 - ok
15:17:53.0011 2444 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:17:53.0012 2444 usbccgp - ok
15:17:53.0019 2444 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:17:53.0020 2444 usbcir - ok
15:17:53.0031 2444 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:17:53.0032 2444 usbehci - ok
15:17:53.0052 2444 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\drivers\usbfilter.sys
15:17:53.0053 2444 usbfilter - ok
15:17:53.0071 2444 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:17:53.0075 2444 usbhub - ok
15:17:53.0103 2444 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:17:53.0104 2444 usbohci - ok
15:17:53.0106 2444 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:17:53.0107 2444 usbprint - ok
15:17:53.0122 2444 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:17:53.0124 2444 USBSTOR - ok
15:17:53.0130 2444 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:17:53.0131 2444 usbuhci - ok
15:17:53.0146 2444 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:17:53.0148 2444 UxSms - ok
15:17:53.0157 2444 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:17:53.0163 2444 VaultSvc - ok
15:17:53.0289 2444 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:17:53.0289 2444 vdrvroot - ok
15:17:53.0321 2444 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:17:53.0326 2444 vds - ok
15:17:53.0328 2444 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:17:53.0328 2444 vga - ok
15:17:53.0331 2444 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:17:53.0332 2444 VgaSave - ok
15:17:53.0335 2444 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:17:53.0336 2444 vhdmp - ok
15:17:53.0382 2444 [ 3CCC0D9607419AC28B4216C18F6FA5E9 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:17:53.0431 2444 VIAHdAudAddService - ok
15:17:53.0515 2444 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:17:53.0516 2444 viaide - ok
15:17:53.0636 2444 [ 888450E821E7A66CB8A4E5B7A01BA5C5 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
15:17:53.0672 2444 VIAKaraokeService - ok
15:17:53.0706 2444 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:17:53.0708 2444 vmbus - ok
15:17:53.0714 2444 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:17:53.0715 2444 VMBusHID - ok
15:17:53.0717 2444 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:17:53.0718 2444 volmgr - ok
15:17:53.0738 2444 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:17:53.0740 2444 volmgrx - ok
15:17:53.0754 2444 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:17:53.0756 2444 volsnap - ok
15:17:53.0768 2444 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:17:53.0770 2444 vsmraid - ok
15:17:53.0901 2444 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:17:53.0911 2444 VSS - ok
15:17:53.0913 2444 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:17:53.0914 2444 vwifibus - ok
15:17:53.0929 2444 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:17:53.0933 2444 W32Time - ok
15:17:53.0935 2444 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:17:53.0936 2444 WacomPen - ok
15:17:53.0938 2444 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:17:53.0940 2444 WANARP - ok
15:17:53.0941 2444 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:17:53.0942 2444 Wanarpv6 - ok
15:17:54.0021 2444 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:17:54.0029 2444 WatAdminSvc - ok
15:17:54.0061 2444 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:17:54.0070 2444 wbengine - ok
15:17:54.0074 2444 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:17:54.0076 2444 WbioSrvc - ok
15:17:54.0090 2444 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:17:54.0094 2444 wcncsvc - ok
15:17:54.0099 2444 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:17:54.0100 2444 WcsPlugInService - ok
15:17:54.0102 2444 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:17:54.0103 2444 Wd - ok
15:17:54.0129 2444 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
15:17:54.0130 2444 WDC_SAM - ok
15:17:54.0136 2444 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:17:54.0140 2444 Wdf01000 - ok
15:17:54.0147 2444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:17:54.0149 2444 WdiServiceHost - ok
15:17:54.0151 2444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:17:54.0152 2444 WdiSystemHost - ok
15:17:54.0161 2444 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:17:54.0164 2444 WebClient - ok
15:17:54.0175 2444 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:17:54.0177 2444 Wecsvc - ok
15:17:54.0184 2444 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:17:54.0186 2444 wercplsupport - ok
15:17:54.0201 2444 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:17:54.0203 2444 WerSvc - ok
15:17:54.0205 2444 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:17:54.0206 2444 WfpLwf - ok
15:17:54.0208 2444 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:17:54.0208 2444 WIMMount - ok
15:17:54.0228 2444 WinDefend - ok
15:17:54.0231 2444 WinHttpAutoProxySvc - ok
15:17:54.0348 2444 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:17:54.0350 2444 Winmgmt - ok
15:17:54.0394 2444 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:17:54.0422 2444 WinRM - ok
15:17:54.0458 2444 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:17:54.0464 2444 Wlansvc - ok
15:17:54.0576 2444 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:17:54.0584 2444 wlidsvc - ok
15:17:54.0595 2444 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:17:54.0595 2444 WmiAcpi - ok
15:17:54.0603 2444 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:17:54.0605 2444 wmiApSrv - ok
15:17:54.0618 2444 WMPNetworkSvc - ok
15:17:54.0626 2444 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:17:54.0627 2444 WPCSvc - ok
15:17:54.0629 2444 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:17:54.0631 2444 WPDBusEnum - ok
15:17:54.0633 2444 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:17:54.0634 2444 ws2ifsl - ok
15:17:54.0645 2444 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:17:54.0647 2444 wscsvc - ok
15:17:54.0648 2444 WSearch - ok
15:17:54.0708 2444 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:17:54.0737 2444 wuauserv - ok
15:17:54.0740 2444 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:17:54.0741 2444 WudfPf - ok
15:17:54.0744 2444 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys15:17:54.0746 2444 WUDFRd - ok
15:17:54.0758 2444 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:17:54.0759 2444 wudfsvc - ok
15:17:54.0766 2444 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:17:54.0769 2444 WwanSvc - ok
15:17:54.0814 2444 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
15:17:54.0815 2444 xusb21 - ok
15:17:54.0831 2444 ================ Scan global ===============================
15:17:54.0856 2444 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:17:54.0883 2444 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:17:54.0888 2444 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:17:54.0906 2444 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:17:54.0930 2444 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:17:54.0933 2444 [Global] - ok
15:17:54.0933 2444 ================ Scan MBR ==================================
15:17:54.0956 2444 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:17:55.0102 2444 \Device\Harddisk0\DR0 - ok
15:17:55.0102 2444 ================ Scan VBR ==================================
15:17:55.0103 2444 [ 4F5B1E3B2F5353053977504F186BC33B ] \Device\Harddisk0\DR0\Partition1
15:17:55.0104 2444 \Device\Harddisk0\DR0\Partition1 - ok
15:17:55.0112 2444 [ DF6EBDD1524FDABE462440D8CB530E43 ] \Device\Harddisk0\DR0\Partition2
15:17:55.0113 2444 \Device\Harddisk0\DR0\Partition2 - ok
15:17:55.0122 2444 [ 2A91C1205FF7F16CACF7303DF5E05A7A ] \Device\Harddisk0\DR0\Partition3
15:17:55.0123 2444 \Device\Harddisk0\DR0\Partition3 - ok
15:17:55.0123 2444 ============================================================
15:17:55.0123 2444 Scan finished
15:17:55.0123 2444 ============================================================
15:17:55.0129 4204 Detected object count: 0
15:17:55.0129 4204 Actual detected object count: 0
15:18:02.0502 2044 Deinitialize success

Rogue Killer

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mrsmoov [Admin rights]
Mode : Remove -- Date : 10/01/2012 15:22:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 4b7bca93852116c12964e1947a92ceae
[BSP] f61b859b24666944953f2cc1ddd8054d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 204802 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419641344 | Size: 1702825 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

JRT

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.7 (09.29.2012)
OS: Windows 7 Professional x64
Ran by Mrsmoov on Mon 01/10/2012 at 15:32:44.49
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Mon 01/10/2012 at 15:32:53.22
End of Report

After downloading OTL and trying to launch it > I constantly get an error :

"Access violation at address CCCC0460"

And wont et me complete the scan!

#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 01 October 2012 - 12:58 AM

Please download JRT.exe to your desktop.
Replacing your existing version with this up to date version.
Rescan with JRT.

#6 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 01:17 AM

Updated JRT LOG:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.0 (10.01.2012)
OS: Windows 7 Professional x64
Ran by Mrsmoov on Mon 01/10/2012 at 16:15:43.80
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values:

Successfully deleted: [VALUE] {687578b9-7132-4a7a-80e4-30ee31099e03} from: hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks
Successfully deleted: [VALUE] {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} from: hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks
Successfully deleted: [VALUE] {687578b9-7132-4a7a-80e4-30ee31099e03} from: hkey_local_machine\software\microsoft\internet explorer\toolbar
Successfully deleted: [VALUE] {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} from: hkey_local_machine\software\microsoft\internet explorer\toolbar



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [KEY] hkey_classes_root\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Mon 01/10/2012 at 16:15:52.48
End of Report

#7 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 01:22 AM

Everytime I open IE with http://home.webalta.ru/ opeining up , I have two iexplore.exe running. In each case malware tries to block > stating its blocking a malicious website >

#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 01 October 2012 - 01:31 AM

In each case malware tries to block > stating its blocking a malicious website >

Do you mean Malwarebytes' Anti-Malware?

Please attach the ATTACH.txt that was generated when you ran DDS.

__


Posted Image See if you can get either of these OTL versions to open (download them and try open them):



#9 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 01:45 AM

Yes sry I mean Malwarebytes' Anti-Malware

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 20/06/2012 4:26:36 PM
System Uptime: 1/10/2012 11:36:30 AM (5 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z77MX-D3H
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz | Intel® Core™ i7-3770 CPU @ 3.40GHz | 1599/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 52.56 GiB free.
D: is FIXED (NTFS) - 1663 GiB total, 1312.499 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP63: 30/09/2012 3:48:56 PM - Installed SpyHunter
RP64: 30/09/2012 3:54:42 PM - Removed SpyHunter
RP65: 30/09/2012 4:01:11 PM - Installed SpyHunter
RP66: 30/09/2012 11:55:38 PM - Removed SpyHunter
.
==== Installed Programs ======================
.
3DMark 11
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader X (10.1.4)
Adobe Widget Browser
Advanced Combat Tracker (remove only)
Alan Wake's American Nightmare
ANNO 2070
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
µTorrent
Batman - Arkham City
Batman: Arkham City - Harley Quinn's Revenge
Batman: Arkham City™
Borderlands 2
DAEMON Tools Lite
Deus Ex: Human Revolution
Diablo III
F1 2012
FIFA 13 Demo
Futuremark SystemInfo
GameStop App
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Grand Ages: Rome
Guild Wars 2
GuildStats.NET Client ( Remove only)
Malwarebytes Anti-Malware version 1.65.0.1400
Mass Effect™ 3
Max Payne 3
Metro 2033
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.2.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
MyAshampoo Toolbar
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Origin
Panda ActiveScan 2.0
PDF Settings CS6
Platform
PunkBuster Services
Rapture3D 2.4.9 Game
Rockstar Games Social Club
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sleeping Dogs™
Steam
TechPowerUp GPU-Z
The Secret World
Tom Clancy's Ghost Recon Future Soldier
Torchlight II © Runic Games version 1
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UseNeXT
uTorrentControl2 Toolbar
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Worms Crazy Golf
.
==== End Of File ===========================

Still in process of getting OLT to work.

#10 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 01:48 AM

Downloaded both versions, still getting same error >

"Access violation at address CCCC0460"

#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 01 October 2012 - 01:56 AM

Let's try a different tool that may reveal the issue:

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had


#12 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 02:11 AM

Combofix Log:

ComboFix 12-09-30.01 - Mrsmoov 01/10/2012 17:01:23.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.12250.10080 [GMT 10:00]
Running from: c:\users\Mrsmoov\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpD7E8.tmp
c:\windows\SysWow64\tmpD7E9.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 07:05 . 2012-10-01 07:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-01 05:14 . 2012-10-01 05:14 -------- d-----w- c:\program files\CCleaner
2012-09-30 06:20 . 2012-09-30 06:20 -------- d-----w- c:\programdata\GFI Software
2012-09-30 06:01 . 2012-09-30 13:56 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2012-09-30 05:49 . 2012-09-30 05:49 -------- d-----w- c:\program files\Enigma Software Group
2012-09-30 05:48 . 2012-09-30 06:01 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-30 05:48 . 2012-09-30 05:55 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-30 05:42 . 2012-09-30 05:55 -------- d-----w- c:\windows\system32\appmgmt
2012-09-30 05:34 . 2009-06-30 00:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2012-09-30 05:34 . 2012-09-30 05:34 -------- d-----w- c:\program files (x86)\Panda Security
2012-09-30 03:58 . 2012-10-01 06:15 -------- d-----w- C:\JRT
2012-09-26 09:35 . 2012-09-26 09:35 -------- d-----w- c:\users\Mrsmoov\AppData\Local\ElevatedDiagnostics
2012-09-26 03:01 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 17:00 . 2012-09-24 17:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-23 04:26 . 2012-09-23 15:56 -------- d-----w- c:\users\Mrsmoov\AppData\Roaming\Ad-Aware Antivirus
2012-09-22 16:18 . 2012-09-22 16:18 -------- d-----w- c:\programdata\RELOADED
2012-09-20 06:39 . 2012-09-20 06:39 -------- d-----w- c:\users\Mrsmoov\AppData\Local\Macromedia
2012-09-20 06:27 . 2012-09-20 06:27 -------- d-----w- c:\users\Mrsmoov\AppData\Local\Mozilla
2012-09-20 06:27 . 2012-09-20 06:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-20 06:03 . 2012-09-20 06:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-20 04:29 . 2012-09-20 04:29 -------- d-----w- c:\users\Mrsmoov\AppData\Roaming\EuroTB
2012-09-19 12:08 . 2012-09-19 12:08 -------- d-----w- c:\users\Mrsmoov\AppData\Local\FLT
2012-09-16 05:21 . 2012-09-16 05:21 -------- d-----w- c:\users\Mrsmoov\AppData\Local\GameStop
2012-09-13 11:01 . 2012-09-13 11:01 -------- d-----w- C:\temp
2012-09-13 11:00 . 2012-07-03 15:25 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2012-09-13 11:00 . 2012-07-03 15:25 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-09-12 07:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 07:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 07:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 12:50 . 2012-09-11 12:50 -------- d-sh--w- c:\programdata\DSS
2012-09-11 12:04 . 2012-09-11 12:09 -------- d-----w- c:\program files (x86)\Origin Games
2012-09-11 12:04 . 2012-09-11 12:08 -------- d-----w- c:\users\Mrsmoov\AppData\Roaming\Origin
2012-09-11 12:04 . 2012-09-11 12:04 -------- d-----w- c:\users\Mrsmoov\AppData\Local\Origin
2012-09-11 12:02 . 2012-09-26 05:42 -------- d-----w- c:\programdata\Origin
2012-09-11 12:02 . 2012-09-11 12:02 -------- d-----w- c:\programdata\Electronic Arts
2012-09-11 12:02 . 2012-09-26 05:41 -------- d-----w- c:\program files (x86)\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 13:07 . 2012-06-20 08:44 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 13:07 . 2012-06-20 08:44 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-07 07:04 . 2012-07-22 16:22 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 19:14 . 2012-08-16 04:02 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-08-16 04:02 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2012-06-21 11:52 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-06-21 11:52 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-06-21 11:52 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-06-18 06:12 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 16:18 . 2012-06-21 11:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-06-21 11:53 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-06-21 11:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-06-21 11:53 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2012-06-21 11:53 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-06-21 11:53 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 00:40 . 2012-08-30 00:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-24 05:43 . 2012-08-24 05:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-07-25 17:21 . 2012-07-25 17:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-15 02:40 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-15 15:21 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 02:40 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 02:40 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 02:40 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 02:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 07:37 . 2012-06-18 06:12 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
.
c:\users\Mrsmoov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-6-15 2039536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-12 5167736]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 116648]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-12 82048]
R3 AMDCIR64;AMDCIR64;c:\windows\system32\drivers\AMDCIR64.sys [2008-03-03 62520]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-10-26 102528]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-10-26 219776]
R3 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys [2012-01-06 49760]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-02-22 130536]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-02-22 396776]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-05-04 60928]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-05-04 13312]
R3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [2011-05-16 51240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2011-02-08 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2011-02-08 64512]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 116648]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys [2007-04-11 43416]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys [2007-04-11 51096]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM52x64.sys [2010-05-28 339728]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP52X64.sys [2010-05-28 65808]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-11-15 40144]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-11-15 42192]
R3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys [2012-02-02 44992]
R3 iSSetup;iSSetup;c:\windows\system32\drivers\iSSetup.sys [2010-08-25 188128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [2011-10-12 27440]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2011-10-12 313648]
R3 mvs91xx;mvs91xx;c:\windows\system32\drivers\mvs91xx.sys [2011-10-12 316208]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 184968]
R3 nvamacpi;nvamacpi;c:\windows\system32\drivers\NVAMACPI.sys [2009-11-24 28264]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-20 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-12 42624]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [2009-11-15 46792]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-01-05 16152]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-25 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-23 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-12 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-08-03 27792]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-12-13 56448]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-08-03 2206352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 06715278
*Deregistered* - 06715278
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 13:07]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 07:01]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 07:01]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2062559977-3047391869-3192783355-1001Core.job
- c:\users\Mrsmoov\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 14:06]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2062559977-3047391869-3192783355-1001UA.job
- c:\users\Mrsmoov\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 14:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.Google.com/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mrsmoov\AppData\Roaming\Mozilla\Firefox\Profiles\at2me4is.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-01 17:06:40
ComboFix-quarantined-files.txt 2012-10-01 07:06
.
Pre-Run: 56,335,208,448 bytes free
Post-Run: 56,221,716,480 bytes free
.
- - End Of File - - 9E977C1E83B91FC2E8A324EF9671014D

#13 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 02:25 AM

Now after doing some testing > I found that opening IE and Chrome I still have the DAMN webalta virus.
When I open Mozilla Firefox however it opens the homepage I have set in options.

So I rly dont know what is going on here :(

#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 01 October 2012 - 02:40 AM

This log is clean as well.

I would like you to check the Properties of your Internet Explorer and Google Chrome shortcuts.

  • Start with Internet Explorer
  • Go to your desktop, and right-mouse click the Internet Explorer icon/shortcut.
  • Choose Properties
  • A window like the following should appear:
    [attachment=130776:IEproperties.jpg]
  • Check the Target: for an unwanted link pertaining to the webalta.ru website.
  • If it is present, remove the it from the Target: line and save the changes by pressing OK.

__

Let me know if this was present or not in either the Internet Explorer or Google Chrome shortcuts.

#15 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 October 2012 - 03:20 AM

Thanks again so much for your help.

Both shortcuts are the same as the image above and have no links pertaining to the website in question.

I rly dont know whats going on > its soo weird




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users