Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64.zaccess.a removal assicate


  • This topic is locked This topic is locked
12 replies to this topic

#1 DSmithImages

DSmithImages

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 15 October 2012 - 03:27 PM

Hello,

My computer was recently infected due to error on my part, and I've been trying to work my way through a fix. I've discovered that it has the win64.zaccess.a virus, and that is providing the roadblock to getting a correct fix. I tried TDSSKiller, but it couldn't remove it. I'm attaching the log from the recent scan/attempt from there, and I'd greatly appreciate any help in the removal process.

My thanks in advance. I'm operating from a back-up computer and will have a jump drive available to run things on the infected computer.

LOG (In case file attachment didn't work):


15:11:56.0083 4600 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:11:56.0426 4600 ============================================================
15:11:56.0426 4600 Current date / time: 2012/10/15 15:11:56.0426
15:11:56.0426 4600 SystemInfo:
15:11:56.0426 4600
15:11:56.0426 4600 OS Version: 6.1.7601 ServicePack: 1.0
15:11:56.0426 4600 Product type: Workstation
15:11:56.0426 4600 ComputerName: DSMITHIMAGES-PC
15:11:56.0426 4600 UserName: DSmithImages
15:11:56.0426 4600 Windows directory: C:\windows
15:11:56.0426 4600 System windows directory: C:\windows
15:11:56.0426 4600 Running under WOW64
15:11:56.0426 4600 Processor architecture: Intel x64
15:11:56.0426 4600 Number of processors: 4
15:11:56.0426 4600 Page size: 0x1000
15:11:56.0426 4600 Boot type: Normal boot
15:11:56.0426 4600 ============================================================
15:11:58.0095 4600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:58.0111 4600 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:11:58.0111 4600 ============================================================
15:11:58.0111 4600 \Device\Harddisk0\DR0:
15:11:58.0111 4600 MBR partitions:
15:11:58.0111 4600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:11:58.0111 4600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC800000
15:11:58.0111 4600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE632800, BlocksNum 0x2BD52800
15:11:58.0111 4600 \Device\Harddisk1\DR1:
15:11:58.0111 4600 MBR partitions:
15:11:58.0111 4600 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0
15:11:58.0111 4600 ============================================================
15:11:58.0158 4600 C: <-> \Device\Harddisk0\DR0\Partition2
15:11:58.0205 4600 D: <-> \Device\Harddisk0\DR0\Partition3
15:11:58.0205 4600 ============================================================
15:11:58.0205 4600 Initialize success
15:11:58.0205 4600 ============================================================
15:12:14.0321 1104 ============================================================
15:12:14.0321 1104 Scan started
15:12:14.0321 1104 Mode: Manual;
15:12:14.0321 1104 ============================================================
15:12:15.0117 1104 ================ Scan system memory ========================
15:12:15.0117 1104 System memory - ok
15:12:15.0117 1104 ================ Scan services =============================
15:12:15.0429 1104 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:12:15.0491 1104 1394ohci - ok
15:12:15.0554 1104 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:12:15.0554 1104 ACPI - ok
15:12:15.0741 1104 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:12:15.0788 1104 AcpiPmi - ok
15:12:16.0038 1104 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:12:16.0088 1104 AdobeARMservice - ok
15:12:16.0188 1104 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
15:12:16.0198 1104 adp94xx - ok
15:12:16.0268 1104 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
15:12:16.0278 1104 adpahci - ok
15:12:16.0318 1104 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
15:12:16.0328 1104 adpu320 - ok
15:12:16.0368 1104 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:12:16.0368 1104 AeLookupSvc - ok
15:12:16.0418 1104 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:12:16.0468 1104 AFD - ok
15:12:16.0528 1104 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:12:16.0538 1104 agp440 - ok
15:12:16.0658 1104 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:12:16.0658 1104 ALG - ok
15:12:16.0698 1104 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:12:16.0708 1104 aliide - ok
15:12:16.0718 1104 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:12:16.0728 1104 amdide - ok
15:12:16.0738 1104 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
15:12:16.0738 1104 AmdK8 - ok
15:12:16.0758 1104 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
15:12:16.0758 1104 AmdPPM - ok
15:12:16.0808 1104 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:12:16.0888 1104 amdsata - ok
15:12:16.0908 1104 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
15:12:16.0918 1104 amdsbs - ok
15:12:16.0928 1104 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:12:16.0988 1104 amdxata - ok
15:12:17.0028 1104 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\windows\system32\DRIVERS\lgandbus64.sys
15:12:17.0068 1104 Andbus - ok
15:12:17.0109 1104 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\windows\system32\DRIVERS\lganddiag64.sys
15:12:17.0159 1104 AndDiag - ok
15:12:17.0189 1104 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\windows\system32\DRIVERS\lgandgps64.sys
15:12:17.0249 1104 AndGps - ok
15:12:17.0450 1104 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\windows\system32\DRIVERS\lgandmodem64.sys
15:12:17.0512 1104 ANDModem - ok
15:12:17.0543 1104 [ 9C1751B2E733471AE07561028B7D2A9B ] androidusb C:\windows\system32\Drivers\lgandadb.sys
15:12:17.0606 1104 androidusb - ok
15:12:17.0652 1104 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:12:17.0699 1104 AppID - ok
15:12:17.0715 1104 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:12:17.0715 1104 AppIDSvc - ok
15:12:17.0762 1104 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:12:17.0793 1104 Appinfo - ok
15:12:17.0886 1104 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:12:17.0933 1104 Apple Mobile Device - ok
15:12:17.0980 1104 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
15:12:17.0980 1104 arc - ok
15:12:17.0996 1104 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
15:12:17.0996 1104 arcsas - ok
15:12:18.0042 1104 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:12:18.0042 1104 AsyncMac - ok
15:12:18.0105 1104 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:12:18.0120 1104 atapi - ok
15:12:18.0230 1104 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\windows\system32\DRIVERS\athrx.sys
15:12:18.0292 1104 athr - ok
15:12:18.0354 1104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:12:18.0401 1104 AudioEndpointBuilder - ok
15:12:18.0479 1104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:12:18.0495 1104 AudioSrv - ok
15:12:18.0542 1104 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:12:18.0588 1104 AxInstSV - ok
15:12:18.0666 1104 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
15:12:18.0682 1104 b06bdrv - ok
15:12:18.0729 1104 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:12:18.0744 1104 b57nd60a - ok
15:12:18.0791 1104 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:12:18.0791 1104 BDESVC - ok
15:12:18.0838 1104 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:12:18.0854 1104 Beep - ok
15:12:18.0885 1104 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:12:18.0900 1104 blbdrive - ok
15:12:18.0994 1104 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:12:18.0994 1104 Bonjour Service - ok
15:12:19.0088 1104 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:12:19.0181 1104 bowser - ok
15:12:19.0197 1104 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
15:12:19.0212 1104 BrFiltLo - ok
15:12:19.0244 1104 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
15:12:19.0259 1104 BrFiltUp - ok
15:12:19.0322 1104 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:12:19.0384 1104 Browser - ok
15:12:19.0400 1104 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:12:19.0415 1104 Brserid - ok
15:12:19.0431 1104 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:12:19.0446 1104 BrSerWdm - ok
15:12:19.0478 1104 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:12:19.0478 1104 BrUsbMdm - ok
15:12:19.0493 1104 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:12:19.0493 1104 BrUsbSer - ok
15:12:19.0556 1104 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:12:19.0571 1104 BthEnum - ok
15:12:19.0618 1104 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:12:19.0634 1104 BTHMODEM - ok
15:12:19.0665 1104 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:12:19.0665 1104 BthPan - ok
15:12:19.0727 1104 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:12:19.0805 1104 BTHPORT - ok
15:12:19.0836 1104 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:12:19.0852 1104 bthserv - ok
15:12:19.0883 1104 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:12:19.0946 1104 BTHUSB - ok
15:12:19.0992 1104 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
15:12:20.0055 1104 btusbflt - ok
15:12:20.0070 1104 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
15:12:20.0164 1104 btwaudio - ok
15:12:20.0211 1104 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\windows\system32\drivers\btwavdt.sys
15:12:20.0273 1104 btwavdt - ok
15:12:20.0429 1104 [ DCF8D8F1F87743509D9C0207CB28637D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:12:20.0507 1104 btwdins - ok
15:12:20.0585 1104 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
15:12:20.0663 1104 btwl2cap - ok
15:12:20.0679 1104 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
15:12:20.0757 1104 btwrchid - ok
15:12:20.0819 1104 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:12:20.0835 1104 cdfs - ok
15:12:20.0882 1104 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:12:20.0960 1104 cdrom - ok
15:12:21.0006 1104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:12:21.0069 1104 CertPropSvc - ok
15:12:21.0116 1104 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\windows\system32\drivers\cfwids.sys
15:12:21.0194 1104 cfwids - ok
15:12:21.0225 1104 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
15:12:21.0225 1104 circlass - ok
15:12:21.0287 1104 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:12:21.0303 1104 CLFS - ok
15:12:21.0365 1104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:12:21.0381 1104 clr_optimization_v2.0.50727_32 - ok
15:12:21.0428 1104 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:12:21.0443 1104 clr_optimization_v2.0.50727_64 - ok
15:12:21.0615 1104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:12:21.0693 1104 clr_optimization_v4.0.30319_32 - ok
15:12:21.0771 1104 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:12:21.0849 1104 clr_optimization_v4.0.30319_64 - ok
15:12:21.0911 1104 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:12:21.0911 1104 CmBatt - ok
15:12:21.0942 1104 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:12:21.0958 1104 cmdide - ok
15:12:22.0005 1104 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:12:22.0067 1104 CNG - ok
15:12:22.0114 1104 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
15:12:22.0130 1104 Compbatt - ok
15:12:22.0176 1104 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
15:12:22.0239 1104 CompositeBus - ok
15:12:22.0286 1104 COMSysApp - ok
15:12:22.0301 1104 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
15:12:22.0301 1104 crcdisk - ok
15:12:22.0364 1104 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
15:12:22.0395 1104 CryptSvc - ok
15:12:22.0504 1104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:12:22.0504 1104 DcomLaunch - ok
15:12:22.0598 1104 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:12:22.0613 1104 defragsvc - ok
15:12:22.0676 1104 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:12:22.0722 1104 DfsC - ok
15:12:22.0785 1104 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:12:22.0832 1104 Dhcp - ok
15:12:22.0878 1104 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:12:22.0878 1104 discache - ok
15:12:22.0941 1104 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
15:12:22.0941 1104 Disk - ok
15:12:23.0019 1104 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:12:23.0034 1104 Dnscache - ok
15:12:23.0081 1104 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:12:23.0112 1104 dot3svc - ok
15:12:23.0128 1104 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:12:23.0175 1104 DPS - ok
15:12:23.0206 1104 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:12:23.0206 1104 drmkaud - ok
15:12:23.0268 1104 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:12:23.0331 1104 DXGKrnl - ok
15:12:23.0378 1104 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:12:23.0378 1104 EapHost - ok
15:12:23.0534 1104 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
15:12:23.0627 1104 ebdrv - ok
15:12:23.0674 1104 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:12:23.0721 1104 EFS - ok
15:12:23.0877 1104 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:12:23.0924 1104 ehRecvr - ok
15:12:23.0955 1104 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:12:23.0986 1104 ehSched - ok
15:12:24.0049 1104 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
15:12:24.0064 1104 elxstor - ok
15:12:24.0095 1104 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:12:24.0111 1104 ErrDev - ok
15:12:24.0142 1104 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:12:24.0158 1104 EventSystem - ok
15:12:24.0205 1104 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:12:24.0220 1104 exfat - ok
15:12:24.0267 1104 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:12:24.0267 1104 fastfat - ok
15:12:24.0314 1104 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:12:24.0376 1104 Fax - ok
15:12:24.0392 1104 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
15:12:24.0407 1104 fdc - ok
15:12:24.0454 1104 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:12:24.0454 1104 fdPHost - ok
15:12:24.0470 1104 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:12:24.0470 1104 FDResPub - ok
15:12:24.0501 1104 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:12:24.0501 1104 FileInfo - ok
15:12:24.0517 1104 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:12:24.0517 1104 Filetrace - ok
15:12:24.0532 1104 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:12:24.0548 1104 flpydisk - ok
15:12:24.0641 1104 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:12:24.0641 1104 FltMgr - ok
15:12:24.0751 1104 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:12:24.0782 1104 FontCache - ok
15:12:24.0875 1104 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:12:24.0938 1104 FontCache3.0.0.0 - ok
15:12:24.0985 1104 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:12:24.0985 1104 FsDepends - ok
15:12:25.0047 1104 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
15:12:25.0078 1104 fssfltr - ok
15:12:25.0312 1104 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:12:25.0406 1104 fsssvc - ok
15:12:25.0453 1104 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:12:25.0515 1104 Fs_Rec - ok
15:12:25.0577 1104 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:12:25.0640 1104 fvevol - ok
15:12:25.0687 1104 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
15:12:25.0687 1104 gagp30kx - ok
15:12:25.0733 1104 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:12:25.0780 1104 GEARAspiWDM - ok
15:12:25.0827 1104 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:12:25.0858 1104 gpsvc - ok
15:12:26.0030 1104 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:12:26.0030 1104 gupdate - ok
15:12:26.0045 1104 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:12:26.0061 1104 gupdatem - ok
15:12:26.0077 1104 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:12:26.0077 1104 hcw85cir - ok
15:12:26.0139 1104 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:12:26.0186 1104 HdAudAddService - ok
15:12:26.0233 1104 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
15:12:26.0233 1104 HDAudBus - ok
15:12:26.0248 1104 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
15:12:26.0264 1104 HidBatt - ok
15:12:26.0279 1104 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:12:26.0295 1104 HidBth - ok
15:12:26.0295 1104 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
15:12:26.0295 1104 HidIr - ok
15:12:26.0326 1104 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:12:26.0326 1104 hidserv - ok
15:12:26.0373 1104 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:12:26.0404 1104 HidUsb - ok
15:12:26.0451 1104 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:12:26.0482 1104 hkmsvc - ok
15:12:26.0529 1104 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:12:26.0576 1104 HomeGroupListener - ok
15:12:26.0623 1104 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:12:26.0669 1104 HomeGroupProvider - ok
15:12:26.0732 1104 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:12:26.0779 1104 HpSAMD - ok
15:12:26.0872 1104 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:12:26.0919 1104 HTTP - ok
15:12:26.0950 1104 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:12:26.0981 1104 hwpolicy - ok
15:12:27.0028 1104 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
15:12:27.0028 1104 i8042prt - ok
15:12:27.0091 1104 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:12:27.0106 1104 iaStor - ok
15:12:27.0137 1104 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:12:27.0200 1104 iaStorV - ok
15:12:27.0309 1104 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:12:27.0387 1104 idsvc - ok
15:12:27.0574 1104 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:12:27.0715 1104 igfx - ok
15:12:27.0777 1104 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
15:12:27.0777 1104 iirsp - ok
15:12:27.0855 1104 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:12:27.0917 1104 IKEEXT - ok
15:12:27.0995 1104 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
15:12:28.0042 1104 Impcd - ok
15:12:28.0214 1104 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:12:28.0276 1104 IntcAzAudAddService - ok
15:12:28.0292 1104 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:12:28.0307 1104 intelide - ok
15:12:28.0339 1104 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:12:28.0339 1104 intelppm - ok
15:12:28.0370 1104 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:12:28.0385 1104 IPBusEnum - ok
15:12:28.0417 1104 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:12:28.0479 1104 IpFilterDriver - ok
15:12:28.0510 1104 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:12:28.0557 1104 IPMIDRV - ok
15:12:28.0619 1104 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:12:28.0619 1104 IPNAT - ok
15:12:28.0713 1104 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:12:28.0760 1104 iPod Service - ok
15:12:28.0807 1104 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:12:28.0807 1104 IRENUM - ok
15:12:28.0838 1104 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:12:28.0853 1104 isapnp - ok
15:12:28.0900 1104 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:12:28.0947 1104 iScsiPrt - ok
15:12:28.0994 1104 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:12:28.0994 1104 kbdclass - ok
15:12:29.0025 1104 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:12:29.0072 1104 kbdhid - ok
15:12:29.0103 1104 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:12:29.0103 1104 KeyIso - ok
15:12:29.0150 1104 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:12:29.0181 1104 KSecDD - ok
15:12:29.0228 1104 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:12:29.0275 1104 KSecPkg - ok
15:12:29.0306 1104 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:12:29.0306 1104 ksthunk - ok
15:12:29.0368 1104 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:12:29.0368 1104 KtmRm - ok
15:12:29.0431 1104 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:12:29.0462 1104 LanmanServer - ok
15:12:29.0493 1104 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:12:29.0524 1104 LanmanWorkstation - ok
15:12:29.0587 1104 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\windows\runservice.exe
15:12:29.0633 1104 LicCtrlService - ok
15:12:29.0696 1104 [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:12:29.0743 1104 LightScribeService - ok
15:12:29.0789 1104 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:12:29.0805 1104 lltdio - ok
15:12:29.0836 1104 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:12:29.0852 1104 lltdsvc - ok
15:12:29.0867 1104 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:12:29.0867 1104 lmhosts - ok
15:12:29.0930 1104 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
15:12:29.0930 1104 LSI_FC - ok
15:12:29.0945 1104 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
15:12:29.0945 1104 LSI_SAS - ok
15:12:29.0961 1104 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
15:12:29.0961 1104 LSI_SAS2 - ok
15:12:29.0977 1104 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
15:12:29.0992 1104 LSI_SCSI - ok
15:12:30.0023 1104 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:12:30.0023 1104 luafv - ok
15:12:30.0117 1104 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:12:30.0164 1104 McAfee SiteAdvisor Service - ok
15:12:30.0242 1104 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
15:12:30.0289 1104 McComponentHostService - ok
15:12:30.0351 1104 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:12:30.0351 1104 McMPFSvc - ok
15:12:30.0382 1104 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:12:30.0382 1104 mcmscsvc - ok
15:12:30.0398 1104 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:12:30.0398 1104 McNaiAnn - ok
15:12:30.0445 1104 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:12:30.0445 1104 McNASvc - ok
15:12:30.0585 1104 [ DD2321925274F2902929D76CE2B0EB45 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:12:30.0585 1104 McODS - ok
15:12:30.0663 1104 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:12:30.0663 1104 McProxy - ok
15:12:30.0725 1104 [ A0C364079E7AE6C3127BEE8E196F00E5 ] McPvDrv C:\windows\system32\drivers\McPvDrv.sys
15:12:30.0788 1104 McPvDrv - ok
15:12:30.0850 1104 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:12:30.0897 1104 McShield - ok
15:12:30.0944 1104 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:12:31.0006 1104 Mcx2Svc - ok
15:12:31.0022 1104 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
15:12:31.0037 1104 megasas - ok
15:12:31.0069 1104 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
15:12:31.0084 1104 MegaSR - ok
15:12:31.0147 1104 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
15:12:31.0193 1104 mfeapfk - ok
15:12:31.0256 1104 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
15:12:31.0303 1104 mfeavfk - ok
15:12:31.0303 1104 mfeavfk01 - ok
15:12:31.0365 1104 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:12:31.0412 1104 mfefire - ok
15:12:31.0474 1104 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
15:12:31.0521 1104 mfefirek - ok
15:12:31.0615 1104 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
15:12:31.0661 1104 mfehidk - ok
15:12:31.0708 1104 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
15:12:31.0771 1104 mfenlfk - ok
15:12:31.0833 1104 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\windows\system32\drivers\mferkdet.sys
15:12:31.0895 1104 mferkdet - ok
15:12:31.0911 1104 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\windows\system32\drivers\mferkdk.sys
15:12:31.0958 1104 mferkdk - ok
15:12:32.0005 1104 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\windows\system32\drivers\mfesmfk.sys
15:12:32.0036 1104 mfesmfk - ok
15:12:32.0098 1104 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\windows\system32\mfevtps.exe
15:12:32.0176 1104 mfevtp - ok
15:12:32.0270 1104 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
15:12:32.0332 1104 mfewfpk - ok
15:12:32.0363 1104 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:12:32.0363 1104 MMCSS - ok
15:12:32.0488 1104 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
15:12:32.0566 1104 MOBKbackup - ok
15:12:32.0660 1104 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\windows\system32\DRIVERS\MOBK.sys
15:12:32.0722 1104 MOBKFilter - ok
15:12:32.0738 1104 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:12:32.0738 1104 Modem - ok
15:12:32.0785 1104 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:12:32.0785 1104 monitor - ok
15:12:32.0831 1104 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:12:32.0847 1104 mouclass - ok
15:12:32.0878 1104 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:12:32.0878 1104 mouhid - ok
15:12:32.0925 1104 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:12:32.0987 1104 mountmgr - ok
15:12:33.0128 1104 [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:12:33.0206 1104 MozillaMaintenance - ok
15:12:33.0237 1104 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:12:33.0315 1104 mpio - ok
15:12:33.0346 1104 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:12:33.0363 1104 mpsdrv - ok
15:12:33.0410 1104 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:12:33.0503 1104 MRxDAV - ok
15:12:33.0550 1104 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:12:33.0597 1104 mrxsmb - ok
15:12:33.0628 1104 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:12:33.0690 1104 mrxsmb10 - ok
15:12:33.0737 1104 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:12:33.0800 1104 mrxsmb20 - ok
15:12:33.0831 1104 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:12:33.0909 1104 msahci - ok
15:12:33.0971 1104 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:12:34.0049 1104 msdsm - ok
15:12:34.0065 1104 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:12:34.0080 1104 MSDTC - ok
15:12:34.0112 1104 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:12:34.0112 1104 Msfs - ok
15:12:34.0127 1104 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:12:34.0127 1104 mshidkmdf - ok
15:12:34.0174 1104 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:12:34.0174 1104 msisadrv - ok
15:12:34.0205 1104 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:12:34.0221 1104 MSiSCSI - ok
15:12:34.0221 1104 msiserver - ok
15:12:34.0283 1104 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:12:34.0283 1104 MSK80Service - ok
15:12:34.0314 1104 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:12:34.0330 1104 MSKSSRV - ok
15:12:34.0346 1104 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:12:34.0361 1104 MSPCLOCK - ok
15:12:34.0361 1104 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:12:34.0377 1104 MSPQM - ok
15:12:34.0424 1104 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:12:34.0470 1104 MsRPC - ok
15:12:34.0502 1104 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
15:12:34.0502 1104 mssmbios - ok
15:12:34.0533 1104 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:12:34.0533 1104 MSTEE - ok
15:12:34.0548 1104 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
15:12:34.0564 1104 MTConfig - ok
15:12:34.0595 1104 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:12:34.0611 1104 Mup - ok
15:12:34.0642 1104 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:12:34.0704 1104 napagent - ok
15:12:34.0767 1104 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:12:34.0798 1104 NativeWifiP - ok
15:12:34.0860 1104 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:12:34.0876 1104 NDIS - ok
15:12:34.0907 1104 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:12:34.0907 1104 NdisCap - ok
15:12:34.0954 1104 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:12:34.0970 1104 NdisTapi - ok
15:12:35.0016 1104 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:12:35.0110 1104 Ndisuio - ok
15:12:35.0188 1104 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:12:35.0250 1104 NdisWan - ok
15:12:35.0297 1104 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:12:35.0375 1104 NDProxy - ok
15:12:35.0391 1104 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:12:35.0406 1104 NetBIOS - ok
15:12:35.0453 1104 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:12:35.0500 1104 NetBT - ok
15:12:35.0531 1104 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:12:35.0531 1104 Netlogon - ok
15:12:35.0640 1104 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:12:35.0656 1104 Netman - ok
15:12:35.0734 1104 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:12:35.0750 1104 netprofm - ok
15:12:35.0781 1104 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:12:35.0781 1104 NetTcpPortSharing - ok
15:12:35.0843 1104 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
15:12:35.0859 1104 nfrd960 - ok
15:12:35.0906 1104 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
15:12:35.0984 1104 NlaSvc - ok
15:12:36.0062 1104 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\windows\system32\drivers\npf.sys
15:12:36.0140 1104 NPF - ok
15:12:36.0171 1104 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:12:36.0186 1104 Npfs - ok
15:12:36.0218 1104 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:12:36.0218 1104 nsi - ok
15:12:36.0233 1104 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:12:36.0249 1104 nsiproxy - ok
15:12:36.0389 1104 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:12:36.0498 1104 Ntfs - ok
15:12:36.0530 1104 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:12:36.0561 1104 Null - ok
15:12:36.0608 1104 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
15:12:36.0670 1104 NVHDA - ok
15:12:37.0216 1104 [ A518A34F345ABF771E66AC48932FFEA8 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
15:12:37.0341 1104 nvlddmkm - ok
15:12:37.0434 1104 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:12:37.0512 1104 nvraid - ok
15:12:37.0575 1104 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:12:37.0606 1104 nvstor - ok
15:12:37.0653 1104 [ 5FDEB48CD1A35C6754F6E345308B99D5 ] nvsvc C:\windows\system32\nvvsvc.exe
15:12:37.0715 1104 nvsvc - ok
15:12:37.0746 1104 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:12:37.0778 1104 nv_agp - ok
15:12:37.0902 1104 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:12:37.0980 1104 odserv - ok
15:12:38.0012 1104 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:12:38.0012 1104 ohci1394 - ok
15:12:38.0058 1104 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:12:38.0121 1104 ose - ok
15:12:38.0168 1104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:12:38.0183 1104 p2pimsvc - ok
15:12:38.0261 1104 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:12:38.0277 1104 p2psvc - ok
15:12:38.0308 1104 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
15:12:38.0324 1104 Parport - ok
15:12:38.0355 1104 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:12:38.0417 1104 partmgr - ok
15:12:38.0433 1104 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:12:38.0448 1104 PcaSvc - ok
15:12:38.0495 1104 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:12:38.0558 1104 pci - ok
15:12:38.0573 1104 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:12:38.0589 1104 pciide - ok
15:12:38.0636 1104 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
15:12:38.0651 1104 pcmcia - ok
15:12:38.0667 1104 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:12:38.0667 1104 pcw - ok
15:12:38.0698 1104 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:12:38.0714 1104 PEAUTH - ok
15:12:38.0807 1104 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:12:38.0807 1104 PerfHost - ok
15:12:38.0870 1104 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:12:38.0916 1104 pla - ok
15:12:38.0994 1104 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:12:38.0994 1104 PlugPlay - ok
15:12:39.0041 1104 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:12:39.0057 1104 PNRPAutoReg - ok
15:12:39.0088 1104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:12:39.0104 1104 PNRPsvc - ok
15:12:39.0213 1104 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:12:39.0244 1104 PolicyAgent - ok
15:12:39.0291 1104 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:12:39.0291 1104 Power - ok
15:12:39.0353 1104 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:12:39.0384 1104 PptpMiniport - ok
15:12:39.0416 1104 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
15:12:39.0416 1104 Processor - ok
15:12:39.0462 1104 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:12:39.0462 1104 ProfSvc - ok
15:12:39.0478 1104 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:12:39.0478 1104 ProtectedStorage - ok
15:12:39.0525 1104 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:12:39.0572 1104 Psched - ok
15:12:39.0696 1104 [ 56A6210ACA051227EAFEEFA628BB5A9B ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:12:39.0743 1104 QBCFMonitorService - ok
15:12:39.0821 1104 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:12:39.0868 1104 QBFCService - ok
15:12:40.0071 1104 [ D4FF4102640685C69BDC63F1674CE724 ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
15:12:40.0118 1104 QBVSS - ok
15:12:40.0180 1104 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
15:12:40.0211 1104 ql2300 - ok
15:12:40.0242 1104 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
15:12:40.0242 1104 ql40xx - ok
15:12:40.0258 1104 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:12:40.0274 1104 QWAVE - ok
15:12:40.0289 1104 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:12:40.0289 1104 QWAVEdrv - ok
15:12:40.0383 1104 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
15:12:40.0383 1104 RapiMgr - ok
15:12:40.0398 1104 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:12:40.0398 1104 RasAcd - ok
15:12:40.0445 1104 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:12:40.0445 1104 RasAgileVpn - ok
15:12:40.0476 1104 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:12:40.0476 1104 RasAuto - ok
15:12:40.0523 1104 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:12:40.0586 1104 Rasl2tp - ok
15:12:40.0632 1104 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:12:40.0695 1104 RasMan - ok
15:12:40.0742 1104 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:12:40.0757 1104 RasPppoe - ok
15:12:40.0773 1104 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:12:40.0788 1104 RasSstp - ok
15:12:40.0851 1104 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:12:40.0929 1104 rdbss - ok
15:12:40.0960 1104 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
15:12:40.0976 1104 rdpbus - ok
15:12:40.0991 1104 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:12:41.0007 1104 RDPCDD - ok
15:12:41.0007 1104 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:12:41.0022 1104 RDPENCDD - ok
15:12:41.0022 1104 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:12:41.0022 1104 RDPREFMP - ok
15:12:41.0085 1104 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:12:41.0147 1104 RDPWD - ok
15:12:41.0210 1104 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:12:41.0241 1104 rdyboost - ok
15:12:41.0288 1104 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:12:41.0288 1104 RemoteAccess - ok
15:12:41.0319 1104 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:12:41.0319 1104 RemoteRegistry - ok
15:12:41.0381 1104 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\windows\SysWOW64\Rezip.exe
15:12:41.0428 1104 Rezip - ok
15:12:41.0459 1104 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:12:41.0475 1104 RFCOMM - ok
15:12:41.0553 1104 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
15:12:41.0615 1104 rpcapd - ok
15:12:41.0646 1104 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:12:41.0646 1104 RpcEptMapper - ok
15:12:41.0678 1104 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:12:41.0693 1104 RpcLocator - ok
15:12:41.0724 1104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:12:41.0740 1104 RpcSs - ok
15:12:41.0787 1104 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:12:41.0787 1104 rspndr - ok
15:12:41.0802 1104 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:12:41.0818 1104 RTL8167 - ok
15:12:41.0849 1104 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
15:12:41.0896 1104 SABI - ok
15:12:41.0927 1104 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:12:41.0927 1104 SamSs - ok
15:12:41.0974 1104 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:12:42.0036 1104 sbp2port - ok
15:12:42.0068 1104 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:12:42.0083 1104 SCardSvr - ok
15:12:42.0099 1104 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:12:42.0146 1104 scfilter - ok
15:12:42.0208 1104 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:12:42.0239 1104 Schedule - ok
15:12:42.0302 1104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:12:42.0302 1104 SCPolicySvc - ok
15:12:42.0395 1104 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:12:42.0426 1104 SDRSVC - ok
15:12:42.0458 1104 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:12:42.0473 1104 secdrv - ok
15:12:42.0504 1104 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:12:42.0536 1104 seclogon - ok
15:12:42.0598 1104 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:12:42.0598 1104 SENS - ok
15:12:42.0629 1104 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:12:42.0629 1104 SensrSvc - ok
15:12:42.0660 1104 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
15:12:42.0676 1104 Serenum - ok
15:12:42.0707 1104 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
15:12:42.0707 1104 Serial - ok
15:12:42.0738 1104 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
15:12:42.0754 1104 sermouse - ok
15:12:42.0785 1104 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:12:42.0832 1104 SessionEnv - ok
15:12:42.0863 1104 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:12:42.0879 1104 sffdisk - ok
15:12:42.0910 1104 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:12:42.0910 1104 sffp_mmc - ok
15:12:42.0926 1104 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:12:42.0957 1104 sffp_sd - ok
15:12:42.0988 1104 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
15:12:42.0988 1104 sfloppy - ok
15:12:43.0019 1104 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:12:43.0066 1104 ShellHWDetection - ok
15:12:43.0082 1104 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
15:12:43.0097 1104 SiSRaid2 - ok
15:12:43.0113 1104 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
15:12:43.0113 1104 SiSRaid4 - ok
15:12:43.0222 1104 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:12:43.0222 1104 SkypeUpdate - ok
15:12:43.0253 1104 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:12:43.0253 1104 Smb - ok
15:12:43.0284 1104 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:12:43.0300 1104 SNMPTRAP - ok
15:12:43.0316 1104 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:12:43.0316 1104 spldr - ok
15:12:43.0362 1104 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:12:43.0409 1104 Spooler - ok
15:12:43.0628 1104 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:12:43.0643 1104 sppsvc - ok
15:12:43.0690 1104 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:12:43.0706 1104 sppuinotify - ok
15:12:43.0784 1104 [ 602884696850C86434530790B110E8EB ] sptd C:\windows\system32\Drivers\sptd.sys
15:12:43.0784 1104 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
15:12:43.0799 1104 sptd ( LockedFile.Multi.Generic ) - warning
15:12:43.0799 1104 sptd - detected LockedFile.Multi.Generic (1)
15:12:43.0830 1104 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:12:43.0908 1104 srv - ok
15:12:43.0986 1104 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:12:44.0049 1104 srv2 - ok
15:12:44.0096 1104 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:12:44.0142 1104 srvnet - ok
15:12:44.0205 1104 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:12:44.0220 1104 SSDPSRV - ok
15:12:44.0236 1104 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:12:44.0252 1104 SstpSvc - ok
15:12:44.0283 1104 Steam Client Service - ok
15:12:44.0314 1104 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
15:12:44.0314 1104 stexstor - ok
15:12:44.0376 1104 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
15:12:44.0376 1104 StillCam - ok
15:12:44.0439 1104 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:12:44.0470 1104 stisvc - ok
15:12:44.0517 1104 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
15:12:44.0517 1104 swenum - ok
15:12:44.0642 1104 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:12:44.0704 1104 SwitchBoard - ok
15:12:44.0782 1104 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:12:44.0798 1104 swprv - ok
15:12:44.0860 1104 [ 3C80203C725C28CEA5713D1AB242880A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
15:12:44.0907 1104 SynTP - ok
15:12:45.0078 1104 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:12:45.0141 1104 SysMain - ok
15:12:45.0172 1104 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:12:45.0203 1104 TabletInputService - ok
15:12:45.0234 1104 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:12:45.0281 1104 TapiSrv - ok
15:12:45.0312 1104 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:12:45.0312 1104 TBS - ok
15:12:45.0515 1104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:12:45.0624 1104 Tcpip - ok
15:12:45.0656 1104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:12:45.0671 1104 TCPIP6 - ok
15:12:45.0702 1104 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:12:45.0749 1104 tcpipreg - ok
15:12:45.0780 1104 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:12:45.0796 1104 TDPIPE - ok
15:12:45.0843 1104 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:12:45.0874 1104 TDTCP - ok
15:12:45.0921 1104 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:12:45.0968 1104 tdx - ok
15:12:45.0999 1104 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
15:12:46.0030 1104 TermDD - ok
15:12:46.0124 1104 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:12:46.0186 1104 TermService - ok
15:12:46.0233 1104 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:12:46.0233 1104 Themes - ok
15:12:46.0280 1104 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:12:46.0280 1104 THREADORDER - ok
15:12:46.0326 1104 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:12:46.0342 1104 TrkWks - ok
15:12:46.0420 1104 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:12:46.0467 1104 TrustedInstaller - ok
15:12:46.0482 1104 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:12:46.0529 1104 tssecsrv - ok
15:12:46.0576 1104 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:12:46.0623 1104 TsUsbFlt - ok
15:12:46.0685 1104 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:12:46.0716 1104 tunnel - ok
15:12:46.0763 1104 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
15:12:46.0810 1104 TurboB - ok
15:12:46.0904 1104 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:12:46.0935 1104 TurboBoost - ok
15:12:46.0982 1104 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
15:12:47.0013 1104 uagp35 - ok
15:12:47.0044 1104 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:12:47.0091 1104 udfs - ok
15:12:47.0106 1104 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:12:47.0122 1104 UI0Detect - ok
15:12:47.0153 1104 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:12:47.0169 1104 uliagpkx - ok
15:12:47.0216 1104 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
15:12:47.0262 1104 umbus - ok
15:12:47.0325 1104 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
15:12:47.0325 1104 UmPass - ok
15:12:47.0340 1104 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:12:47.0356 1104 upnphost - ok
15:12:47.0403 1104 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
15:12:47.0450 1104 USBAAPL64 - ok
15:12:47.0496 1104 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:12:47.0543 1104 usbccgp - ok
15:12:47.0574 1104 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:12:47.0590 1104 usbcir - ok
15:12:47.0637 1104 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
15:12:47.0668 1104 usbehci - ok
15:12:47.0715 1104 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:12:47.0762 1104 usbhub - ok
15:12:47.0777 1104 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:12:47.0824 1104 usbohci - ok
15:12:47.0840 1104 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:12:47.0855 1104 usbprint - ok
15:12:47.0886 1104 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:12:47.0886 1104 usbscan - ok
15:12:47.0918 1104 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:12:47.0964 1104 USBSTOR - ok
15:12:47.0980 1104 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:12:48.0027 1104 usbuhci - ok
15:12:48.0058 1104 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
15:12:48.0105 1104 usbvideo - ok
15:12:48.0152 1104 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
15:12:48.0152 1104 usb_rndisx - ok
15:12:48.0183 1104 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:12:48.0183 1104 UxSms - ok
15:12:48.0198 1104 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:12:48.0198 1104 VaultSvc - ok
15:12:48.0245 1104 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:12:48.0245 1104 vdrvroot - ok
15:12:48.0276 1104 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:12:48.0354 1104 vds - ok
15:12:48.0386 1104 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:12:48.0386 1104 vga - ok
15:12:48.0401 1104 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:12:48.0417 1104 VgaSave - ok
15:12:48.0448 1104 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:12:48.0510 1104 vhdmp - ok
15:12:48.0557 1104 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:12:48.0557 1104 viaide - ok
15:12:48.0604 1104 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:12:48.0666 1104 volmgr - ok
15:12:48.0713 1104 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:12:48.0776 1104 volmgrx - ok
15:12:48.0838 1104 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:12:48.0916 1104 volsnap - ok
15:12:48.0963 1104 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
15:12:48.0978 1104 vsmraid - ok
15:12:49.0041 1104 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:12:49.0056 1104 VSS - ok
15:12:49.0072 1104 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:12:49.0103 1104 vwifibus - ok
15:12:49.0150 1104 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:12:49.0166 1104 vwififlt - ok
15:12:49.0212 1104 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:12:49.0228 1104 W32Time - ok
15:12:49.0244 1104 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
15:12:49.0244 1104 WacomPen - ok
15:12:49.0306 1104 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:12:49.0353 1104 WANARP - ok
15:12:49.0368 1104 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:12:49.0368 1104 Wanarpv6 - ok
15:12:49.0431 1104 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:12:49.0509 1104 WatAdminSvc - ok
15:12:49.0665 1104 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:12:49.0758 1104 wbengine - ok
15:12:49.0790 1104 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:12:49.0805 1104 WbioSrvc - ok
15:12:49.0868 1104 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
15:12:49.0868 1104 WcesComm - ok
15:12:49.0930 1104 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:12:49.0977 1104 wcncsvc - ok
15:12:50.0024 1104 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:12:50.0039 1104 WcsPlugInService - ok
15:12:50.0055 1104 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
15:12:50.0070 1104 Wd - ok
15:12:50.0086 1104 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:12:50.0117 1104 Wdf01000 - ok
15:12:50.0133 1104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:12:50.0133 1104 WdiServiceHost - ok
15:12:50.0148 1104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:12:50.0148 1104 WdiSystemHost - ok
15:12:50.0211 1104 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:12:50.0273 1104 WebClient - ok
15:12:50.0336 1104 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:12:50.0351 1104 Wecsvc - ok
15:12:50.0367 1104 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:12:50.0367 1104 wercplsupport - ok
15:12:50.0382 1104 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:12:50.0382 1104 WerSvc - ok
15:12:50.0429 1104 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:12:50.0429 1104 WfpLwf - ok
15:12:50.0445 1104 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:12:50.0445 1104 WIMMount - ok
15:12:50.0460 1104 WinHttpAutoProxySvc - ok
15:12:50.0570 1104 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:12:50.0585 1104 Winmgmt - ok
15:12:50.0866 1104 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:12:50.0975 1104 WinRM - ok
15:12:51.0053 1104 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:12:51.0131 1104 WinUsb - ok
15:12:51.0225 1104 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:12:51.0240 1104 Wlansvc - ok
15:12:51.0568 1104 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:12:51.0677 1104 wlidsvc - ok
15:12:51.0724 1104 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:12:51.0740 1104 WmiAcpi - ok
15:12:51.0786 1104 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:12:51.0802 1104 wmiApSrv - ok
15:12:51.0833 1104 WMPNetworkSvc - ok
15:12:51.0849 1104 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:12:51.0880 1104 WPCSvc - ok
15:12:51.0911 1104 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:12:51.0974 1104 WPDBusEnum - ok
15:12:52.0020 1104 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:12:52.0036 1104 ws2ifsl - ok
15:12:52.0036 1104 WSearch - ok
15:12:52.0067 1104 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:12:52.0130 1104 WudfPf - ok
15:12:52.0176 1104 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:12:52.0239 1104 WUDFRd - ok
15:12:52.0301 1104 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:12:52.0379 1104 wudfsvc - ok
15:12:52.0442 1104 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:12:52.0457 1104 WwanSvc - ok
15:12:52.0504 1104 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
15:12:52.0504 1104 yukonw7 - ok
15:12:52.0644 1104 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
15:12:52.0691 1104 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
15:12:52.0691 1104 ================ Scan global ===============================
15:12:52.0722 1104 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:12:52.0785 1104 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
15:12:52.0785 1104 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
15:12:52.0832 1104 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:12:52.0878 1104 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\windows\system32\services.exe
15:12:52.0878 1104 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
15:12:52.0878 1104 C:\windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
15:12:52.0878 1104 ================ Scan MBR ==================================
15:12:52.0894 1104 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
15:12:53.0580 1104 \Device\Harddisk0\DR0 - ok
15:12:53.0596 1104 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:12:56.0076 1104 \Device\Harddisk1\DR1 - ok
15:12:56.0076 1104 ================ Scan VBR ==================================
15:12:56.0092 1104 [ CCBBA108912018E2AB36037DBAD94978 ] \Device\Harddisk0\DR0\Partition1
15:12:56.0123 1104 \Device\Harddisk0\DR0\Partition1 - ok
15:12:56.0139 1104 [ 16C5001EBE124ABE20026AAD0D785362 ] \Device\Harddisk0\DR0\Partition2
15:12:56.0139 1104 \Device\Harddisk0\DR0\Partition2 - ok
15:12:56.0170 1104 [ 23D94476B3B8C2190BB198D7B72B2A6A ] \Device\Harddisk0\DR0\Partition3
15:12:56.0170 1104 \Device\Harddisk0\DR0\Partition3 - ok
15:12:56.0170 1104 [ B9B4527E34AB7A806B0AE463072B16A8 ] \Device\Harddisk1\DR1\Partition1
15:12:56.0170 1104 \Device\Harddisk1\DR1\Partition1 - ok
15:12:56.0170 1104 ============================================================
15:12:56.0170 1104 Scan finished
15:12:56.0170 1104 ============================================================
15:12:56.0186 3876 Detected object count: 2
15:12:56.0186 3876 Actual detected object count: 2
15:13:25.0078 3876 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:13:25.0078 3876 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:13:25.0125 3876 C:\windows\system32\services.exe - copied to quarantine
15:13:26.0981 3876 C:\windows\assembly\GAC_32\desktop.ini - copied to quarantine
15:13:27.0090 3876 C:\windows\assembly\GAC_64\desktop.ini - copied to quarantine
15:13:27.0465 3876 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\@ - copied to quarantine
15:13:27.0480 3876 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\L\00000004.@ - copied to quarantine
15:13:27.0480 3876 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\L\201d3dde - copied to quarantine
15:13:27.0496 3876 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000000.@ - copied to quarantine
15:13:27.0527 3876 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000064.@ - copied to quarantine
15:14:11.0849 3876 Backup copy not found, trying to cure infected file..
15:14:11.0849 3876 C:\windows\system32\services.exe - Cure failed (FFFFFFFF)
15:14:11.0849 3876 C:\windows\system32\services.exe - processing error
15:14:11.0849 3876 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
15:15:17.0993 0844 ============================================================
15:15:17.0993 0844 Scan started
15:15:17.0993 0844 Mode: Manual;
15:15:17.0993 0844 ============================================================
15:15:18.0414 0844 ================ Scan system memory ========================
15:15:18.0414 0844 System memory - ok
15:15:18.0414 0844 ================ Scan services =============================
15:15:18.0554 0844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:15:18.0554 0844 1394ohci - ok
15:15:18.0586 0844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:15:18.0586 0844 ACPI - ok
15:15:18.0586 0844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:15:18.0586 0844 AcpiPmi - ok
15:15:18.0710 0844 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:15:18.0726 0844 AdobeARMservice - ok
15:15:18.0757 0844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
15:15:18.0757 0844 adp94xx - ok
15:15:18.0773 0844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
15:15:18.0788 0844 adpahci - ok
15:15:18.0820 0844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
15:15:18.0820 0844 adpu320 - ok
15:15:18.0851 0844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:15:18.0851 0844 AeLookupSvc - ok
15:15:18.0898 0844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:15:18.0898 0844 AFD - ok
15:15:18.0929 0844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:15:18.0929 0844 agp440 - ok
15:15:18.0960 0844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:15:18.0960 0844 ALG - ok
15:15:18.0976 0844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:15:18.0976 0844 aliide - ok
15:15:18.0991 0844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:15:18.0991 0844 amdide - ok
15:15:19.0007 0844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
15:15:19.0007 0844 AmdK8 - ok
15:15:19.0054 0844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
15:15:19.0054 0844 AmdPPM - ok
15:15:19.0100 0844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:15:19.0100 0844 amdsata - ok
15:15:19.0116 0844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
15:15:19.0116 0844 amdsbs - ok
15:15:19.0147 0844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:15:19.0147 0844 amdxata - ok
15:15:19.0178 0844 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\windows\system32\DRIVERS\lgandbus64.sys
15:15:19.0178 0844 Andbus - ok
15:15:19.0210 0844 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\windows\system32\DRIVERS\lganddiag64.sys
15:15:19.0210 0844 AndDiag - ok
15:15:19.0241 0844 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\windows\system32\DRIVERS\lgandgps64.sys
15:15:19.0241 0844 AndGps - ok
15:15:19.0272 0844 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\windows\system32\DRIVERS\lgandmodem64.sys
15:15:19.0272 0844 ANDModem - ok
15:15:19.0303 0844 [ 9C1751B2E733471AE07561028B7D2A9B ] androidusb C:\windows\system32\Drivers\lgandadb.sys
15:15:19.0303 0844 androidusb - ok
15:15:19.0334 0844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:15:19.0334 0844 AppID - ok
15:15:19.0366 0844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:15:19.0366 0844 AppIDSvc - ok
15:15:19.0397 0844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:15:19.0397 0844 Appinfo - ok
15:15:19.0444 0844 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:15:19.0444 0844 Apple Mobile Device - ok
15:15:19.0459 0844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
15:15:19.0459 0844 arc - ok
15:15:19.0490 0844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
15:15:19.0490 0844 arcsas - ok
15:15:19.0506 0844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:15:19.0506 0844 AsyncMac - ok
15:15:19.0522 0844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:15:19.0522 0844 atapi - ok
15:15:19.0615 0844 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\windows\system32\DRIVERS\athrx.sys
15:15:19.0615 0844 athr - ok
15:15:19.0662 0844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:15:19.0662 0844 AudioEndpointBuilder - ok
15:15:19.0678 0844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:15:19.0678 0844 AudioSrv - ok
15:15:19.0709 0844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:15:19.0709 0844 AxInstSV - ok
15:15:19.0756 0844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
15:15:19.0756 0844 b06bdrv - ok
15:15:19.0771 0844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:15:19.0771 0844 b57nd60a - ok
15:15:19.0802 0844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:15:19.0802 0844 BDESVC - ok
15:15:19.0818 0844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:15:19.0818 0844 Beep - ok
15:15:19.0834 0844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:15:19.0834 0844 blbdrive - ok
15:15:19.0896 0844 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:15:19.0896 0844 Bonjour Service - ok
15:15:19.0943 0844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:15:19.0943 0844 bowser - ok
15:15:19.0958 0844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
15:15:19.0958 0844 BrFiltLo - ok
15:15:19.0990 0844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
15:15:19.0990 0844 BrFiltUp - ok
15:15:20.0036 0844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:15:20.0036 0844 Browser - ok
15:15:20.0068 0844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:15:20.0068 0844 Brserid - ok
15:15:20.0083 0844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:15:20.0083 0844 BrSerWdm - ok
15:15:20.0114 0844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:15:20.0114 0844 BrUsbMdm - ok
15:15:20.0130 0844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:15:20.0130 0844 BrUsbSer - ok
15:15:20.0161 0844 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:15:20.0161 0844 BthEnum - ok
15:15:20.0177 0844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:15:20.0177 0844 BTHMODEM - ok
15:15:20.0208 0844 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:15:20.0208 0844 BthPan - ok
15:15:20.0255 0844 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:15:20.0255 0844 BTHPORT - ok
15:15:20.0286 0844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:15:20.0286 0844 bthserv - ok
15:15:20.0302 0844 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:15:20.0302 0844 BTHUSB - ok
15:15:20.0333 0844 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
15:15:20.0333 0844 btusbflt - ok
15:15:20.0348 0844 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
15:15:20.0348 0844 btwaudio - ok
15:15:20.0364 0844 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\windows\system32\drivers\btwavdt.sys
15:15:20.0364 0844 btwavdt - ok
15:15:20.0411 0844 [ DCF8D8F1F87743509D9C0207CB28637D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:15:20.0411 0844 btwdins - ok
15:15:20.0442 0844 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
15:15:20.0442 0844 btwl2cap - ok
15:15:20.0458 0844 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
15:15:20.0458 0844 btwrchid - ok
15:15:20.0489 0844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:15:20.0489 0844 cdfs - ok
15:15:20.0536 0844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:15:20.0536 0844 cdrom - ok
15:15:20.0582 0844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:15:20.0582 0844 CertPropSvc - ok
15:15:20.0614 0844 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\windows\system32\drivers\cfwids.sys
15:15:20.0629 0844 cfwids - ok
15:15:20.0660 0844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
15:15:20.0660 0844 circlass - ok
15:15:20.0692 0844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:15:20.0692 0844 CLFS - ok
15:15:20.0770 0844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:20.0770 0844 clr_optimization_v2.0.50727_32 - ok
15:15:20.0832 0844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:15:20.0832 0844 clr_optimization_v2.0.50727_64 - ok
15:15:20.0910 0844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:20.0910 0844 clr_optimization_v4.0.30319_32 - ok
15:15:20.0941 0844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:15:20.0941 0844 clr_optimization_v4.0.30319_64 - ok
15:15:20.0957 0844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:15:20.0957 0844 CmBatt - ok
15:15:21.0004 0844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:15:21.0004 0844 cmdide - ok
15:15:21.0035 0844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:15:21.0035 0844 CNG - ok
15:15:21.0050 0844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
15:15:21.0050 0844 Compbatt - ok
15:15:21.0082 0844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
15:15:21.0082 0844 CompositeBus - ok
15:15:21.0097 0844 COMSysApp - ok
15:15:21.0128 0844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
15:15:21.0128 0844 crcdisk - ok
15:15:21.0160 0844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
15:15:21.0160 0844 CryptSvc - ok
15:15:21.0206 0844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:15:21.0206 0844 DcomLaunch - ok
15:15:21.0238 0844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:15:21.0238 0844 defragsvc - ok
15:15:21.0269 0844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:15:21.0269 0844 DfsC - ok
15:15:21.0300 0844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:15:21.0300 0844 Dhcp - ok
15:15:21.0316 0844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:15:21.0316 0844 discache - ok
15:15:21.0331 0844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
15:15:21.0331 0844 Disk - ok
15:15:21.0394 0844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:15:21.0394 0844 Dnscache - ok
15:15:21.0440 0844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:15:21.0440 0844 dot3svc - ok
15:15:21.0456 0844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:15:21.0456 0844 DPS - ok
15:15:21.0472 0844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:15:21.0472 0844 drmkaud - ok
15:15:21.0518 0844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:15:21.0534 0844 DXGKrnl - ok
15:15:21.0550 0844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:15:21.0550 0844 EapHost - ok
15:15:21.0659 0844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
15:15:21.0674 0844 ebdrv - ok
15:15:21.0737 0844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:15:21.0737 0844 EFS - ok
15:15:21.0799 0844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:15:21.0799 0844 ehRecvr - ok
15:15:21.0830 0844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:15:21.0830 0844 ehSched - ok
15:15:21.0862 0844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
15:15:21.0862 0844 elxstor - ok
15:15:21.0908 0844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:15:21.0908 0844 ErrDev - ok
15:15:21.0940 0844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:15:21.0955 0844 EventSystem - ok
15:15:21.0971 0844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:15:21.0971 0844 exfat - ok
15:15:22.0002 0844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:15:22.0002 0844 fastfat - ok
15:15:22.0049 0844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:15:22.0049 0844 Fax - ok
15:15:22.0064 0844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
15:15:22.0064 0844 fdc - ok
15:15:22.0080 0844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:15:22.0080 0844 fdPHost - ok
15:15:22.0096 0844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:15:22.0096 0844 FDResPub - ok
15:15:22.0127 0844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:15:22.0127 0844 FileInfo - ok
15:15:22.0142 0844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:15:22.0158 0844 Filetrace - ok
15:15:22.0158 0844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:15:22.0158 0844 flpydisk - ok
15:15:22.0205 0844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:15:22.0205 0844 FltMgr - ok
15:15:22.0252 0844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:15:22.0252 0844 FontCache - ok
15:15:22.0314 0844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:15:22.0314 0844 FontCache3.0.0.0 - ok
15:15:22.0345 0844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:15:22.0345 0844 FsDepends - ok
15:15:22.0361 0844 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
15:15:22.0361 0844 fssfltr - ok
15:15:22.0454 0844 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:15:22.0470 0844 fsssvc - ok
15:15:22.0486 0844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:15:22.0486 0844 Fs_Rec - ok
15:15:22.0532 0844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:15:22.0532 0844 fvevol - ok
15:15:22.0564 0844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
15:15:22.0564 0844 gagp30kx - ok
15:15:22.0595 0844 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:15:22.0595 0844 GEARAspiWDM - ok
15:15:22.0642 0844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:15:22.0642 0844 gpsvc - ok
15:15:22.0751 0844 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:15:22.0751 0844 gupdate - ok
15:15:22.0751 0844 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:15:22.0751 0844 gupdatem - ok
15:15:22.0782 0844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:15:22.0782 0844 hcw85cir - ok
15:15:22.0813 0844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:15:22.0813 0844 HdAudAddService - ok
15:15:22.0860 0844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
15:15:22.0860 0844 HDAudBus - ok
15:15:22.0907 0844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
15:15:22.0907 0844 HidBatt - ok
15:15:22.0922 0844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:15:22.0922 0844 HidBth - ok
15:15:22.0938 0844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
15:15:22.0938 0844 HidIr - ok
15:15:22.0969 0844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:15:22.0969 0844 hidserv - ok
15:15:23.0000 0844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:15:23.0000 0844 HidUsb - ok
15:15:23.0032 0844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:15:23.0047 0844 hkmsvc - ok
15:15:23.0078 0844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:15:23.0078 0844 HomeGroupListener - ok
15:15:23.0110 0844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:15:23.0125 0844 HomeGroupProvider - ok
15:15:23.0156 0844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:15:23.0156 0844 HpSAMD - ok
15:15:23.0203 0844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:15:23.0203 0844 HTTP - ok
15:15:23.0250 0844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:15:23.0250 0844 hwpolicy - ok
15:15:23.0266 0844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
15:15:23.0266 0844 i8042prt - ok
15:15:23.0312 0844 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:15:23.0312 0844 iaStor - ok
15:15:23.0328 0844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:15:23.0328 0844 iaStorV - ok
15:15:23.0390 0844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:15:23.0406 0844 idsvc - ok
15:15:23.0546 0844 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:15:23.0578 0844 igfx - ok
15:15:23.0609 0844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
15:15:23.0609 0844 iirsp - ok
15:15:23.0656 0844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:15:23.0671 0844 IKEEXT - ok
15:15:23.0702 0844 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
15:15:23.0702 0844 Impcd - ok
15:15:23.0812 0844 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:15:23.0812 0844 IntcAzAudAddService - ok
15:15:23.0843 0844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:15:23.0843 0844 intelide - ok
15:15:23.0874 0844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:15:23.0874 0844 intelppm - ok
15:15:23.0890 0844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:15:23.0905 0844 IPBusEnum - ok
15:15:23.0936 0844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:15:23.0936 0844 IpFilterDriver - ok
15:15:23.0968 0844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:15:23.0968 0844 IPMIDRV - ok
15:15:23.0983 0844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:15:23.0983 0844 IPNAT - ok
15:15:24.0061 0844 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:15:24.0077 0844 iPod Service - ok
15:15:24.0108 0844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:15:24.0108 0844 IRENUM - ok
15:15:24.0155 0844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:15:24.0155 0844 isapnp - ok
15:15:24.0217 0844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:15:24.0217 0844 iScsiPrt - ok
15:15:24.0248 0844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:15:24.0248 0844 kbdclass - ok
15:15:24.0264 0844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:15:24.0264 0844 kbdhid - ok
15:15:24.0280 0844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:15:24.0280 0844 KeyIso - ok
15:15:24.0326 0844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:15:24.0326 0844 KSecDD - ok
15:15:24.0358 0844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:15:24.0358 0844 KSecPkg - ok
15:15:24.0389 0844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:15:24.0389 0844 ksthunk - ok
15:15:24.0420 0844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:15:24.0420 0844 KtmRm - ok
15:15:24.0467 0844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:15:24.0467 0844 LanmanServer - ok
15:15:24.0514 0844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:15:24.0514 0844 LanmanWorkstation - ok
15:15:24.0560 0844 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\windows\runservice.exe
15:15:24.0560 0844 LicCtrlService - ok
15:15:24.0638 0844 [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:15:24.0638 0844 LightScribeService - ok
15:15:24.0654 0844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:15:24.0654 0844 lltdio - ok
15:15:24.0685 0844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:15:24.0685 0844 lltdsvc - ok
15:15:24.0701 0844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:15:24.0701 0844 lmhosts - ok
15:15:24.0732 0844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
15:15:24.0732 0844 LSI_FC - ok
15:15:24.0748 0844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
15:15:24.0763 0844 LSI_SAS - ok
15:15:24.0779 0844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
15:15:24.0779 0844 LSI_SAS2 - ok
15:15:24.0794 0844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
15:15:24.0794 0844 LSI_SCSI - ok
15:15:24.0810 0844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:15:24.0810 0844 luafv - ok
15:15:24.0872 0844 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:24.0872 0844 McAfee SiteAdvisor Service - ok
15:15:24.0919 0844 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
15:15:24.0919 0844 McComponentHostService - ok
15:15:24.0935 0844 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:24.0935 0844 McMPFSvc - ok
15:15:24.0950 0844 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:24.0950 0844 mcmscsvc - ok
15:15:24.0950 0844 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:24.0966 0844 McNaiAnn - ok
15:15:24.0966 0844 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:24.0966 0844 McNASvc - ok
15:15:25.0060 0844 [ DD2321925274F2902929D76CE2B0EB45 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:15:25.0075 0844 McODS - ok
15:15:25.0091 0844 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:25.0091 0844 McProxy - ok
15:15:25.0138 0844 [ A0C364079E7AE6C3127BEE8E196F00E5 ] McPvDrv C:\windows\system32\drivers\McPvDrv.sys
15:15:25.0138 0844 McPvDrv - ok
15:15:25.0184 0844 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:15:25.0184 0844 McShield - ok
15:15:25.0216 0844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:15:25.0231 0844 Mcx2Svc - ok
15:15:25.0247 0844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
15:15:25.0247 0844 megasas - ok
15:15:25.0278 0844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
15:15:25.0278 0844 MegaSR - ok
15:15:25.0309 0844 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
15:15:25.0309 0844 mfeapfk - ok
15:15:25.0340 0844 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
15:15:25.0340 0844 mfeavfk - ok
15:15:25.0340 0844 mfeavfk01 - ok
15:15:25.0387 0844 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:15:25.0387 0844 mfefire - ok
15:15:25.0403 0844 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
15:15:25.0403 0844 mfefirek - ok
15:15:25.0450 0844 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
15:15:25.0450 0844 mfehidk - ok
15:15:25.0481 0844 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
15:15:25.0481 0844 mfenlfk - ok
15:15:25.0496 0844 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\windows\system32\drivers\mferkdet.sys
15:15:25.0496 0844 mferkdet - ok
15:15:25.0528 0844 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\windows\system32\drivers\mferkdk.sys
15:15:25.0528 0844 mferkdk - ok
15:15:25.0559 0844 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\windows\system32\drivers\mfesmfk.sys
15:15:25.0559 0844 mfesmfk - ok
15:15:25.0590 0844 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\windows\system32\mfevtps.exe
15:15:25.0590 0844 mfevtp - ok
15:15:25.0652 0844 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
15:15:25.0652 0844 mfewfpk - ok
15:15:25.0668 0844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:15:25.0668 0844 MMCSS - ok
15:15:25.0746 0844 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
15:15:25.0746 0844 MOBKbackup - ok
15:15:25.0762 0844 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\windows\system32\DRIVERS\MOBK.sys
15:15:25.0762 0844 MOBKFilter - ok
15:15:25.0793 0844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:15:25.0793 0844 Modem - ok
15:15:25.0824 0844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:15:25.0824 0844 monitor - ok
15:15:25.0855 0844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:15:25.0855 0844 mouclass - ok
15:15:25.0871 0844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:15:25.0871 0844 mouhid - ok
15:15:25.0918 0844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:15:25.0918 0844 mountmgr - ok
15:15:25.0964 0844 [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:15:25.0964 0844 MozillaMaintenance - ok
15:15:25.0996 0844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:15:25.0996 0844 mpio - ok
15:15:26.0011 0844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:15:26.0011 0844 mpsdrv - ok
15:15:26.0058 0844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:15:26.0058 0844 MRxDAV - ok
15:15:26.0089 0844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:15:26.0105 0844 mrxsmb - ok
15:15:26.0136 0844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:15:26.0136 0844 mrxsmb10 - ok
15:15:26.0167 0844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:15:26.0167 0844 mrxsmb20 - ok
15:15:26.0198 0844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:15:26.0198 0844 msahci - ok
15:15:26.0245 0844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:15:26.0245 0844 msdsm - ok
15:15:26.0261 0844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:15:26.0261 0844 MSDTC - ok
15:15:26.0308 0844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:15:26.0308 0844 Msfs - ok
15:15:26.0323 0844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:15:26.0323 0844 mshidkmdf - ok
15:15:26.0323 0844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:15:26.0339 0844 msisadrv - ok
15:15:26.0370 0844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:15:26.0370 0844 MSiSCSI - ok
15:15:26.0370 0844 msiserver - ok
15:15:26.0401 0844 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:15:26.0401 0844 MSK80Service - ok
15:15:26.0417 0844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:15:26.0417 0844 MSKSSRV - ok
15:15:26.0417 0844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:15:26.0417 0844 MSPCLOCK - ok
15:15:26.0432 0844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:15:26.0432 0844 MSPQM - ok
15:15:26.0479 0844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:15:26.0479 0844 MsRPC - ok
15:15:26.0510 0844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
15:15:26.0526 0844 mssmbios - ok
15:15:26.0557 0844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:15:26.0557 0844 MSTEE - ok
15:15:26.0604 0844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
15:15:26.0604 0844 MTConfig - ok
15:15:26.0635 0844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:15:26.0635 0844 Mup - ok
15:15:26.0682 0844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:15:26.0682 0844 napagent - ok
15:15:26.0713 0844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:15:26.0713 0844 NativeWifiP - ok
15:15:26.0776 0844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:15:26.0791 0844 NDIS - ok
15:15:26.0791 0844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:15:26.0791 0844 NdisCap - ok
15:15:26.0822 0844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:15:26.0822 0844 NdisTapi - ok
15:15:26.0869 0844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:15:26.0869 0844 Ndisuio - ok
15:15:26.0900 0844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:15:26.0916 0844 NdisWan - ok
15:15:26.0947 0844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:15:26.0947 0844 NDProxy - ok
15:15:26.0978 0844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:15:26.0978 0844 NetBIOS - ok
15:15:27.0010 0844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:15:27.0010 0844 NetBT - ok
15:15:27.0041 0844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:15:27.0041 0844 Netlogon - ok
15:15:27.0056 0844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:15:27.0072 0844 Netman - ok
15:15:27.0088 0844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:15:27.0088 0844 netprofm - ok
15:15:27.0119 0844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:15:27.0119 0844 NetTcpPortSharing - ok
15:15:27.0150 0844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
15:15:27.0150 0844 nfrd960 - ok
15:15:27.0181 0844 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
15:15:27.0181 0844 NlaSvc - ok
15:15:27.0228 0844 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\windows\system32\drivers\npf.sys
15:15:27.0228 0844 NPF - ok
15:15:27.0244 0844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:15:27.0244 0844 Npfs - ok
15:15:27.0259 0844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:15:27.0259 0844 nsi - ok
15:15:27.0275 0844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:15:27.0275 0844 nsiproxy - ok
15:15:27.0337 0844 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:15:27.0353 0844 Ntfs - ok
15:15:27.0368 0844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:15:27.0368 0844 Null - ok
15:15:27.0400 0844 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
15:15:27.0400 0844 NVHDA - ok
15:15:27.0649 0844 [ A518A34F345ABF771E66AC48932FFEA8 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
15:15:27.0712 0844 nvlddmkm - ok
15:15:27.0743 0844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:15:27.0743 0844 nvraid - ok
15:15:27.0774 0844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:15:27.0774 0844 nvstor - ok
15:15:27.0805 0844 [ 5FDEB48CD1A35C6754F6E345308B99D5 ] nvsvc C:\windows\system32\nvvsvc.exe
15:15:27.0805 0844 nvsvc - ok
15:15:27.0836 0844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:15:27.0836 0844 nv_agp - ok
15:15:27.0930 0844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:15:27.0930 0844 odserv - ok
15:15:27.0961 0844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:15:27.0977 0844 ohci1394 - ok
15:15:27.0992 0844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:27.0992 0844 ose - ok
15:15:28.0024 0844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:15:28.0039 0844 p2pimsvc - ok
15:15:28.0055 0844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:15:28.0055 0844 p2psvc - ok
15:15:28.0086 0844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
15:15:28.0086 0844 Parport - ok
15:15:28.0133 0844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:15:28.0133 0844 partmgr - ok
15:15:28.0164 0844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:15:28.0164 0844 PcaSvc - ok
15:15:28.0195 0844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:15:28.0195 0844 pci - ok
15:15:28.0211 0844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:15:28.0211 0844 pciide - ok
15:15:28.0242 0844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
15:15:28.0242 0844 pcmcia - ok
15:15:28.0258 0844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:15:28.0258 0844 pcw - ok
15:15:28.0273 0844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:15:28.0289 0844 PEAUTH - ok
15:15:28.0351 0844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:15:28.0351 0844 PerfHost - ok
15:15:28.0414 0844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:15:28.0429 0844 pla - ok
15:15:28.0476 0844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:15:28.0476 0844 PlugPlay - ok
15:15:28.0507 0844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:15:28.0507 0844 PNRPAutoReg - ok
15:15:28.0523 0844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:15:28.0538 0844 PNRPsvc - ok
15:15:28.0601 0844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:15:28.0601 0844 PolicyAgent - ok
15:15:28.0632 0844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:15:28.0632 0844 Power - ok
15:15:28.0663 0844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:15:28.0663 0844 PptpMiniport - ok
15:15:28.0694 0844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
15:15:28.0694 0844 Processor - ok
15:15:28.0741 0844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:15:28.0741 0844 ProfSvc - ok
15:15:28.0757 0844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:15:28.0757 0844 ProtectedStorage - ok
15:15:28.0788 0844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:15:28.0804 0844 Psched - ok
15:15:28.0897 0844 [ 56A6210ACA051227EAFEEFA628BB5A9B ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:15:28.0897 0844 QBCFMonitorService - ok
15:15:28.0944 0844 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:15:28.0944 0844 QBFCService - ok
15:15:29.0022 0844 [ D4FF4102640685C69BDC63F1674CE724 ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
15:15:29.0038 0844 QBVSS - ok
15:15:29.0084 0844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
15:15:29.0084 0844 ql2300 - ok
15:15:29.0116 0844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
15:15:29.0116 0844 ql40xx - ok
15:15:29.0147 0844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:15:29.0147 0844 QWAVE - ok
15:15:29.0147 0844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:15:29.0147 0844 QWAVEdrv - ok
15:15:29.0225 0844 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
15:15:29.0225 0844 RapiMgr - ok
15:15:29.0240 0844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:15:29.0240 0844 RasAcd - ok
15:15:29.0272 0844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:15:29.0272 0844 RasAgileVpn - ok
15:15:29.0287 0844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:15:29.0287 0844 RasAuto - ok
15:15:29.0350 0844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:15:29.0350 0844 Rasl2tp - ok
15:15:29.0396 0844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:15:29.0396 0844 RasMan - ok
15:15:29.0412 0844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:15:29.0412 0844 RasPppoe - ok
15:15:29.0428 0844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:15:29.0428 0844 RasSstp - ok
15:15:29.0443 0844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:15:29.0443 0844 rdbss - ok
15:15:29.0459 0844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
15:15:29.0459 0844 rdpbus - ok
15:15:29.0474 0844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:15:29.0474 0844 RDPCDD - ok
15:15:29.0490 0844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:15:29.0490 0844 RDPENCDD - ok
15:15:29.0506 0844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:15:29.0506 0844 RDPREFMP - ok
15:15:29.0552 0844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:15:29.0552 0844 RDPWD - ok
15:15:29.0630 0844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:15:29.0630 0844 rdyboost - ok
15:15:29.0646 0844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:15:29.0662 0844 RemoteAccess - ok
15:15:29.0677 0844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:15:29.0677 0844 RemoteRegistry - ok
15:15:29.0740 0844 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\windows\SysWOW64\Rezip.exe
15:15:29.0740 0844 Rezip - ok
15:15:29.0771 0844 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:15:29.0786 0844 RFCOMM - ok
15:15:29.0833 0844 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
15:15:29.0833 0844 rpcapd - ok
15:15:29.0864 0844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:15:29.0864 0844 RpcEptMapper - ok
15:15:29.0896 0844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:15:29.0896 0844 RpcLocator - ok
15:15:29.0958 0844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:15:29.0958 0844 RpcSs - ok
15:15:29.0989 0844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:15:29.0989 0844 rspndr - ok
15:15:30.0005 0844 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:15:30.0005 0844 RTL8167 - ok
15:15:30.0020 0844 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
15:15:30.0020 0844 SABI - ok
15:15:30.0036 0844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:15:30.0036 0844 SamSs - ok
15:15:30.0083 0844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:15:30.0083 0844 sbp2port - ok
15:15:30.0114 0844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:15:30.0114 0844 SCardSvr - ok
15:15:30.0145 0844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:15:30.0145 0844 scfilter - ok
15:15:30.0208 0844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:15:30.0223 0844 Schedule - ok
15:15:30.0254 0844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:15:30.0254 0844 SCPolicySvc - ok
15:15:30.0270 0844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:15:30.0270 0844 SDRSVC - ok
15:15:30.0301 0844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:15:30.0301 0844 secdrv - ok
15:15:30.0332 0844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:15:30.0332 0844 seclogon - ok
15:15:30.0364 0844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:15:30.0364 0844 SENS - ok
15:15:30.0379 0844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:15:30.0395 0844 SensrSvc - ok
15:15:30.0410 0844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
15:15:30.0410 0844 Serenum - ok
15:15:30.0426 0844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
15:15:30.0426 0844 Serial - ok
15:15:30.0457 0844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
15:15:30.0457 0844 sermouse - ok
15:15:30.0520 0844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:15:30.0520 0844 SessionEnv - ok
15:15:30.0551 0844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:15:30.0551 0844 sffdisk - ok
15:15:30.0566 0844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:15:30.0566 0844 sffp_mmc - ok
15:15:30.0582 0844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:15:30.0582 0844 sffp_sd - ok
15:15:30.0598 0844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
15:15:30.0598 0844 sfloppy - ok
15:15:30.0644 0844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:15:30.0644 0844 ShellHWDetection - ok
15:15:30.0676 0844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
15:15:30.0676 0844 SiSRaid2 - ok
15:15:30.0691 0844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
15:15:30.0691 0844 SiSRaid4 - ok
15:15:30.0754 0844 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:15:30.0754 0844 SkypeUpdate - ok
15:15:30.0785 0844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:15:30.0785 0844 Smb - ok
15:15:30.0816 0844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:15:30.0832 0844 SNMPTRAP - ok
15:15:30.0863 0844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:15:30.0863 0844 spldr - ok
15:15:30.0925 0844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:15:30.0925 0844 Spooler - ok
15:15:31.0034 0844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:15:31.0050 0844 sppsvc - ok
15:15:31.0081 0844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:15:31.0081 0844 sppuinotify - ok
15:15:31.0128 0844 [ 602884696850C86434530790B110E8EB ] sptd C:\windows\system32\Drivers\sptd.sys
15:15:31.0128 0844 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
15:15:31.0128 0844 sptd ( LockedFile.Multi.Generic ) - warning
15:15:31.0128 0844 sptd - detected LockedFile.Multi.Generic (1)
15:15:31.0159 0844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:15:31.0159 0844 srv - ok
15:15:31.0206 0844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:15:31.0206 0844 srv2 - ok
15:15:31.0222 0844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:15:31.0222 0844 srvnet - ok
15:15:31.0268 0844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:15:31.0268 0844 SSDPSRV - ok
15:15:31.0284 0844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:15:31.0300 0844 SstpSvc - ok
15:15:31.0315 0844 Steam Client Service - ok
15:15:31.0331 0844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
15:15:31.0331 0844 stexstor - ok
15:15:31.0393 0844 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
15:15:31.0393 0844 StillCam - ok
15:15:31.0456 0844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:15:31.0456 0844 stisvc - ok
15:15:31.0502 0844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
15:15:31.0502 0844 swenum - ok
15:15:31.0596 0844 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:15:31.0596 0844 SwitchBoard - ok
15:15:31.0627 0844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:15:31.0627 0844 swprv - ok
15:15:31.0658 0844 [ 3C80203C725C28CEA5713D1AB242880A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
15:15:31.0658 0844 SynTP - ok
15:15:31.0721 0844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:15:31.0736 0844 SysMain - ok
15:15:31.0768 0844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:15:31.0768 0844 TabletInputService - ok
15:15:31.0799 0844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:15:31.0814 0844 TapiSrv - ok
15:15:31.0830 0844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:15:31.0830 0844 TBS - ok
15:15:31.0908 0844 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:15:31.0908 0844 Tcpip - ok
15:15:31.0939 0844 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:15:31.0955 0844 TCPIP6 - ok
15:15:32.0002 0844 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:15:32.0002 0844 tcpipreg - ok
15:15:32.0033 0844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:15:32.0033 0844 TDPIPE - ok
15:15:32.0064 0844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:15:32.0064 0844 TDTCP - ok
15:15:32.0111 0844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:15:32.0111 0844 tdx - ok
15:15:32.0158 0844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
15:15:32.0158 0844 TermDD - ok
15:15:32.0173 0844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:15:32.0189 0844 TermService - ok
15:15:32.0204 0844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:15:32.0204 0844 Themes - ok
15:15:32.0267 0844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:15:32.0267 0844 THREADORDER - ok
15:15:32.0298 0844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:15:32.0298 0844 TrkWks - ok
15:15:32.0392 0844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:15:32.0392 0844 TrustedInstaller - ok
15:15:32.0438 0844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:15:32.0438 0844 tssecsrv - ok
15:15:32.0485 0844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:15:32.0485 0844 TsUsbFlt - ok
15:15:32.0516 0844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:15:32.0516 0844 tunnel - ok
15:15:32.0548 0844 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
15:15:32.0548 0844 TurboB - ok
15:15:32.0626 0844 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:15:32.0626 0844 TurboBoost - ok
15:15:32.0641 0844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
15:15:32.0641 0844 uagp35 - ok
15:15:32.0688 0844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:15:32.0688 0844 udfs - ok
15:15:32.0719 0844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:15:32.0719 0844 UI0Detect - ok
15:15:32.0766 0844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:15:32.0766 0844 uliagpkx - ok
15:15:32.0813 0844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
15:15:32.0813 0844 umbus - ok
15:15:32.0828 0844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
15:15:32.0828 0844 UmPass - ok
15:15:32.0844 0844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:15:32.0844 0844 upnphost - ok
15:15:32.0875 0844 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
15:15:32.0875 0844 USBAAPL64 - ok
15:15:32.0891 0844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:15:32.0891 0844 usbccgp - ok
15:15:32.0922 0844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:15:32.0922 0844 usbcir - ok
15:15:32.0969 0844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
15:15:32.0969 0844 usbehci - ok
15:15:32.0984 0844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:15:33.0000 0844 usbhub - ok
15:15:33.0031 0844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:15:33.0031 0844 usbohci - ok
15:15:33.0062 0844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:15:33.0062 0844 usbprint - ok
15:15:33.0094 0844 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:15:33.0094 0844 usbscan - ok
15:15:33.0109 0844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:15:33.0109 0844 USBSTOR - ok
15:15:33.0125 0844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:15:33.0125 0844 usbuhci - ok
15:15:33.0156 0844 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
15:15:33.0156 0844 usbvideo - ok
15:15:33.0172 0844 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
15:15:33.0187 0844 usb_rndisx - ok
15:15:33.0203 0844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:15:33.0203 0844 UxSms - ok
15:15:33.0218 0844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:15:33.0218 0844 VaultSvc - ok
15:15:33.0250 0844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:15:33.0250 0844 vdrvroot - ok
15:15:33.0281 0844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:15:33.0281 0844 vds - ok
15:15:33.0312 0844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:15:33.0312 0844 vga - ok
15:15:33.0343 0844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:15:33.0343 0844 VgaSave - ok
15:15:33.0374 0844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:15:33.0374 0844 vhdmp - ok
15:15:33.0406 0844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:15:33.0406 0844 viaide - ok
15:15:33.0437 0844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:15:33.0437 0844 volmgr - ok
15:15:33.0468 0844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:15:33.0468 0844 volmgrx - ok
15:15:33.0484 0844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:15:33.0484 0844 volsnap - ok
15:15:33.0515 0844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
15:15:33.0515 0844 vsmraid - ok
15:15:33.0593 0844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:15:33.0593 0844 VSS - ok
15:15:33.0608 0844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:15:33.0608 0844 vwifibus - ok
15:15:33.0671 0844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:15:33.0671 0844 vwififlt - ok
15:15:33.0702 0844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:15:33.0718 0844 W32Time - ok
15:15:33.0718 0844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
15:15:33.0733 0844 WacomPen - ok
15:15:33.0764 0844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:15:33.0764 0844 WANARP - ok
15:15:33.0764 0844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:15:33.0764 0844 Wanarpv6 - ok
15:15:33.0827 0844 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:15:33.0827 0844 WatAdminSvc - ok
15:15:33.0889 0844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:15:33.0905 0844 wbengine - ok
15:15:33.0920 0844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:15:33.0936 0844 WbioSrvc - ok
15:15:33.0967 0844 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
15:15:33.0967 0844 WcesComm - ok
15:15:34.0014 0844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:15:34.0014 0844 wcncsvc - ok
15:15:34.0030 0844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:15:34.0030 0844 WcsPlugInService - ok
15:15:34.0076 0844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
15:15:34.0076 0844 Wd - ok
15:15:34.0108 0844 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:15:34.0108 0844 Wdf01000 - ok
15:15:34.0123 0844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:15:34.0123 0844 WdiServiceHost - ok
15:15:34.0139 0844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:15:34.0139 0844 WdiSystemHost - ok
15:15:34.0186 0844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:15:34.0186 0844 WebClient - ok
15:15:34.0217 0844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:15:34.0217 0844 Wecsvc - ok
15:15:34.0232 0844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:15:34.0232 0844 wercplsupport - ok
15:15:34.0248 0844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:15:34.0264 0844 WerSvc - ok
15:15:34.0279 0844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:15:34.0279 0844 WfpLwf - ok
15:15:34.0295 0844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:15:34.0295 0844 WIMMount - ok
15:15:34.0310 0844 WinHttpAutoProxySvc - ok
15:15:34.0357 0844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:15:34.0357 0844 Winmgmt - ok
15:15:34.0435 0844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:15:34.0451 0844 WinRM - ok
15:15:34.0498 0844 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:15:34.0498 0844 WinUsb - ok
15:15:34.0544 0844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:15:34.0560 0844 Wlansvc - ok
15:15:34.0654 0844 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:34.0669 0844 wlidsvc - ok
15:15:34.0872 0844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:15:34.0872 0844 WmiAcpi - ok
15:15:34.0903 0844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:15:34.0919 0844 wmiApSrv - ok
15:15:34.0934 0844 WMPNetworkSvc - ok
15:15:34.0950 0844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:15:34.0950 0844 WPCSvc - ok
15:15:34.0997 0844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:15:35.0012 0844 WPDBusEnum - ok
15:15:35.0044 0844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:15:35.0044 0844 ws2ifsl - ok
15:15:35.0059 0844 WSearch - ok
15:15:35.0090 0844 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:15:35.0090 0844 WudfPf - ok
15:15:35.0137 0844 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:15:35.0137 0844 WUDFRd - ok
15:15:35.0200 0844 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:15:35.0200 0844 wudfsvc - ok
15:15:35.0246 0844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:15:35.0246 0844 WwanSvc - ok
15:15:35.0262 0844 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
15:15:35.0262 0844 yukonw7 - ok
15:15:35.0340 0844 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
15:15:35.0340 0844 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
15:15:35.0340 0844 ================ Scan global ===============================
15:15:35.0356 0844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:15:35.0402 0844 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
15:15:35.0402 0844 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
15:15:35.0434 0844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:15:35.0465 0844 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\windows\system32\services.exe
15:15:35.0465 0844 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
15:15:35.0465 0844 C:\windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
15:15:35.0465 0844 ================ Scan MBR ==================================
15:15:35.0480 0844 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
15:15:35.0699 0844 \Device\Harddisk0\DR0 - ok
15:15:35.0699 0844 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:15:38.0944 0844 \Device\Harddisk1\DR1 - ok
15:15:38.0944 0844 ================ Scan VBR ==================================
15:15:38.0944 0844 [ CCBBA108912018E2AB36037DBAD94978 ] \Device\Harddisk0\DR0\Partition1
15:15:38.0959 0844 \Device\Harddisk0\DR0\Partition1 - ok
15:15:38.0975 0844 [ 16C5001EBE124ABE20026AAD0D785362 ] \Device\Harddisk0\DR0\Partition2
15:15:38.0975 0844 \Device\Harddisk0\DR0\Partition2 - ok
15:15:38.0990 0844 [ 23D94476B3B8C2190BB198D7B72B2A6A ] \Device\Harddisk0\DR0\Partition3
15:15:38.0990 0844 \Device\Harddisk0\DR0\Partition3 - ok
15:15:38.0990 0844 [ B9B4527E34AB7A806B0AE463072B16A8 ] \Device\Harddisk1\DR1\Partition1
15:15:39.0006 0844 \Device\Harddisk1\DR1\Partition1 - ok
15:15:39.0006 0844 ============================================================
15:15:39.0006 0844 Scan finished
15:15:39.0006 0844 ============================================================
15:15:39.0006 4600 Detected object count: 2
15:15:39.0006 4600 Actual detected object count: 2
15:20:15.0007 4600 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:20:15.0007 4600 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:20:15.0054 4600 C:\windows\system32\services.exe - copied to quarantine
15:20:15.0210 4600 C:\windows\assembly\GAC_32\desktop.ini - copied to quarantine
15:20:15.0382 4600 C:\windows\assembly\GAC_64\desktop.ini - copied to quarantine
15:20:15.0444 4600 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\@ - copied to quarantine
15:20:15.0444 4600 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\L\00000004.@ - copied to quarantine
15:20:15.0444 4600 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\L\201d3dde - copied to quarantine
15:20:15.0460 4600 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000000.@ - copied to quarantine
15:20:15.0491 4600 C:\windows\installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000064.@ - copied to quarantine
15:20:18.0517 4600 Backup copy not found, trying to cure infected file..
15:20:18.0517 4600 C:\windows\system32\services.exe - Cure failed (FFFFFFFF)
15:20:18.0517 4600 C:\windows\system32\services.exe - processing error
15:20:18.0517 4600 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure

Edited by DSmithImages, 15 October 2012 - 03:29 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:06 PM

Posted 15 October 2012 - 09:41 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 DSmithImages

DSmithImages
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 15 October 2012 - 10:11 PM

FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2012
Ran by SYSTEM at 15-10-2012 21:54:34
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9644576 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-11-20] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-01-11] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe" [13312 2009-11-19] (DoctorSoft)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [557056 2010-07-06] (BitLeader)
HKLM-x32\...\Run: [RegistryQuick.exe] C:\Program Files (x86)\RegQuick\RegistryQuick.exe [x]
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [x]
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1443080 2010-09-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2011-09-27] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\DSmithImages\...\Run: [Google Update] "C:\Users\DSmithImages\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-07-05] (Google Inc.)
HKU\DSmithImages\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\DSmithImages\...\Run: [AdobeBridge] [x]
HKU\DSmithImages\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\DSmithImages\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Mcx1-DSMITHIMAGES-PC\...\Winlogon: [Shell] C:\windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)

==================== Services (Whitelisted) ===================

2 LicCtrlService; C:\windows\runservice.exe [2560 2011-02-02] ()
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 QBVSS; "C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe" [1251840 2010-09-17] ()
2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-07-21] (Duplex Secure Ltd.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-01] ()
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-11-19] (CyberLink Corp.)
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-15 12:13 - 2012-10-15 12:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-15 12:11 - 2012-10-15 12:11 - 00000000 ____D C:\Users\DSmithImages\Desktop\tdsskiller
2012-10-15 12:10 - 2012-10-15 12:11 - 00032995 ____A C:\Users\DSmithImages\Desktop\Result.txt
2012-10-15 12:09 - 2012-10-15 11:58 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\DSmithImages\Desktop\abc13.exe
2012-10-15 12:09 - 2012-10-15 11:57 - 02194704 ____A C:\Users\DSmithImages\Desktop\tdsskiller.zip
2012-10-15 12:09 - 2012-10-15 11:56 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Desktop\MiniToolBox.exe
2012-10-15 11:45 - 2012-10-15 11:45 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\8EAF.tmp
2012-10-15 11:45 - 2012-10-15 11:45 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\719D.tmp
2012-10-15 11:44 - 2012-10-15 11:44 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\Unconfirmed 97746.crdownload
2012-10-15 11:43 - 2012-10-15 11:43 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\Unconfirmed 849599.crdownload
2012-10-15 11:43 - 2012-10-15 11:43 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\C85D.tmp
2012-10-15 11:43 - 2012-10-15 11:43 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\B614.tmp
2012-10-15 10:25 - 2012-10-15 10:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-10-15 10:15 - 2012-10-15 10:15 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft
2012-10-15 10:06 - 2012-10-15 10:06 - 00164106 ____A C:\Users\DSmithImages\Downloads\Hollywood_Mogul_3_2010_serial_keygen.zip
2012-10-14 15:43 - 2012-10-14 15:43 - 00000000 ____D C:\Users\All Users\Mozilla
2012-10-14 15:43 - 2012-10-14 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-12 14:27 - 2012-10-12 14:27 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\DSmithImages\Desktop\TDSSKiller.exe
2012-10-11 11:22 - 2012-10-11 11:24 - 12613592 ____A (DIRECTV) C:\Users\DSmithImages\Downloads\DIRECTV_Player_6.1.exe
2012-10-10 02:40 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 02:40 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 02:40 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 02:40 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 02:40 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 02:40 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 02:39 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 02:39 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 02:39 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 02:39 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 02:39 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 02:39 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 02:39 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 02:39 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 02:39 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 02:39 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 02:39 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 02:39 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 02:39 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 02:39 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 02:39 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 02:39 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 02:39 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 02:39 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 02:39 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 02:39 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 02:38 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 02:38 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 02:38 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 02:38 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 02:38 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 02:38 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-09-28 12:39 - 2012-09-28 12:40 - 06640452 ____A C:\Users\DSmithImages\Downloads\19 Set 32.zip
2012-09-27 13:08 - 2012-09-27 13:09 - 05819796 ____A C:\Users\DSmithImages\Downloads\04 set 16.zip
2012-09-27 12:56 - 2012-09-27 12:57 - 07027937 ____A C:\Users\DSmithImages\Downloads\09 set 21.zip
2012-09-26 14:44 - 2012-09-26 14:44 - 00097154 ____A C:\Users\DSmithImages\Desktop\Book1.xlsx
2012-09-26 13:35 - 2012-10-06 06:15 - 00000000 ____D C:\Users\DSmithImages\Desktop\DinnerWithStrangers
2012-09-26 11:33 - 2012-09-26 11:33 - 00320989 ____A C:\Users\DSmithImages\Desktop\TTSC New Master Red, Blue Logo .eps
2012-09-25 23:11 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 13:10 - 2012-09-25 13:11 - 04508324 ____A C:\Users\DSmithImages\Downloads\12 Set 24.zip
2012-09-25 05:43 - 2012-09-25 05:43 - 00096861 ____A C:\Users\DSmithImages\Documents\Book1.xlsx
2012-09-21 18:05 - 2012-08-24 10:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 18:05 - 2012-08-24 10:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 18:05 - 2012-08-24 10:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 18:05 - 2012-08-24 10:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 18:05 - 2012-08-24 10:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 18:05 - 2012-08-24 10:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 18:05 - 2012-08-24 10:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 18:05 - 2012-08-24 10:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 18:05 - 2012-08-24 10:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 18:05 - 2012-08-24 10:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 18:05 - 2012-08-24 08:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-21 18:05 - 2012-08-24 08:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-21 18:05 - 2012-08-24 08:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-21 18:05 - 2012-08-24 08:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-21 18:05 - 2012-08-24 08:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-21 18:05 - 2012-08-24 08:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-21 18:05 - 2012-08-24 08:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-21 18:05 - 2012-08-24 08:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-21 18:05 - 2012-08-24 08:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 18:05 - 2012-08-24 08:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-21 18:05 - 2012-08-24 07:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 18:05 - 2012-08-24 07:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-21 06:37 - 2012-09-21 06:37 - 00000111 ____A C:\Users\DSmithImages\Desktop\GreeneCoSheriff.txt


==================== 3 Months Modified Files ==================

2012-10-15 18:47 - 2011-06-10 14:21 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-10-15 18:47 - 2011-02-02 11:57 - 00001721 __ASH C:\Windows\SysWOW64\mmf.sys
2012-10-15 18:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-15 18:47 - 2009-07-13 20:51 - 00114672 ____A C:\Windows\setupact.log
2012-10-15 18:46 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-15 18:46 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-15 18:43 - 2010-10-24 13:19 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-15 18:42 - 2010-03-30 19:48 - 00747130 ____A C:\Windows\PFRO.log
2012-10-15 18:12 - 2010-10-24 13:19 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-15 18:04 - 2010-07-05 12:06 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69726367-1937404686-1015331322-1001UA.job
2012-10-15 17:36 - 2010-11-21 08:37 - 00007599 ____A C:\Users\DSmithImages\AppData\Local\Resmon.ResmonCfg
2012-10-15 13:14 - 2012-07-09 10:55 - 00013951 ____A C:\Users\DSmithImages\Desktop\EgansTrivia.xlsx
2012-10-15 12:53 - 2012-07-14 08:51 - 00001828 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-10-15 12:11 - 2012-10-15 12:10 - 00032995 ____A C:\Users\DSmithImages\Desktop\Result.txt
2012-10-15 12:10 - 2009-07-13 21:13 - 00730274 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-15 11:58 - 2012-10-15 12:09 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\DSmithImages\Desktop\abc13.exe
2012-10-15 11:57 - 2012-10-15 12:09 - 02194704 ____A C:\Users\DSmithImages\Desktop\tdsskiller.zip
2012-10-15 11:56 - 2012-10-15 12:09 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Desktop\MiniToolBox.exe
2012-10-15 11:45 - 2012-10-15 11:45 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\8EAF.tmp
2012-10-15 11:45 - 2012-10-15 11:45 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\719D.tmp
2012-10-15 11:44 - 2012-10-15 11:44 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\Unconfirmed 97746.crdownload
2012-10-15 11:43 - 2012-10-15 11:43 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\Unconfirmed 849599.crdownload
2012-10-15 11:43 - 2012-10-15 11:43 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\C85D.tmp
2012-10-15 11:43 - 2012-10-15 11:43 - 00751391 ____A (Farbar) C:\Users\DSmithImages\Downloads\B614.tmp
2012-10-15 11:04 - 2010-07-05 12:06 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69726367-1937404686-1015331322-1001Core.job
2012-10-15 10:08 - 2012-06-14 07:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-15 10:08 - 2012-06-14 07:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-15 10:08 - 2010-03-30 19:08 - 01174760 ____A C:\Windows\WindowsUpdate.log
2012-10-15 10:06 - 2012-10-15 10:06 - 00164106 ____A C:\Users\DSmithImages\Downloads\Hollywood_Mogul_3_2010_serial_keygen.zip
2012-10-12 14:27 - 2012-10-12 14:27 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\DSmithImages\Desktop\TDSSKiller.exe
2012-10-11 11:24 - 2012-10-11 11:22 - 12613592 ____A (DIRECTV) C:\Users\DSmithImages\Downloads\DIRECTV_Player_6.1.exe
2012-10-11 06:05 - 2010-07-05 12:07 - 00002525 ____A C:\Users\DSmithImages\Desktop\Google Chrome.lnk
2012-10-10 16:25 - 2010-07-09 08:34 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-04 11:10 - 2011-09-21 12:02 - 00001045 ____A C:\Users\DSmithImages\Desktop\Dropbox.lnk
2012-09-28 12:40 - 2012-09-28 12:39 - 06640452 ____A C:\Users\DSmithImages\Downloads\19 Set 32.zip
2012-09-27 13:09 - 2012-09-27 13:08 - 05819796 ____A C:\Users\DSmithImages\Downloads\04 set 16.zip
2012-09-27 12:57 - 2012-09-27 12:56 - 07027937 ____A C:\Users\DSmithImages\Downloads\09 set 21.zip
2012-09-26 14:44 - 2012-09-26 14:44 - 00097154 ____A C:\Users\DSmithImages\Desktop\Book1.xlsx
2012-09-26 11:33 - 2012-09-26 11:33 - 00320989 ____A C:\Users\DSmithImages\Desktop\TTSC New Master Red, Blue Logo .eps
2012-09-25 13:11 - 2012-09-25 13:10 - 04508324 ____A C:\Users\DSmithImages\Downloads\12 Set 24.zip
2012-09-25 05:43 - 2012-09-25 05:43 - 00096861 ____A C:\Users\DSmithImages\Documents\Book1.xlsx
2012-09-21 06:37 - 2012-09-21 06:37 - 00000111 ____A C:\Users\DSmithImages\Desktop\GreeneCoSheriff.txt
2012-09-14 11:19 - 2012-10-10 02:40 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-10 02:40 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-09 10:52 - 2012-09-09 10:52 - 00000372 ____A C:\Users\DSmithImages\Downloads\playlist.asx
2012-09-09 10:50 - 2012-09-09 10:50 - 00000138 ____A C:\Users\DSmithImages\Downloads\playlist.qtl
2012-08-31 12:52 - 2012-08-31 12:48 - 34732182 ____A C:\Users\DSmithImages\Downloads\megaset01-36.zip
2012-08-31 10:19 - 2012-10-10 02:40 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:03 - 2012-10-10 02:40 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-10 02:40 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-10 02:40 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-10 02:39 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 10:05 - 2012-09-21 18:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 10:05 - 2012-09-21 18:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 10:05 - 2012-09-21 18:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 10:03 - 2012-09-21 18:05 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 10:03 - 2012-09-21 18:05 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 10:03 - 2012-09-21 18:05 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 10:03 - 2012-09-21 18:05 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 10:02 - 2012-09-21 18:05 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 10:02 - 2012-09-21 18:05 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 10:02 - 2012-09-21 18:05 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:57 - 2012-10-10 02:39 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 08:57 - 2012-09-21 18:05 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:57 - 2012-09-21 18:05 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 08:57 - 2012-09-21 18:05 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 08:57 - 2012-09-21 18:05 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 08:57 - 2012-09-21 18:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 08:57 - 2012-09-21 18:05 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 08:56 - 2012-09-21 18:05 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 08:56 - 2012-09-21 18:05 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 08:56 - 2012-09-21 18:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 08:56 - 2012-09-21 18:05 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:59 - 2012-09-21 18:05 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:20 - 2012-09-21 18:05 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-22 10:12 - 2012-09-12 02:43 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 02:43 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 02:43 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 02:43 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-25 23:11 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-10 02:39 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-10 02:39 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-10 02:39 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-10 02:39 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-10 02:39 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-10 02:39 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-10 02:39 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-10 02:39 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-10 02:39 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-10 02:39 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-10 02:39 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-10 02:39 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-10 02:39 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-10 02:39 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-10 02:39 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-10 02:39 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-10 02:39 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 02:39 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 02:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 02:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-20 05:42 - 2012-08-20 05:42 - 00000339 ____A C:\Users\DSmithImages\Desktop\UABulkCourses.txt
2012-08-18 05:16 - 2009-07-13 21:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-15 00:27 - 2009-07-13 20:45 - 05006480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-10 16:56 - 2012-10-10 02:39 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-10 02:39 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-09 17:27 - 2012-08-09 17:27 - 00000310 ____A C:\Users\DSmithImages\Downloads\Arsenal-Fixtures.ics
2012-08-02 09:58 - 2012-09-12 02:43 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 02:43 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 07:14 - 2012-08-01 07:11 - 38751450 ____A C:\Users\DSmithImages\Desktop\PSY - GANGNAM STYLE (?????) MV.flv
2012-07-22 13:23 - 2012-07-22 12:39 - 00002040 ____A C:\Users\DSmithImages\Desktop\wtc.txt
2012-07-22 08:27 - 2012-07-22 08:27 - 00021504 ____A C:\Users\DSmithImages\Downloads\NYC.wps
2012-07-18 10:15 - 2012-08-14 11:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

ZeroAccess:
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\@
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\L
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\L\00000004.@
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\L\201d3dde
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\00000004.@
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\00000008.@
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\000000cb.@
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000000.@
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000032.@
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3956.55 MB
Available physical RAM: 3320.85 MB
Total Pagefile: 3954.7 MB
Available Pagefile: 3318.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:100 GB) (Free:15.01 GB) NTFS
2 Drive e: () (Fixed) (Total:350.66 GB) (Free:163.58 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:1.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 100 GB 15 GB
Partition 4 Primary 350 GB 115 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 100 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 350 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1919 MB Healthy

=========================================================

Last Boot: 2012-10-05 22:37

==================== End Of Log =============================

Search.txt LOG:
Farbar Recovery Scan Tool (x64) Version: 15-10-2012
Ran by SYSTEM at 2012-10-15 21:56:28
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:06 PM

Posted 16 October 2012 - 09:00 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-10-15 10:06 - 2012-10-15 10:06 - 00164106 ____A C:\Users\DSmithImages\Downloads\Hollywood_Mogul_3_2010_serial_keygen.zip
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 DSmithImages

DSmithImages
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 16 October 2012 - 09:49 AM

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2012
Ran by SYSTEM at 2012-10-16 09:08:20 Run:1
Running from H:\

==============================================

C:\Users\DSmithImages\Downloads\Hollywood_Mogul_3_2010_serial_keygen.zip moved successfully.
C:\Windows\Installer\{e16cc819-838a-b10e-9ff6-181c3fc496bd} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

ComboFix (I thought I had disabled what I needed to on McAfee, but something might have still been running):
ComboFix 12-10-16.02 - DSmithImages 10/16/2012 9:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2786 [GMT -5:00]
Running from: c:\users\DSmithImages\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 14:32 . 2012-10-16 14:32 -------- d-----w- c:\users\Mcx1-DSMITHIMAGES-PC\AppData\Local\temp
2012-10-16 14:32 . 2012-10-16 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 05:54 . 2012-10-16 05:54 -------- d-----w- C:\FRST
2012-10-15 20:13 . 2012-10-15 20:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-15 18:25 . 2012-10-15 18:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-15 18:15 . 2012-10-15 18:15 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-10-14 23:43 . 2012-10-14 23:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-10 10:40 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 10:40 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 10:40 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 10:40 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 10:40 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 10:40 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 10:38 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:38 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:38 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:38 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 10:38 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 10:38 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-26 07:11 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 18:08 . 2012-06-14 15:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 18:08 . 2012-06-14 15:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 00:25 . 2010-07-09 16:34 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-21 07:28 . 2011-06-10 22:21 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 07:28 . 2011-06-10 22:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-06 19:23 . 2011-06-10 22:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-09-06 19:23 . 2011-09-12 02:24 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-06 19:23 . 2011-09-12 02:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-06 19:23 . 2011-06-10 22:21 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-22 18:12 . 2012-09-12 10:43 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:43 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:43 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:43 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 10:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-16 14:20 . 2012-08-16 14:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-02 17:58 . 2012-09-12 10:43 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 10:43 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-14 19:05 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
2010-02-10 16:32 811816 ----a-w- c:\program files (x86)\alot\bin\BHO\alotBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-14 00:10 2734688 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-14 2734688]
"{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}"= "c:\program files (x86)\alot\bin\alot.dll" [2010-02-10 811816]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DSmithImages\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DSmithImages\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DSmithImages\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-11-20 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-01-11 210216]
"APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2010-07-06 557056]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-09-27 1443080]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-9-17 5802840]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-30 1156384]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2010-9-30 1178400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-14 115168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-07 1255736]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-21 834544]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/03/31 12:18];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-20 03:49 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-02-02 2560]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-09-17 1251840]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-27 83488]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 21:18]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 21:18]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69726367-1937404686-1015331322-1001Core.job
- c:\users\DSmithImages\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 20:06]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69726367-1937404686-1015331322-1001UA.job
- c:\users\DSmithImages\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DSmithImages\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DSmithImages\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DSmithImages\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DSmithImages\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\DSmithImages\AppData\Roaming\Mozilla\Firefox\Profiles\em4brk6z.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-RegistryQuick.exe - c:\program files (x86)\RegQuick\RegistryQuick.exe
Wow6432Node-HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HijackThis - c:\users\DSmithImages\Downloads\HijackThis.exe
AddRemove-Semper Fi_is1 - c:\program files (x86)\Steam\steamapps\common\hearts of iron 3\Hearts of Iron III\unins000.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{E85781E1-08F4-413E-86A1-CCEF4E1B12CB}\Best Buy Software Installer Setup.exe
AddRemove-331152613.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
1a,3b,92,af,55,30,f0,da,a7
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,60,98,b5,a5,7c,38,
74,e6,da,6b,fa,43,bd,66,4a,8b,81,4f,7e,7b,38,0e,70,97,d8,3a,a5,2f,98,f3,92
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"3"=hex:4a,7f,72,38,12,38,59,9a,e2,cb,93,a3,fd,0d,74,23,f1,07,17,35,86,cb,b1,
e2,af,8f,1c,66,93,ff,13,c4,a5,9d,5c,ae,a2,fc,19,16,0f,f0,d3,c9,e9,a6,03,05,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\AnyPC Client\APLanMgrC.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
.
**************************************************************************
.
Completion time: 2012-10-16 09:42:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 14:42
.
Pre-Run: 15,503,007,744 bytes free
Post-Run: 15,997,341,696 bytes free
.
- - End Of File - - 97D7649EB7BA43704896BAFA56E6AC21

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:06 PM

Posted 16 October 2012 - 09:55 AM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 DSmithImages

DSmithImages
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 16 October 2012 - 02:28 PM

AdwCleaner log:


# AdwCleaner v2.005 - Logfile created 10/16/2012 at 10:02:07
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : DSmithImages - DSMITHIMAGES-PC
# Boot Mode : Normal
# Running from : C:\Users\DSmithImages\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\DSmithImages\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\DSmithImages\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\DSmithImages\AppData\LocalLow\Vuze_Remote

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E443700A-F52E-4CFC-9AAB-CB5C962850B6}
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E443700A-F52E-4CFC-9AAB-CB5C962850B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Users\DSmithImages\AppData\Roaming\Mozilla\Firefox\Profiles\em4brk6z.default\prefs.js

C:\Users\DSmithImages\AppData\Roaming\Mozilla\Firefox\Profiles\em4brk6z.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\DSmithImages\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v [Unable to get version]

File : C:\Users\DSmithImages\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4199 octets] - [16/10/2012 10:02:07]

########## EOF - C:\AdwCleaner[S1].txt - [4259 octets] ##########


Malware Bytes Log:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
DSmithImages :: DSMITHIMAGES-PC [administrator]

10/16/2012 10:06:47 AM
mbam-log-2012-10-16 (10-06-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227411
Time elapsed: 9 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\DSmithImages\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)


ESetScan log:

C:\FRST\Quarantine\Hollywood_Mogul_3_2010_serial_keygen.zip a variant of Win32/Kryptik.ANEC trojan
C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan
C:\FRST\Quarantine\{e16cc819-838a-b10e-9ff6-181c3fc496bd}\U\80000000.@ Win64/Sirefef.AP trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0000\zafs0000\tsk0005.dta Win64/Sirefef.AP trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0000\zafs0000\tsk0006.dta Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0001\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0001\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0001\zafs0000\tsk0005.dta Win64/Sirefef.AP trojan
C:\TDSSKiller_Quarantine\15.10.2012_15.11.56\zasubsys0001\zafs0000\tsk0006.dta Win64/Sirefef.AN trojan

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:06 PM

Posted 16 October 2012 - 08:51 PM

all the detections by ESET are in quarantine already, so they can't harm the computer.

please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 DSmithImages

DSmithImages
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 17 October 2012 - 08:29 AM

Computer is operating fine now... but here are the logs requested:

Results.txt log:
MiniToolBox by Farbar Version: 23-07-2012
Ran by DSmithImages (administrator) on 17-10-2012 at 08:24:51
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Help Manager (Version: 4.0.244)
Adobe InDesign CS6 (Version: 8.0)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AnyPC Client (Version: 1.0.0.25)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Atheros Client Installation Program (Version: 1.0.2.1119)
Audacity 1.3.14 (Unicode)
BatteryLifeExtender (Version: 1.0.1)
BenVista PhotoZoom Pro 4.0.6 (Version: 4.0.6)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bigasoft Total Video Converter 3.4.0.4188
Bonjour (Version: 3.0.0.10)
BookSmart® 3.1.0 3.1.0
Canon MP620 series MP Drivers
Canon My Printer
Capitalism II
ChargeableUSB (Version: 1.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink LabelPrint (Version: 2.5.2511)
CyberLink Power2Go (Version: 6.0.3604b)
CyberLink PowerDVD 8 (Version: 8.0.3228e)
CyberLink PowerProducer (Version: 5.0.2.2429)
CyberLink YouCam (Version: 2.0.3911)
D3DX10 (Version: 15.4.2368.0902)
Dropbox (Version: 1.4.7)
Easy Display Manager (Version: 3.0)
Easy Network Manager (Version: 4.3.1)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
ESET Online Scanner v3
FastStone Photo Resizer 3.0 (Version: 3.0)
Final Draft (Version: 8.0.1.89)
Football Manager 2012
Football Manager 2012 Editor
Google Chrome (Version: 22.0.1229.94)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 3.9.1.9832)
Google Update Helper (Version: 1.3.21.123)
Hearts of Iron III
HijackThis 2.0.2 (Version: 2.0.2)
Intel® Rapid Storage Technology (Version: 9.5.4.1001)
Intel® Turbo Boost Technology Driver (Version: 01.01.01.1007)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
InterActual Player
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
LADSPA_plugins-win-0.4.15
LAME v3.99.3 (for Windows)
LG CyberLink PowerBackup (Version: 2.5.5529)
LG ODD Auto Firmware Update (Version: 9.01.1124.01)
LG Outlook Sync (Version: 1.1.0.10)
LG United Mobile Driver (Version: 3.6.0.0)
LightScribe System Software (Version: 1.18.16.1)
LightScribe Template Designs - Special Occasion Pack 1 (Version: 1.10.19.1)
LightScribe Template Designs - Tie The Knot (Version: 1.18.8.110)
LightScribe Template Labeler (Version: 1.18.15.1)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Marvell Miniport Driver (Version: 11.22.3.3)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Security Scan Plus (Version: 3.0.207.4)
McAfee SecurityCenter (Version: 11.0.678)
Media Player Classic - Home Cinema v1.5.1.2903 (Version: 1.5.1.2903)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft DirectX SDK (June 2010) (Version: 9.29.1962.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
Mozilla Maintenance Service (Version: 16.0.1)
Mozilla Thunderbird 16.0.1 (x86 en-US) (Version: 16.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NVIDIA Drivers (Version: 1.4)
Octoshape add-in for Adobe Flash Player
PDF Settings CS6 (Version: 11.0)
PhotoPresets with One-Click WOW! (Version: 1.0)
PhotoPresets Wow Effects for Lightroom (Version: 1.0)
printmyphotobook 3.67 (Version: 3.67)
QuickBooks (Version: 21.0.4003.904)
QuickBooks Pro 2011 (Version: 21.0.4003.904)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 0133.09.1202)
Samsung R-Series (Version: 1.0)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.1.0)
Samsung Update Plus (Version: 2.0)
Semper Fi 2.04
SKTools Lite
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
SoulSeek 157 NS 13e
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TEW2010
Traverso 0.49.1
TweetDeck (Version: 0.38.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide (Version: 1.0)
Vuze (Version: 4.5)
Wall Street Raider 6.11
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinX DVD Ripper Platinum 6.0.2
WinZip 14.5 (Version: 14.5.9095)

**** End of log ****

FSS Log:
Farbar Service Scanner Version: 07-10-2012
Ran by DSmithImages (administrator) on 17-10-2012 at 08:26:41
Running from "C:\Users\DSmithImages\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:38] - [2012-06-02 00:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:06 PM

Posted 17 October 2012 - 09:48 AM

looks good, we just have some housekeeping to do now, please do the following:


you can remove this outdated version of Java as you already have the latest version installed:

Java™ 6 Update 31 (Version: 6.0.310)

You can do so via Start > Control Panel > Programs and Features

NEXT


You can delete the TDSSKiller and all the Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT


  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.



If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Edited by CatByte, 17 October 2012 - 09:49 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 DSmithImages

DSmithImages
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 17 October 2012 - 09:49 AM

Thank you for the help and assistance. I will perform the house keeping tasks as you described.

Have a great day!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:06 PM

Posted 17 October 2012 - 09:20 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:06 PM

Posted 17 October 2012 - 09:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users