Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected win64/patched.a.gen trojan


  • This topic is locked This topic is locked
22 replies to this topic

#1 hananmori12

hananmori12

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 17 October 2012 - 05:50 PM

Hello,
Unfortunately I caught a virus "trojan win64/patched.a.gen"

I was looking for instructors removal and saw it a little tricky,
I downloaded the software FRST64.exe, and ran testing,
The FRST.txt attachment,

Thank you,
Hanan

Attached Files

  • Attached File  FRST.txt   51.95KB   2 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 17 October 2012 - 08:30 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.


Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

winlogon.exe;explorer.exe

Note: The file names should be separated by semicolon (;)

It then should look like:

Search: winlogon.exe;explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hananmori12

hananmori12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 18 October 2012 - 01:51 AM

This file ....

thanks

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 18 October 2012 - 02:01 AM

sorry I asked for the wrong files


In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hananmori12

hananmori12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 18 October 2012 - 10:55 AM

ok this the file

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 18 October 2012 - 01:05 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hananmori12

hananmori12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 18 October 2012 - 06:37 PM

The nod32 stopped alerting me, whether the virus has been removed?

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 18 October 2012 - 06:45 PM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hananmori12

hananmori12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 19 October 2012 - 07:57 AM

ok this...

thanks

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 19 October 2012 - 08:23 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hananmori12

hananmori12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 19 October 2012 - 06:16 PM

The NOD32 no longer warns of virus,
It seems that windows update back to work properly,
Does this mean that everything is back to being right?


ComboFix 12-10-19.01 - Hanan 10/19/2012 21:49:47.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.4094.2961 [GMT 2:00]
Running from: c:\users\Hanan\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 20:05 . 2012-10-19 20:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-19 20:05 . 2012-10-19 20:05 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-10-19 20:05 . 2012-10-19 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 19:32 . 2012-10-19 19:45 -------- d-----w- c:\users\Hanan\AppData\Roaming\BITS
2012-10-19 19:32 . 2012-10-19 19:32 -------- d-----w- c:\users\Hanan\AppData\Roaming\FlashgetSetup
2012-10-19 19:32 . 2012-10-19 19:32 -------- d-----w- c:\users\Hanan\AppData\Roaming\FlashGet
2012-10-19 19:32 . 2012-10-19 19:32 -------- d-----w- c:\program files (x86)\FlashGet Network
2012-10-18 08:28 . 2012-10-18 08:28 -------- d-----w- C:\FRST
2012-10-17 21:19 . 2012-10-17 21:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-16 23:38 . 2012-10-16 23:48 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-10-16 22:08 . 2012-10-16 22:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-16 17:27 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63C5ABE5-BA7A-4613-AD08-AD366C85D466}\mpengine.dll
2012-10-09 20:18 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 20:18 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-09 20:18 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 20:18 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 20:18 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-09 20:18 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 20:18 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 20:18 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-09 20:15 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 20:15 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 20:15 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 20:15 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 20:15 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 20:15 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-06 15:46 . 2012-10-06 15:46 -------- d-----w- c:\users\Hanan\AppData\Roaming\XBMC
2012-10-06 15:44 . 2012-10-06 15:44 -------- d-----w- c:\program files (x86)\XBMC
2012-10-01 23:46 . 2012-10-01 23:46 -------- d-----w- c:\programdata\DivX
2012-10-01 15:14 . 2012-10-01 15:14 -------- d-----w- c:\users\Hanan\AppData\Roaming\PotPlayerMini
2012-10-01 15:14 . 2012-10-01 15:14 -------- d-----w- c:\users\Hanan\AppData\Local\Daum
2012-10-01 15:13 . 2012-10-01 15:13 -------- d-----w- c:\program files (x86)\Daum
2012-09-27 02:14 . 2012-09-27 03:03 -------- d-----w- c:\users\Hanan\AppData\Roaming\ArcSoft
2012-09-27 02:13 . 2012-09-27 02:13 -------- d-----w- c:\users\Hanan\AppData\Local\ArcSoft
2012-09-27 02:13 . 2012-09-27 02:13 -------- d-----w- c:\programdata\ArcSoft
2012-09-27 01:58 . 2012-09-27 01:58 -------- d-----w- c:\users\Hanan\AppData\Local\MediaShow
2012-09-27 01:42 . 2012-09-27 01:42 -------- d-----w- C:\MediaServer
2012-09-27 01:41 . 2012-09-27 01:41 -------- d-----w- c:\users\Hanan\AppData\Local\CyberLink
2012-09-27 01:39 . 2012-09-27 01:39 -------- d-----w- c:\program files (x86)\CyberLink
2012-09-26 18:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 08:35 . 2012-09-23 08:35 -------- d-----w- c:\users\Hanan\AppData\Local\MediaServer
2012-09-23 08:35 . 2012-09-23 08:38 -------- d-----w- c:\programdata\PDVD
2012-09-23 08:35 . 2012-09-23 08:38 -------- d-----w- c:\users\Hanan\AppData\Roaming\CyberLink
2012-09-23 08:35 . 2012-09-27 01:41 -------- d-----w- c:\users\Public\CyberLink
2012-09-23 08:33 . 2012-09-23 08:33 -------- d-----w- c:\programdata\install_clap
2012-09-23 08:28 . 2012-09-27 01:41 -------- d-----w- c:\programdata\CyberLink
2012-09-23 01:42 . 2012-09-23 01:42 -------- d-----w- c:\users\Hanan\AppData\Roaming\dvdcss
2012-09-22 17:09 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 17:09 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-22 17:09 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-22 17:09 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-09-22 17:09 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-22 17:09 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-22 17:09 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 20:22 . 2010-02-10 06:16 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 19:11 . 2012-04-15 20:48 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:11 . 2011-05-21 18:06 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-24 13:32 . 2012-06-13 04:37 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2011-02-13 23:04 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 18:28 . 2012-10-09 20:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 15:04 . 2012-01-27 18:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 05:32 . 2012-09-06 05:32 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-08-24 16:57 . 2012-10-09 20:18 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 06:51 . 2012-09-22 17:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:47 . 2012-09-22 17:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-22 18:12 . 2012-09-11 18:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 18:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 18:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 18:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 10:01 . 2012-09-14 15:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 10:01 . 2011-03-05 20:36 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 10:01 . 2011-03-05 20:36 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-09 20:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-09 20:19 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-09 20:19 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 15:38 . 2012-10-09 20:19 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-08-02 17:58 . 2012-09-11 18:44 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 18:44 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-01-22 16:07 2169856 --sha-w- c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[7] 2009-10-28 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.20560] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16447] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[-] 2012-01-22 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-01-22 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8fe28f46-37ad-47b2-8258-34c128636ace}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{8fe28f46-37ad-47b2-8258-34c128636ace}]
[HKEY_CLASSES_ROOT\Agat.AGForms.Toolbar.AGFormsToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-03-03 2980016]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Growl"="c:\program files (x86)\Growl for Windows\Growl.exe" [2012-03-21 3817472]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"FlashGet 3"="c:\program files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" [2012-03-15 3090056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-07-25 505872]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-07-25 374560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Hanan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2012-8-9 493056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2012-08-09 207872]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-13 279616]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-07-25 90640]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-07-25 78352]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-07-25 295440]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2010-05-14 29120]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [2010-05-05 28304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 19:11]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484278633-1227156275-3294412591-1000Core.job
- c:\users\Hanan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-03 17:34]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484278633-1227156275-3294412591-1000UA.job
- c:\users\Hanan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-03 17:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-01-22 2169856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.il/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &ééöåà àì Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download all links by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{3ED7B06F-18E4-43ED-979E-6A1AF201A036}: NameServer = 8.8.8.4,8.8.8.8
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Hanan\AppData\Roaming\Mozilla\Firefox\Profiles\ds3av4er.default\
FF - ExtSQL: 2012-09-01 14:32; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-17 23:19; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E6F1BC15-CFF7-DDD4-B960-0F4B83EF19CC} - c:\users\Hanan\AppData\Local\GamePlayLabs Plugin\BHO.dll
Wow6432Node-HKCU-Run-BlazeServoTool - c:\program files (x86)\BlazeVideo\BlazeVideo HDTV Player 6.6 Standard\MediaDetector.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-Turn Off Monitor - c:\program files (x86)\Turn Off Monitor\TurnOffMon.exe
Wow6432Node-HKCU-Run-Auto LogOff - c:\program files (x86)\Turn Off Monitor\AutoLogOff.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
HKLM-Run-TNOD UP - c:\program files\ESET\TNod User & Password Finder\TNODUP.exe
AddRemove-ExpressFiles - c:\program files (x86)\ExpressFiles\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\HANAN-PCL\Forms\B*5* *(*J*I*S*)* \LanguagePairs]
"1037"="B5 (JIS)ý"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ExpressFiles\EFupdater.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2012-10-19 22:36:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-19 20:36
.
Pre-Run: 15,269,994,496 bytes free
Post-Run: 18,087,653,376 bytes free
.
- - End Of File - - 59F278457BCCA9CD9A5974E1F5F9E0CF

Attached Files

  • Attached File  log.txt   28.19KB   1 downloads

Edited by gringo_pr, 19 October 2012 - 10:20 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 19 October 2012 - 10:23 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hananmori12

hananmori12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 20 October 2012 - 06:29 AM

Okay here it is ..

Please Only Copy And Paste Reports Into Topic - Do Not Attach
Please Only Copy And Paste Reports Into Topic - Do Not Attach


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 13:10:07
-----------------------------
13:10:07.027 OS Version: Windows x64 6.1.7601 Service Pack 1
13:10:07.027 Number of processors: 4 586 0x1707
13:10:07.027 ComputerName: HANAN-PC UserName: Hanan
13:10:55.606 Initialize success
13:11:07.801 AVAST engine defs: 12102000
13:11:26.211 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5
13:11:26.211 Disk 0 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476938MB BusType: 3
13:11:26.258 Disk 0 MBR read successfully
13:11:26.258 Disk 0 MBR scan
13:11:26.258 Disk 0 Windows 7 default MBR code
13:11:26.289 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 119234 MB offset 2048
13:11:26.336 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 357702 MB offset 244193280
13:11:26.398 Disk 0 scanning C:\Windows\system32\drivers
13:12:10.952 Service scanning
13:12:52.574 Modules scanning
13:12:52.574 Disk 0 trace - called modules:
13:12:52.605 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
13:12:52.620 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004751060]
13:12:53.120 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> [0xfffffa8004502520]
13:12:53.120 5 ACPI.sys[fffff88000f767a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa8004503680]
13:12:55.600 AVAST engine scan C:\Windows
13:13:06.582 AVAST engine scan C:\Windows\system32
13:20:12.098 AVAST engine scan C:\Windows\system32\drivers
13:20:44.530 AVAST engine scan C:\Users\Hanan
13:23:39.017 Disk 0 MBR has been saved successfully to "C:\Users\Hanan\Desktop\MBR.dat"
13:23:39.017 The log file has been saved successfully to "C:\Users\Hanan\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 13:10:07
-----------------------------
13:10:07.027 OS Version: Windows x64 6.1.7601 Service Pack 1
13:10:07.027 Number of processors: 4 586 0x1707
13:10:07.027 ComputerName: HANAN-PC UserName: Hanan
13:10:55.606 Initialize success
13:11:07.801 AVAST engine defs: 12102000
13:11:26.211 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5
13:11:26.211 Disk 0 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476938MB BusType: 3
13:11:26.258 Disk 0 MBR read successfully
13:11:26.258 Disk 0 MBR scan
13:11:26.258 Disk 0 Windows 7 default MBR code
13:11:26.289 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 119234 MB offset 2048
13:11:26.336 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 357702 MB offset 244193280
13:11:26.398 Disk 0 scanning C:\Windows\system32\drivers
13:12:10.952 Service scanning
13:12:52.574 Modules scanning
13:12:52.574 Disk 0 trace - called modules:
13:12:52.605 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
13:12:52.620 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004751060]
13:12:53.120 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> [0xfffffa8004502520]
13:12:53.120 5 ACPI.sys[fffff88000f767a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa8004503680]
13:12:55.600 AVAST engine scan C:\Windows
13:13:06.582 AVAST engine scan C:\Windows\system32
13:20:12.098 AVAST engine scan C:\Windows\system32\drivers
13:20:44.530 AVAST engine scan C:\Users\Hanan
13:23:39.017 Disk 0 MBR has been saved successfully to "C:\Users\Hanan\Desktop\MBR.dat"
13:23:39.017 The log file has been saved successfully to "C:\Users\Hanan\Desktop\aswMBR.txt"
13:27:14.762 Disk 0 MBR has been saved successfully to "C:\Users\Hanan\Desktop\MBR.dat"
13:27:14.762 The log file has been saved successfully to "C:\Users\Hanan\Desktop\aswMBR.txt"

Please Only Copy And Paste Reports Into Topic - Do Not Attach
Please Only Copy And Paste Reports Into Topic - Do Not Attach


12:44:32.0565 3280 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:44:32.0911 3280 ============================================================
12:44:32.0911 3280 Current date / time: 2012/10/20 12:44:32.0911
12:44:32.0911 3280 SystemInfo:
12:44:32.0911 3280
12:44:32.0911 3280 OS Version: 6.1.7601 ServicePack: 1.0
12:44:32.0911 3280 Product type: Workstation
12:44:32.0911 3280 ComputerName: HANAN-PC
12:44:32.0912 3280 UserName: Hanan
12:44:32.0912 3280 Windows directory: C:\Windows
12:44:32.0912 3280 System windows directory: C:\Windows
12:44:32.0912 3280 Running under WOW64
12:44:32.0912 3280 Processor architecture: Intel x64
12:44:32.0912 3280 Number of processors: 4
12:44:32.0912 3280 Page size: 0x1000
12:44:32.0912 3280 Boot type: Normal boot
12:44:32.0912 3280 ============================================================
12:44:34.0219 3280 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:34.0225 3280 Drive \Device\Harddisk1\DR1 - Size: 0xF2E80000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:34.0227 3280 Drive \Device\Harddisk2\DR2 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:37.0332 3280 ============================================================
12:44:37.0332 3280 \Device\Harddisk0\DR0:
12:44:37.0332 3280 MBR partitions:
12:44:37.0332 3280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E1000
12:44:37.0332 3280 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE8E1800, BlocksNum 0x2BAA3000
12:44:37.0332 3280 \Device\Harddisk1\DR1:
12:44:37.0333 3280 MBR partitions:
12:44:37.0333 3280 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x795400
12:44:37.0333 3280 \Device\Harddisk2\DR2:
12:44:37.0334 3280 MBR partitions:
12:44:37.0334 3280 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
12:44:37.0334 3280 ============================================================
12:44:37.0353 3280 C: <-> \Device\Harddisk0\DR0\Partition2
12:44:37.0378 3280 D: <-> \Device\Harddisk0\DR0\Partition1
12:44:37.0412 3280 F: <-> \Device\Harddisk2\DR2\Partition1
12:44:37.0412 3280 ============================================================
12:44:37.0412 3280 Initialize success
12:44:37.0412 3280 ============================================================
12:44:47.0959 6024 ============================================================
12:44:47.0959 6024 Scan started
12:44:47.0959 6024 Mode: Manual;
12:44:47.0959 6024 ============================================================
12:44:49.0601 6024 ================ Scan system memory ========================
12:44:49.0601 6024 System memory - ok
12:44:49.0601 6024 ================ Scan services =============================
12:44:49.0758 6024 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:44:49.0799 6024 1394ohci - ok
12:44:49.0845 6024 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:44:49.0849 6024 ACPI - ok
12:44:49.0886 6024 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:44:49.0902 6024 AcpiPmi - ok
12:44:49.0956 6024 ADExchange - ok
12:44:50.0090 6024 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:44:50.0092 6024 AdobeARMservice - ok
12:44:50.0271 6024 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:44:50.0273 6024 AdobeFlashPlayerUpdateSvc - ok
12:44:50.0316 6024 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:44:50.0361 6024 adp94xx - ok
12:44:50.0388 6024 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:44:50.0438 6024 adpahci - ok
12:44:50.0454 6024 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:44:50.0460 6024 adpu320 - ok
12:44:50.0501 6024 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:44:50.0502 6024 AeLookupSvc - ok
12:44:50.0550 6024 [ 0517E1670A58213E3F206066CD209273 ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
12:44:50.0559 6024 AF15BDA - ok
12:44:50.0609 6024 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:44:50.0617 6024 AFD - ok
12:44:50.0661 6024 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:44:50.0682 6024 agp440 - ok
12:44:50.0698 6024 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:44:50.0701 6024 ALG - ok
12:44:50.0736 6024 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:44:50.0754 6024 aliide - ok
12:44:50.0759 6024 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:44:50.0775 6024 amdide - ok
12:44:50.0802 6024 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:44:50.0819 6024 AmdK8 - ok
12:44:50.0833 6024 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:44:50.0852 6024 AmdPPM - ok
12:44:50.0881 6024 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:44:50.0917 6024 amdsata - ok
12:44:50.0954 6024 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:44:50.0980 6024 amdsbs - ok
12:44:50.0993 6024 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:44:51.0010 6024 amdxata - ok
12:44:51.0048 6024 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:44:51.0066 6024 AppID - ok
12:44:51.0082 6024 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:44:51.0085 6024 AppIDSvc - ok
12:44:51.0135 6024 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:44:51.0138 6024 Appinfo - ok
12:44:51.0216 6024 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:44:51.0218 6024 Apple Mobile Device - ok
12:44:51.0236 6024 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:44:51.0241 6024 AppMgmt - ok
12:44:51.0257 6024 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:44:51.0276 6024 arc - ok
12:44:51.0292 6024 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:44:51.0296 6024 arcsas - ok
12:44:51.0315 6024 ArcSec - ok
12:44:51.0436 6024 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:44:51.0438 6024 aspnet_state - ok
12:44:51.0454 6024 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:51.0470 6024 AsyncMac - ok
12:44:51.0508 6024 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:44:51.0508 6024 atapi - ok
12:44:51.0534 6024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:44:51.0550 6024 AudioEndpointBuilder - ok
12:44:51.0561 6024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:44:51.0565 6024 AudioSrv - ok
12:44:51.0598 6024 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:44:51.0601 6024 AxInstSV - ok
12:44:51.0630 6024 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:44:51.0639 6024 b06bdrv - ok
12:44:51.0679 6024 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:44:51.0704 6024 b57nd60a - ok
12:44:51.0760 6024 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:44:51.0763 6024 BDESVC - ok
12:44:51.0799 6024 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:44:51.0801 6024 Beep - ok
12:44:51.0867 6024 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:44:51.0882 6024 BFE - ok
12:44:51.0947 6024 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:44:51.0972 6024 BITS - ok
12:44:52.0002 6024 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:44:52.0021 6024 blbdrive - ok
12:44:52.0097 6024 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:44:52.0100 6024 Bonjour Service - ok
12:44:52.0141 6024 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:44:52.0194 6024 bowser - ok
12:44:52.0223 6024 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:44:52.0225 6024 BrFiltLo - ok
12:44:52.0242 6024 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:44:52.0244 6024 BrFiltUp - ok
12:44:52.0263 6024 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:44:52.0279 6024 BridgeMP - ok
12:44:52.0330 6024 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:44:52.0334 6024 Browser - ok
12:44:52.0357 6024 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:44:52.0424 6024 Brserid - ok
12:44:52.0461 6024 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:44:52.0477 6024 BrSerWdm - ok
12:44:52.0498 6024 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:44:52.0514 6024 BrUsbMdm - ok
12:44:52.0554 6024 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:44:52.0556 6024 BrUsbSer - ok
12:44:52.0606 6024 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:44:52.0608 6024 BrYNSvc - ok
12:44:52.0641 6024 [ 07DCB3C254D584E3949FE2C0EE3963F2 ] BthAudioHF C:\Windows\system32\DRIVERS\BthAudioHF.sys
12:44:52.0656 6024 BthAudioHF - ok
12:44:52.0719 6024 [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
12:44:52.0722 6024 BthAvrcp - ok
12:44:52.0777 6024 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
12:44:52.0793 6024 BthEnum - ok
12:44:52.0824 6024 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:44:52.0842 6024 BTHMODEM - ok
12:44:52.0861 6024 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:44:52.0862 6024 BthPan - ok
12:44:52.0900 6024 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:44:52.0941 6024 BTHPORT - ok
12:44:52.0968 6024 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:44:52.0970 6024 bthserv - ok
12:44:53.0006 6024 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:44:53.0022 6024 BTHUSB - ok
12:44:53.0053 6024 catchme - ok
12:44:53.0080 6024 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:44:53.0083 6024 cdfs - ok
12:44:53.0130 6024 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:44:53.0156 6024 cdrom - ok
12:44:53.0198 6024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:44:53.0201 6024 CertPropSvc - ok
12:44:53.0227 6024 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:44:53.0230 6024 circlass - ok
12:44:53.0253 6024 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:44:53.0259 6024 CLFS - ok
12:44:53.0448 6024 [ 0443495FD34D6A3786B88EFE815E180F ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
12:44:53.0449 6024 CLHNServiceForPowerDVD12 - ok
12:44:53.0505 6024 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:44:54.0110 6024 clr_optimization_v2.0.50727_32 - ok
12:44:54.0154 6024 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:44:54.0156 6024 clr_optimization_v2.0.50727_64 - ok
12:44:54.0251 6024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:44:54.0254 6024 clr_optimization_v4.0.30319_32 - ok
12:44:54.0265 6024 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:44:54.0267 6024 clr_optimization_v4.0.30319_64 - ok
12:44:54.0289 6024 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:44:54.0303 6024 CmBatt - ok
12:44:54.0355 6024 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:44:54.0370 6024 cmdide - ok
12:44:54.0438 6024 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:44:54.0471 6024 CNG - ok
12:44:54.0505 6024 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:44:54.0523 6024 Compbatt - ok
12:44:54.0572 6024 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:44:54.0707 6024 CompositeBus - ok
12:44:54.0722 6024 COMSysApp - ok
12:44:54.0761 6024 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:44:54.0784 6024 crcdisk - ok
12:44:54.0935 6024 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:44:54.0975 6024 CryptSvc - ok
12:44:55.0013 6024 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:44:55.0029 6024 CSC - ok
12:44:55.0049 6024 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:44:55.0063 6024 CscService - ok
12:44:55.0101 6024 [ DF07C6D98BA7F81D0571E366B1CD6672 ] csr_a2dp C:\Windows\system32\drivers\bthav.sys
12:44:55.0104 6024 csr_a2dp - ok
12:44:55.0235 6024 [ 92084070D73A37076A4E900EB60B1B85 ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
12:44:55.0237 6024 CyberLink PowerDVD 12 Media Server Monitor Service - ok
12:44:55.0290 6024 [ B1DA1308BFA73D9511189760EE2F9992 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
12:44:55.0293 6024 CyberLink PowerDVD 12 Media Server Service - ok
12:44:55.0336 6024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:44:55.0351 6024 DcomLaunch - ok
12:44:55.0396 6024 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:44:55.0402 6024 defragsvc - ok
12:44:55.0442 6024 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:44:55.0445 6024 DfsC - ok
12:44:55.0481 6024 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:44:55.0487 6024 Dhcp - ok
12:44:55.0501 6024 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:44:55.0503 6024 discache - ok
12:44:55.0537 6024 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:44:55.0555 6024 Disk - ok
12:44:55.0593 6024 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:44:55.0598 6024 Dnscache - ok
12:44:55.0640 6024 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:44:55.0645 6024 dot3svc - ok
12:44:55.0684 6024 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:44:55.0686 6024 DPS - ok
12:44:55.0727 6024 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:44:55.0743 6024 drmkaud - ok
12:44:55.0783 6024 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:44:55.0786 6024 dtsoftbus01 - ok
12:44:55.0842 6024 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:44:55.0885 6024 DXGKrnl - ok
12:44:55.0925 6024 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
12:44:55.0950 6024 E1G60 - ok
12:44:55.0993 6024 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
12:44:56.0018 6024 eamonm - ok
12:44:56.0042 6024 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:44:56.0046 6024 EapHost - ok
12:44:56.0133 6024 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:44:56.0248 6024 ebdrv - ok
12:44:56.0282 6024 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:44:56.0284 6024 EFS - ok
12:44:56.0314 6024 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
12:44:56.0339 6024 ehdrv - ok
12:44:56.0479 6024 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:44:56.0493 6024 ehRecvr - ok
12:44:56.0512 6024 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:44:56.0515 6024 ehSched - ok
12:44:56.0647 6024 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
12:44:56.0653 6024 ekrn - ok
12:44:56.0691 6024 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:44:56.0706 6024 elxstor - ok
12:44:56.0729 6024 [ 3EBB7FD3C605262B942868A1D840F4F1 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
12:44:56.0734 6024 epfwwfpr - ok
12:44:56.0765 6024 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:44:56.0783 6024 ErrDev - ok
12:44:56.0818 6024 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:44:56.0823 6024 EventSystem - ok
12:44:56.0839 6024 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:44:56.0874 6024 exfat - ok
12:44:56.0892 6024 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:44:56.0933 6024 fastfat - ok
12:44:56.0984 6024 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:44:56.0999 6024 Fax - ok
12:44:57.0019 6024 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:44:57.0048 6024 fdc - ok
12:44:57.0062 6024 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:44:57.0064 6024 fdPHost - ok
12:44:57.0072 6024 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:44:57.0074 6024 FDResPub - ok
12:44:57.0089 6024 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:44:57.0108 6024 FileInfo - ok
12:44:57.0122 6024 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:44:57.0142 6024 Filetrace - ok
12:44:57.0158 6024 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:44:57.0161 6024 flpydisk - ok
12:44:57.0195 6024 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:44:57.0236 6024 FltMgr - ok
12:44:57.0290 6024 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:44:57.0321 6024 FontCache - ok
12:44:57.0371 6024 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:44:57.0372 6024 FontCache3.0.0.0 - ok
12:44:57.0389 6024 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:44:57.0406 6024 FsDepends - ok
12:44:57.0448 6024 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:44:57.0464 6024 Fs_Rec - ok
12:44:57.0514 6024 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:44:57.0518 6024 fvevol - ok
12:44:57.0548 6024 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:44:57.0590 6024 gagp30kx - ok
12:44:57.0650 6024 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
12:44:57.0652 6024 gdrv - ok
12:44:57.0708 6024 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:44:57.0759 6024 GEARAspiWDM - ok
12:44:57.0812 6024 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:44:57.0827 6024 gpsvc - ok
12:44:57.0844 6024 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:44:57.0847 6024 hcw85cir - ok
12:44:57.0892 6024 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:44:57.0899 6024 HdAudAddService - ok
12:44:57.0942 6024 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:44:57.0944 6024 HDAudBus - ok
12:44:57.0998 6024 [ EE8C05F926521A0E24EDAF40F45D01E6 ] HFGService C:\Windows\System32\HFGService.dll
12:44:58.0011 6024 HFGService - ok
12:44:58.0025 6024 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:44:58.0058 6024 HidBatt - ok
12:44:58.0076 6024 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:44:58.0094 6024 HidBth - ok
12:44:58.0108 6024 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:44:58.0138 6024 HidIr - ok
12:44:58.0171 6024 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:44:58.0174 6024 hidserv - ok
12:44:58.0224 6024 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:44:58.0242 6024 HidUsb - ok
12:44:58.0296 6024 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:44:58.0299 6024 hkmsvc - ok
12:44:58.0338 6024 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:44:58.0342 6024 HomeGroupListener - ok
12:44:58.0355 6024 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:44:58.0360 6024 HomeGroupProvider - ok
12:44:58.0395 6024 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:44:58.0398 6024 HpSAMD - ok
12:44:58.0434 6024 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:44:58.0458 6024 HTTP - ok
12:44:58.0507 6024 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:44:58.0508 6024 hwpolicy - ok
12:44:58.0561 6024 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:44:58.0581 6024 i8042prt - ok
12:44:58.0654 6024 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:44:58.0704 6024 iaStorV - ok
12:44:58.0799 6024 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:44:58.0822 6024 idsvc - ok
12:44:58.0836 6024 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:44:59.0474 6024 iirsp - ok
12:44:59.0522 6024 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:44:59.0554 6024 IKEEXT - ok
12:44:59.0573 6024 IntcAzAudAddService - ok
12:44:59.0592 6024 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:44:59.0595 6024 intelide - ok
12:44:59.0614 6024 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:44:59.0614 6024 intelppm - ok
12:44:59.0656 6024 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:44:59.0658 6024 IPBusEnum - ok
12:44:59.0694 6024 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:44:59.0697 6024 IpFilterDriver - ok
12:44:59.0755 6024 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:44:59.0770 6024 iphlpsvc - ok
12:44:59.0795 6024 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:44:59.0798 6024 IPMIDRV - ok
12:44:59.0828 6024 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:44:59.0847 6024 IPNAT - ok
12:44:59.0935 6024 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:44:59.0941 6024 iPod Service - ok
12:44:59.0973 6024 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:44:59.0975 6024 IRENUM - ok
12:45:00.0028 6024 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:45:00.0047 6024 isapnp - ok
12:45:00.0063 6024 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:45:00.0088 6024 iScsiPrt - ok
12:45:00.0126 6024 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
12:45:00.0130 6024 ivusb - ok
12:45:00.0147 6024 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:00.0150 6024 kbdclass - ok
12:45:00.0199 6024 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:00.0202 6024 kbdhid - ok
12:45:00.0215 6024 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:45:00.0216 6024 KeyIso - ok
12:45:00.0254 6024 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:45:00.0258 6024 KSecDD - ok
12:45:00.0277 6024 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:45:00.0283 6024 KSecPkg - ok
12:45:00.0288 6024 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:45:00.0306 6024 ksthunk - ok
12:45:00.0356 6024 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:45:00.0363 6024 KtmRm - ok
12:45:00.0404 6024 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:45:00.0411 6024 LanmanServer - ok
12:45:00.0448 6024 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:45:00.0452 6024 LanmanWorkstation - ok
12:45:00.0484 6024 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:45:00.0502 6024 lltdio - ok
12:45:00.0523 6024 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:45:00.0530 6024 lltdsvc - ok
12:45:00.0544 6024 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:45:00.0546 6024 lmhosts - ok
12:45:00.0566 6024 LMIInfo - ok
12:45:00.0628 6024 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
12:45:00.0645 6024 lmimirr - ok
12:45:00.0663 6024 LMIRfsClientNP - ok
12:45:00.0695 6024 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
12:45:00.0741 6024 LMIRfsDriver - ok
12:45:00.0773 6024 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:00.0790 6024 LSI_FC - ok
12:45:00.0806 6024 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:00.0824 6024 LSI_SAS - ok
12:45:00.0844 6024 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:00.0861 6024 LSI_SAS2 - ok
12:45:00.0881 6024 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:00.0899 6024 LSI_SCSI - ok
12:45:00.0926 6024 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:45:00.0930 6024 luafv - ok
12:45:01.0004 6024 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:45:01.0006 6024 MBAMProtector - ok
12:45:01.0085 6024 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:45:01.0090 6024 MBAMScheduler - ok
12:45:01.0138 6024 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:45:01.0142 6024 MBAMService - ok
12:45:01.0172 6024 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:45:01.0175 6024 Mcx2Svc - ok
12:45:01.0192 6024 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:45:01.0221 6024 megasas - ok
12:45:01.0236 6024 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:01.0269 6024 MegaSR - ok
12:45:01.0350 6024 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:45:01.0352 6024 Microsoft Office Groove Audit Service - ok
12:45:01.0387 6024 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:45:01.0389 6024 MMCSS - ok
12:45:01.0434 6024 [ 73D06F37480C314AD9082DE5AA17CFB8 ] mobiolavs C:\Windows\system32\DRIVERS\mobiolavs.sys
12:45:01.0437 6024 mobiolavs - ok
12:45:01.0476 6024 [ 14F31D60A6C0D73DE9836EDC8F304E83 ] MOBIOLA_Wave C:\Windows\system32\drivers\mobiolawave.sys
12:45:01.0479 6024 MOBIOLA_Wave - ok
12:45:01.0496 6024 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:45:01.0499 6024 Modem - ok
12:45:01.0545 6024 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:45:01.0546 6024 monitor - ok
12:45:01.0574 6024 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:45:01.0577 6024 mouclass - ok
12:45:01.0612 6024 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:45:01.0615 6024 mouhid - ok
12:45:01.0657 6024 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:45:01.0660 6024 mountmgr - ok
12:45:01.0729 6024 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:01.0732 6024 MozillaMaintenance - ok
12:45:01.0767 6024 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:45:01.0774 6024 mpio - ok
12:45:01.0780 6024 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:45:01.0800 6024 mpsdrv - ok
12:45:01.0856 6024 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:45:01.0880 6024 MpsSvc - ok
12:45:01.0917 6024 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:45:01.0922 6024 MRxDAV - ok
12:45:01.0962 6024 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:01.0966 6024 mrxsmb - ok
12:45:02.0007 6024 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:02.0048 6024 mrxsmb10 - ok
12:45:02.0085 6024 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:02.0103 6024 mrxsmb20 - ok
12:45:02.0139 6024 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:45:02.0159 6024 msahci - ok
12:45:02.0221 6024 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:45:02.0263 6024 msdsm - ok
12:45:02.0315 6024 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:45:02.0320 6024 MSDTC - ok
12:45:02.0333 6024 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:45:02.0335 6024 Msfs - ok
12:45:02.0347 6024 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:45:02.0349 6024 mshidkmdf - ok
12:45:02.0380 6024 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:45:02.0396 6024 msisadrv - ok
12:45:02.0434 6024 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:45:02.0438 6024 MSiSCSI - ok
12:45:02.0443 6024 msiserver - ok
12:45:02.0477 6024 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:45:02.0479 6024 MSKSSRV - ok
12:45:02.0511 6024 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:02.0513 6024 MSPCLOCK - ok
12:45:02.0523 6024 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:45:02.0540 6024 MSPQM - ok
12:45:02.0568 6024 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:45:02.0575 6024 MsRPC - ok
12:45:02.0600 6024 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:45:02.0600 6024 mssmbios - ok
12:45:02.0614 6024 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:45:02.0615 6024 MSTEE - ok
12:45:02.0620 6024 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:02.0622 6024 MTConfig - ok
12:45:02.0649 6024 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:45:02.0666 6024 Mup - ok
12:45:02.0712 6024 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:45:02.0719 6024 napagent - ok
12:45:02.0763 6024 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:45:02.0813 6024 NativeWifiP - ok
12:45:02.0937 6024 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
12:45:02.0964 6024 NBService - ok
12:45:03.0012 6024 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:45:03.0038 6024 NDIS - ok
12:45:03.0061 6024 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:03.0079 6024 NdisCap - ok
12:45:03.0107 6024 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:03.0109 6024 NdisTapi - ok
12:45:03.0153 6024 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:03.0156 6024 Ndisuio - ok
12:45:03.0192 6024 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:03.0217 6024 NdisWan - ok
12:45:03.0227 6024 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:45:03.0257 6024 NDProxy - ok
12:45:03.0302 6024 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
12:45:03.0319 6024 Netaapl - ok
12:45:03.0344 6024 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:45:03.0360 6024 NetBIOS - ok
12:45:03.0375 6024 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:45:03.0379 6024 NetBT - ok
12:45:03.0394 6024 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:45:03.0396 6024 Netlogon - ok
12:45:03.0438 6024 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:45:03.0445 6024 Netman - ok
12:45:03.0483 6024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:03.0486 6024 NetMsmqActivator - ok
12:45:03.0517 6024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:03.0518 6024 NetPipeActivator - ok
12:45:03.0547 6024 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:45:03.0555 6024 netprofm - ok
12:45:03.0561 6024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:03.0562 6024 NetTcpActivator - ok
12:45:03.0567 6024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:45:03.0569 6024 NetTcpPortSharing - ok
12:45:03.0600 6024 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:03.0632 6024 nfrd960 - ok
12:45:03.0695 6024 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:45:04.0400 6024 NlaSvc - ok
12:45:04.0507 6024 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
12:45:04.0509 6024 NMIndexingService - ok
12:45:04.0524 6024 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:45:04.0540 6024 Npfs - ok
12:45:04.0571 6024 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:45:04.0574 6024 nsi - ok
12:45:04.0584 6024 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:45:04.0585 6024 nsiproxy - ok
12:45:04.0652 6024 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:45:04.0735 6024 Ntfs - ok
12:45:04.0919 6024 [ A773AA47341A1FD16C6A9BA3C11D7DAA ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
12:45:04.0943 6024 ntk_PowerDVD12 - ok
12:45:04.0969 6024 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:45:04.0985 6024 Null - ok
12:45:05.0286 6024 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:45:05.0550 6024 nvlddmkm - ok
12:45:05.0589 6024 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:45:05.0614 6024 nvraid - ok
12:45:05.0642 6024 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:45:05.0675 6024 nvstor - ok
12:45:05.0736 6024 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
12:45:05.0762 6024 nvsvc - ok
12:45:05.0864 6024 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:45:05.0904 6024 nvUpdatusService - ok
12:45:05.0941 6024 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:45:05.0958 6024 nv_agp - ok
12:45:06.0039 6024 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:45:06.0045 6024 odserv - ok
12:45:06.0075 6024 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:45:06.0091 6024 ohci1394 - ok
12:45:06.0130 6024 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:06.0134 6024 ose - ok
12:45:06.0172 6024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:45:06.0177 6024 p2pimsvc - ok
12:45:06.0204 6024 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:45:06.0218 6024 p2psvc - ok
12:45:06.0254 6024 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:45:06.0271 6024 Parport - ok
12:45:06.0312 6024 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:45:06.0328 6024 partmgr - ok
12:45:06.0344 6024 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:45:06.0350 6024 PcaSvc - ok
12:45:06.0407 6024 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
12:45:06.0422 6024 pccsmcfd - ok
12:45:06.0466 6024 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:45:06.0508 6024 pci - ok
12:45:06.0543 6024 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:45:06.0558 6024 pciide - ok
12:45:06.0586 6024 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:06.0636 6024 pcmcia - ok
12:45:06.0666 6024 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:45:06.0682 6024 pcw - ok
12:45:06.0868 6024 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
12:45:06.0871 6024 PDFProFiltSrvPP - ok
12:45:06.0900 6024 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:45:06.0959 6024 PEAUTH - ok
12:45:07.0023 6024 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:45:07.0056 6024 PeerDistSvc - ok
12:45:07.0128 6024 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:45:07.0130 6024 PerfHost - ok
12:45:07.0197 6024 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:45:07.0247 6024 pla - ok
12:45:07.0291 6024 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:45:07.0338 6024 PlugPlay - ok
12:45:07.0421 6024 PnkBstrA - ok
12:45:07.0478 6024 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:45:07.0535 6024 PNRPAutoReg - ok
12:45:07.0583 6024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:45:07.0586 6024 PNRPsvc - ok
12:45:07.0626 6024 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:45:07.0641 6024 PolicyAgent - ok
12:45:07.0667 6024 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:45:07.0670 6024 Power - ok
12:45:07.0705 6024 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:45:07.0749 6024 PptpMiniport - ok
12:45:07.0766 6024 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:45:07.0782 6024 Processor - ok
12:45:07.0830 6024 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:45:07.0834 6024 ProfSvc - ok
12:45:07.0850 6024 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:45:07.0852 6024 ProtectedStorage - ok
12:45:07.0880 6024 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:45:07.0882 6024 Psched - ok
12:45:07.0931 6024 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:45:07.0966 6024 ql2300 - ok
12:45:07.0988 6024 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:07.0992 6024 ql40xx - ok
12:45:08.0020 6024 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:45:08.0027 6024 QWAVE - ok
12:45:08.0046 6024 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:45:08.0062 6024 QWAVEdrv - ok
12:45:08.0076 6024 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:45:08.0092 6024 RasAcd - ok
12:45:08.0131 6024 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:08.0136 6024 RasAgileVpn - ok
12:45:08.0154 6024 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:45:08.0158 6024 RasAuto - ok
12:45:08.0171 6024 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:08.0202 6024 Rasl2tp - ok
12:45:08.0239 6024 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:45:08.0246 6024 RasMan - ok
12:45:08.0256 6024 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:08.0259 6024 RasPppoe - ok
12:45:08.0279 6024 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:45:08.0296 6024 RasSstp - ok
12:45:08.0347 6024 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:45:08.0353 6024 rdbss - ok
12:45:08.0360 6024 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:08.0389 6024 rdpbus - ok
12:45:08.0404 6024 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:08.0405 6024 RDPCDD - ok
12:45:08.0444 6024 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:45:08.0478 6024 RDPDR - ok
12:45:08.0505 6024 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:45:08.0507 6024 RDPENCDD - ok
12:45:08.0520 6024 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:45:08.0522 6024 RDPREFMP - ok
12:45:08.0564 6024 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:45:08.0579 6024 RdpVideoMiniport - ok
12:45:08.0612 6024 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:45:08.0638 6024 RDPWD - ok
12:45:08.0652 6024 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:45:08.0659 6024 rdyboost - ok
12:45:08.0673 6024 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:45:08.0676 6024 RemoteAccess - ok
12:45:08.0694 6024 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:45:08.0699 6024 RemoteRegistry - ok
12:45:08.0737 6024 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:45:08.0762 6024 RFCOMM - ok
12:45:08.0789 6024 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:45:08.0792 6024 RpcEptMapper - ok
12:45:08.0811 6024 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:45:08.0814 6024 RpcLocator - ok
12:45:08.0854 6024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:45:08.0859 6024 RpcSs - ok
12:45:08.0871 6024 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:45:08.0887 6024 rspndr - ok
12:45:08.0944 6024 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:45:08.0973 6024 RTL8167 - ok
12:45:09.0003 6024 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:45:09.0005 6024 s3cap - ok
12:45:09.0020 6024 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:45:09.0022 6024 SamSs - ok
12:45:09.0048 6024 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:45:09.0065 6024 sbp2port - ok
12:45:09.0092 6024 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:45:09.0648 6024 SCardSvr - ok
12:45:09.0680 6024 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:45:09.0699 6024 scfilter - ok
12:45:09.0751 6024 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:45:09.0793 6024 Schedule - ok
12:45:09.0811 6024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:45:09.0812 6024 SCPolicySvc - ok
12:45:09.0851 6024 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:45:09.0857 6024 SDRSVC - ok
12:45:09.0888 6024 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:45:09.0906 6024 secdrv - ok
12:45:09.0914 6024 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:45:09.0917 6024 seclogon - ok
12:45:09.0933 6024 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:45:09.0936 6024 SENS - ok
12:45:09.0948 6024 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:45:09.0952 6024 SensrSvc - ok
12:45:09.0957 6024 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:45:09.0973 6024 Serenum - ok
12:45:09.0984 6024 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:45:10.0041 6024 Serial - ok
12:45:10.0077 6024 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:45:10.0096 6024 sermouse - ok
12:45:10.0205 6024 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
12:45:10.0210 6024 ServiceLayer - ok
12:45:10.0395 6024 [ 91E844F7E8AAAF72FFEAD7C13452EDE3 ] Serviio C:\Program Files\Serviio\bin\ServiioService.exe
12:45:10.0397 6024 Serviio - ok
12:45:10.0432 6024 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:45:10.0436 6024 SessionEnv - ok
12:45:10.0468 6024 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:45:10.0485 6024 sffdisk - ok
12:45:10.0516 6024 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:45:10.0531 6024 sffp_mmc - ok
12:45:10.0573 6024 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:45:10.0575 6024 sffp_sd - ok
12:45:10.0590 6024 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:10.0608 6024 sfloppy - ok
12:45:10.0683 6024 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:45:10.0690 6024 SharedAccess - ok
12:45:10.0738 6024 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:45:10.0746 6024 ShellHWDetection - ok
12:45:10.0776 6024 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:10.0809 6024 SiSRaid2 - ok
12:45:10.0827 6024 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:10.0844 6024 SiSRaid4 - ok
12:45:10.0909 6024 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:45:10.0912 6024 SkypeUpdate - ok
12:45:10.0943 6024 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:45:10.0946 6024 Smb - ok
12:45:10.0988 6024 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:45:10.0991 6024 SNMPTRAP - ok
12:45:11.0003 6024 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:45:11.0020 6024 spldr - ok
12:45:11.0059 6024 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:45:11.0073 6024 Spooler - ok
12:45:11.0170 6024 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:45:11.0241 6024 sppsvc - ok
12:45:11.0247 6024 sppuinotify - ok
12:45:11.0296 6024 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:45:11.0349 6024 srv - ok
12:45:11.0369 6024 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:45:11.0394 6024 srv2 - ok
12:45:11.0405 6024 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:45:11.0409 6024 srvnet - ok
12:45:11.0437 6024 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:45:11.0442 6024 SSDPSRV - ok
12:45:11.0448 6024 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:45:11.0452 6024 SstpSvc - ok
12:45:11.0540 6024 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:45:11.0543 6024 Stereo Service - ok
12:45:11.0553 6024 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:45:11.0556 6024 stexstor - ok
12:45:11.0580 6024 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:45:11.0599 6024 StillCam - ok
12:45:11.0645 6024 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:45:11.0661 6024 stisvc - ok
12:45:11.0711 6024 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:45:11.0714 6024 storflt - ok
12:45:11.0759 6024 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:45:11.0776 6024 storvsc - ok
12:45:11.0810 6024 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:45:11.0826 6024 swenum - ok
12:45:11.0991 6024 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:45:11.0998 6024 SwitchBoard - ok
12:45:12.0022 6024 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:45:12.0038 6024 swprv - ok
12:45:12.0053 6024 Synth3dVsc - ok
12:45:12.0126 6024 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:45:12.0183 6024 SysMain - ok
12:45:12.0228 6024 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:45:12.0232 6024 TabletInputService - ok
12:45:12.0267 6024 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:45:12.0273 6024 TapiSrv - ok
12:45:12.0293 6024 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:45:12.0297 6024 TBS - ok
12:45:12.0486 6024 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:45:12.0543 6024 Tcpip - ok
12:45:12.0636 6024 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:45:12.0646 6024 TCPIP6 - ok
12:45:12.0678 6024 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:45:12.0681 6024 tcpipreg - ok
12:45:12.0705 6024 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:45:12.0724 6024 TDPIPE - ok
12:45:12.0764 6024 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:45:12.0772 6024 TDTCP - ok
12:45:12.0803 6024 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:45:12.0823 6024 tdx - ok
12:45:12.0940 6024 [ 7C2F4D20AF8267605607B483D88C8302 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:45:12.0966 6024 TeamViewer6 - ok
12:45:13.0008 6024 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:45:13.0024 6024 TermDD - ok
12:45:13.0051 6024 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:45:13.0066 6024 TermService - ok
12:45:13.0078 6024 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:45:13.0082 6024 Themes - ok
12:45:13.0104 6024 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:45:13.0105 6024 THREADORDER - ok
12:45:13.0120 6024 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:45:13.0125 6024 TrkWks - ok
12:45:13.0152 6024 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:45:13.0154 6024 TrustedInstaller - ok
12:45:13.0188 6024 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:13.0191 6024 tssecsrv - ok
12:45:13.0220 6024 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:45:13.0252 6024 TsUsbFlt - ok
12:45:13.0268 6024 tsusbhub - ok
12:45:13.0315 6024 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:45:13.0332 6024 tunnel - ok
12:45:13.0345 6024 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:45:13.0362 6024 uagp35 - ok
12:45:13.0382 6024 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:45:13.0389 6024 udfs - ok
12:45:13.0412 6024 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:45:13.0416 6024 UI0Detect - ok
12:45:13.0432 6024 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:45:13.0449 6024 uliagpkx - ok
12:45:13.0492 6024 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:45:13.0509 6024 umbus - ok
12:45:13.0538 6024 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:45:13.0553 6024 UmPass - ok
12:45:13.0591 6024 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:45:13.0597 6024 UmRdpService - ok
12:45:13.0613 6024 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:45:13.0620 6024 upnphost - ok
12:45:13.0664 6024 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:45:13.0694 6024 USBAAPL64 - ok
12:45:13.0724 6024 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:13.0740 6024 usbccgp - ok
12:45:13.0780 6024 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:45:13.0784 6024 usbcir - ok
12:45:13.0805 6024 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:45:13.0823 6024 usbehci - ok
12:45:13.0847 6024 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:45:13.0873 6024 usbhub - ok
12:45:13.0893 6024 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:45:13.0908 6024 usbohci - ok
12:45:13.0931 6024 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:45:13.0948 6024 usbprint - ok
12:45:13.0979 6024 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:45:13.0982 6024 usbscan - ok
12:45:14.0013 6024 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:14.0046 6024 USBSTOR - ok
12:45:14.0066 6024 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:45:14.0069 6024 usbuhci - ok
12:45:14.0078 6024 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:45:14.0081 6024 UxSms - ok
12:45:14.0098 6024 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:45:14.0099 6024 VaultSvc - ok
12:45:14.0108 6024 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:45:14.0139 6024 vdrvroot - ok
12:45:14.0213 6024 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:45:14.0849 6024 vds - ok
12:45:14.0873 6024 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:14.0876 6024 vga - ok
12:45:14.0895 6024 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:45:14.0911 6024 VgaSave - ok
12:45:14.0915 6024 VGPU - ok
12:45:14.0952 6024 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:45:14.0977 6024 vhdmp - ok
12:45:15.0011 6024 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:45:15.0029 6024 viaide - ok
12:45:15.0065 6024 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:45:15.0122 6024 vmbus - ok
12:45:15.0134 6024 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:45:15.0152 6024 VMBusHID - ok
12:45:15.0191 6024 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:45:15.0220 6024 volmgr - ok
12:45:15.0270 6024 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:45:15.0276 6024 volmgrx - ok
12:45:15.0293 6024 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:45:15.0335 6024 volsnap - ok
12:45:15.0379 6024 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:15.0404 6024 vsmraid - ok
12:45:15.0447 6024 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:45:15.0492 6024 VSS - ok
12:45:15.0503 6024 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:45:15.0520 6024 vwifibus - ok
12:45:15.0547 6024 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:45:15.0555 6024 W32Time - ok
12:45:15.0577 6024 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:45:15.0579 6024 WacomPen - ok
12:45:15.0619 6024 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:45:15.0635 6024 WANARP - ok
12:45:15.0647 6024 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:45:15.0648 6024 Wanarpv6 - ok
12:45:15.0707 6024 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:45:15.0757 6024 wbengine - ok
12:45:15.0773 6024 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:45:15.0780 6024 WbioSrvc - ok
12:45:15.0823 6024 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:45:15.0831 6024 wcncsvc - ok
12:45:15.0844 6024 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:45:15.0849 6024 WcsPlugInService - ok
12:45:15.0861 6024 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:45:15.0863 6024 Wd - ok
12:45:15.0891 6024 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:45:15.0916 6024 Wdf01000 - ok
12:45:15.0929 6024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:45:15.0933 6024 WdiServiceHost - ok
12:45:15.0937 6024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:45:15.0940 6024 WdiSystemHost - ok
12:45:15.0954 6024 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:45:15.0961 6024 WebClient - ok
12:45:15.0971 6024 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:45:15.0978 6024 Wecsvc - ok
12:45:15.0984 6024 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:45:15.0988 6024 wercplsupport - ok
12:45:16.0020 6024 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:45:16.0023 6024 WerSvc - ok
12:45:16.0031 6024 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:16.0047 6024 WfpLwf - ok
12:45:16.0061 6024 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:45:16.0076 6024 WIMMount - ok
12:45:16.0112 6024 WinDefend - ok
12:45:16.0120 6024 WinHttpAutoProxySvc - ok
12:45:16.0180 6024 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:45:16.0184 6024 Winmgmt - ok
12:45:16.0261 6024 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:45:16.0308 6024 WinRM - ok
12:45:16.0378 6024 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:45:16.0390 6024 WinUsb - ok
12:45:16.0437 6024 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:45:16.0482 6024 Wlansvc - ok
12:45:16.0530 6024 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:45:16.0545 6024 WmiAcpi - ok
12:45:16.0578 6024 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:45:16.0583 6024 wmiApSrv - ok
12:45:16.0600 6024 WMPNetworkSvc - ok
12:45:16.0616 6024 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:45:16.0619 6024 WPCSvc - ok
12:45:16.0653 6024 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:45:16.0657 6024 WPDBusEnum - ok
12:45:16.0674 6024 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:45:16.0692 6024 ws2ifsl - ok
12:45:16.0710 6024 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:45:16.0714 6024 wscsvc - ok
12:45:16.0747 6024 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:45:16.0765 6024 WSDPrintDevice - ok
12:45:16.0862 6024 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
12:45:16.0927 6024 WSDScan - ok
12:45:16.0932 6024 WSearch - ok
12:45:17.0030 6024 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:45:17.0081 6024 wuauserv - ok
12:45:17.0120 6024 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:45:17.0137 6024 WudfPf - ok
12:45:17.0153 6024 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:17.0178 6024 WUDFRd - ok
12:45:17.0189 6024 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:45:17.0193 6024 wudfsvc - ok
12:45:17.0210 6024 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:45:17.0217 6024 WwanSvc - ok
12:45:17.0277 6024 ================ Scan global ===============================
12:45:17.0299 6024 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:45:17.0338 6024 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:45:17.0355 6024 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:45:17.0384 6024 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:45:17.0416 6024 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:45:17.0420 6024 [Global] - ok
12:45:17.0420 6024 ================ Scan MBR ==================================
12:45:17.0442 6024 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:45:17.0619 6024 \Device\Harddisk0\DR0 - ok
12:45:17.0627 6024 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:45:25.0586 6024 \Device\Harddisk1\DR1 - ok
12:45:25.0591 6024 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:45:26.0015 6024 \Device\Harddisk2\DR2 - ok
12:45:26.0016 6024 ================ Scan VBR ==================================
12:45:26.0035 6024 [ 181F9DA7ABD363C9D1DEBAAC98937BCC ] \Device\Harddisk0\DR0\Partition1
12:45:26.0036 6024 \Device\Harddisk0\DR0\Partition1 - ok
12:45:26.0039 6024 [ 88F16D7E7CF69136DD4ED55D2DF39F95 ] \Device\Harddisk0\DR0\Partition2
12:45:26.0041 6024 \Device\Harddisk0\DR0\Partition2 - ok
12:45:26.0047 6024 [ C2F1AF16F0025D0E1D22665E85AED821 ] \Device\Harddisk1\DR1\Partition1
12:45:26.0049 6024 \Device\Harddisk1\DR1\Partition1 - ok
12:45:26.0053 6024 [ F49F4C3CC0D07C260F891A8B377CE0D0 ] \Device\Harddisk2\DR2\Partition1
12:45:26.0055 6024 \Device\Harddisk2\DR2\Partition1 - ok
12:45:26.0056 6024 ============================================================
12:45:26.0056 6024 Scan finished
12:45:26.0056 6024 ============================================================
12:45:26.0069 1624 Detected object count: 0
12:45:26.0069 1624 Actual detected object count: 0



Please Only Copy And Paste Reports Into Topic - Do Not Attach
Please Only Copy And Paste Reports Into Topic - Do Not Attach

Attached Files


Edited by gringo_pr, 20 October 2012 - 01:08 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 20 October 2012 - 01:10 PM

Greetings

Please Only Copy And Paste Reports Into Topic - Do Not Attach


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo


Please Only Copy And Paste Reports Into Topic - Do Not Attach
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hananmori12

hananmori12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 21 October 2012 - 01:41 AM

Currently I have no problems noticed them,
Computer back to normal,




ComboFix 12-10-19.01 - Hanan 10/21/2012 2:01.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.4094.2858 [GMT 2:00]
Running from: c:\users\Hanan\Desktop\ComboFix.exe
Command switches used :: c:\users\Hanan\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 00:13 . 2012-10-21 00:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-21 00:13 . 2012-10-21 00:13 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-10-21 00:13 . 2012-10-21 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 19:49 . 2011-07-15 15:56 38400 ----a-w- c:\windows\system32\drivers\csrbc.sys
2012-10-20 19:49 . 2012-10-20 19:49 -------- d-----w- c:\program files (x86)\Midland
2012-10-20 12:22 . 2012-10-20 12:22 -------- d-----w- c:\program files (x86)\WinToFlash Suggestor
2012-10-19 23:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D029A570-D66D-411F-B2F2-3D255A6BC8B2}\mpengine.dll
2012-10-19 19:32 . 2012-10-20 12:16 -------- d-----w- c:\users\Hanan\AppData\Roaming\BITS
2012-10-19 19:32 . 2012-10-19 19:32 -------- d-----w- c:\users\Hanan\AppData\Roaming\FlashgetSetup
2012-10-19 19:32 . 2012-10-19 19:32 -------- d-----w- c:\users\Hanan\AppData\Roaming\FlashGet
2012-10-19 19:32 . 2012-10-19 19:32 -------- d-----w- c:\program files (x86)\FlashGet Network
2012-10-18 08:28 . 2012-10-18 08:28 -------- d-----w- C:\FRST
2012-10-17 21:19 . 2012-10-17 21:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-16 23:38 . 2012-10-16 23:48 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-10-16 22:08 . 2012-10-16 22:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-09 20:18 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 20:18 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-09 20:18 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-09 20:18 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-09 20:18 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 20:18 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 20:18 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-09 20:18 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 20:18 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 20:18 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-09 20:15 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 20:15 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 20:15 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 20:15 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 20:15 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 20:15 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-06 15:46 . 2012-10-06 15:46 -------- d-----w- c:\users\Hanan\AppData\Roaming\XBMC
2012-10-06 15:44 . 2012-10-06 15:44 -------- d-----w- c:\program files (x86)\XBMC
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-01 23:46 . 2012-10-01 23:46 -------- d-----w- c:\programdata\DivX
2012-10-01 15:14 . 2012-10-01 15:14 -------- d-----w- c:\users\Hanan\AppData\Roaming\PotPlayerMini
2012-10-01 15:14 . 2012-10-01 15:14 -------- d-----w- c:\users\Hanan\AppData\Local\Daum
2012-10-01 15:13 . 2012-10-01 15:13 -------- d-----w- c:\program files (x86)\Daum
2012-09-27 02:14 . 2012-09-27 03:03 -------- d-----w- c:\users\Hanan\AppData\Roaming\ArcSoft
2012-09-27 02:13 . 2012-09-27 02:13 -------- d-----w- c:\users\Hanan\AppData\Local\ArcSoft
2012-09-27 02:13 . 2012-09-27 02:13 -------- d-----w- c:\programdata\ArcSoft
2012-09-27 01:58 . 2012-09-27 01:58 -------- d-----w- c:\users\Hanan\AppData\Local\MediaShow
2012-09-27 01:42 . 2012-09-27 01:42 -------- d-----w- C:\MediaServer
2012-09-27 01:41 . 2012-09-27 01:41 -------- d-----w- c:\users\Hanan\AppData\Local\CyberLink
2012-09-27 01:39 . 2012-09-27 01:39 -------- d-----w- c:\program files (x86)\CyberLink
2012-09-26 18:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 08:35 . 2012-09-23 08:35 -------- d-----w- c:\users\Hanan\AppData\Local\MediaServer
2012-09-23 08:35 . 2012-09-23 08:38 -------- d-----w- c:\programdata\PDVD
2012-09-23 08:35 . 2012-09-23 08:38 -------- d-----w- c:\users\Hanan\AppData\Roaming\CyberLink
2012-09-23 08:35 . 2012-09-27 01:41 -------- d-----w- c:\users\Public\CyberLink
2012-09-23 08:33 . 2012-09-23 08:33 -------- d-----w- c:\programdata\install_clap
2012-09-23 08:28 . 2012-09-27 01:41 -------- d-----w- c:\programdata\CyberLink
2012-09-23 01:42 . 2012-09-23 01:42 -------- d-----w- c:\users\Hanan\AppData\Roaming\dvdcss
2012-09-22 17:09 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 17:09 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-22 17:09 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-22 17:09 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-09-22 17:09 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-22 17:09 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-22 17:09 . 2012-08-24 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-22 17:09 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 00:27 . 2012-10-21 00:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D029A570-D66D-411F-B2F2-3D255A6BC8B2}\offreg.dll
2012-10-09 20:22 . 2010-02-10 06:16 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 19:11 . 2012-04-15 20:48 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:11 . 2011-05-21 18:06 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 22:21 . 2012-06-27 11:57 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-05-11 22:15 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2011-10-06 13:11 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 19:51 . 2011-01-07 18:49 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-01-07 18:49 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-06-27 11:59 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-01-07 18:48 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-01-07 18:48 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-01-07 18:48 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-24 13:32 . 2012-06-13 04:37 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2011-02-13 23:04 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 15:04 . 2012-01-27 18:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 05:32 . 2012-09-06 05:32 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-08-22 18:12 . 2012-09-11 18:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 18:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 18:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 18:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 10:01 . 2012-09-14 15:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 10:01 . 2011-03-05 20:36 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 10:01 . 2011-03-05 20:36 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-09 20:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-11 18:44 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 18:44 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-01-22 16:07 2169856 --sha-w- c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[7] 2009-10-28 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.20560] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16447] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[-] 2012-01-22 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-01-22 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E6F1BC15-CFF7-DDD4-B960-0F4B83EF19CC}]
c:\users\Hanan\AppData\Local\GamePlayLabs Plugin\BHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
2012-05-25 15:38 281424 ----a-w- c:\program files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8fe28f46-37ad-47b2-8258-34c128636ace}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{8fe28f46-37ad-47b2-8258-34c128636ace}]
[HKEY_CLASSES_ROOT\Agat.AGForms.Toolbar.AGFormsToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-03-03 2980016]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Growl"="c:\program files (x86)\Growl for Windows\Growl.exe" [2012-03-21 3817472]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-07-25 505872]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-07-25 374560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Hanan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2012-8-9 493056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-13 279616]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-07-25 90640]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-07-25 78352]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-07-25 295440]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2012-08-09 207872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2010-05-14 29120]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [2010-05-05 28304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 19:11]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484278633-1227156275-3294412591-1000Core.job
- c:\users\Hanan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-03 17:34]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484278633-1227156275-3294412591-1000UA.job
- c:\users\Hanan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-03 17:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [BU]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-01-22 2169856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"TNOD UP"="c:\program files\ESET\TNod User & Password Finder\TNODUP.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.il/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &ייצוא אל Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download all links by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{3ED7B06F-18E4-43ED-979E-6A1AF201A036}: NameServer = 8.8.8.4,8.8.8.8
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Hanan\AppData\Roaming\Mozilla\Firefox\Profiles\ds3av4er.default\
FF - ExtSQL: 2012-09-01 14:32; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-17 23:19; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\HANAN-PCL\Forms\B*5* *(*J*I*S*)* \LanguagePairs]
"1037"="B5 (JIS)‎"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ExpressFiles\EFupdater.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\program files (x86)\ControlCenter4\BrCcUxSys.exe
.
**************************************************************************
.
Completion time: 2012-10-21 02:45:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-21 00:45
ComboFix2.txt 2012-10-19 20:36
.
Pre-Run: 16,337,420,288 bytes free
Post-Run: 16,458,199,040 bytes free
.
- - End Of File - - 7D452210668A25F4B6246D7E5EF68E8C


Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users