Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32.Agent.unnn


  • This topic is locked This topic is locked
8 replies to this topic

#1 Tonsofice

Tonsofice

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 03 November 2012 - 05:37 PM

hello there

First off, thanks for looking into this thread :)

yesterday zone alarm extreme caught a virus called Trojan.Win32.Agent.unnn and Trojan.Win32.Agent.unnc. First it caught the unnn, I had to reboot for
zonealarm to finish deleting it. Right after that, it caught another virus Trojan.Win32.Agent.unnc . I also rebooted, etc. I did a quick scan then a
deep scan and zonealarm didn't find anything. I'm paranoid that the virus is still lurking somewhere in my computer, tracking my keystrokes and working silently in the background. Any help would be appreciated!

Thanks again

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 05 November 2012 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


Please post the logs for my review.

#3 Tonsofice

Tonsofice
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 05 November 2012 - 02:14 PM

hello nasdaq! thanks for helping me out

heres the tdsskiller report


10:43:05.0245 3772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:43:07.0257 3772 ============================================================
10:43:07.0257 3772 Current date / time: 2012/11/05 10:43:07.0257
10:43:07.0257 3772 SystemInfo:
10:43:07.0257 3772
10:43:07.0257 3772 OS Version: 6.1.7601 ServicePack: 1.0
10:43:07.0257 3772 Product type: Workstation
10:43:07.0257 3772 ComputerName: CRIS-HP
10:43:07.0257 3772 UserName: Cris
10:43:07.0257 3772 Windows directory: C:\Windows
10:43:07.0257 3772 System windows directory: C:\Windows
10:43:07.0257 3772 Running under WOW64
10:43:07.0257 3772 Processor architecture: Intel x64
10:43:07.0257 3772 Number of processors: 6
10:43:07.0257 3772 Page size: 0x1000
10:43:07.0257 3772 Boot type: Normal boot
10:43:07.0257 3772 ============================================================
10:43:10.0955 3772 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:43:10.0970 3772 ============================================================
10:43:10.0970 3772 \Device\Harddisk0\DR0:
10:43:10.0970 3772 MBR partitions:
10:43:10.0970 3772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:43:10.0970 3772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E9A800
10:43:10.0970 3772 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72ECD000, BlocksNum 0x1839000
10:43:10.0970 3772 ============================================================
10:43:11.0001 3772 C: <-> \Device\Harddisk0\DR0\Partition2
10:43:11.0048 3772 D: <-> \Device\Harddisk0\DR0\Partition3
10:43:11.0048 3772 ============================================================
10:43:11.0048 3772 Initialize success
10:43:11.0048 3772 ============================================================
10:43:50.0079 4560 ============================================================
10:43:50.0079 4560 Scan started
10:43:50.0079 4560 Mode: Manual;
10:43:50.0079 4560 ============================================================
10:43:50.0610 4560 ================ Scan system memory ========================
10:43:50.0610 4560 System memory - ok
10:43:50.0610 4560 ================ Scan services =============================
10:43:50.0750 4560 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:43:50.0766 4560 1394ohci - ok
10:43:50.0813 4560 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:43:50.0828 4560 ACPI - ok
10:43:50.0844 4560 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:43:50.0844 4560 AcpiPmi - ok
10:43:50.0906 4560 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:50.0937 4560 AdobeFlashPlayerUpdateSvc - ok
10:43:50.0969 4560 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:43:51.0000 4560 adp94xx - ok
10:43:51.0015 4560 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:43:51.0031 4560 adpahci - ok
10:43:51.0031 4560 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:43:51.0062 4560 adpu320 - ok
10:43:51.0078 4560 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:43:51.0109 4560 AeLookupSvc - ok
10:43:51.0140 4560 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:43:51.0156 4560 AFD - ok
10:43:51.0171 4560 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:43:51.0187 4560 agp440 - ok
10:43:51.0203 4560 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:43:51.0218 4560 ALG - ok
10:43:51.0234 4560 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:43:51.0234 4560 aliide - ok
10:43:51.0265 4560 [ B5E2434FC851698C1F119CF1C3935A50 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:43:51.0296 4560 AMD External Events Utility - ok
10:43:51.0374 4560 AMD FUEL Service - ok
10:43:51.0374 4560 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:43:51.0390 4560 amdide - ok
10:43:51.0405 4560 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:43:51.0421 4560 amdiox64 - ok
10:43:51.0437 4560 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:43:51.0468 4560 AmdK8 - ok
10:43:51.0655 4560 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:43:51.0858 4560 amdkmdag - ok
10:43:51.0889 4560 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:43:51.0905 4560 amdkmdap - ok
10:43:51.0936 4560 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:43:51.0967 4560 AmdPPM - ok
10:43:51.0983 4560 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
10:43:51.0998 4560 amdsata - ok
10:43:52.0014 4560 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:43:52.0029 4560 amdsbs - ok
10:43:52.0045 4560 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
10:43:52.0061 4560 amdxata - ok
10:43:52.0076 4560 [ 0E2BA6DC63E9CF3BF275856735A3E3BE ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:43:52.0092 4560 AODDriver4.01 - ok
10:43:52.0092 4560 [ 0E2BA6DC63E9CF3BF275856735A3E3BE ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:43:52.0092 4560 AODDriver4.1 - ok
10:43:52.0123 4560 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:43:52.0139 4560 AppID - ok
10:43:52.0139 4560 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:43:52.0170 4560 AppIDSvc - ok
10:43:52.0201 4560 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:43:52.0217 4560 Appinfo - ok
10:43:52.0326 4560 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:43:52.0373 4560 Apple Mobile Device - ok
10:43:52.0373 4560 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:43:52.0388 4560 arc - ok
10:43:52.0388 4560 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:43:52.0419 4560 arcsas - ok
10:43:52.0419 4560 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:52.0451 4560 AsyncMac - ok
10:43:52.0466 4560 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:43:52.0482 4560 atapi - ok
10:43:52.0513 4560 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:43:52.0544 4560 AtiHDAudioService - ok
10:43:52.0575 4560 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:43:52.0591 4560 AtiHdmiService - ok
10:43:52.0607 4560 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
10:43:52.0622 4560 AtiPcie - ok
10:43:52.0653 4560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:43:52.0669 4560 AudioEndpointBuilder - ok
10:43:52.0669 4560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:43:52.0669 4560 AudioSrv - ok
10:43:52.0685 4560 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:43:52.0700 4560 AxInstSV - ok
10:43:52.0716 4560 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:43:52.0747 4560 b06bdrv - ok
10:43:52.0747 4560 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:43:52.0778 4560 b57nd60a - ok
10:43:52.0794 4560 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:43:52.0809 4560 BDESVC - ok
10:43:52.0825 4560 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:43:52.0841 4560 Beep - ok
10:43:52.0887 4560 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:43:52.0903 4560 BFE - ok
10:43:52.0919 4560 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:43:52.0934 4560 BITS - ok
10:43:52.0934 4560 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:43:52.0965 4560 blbdrive - ok
10:43:52.0997 4560 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:43:53.0012 4560 Bonjour Service - ok
10:43:53.0043 4560 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:43:53.0059 4560 bowser - ok
10:43:53.0075 4560 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:43:53.0090 4560 BrFiltLo - ok
10:43:53.0090 4560 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:43:53.0106 4560 BrFiltUp - ok
10:43:53.0121 4560 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:43:53.0137 4560 BridgeMP - ok
10:43:53.0153 4560 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:43:53.0168 4560 Browser - ok
10:43:53.0184 4560 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:43:53.0215 4560 Brserid - ok
10:43:53.0215 4560 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:43:53.0231 4560 BrSerWdm - ok
10:43:53.0231 4560 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:43:53.0246 4560 BrUsbMdm - ok
10:43:53.0262 4560 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:43:53.0277 4560 BrUsbSer - ok
10:43:53.0293 4560 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:43:53.0309 4560 BTHMODEM - ok
10:43:53.0324 4560 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:43:53.0340 4560 bthserv - ok
10:43:53.0340 4560 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:43:53.0371 4560 cdfs - ok
10:43:53.0387 4560 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:43:53.0402 4560 cdrom - ok
10:43:53.0433 4560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:43:53.0449 4560 CertPropSvc - ok
10:43:53.0449 4560 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:43:53.0465 4560 circlass - ok
10:43:53.0480 4560 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:43:53.0511 4560 CLFS - ok
10:43:53.0574 4560 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:53.0589 4560 clr_optimization_v2.0.50727_32 - ok
10:43:53.0605 4560 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:43:53.0636 4560 clr_optimization_v2.0.50727_64 - ok
10:43:53.0745 4560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:53.0761 4560 clr_optimization_v4.0.30319_32 - ok
10:43:53.0870 4560 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:43:53.0886 4560 clr_optimization_v4.0.30319_64 - ok
10:43:53.0886 4560 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:43:53.0901 4560 CmBatt - ok
10:43:53.0933 4560 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:43:53.0948 4560 cmdide - ok
10:43:53.0979 4560 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:43:54.0011 4560 CNG - ok
10:43:54.0011 4560 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:43:54.0026 4560 Compbatt - ok
10:43:54.0057 4560 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:43:54.0073 4560 CompositeBus - ok
10:43:54.0073 4560 COMSysApp - ok
10:43:54.0104 4560 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:43:54.0120 4560 crcdisk - ok
10:43:54.0167 4560 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:43:54.0182 4560 CryptSvc - ok
10:43:54.0229 4560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:43:54.0245 4560 DcomLaunch - ok
10:43:54.0291 4560 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:43:54.0323 4560 defragsvc - ok
10:43:54.0369 4560 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:43:54.0385 4560 DfsC - ok
10:43:54.0401 4560 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:43:54.0416 4560 dg_ssudbus - ok
10:43:54.0447 4560 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:43:54.0463 4560 Dhcp - ok
10:43:54.0479 4560 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:43:54.0510 4560 discache - ok
10:43:54.0525 4560 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:43:54.0541 4560 Disk - ok
10:43:54.0572 4560 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:43:54.0603 4560 Dnscache - ok
10:43:54.0619 4560 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:43:54.0635 4560 dot3svc - ok
10:43:54.0650 4560 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:43:54.0666 4560 DPS - ok
10:43:54.0666 4560 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:43:54.0681 4560 drmkaud - ok
10:43:54.0728 4560 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:43:54.0744 4560 DXGKrnl - ok
10:43:54.0744 4560 EagleX64 - ok
10:43:54.0759 4560 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:43:54.0791 4560 EapHost - ok
10:43:54.0853 4560 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:43:54.0915 4560 ebdrv - ok
10:43:54.0947 4560 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:43:54.0962 4560 EFS - ok
10:43:55.0009 4560 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:43:55.0025 4560 ehRecvr - ok
10:43:55.0056 4560 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:43:55.0087 4560 ehSched - ok
10:43:55.0103 4560 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:43:55.0134 4560 elxstor - ok
10:43:55.0149 4560 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:43:55.0149 4560 ErrDev - ok
10:43:55.0196 4560 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:43:55.0243 4560 EventSystem - ok
10:43:55.0243 4560 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:43:55.0274 4560 exfat - ok
10:43:55.0274 4560 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:43:55.0321 4560 fastfat - ok
10:43:55.0337 4560 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:43:55.0352 4560 Fax - ok
10:43:55.0352 4560 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:43:55.0383 4560 fdc - ok
10:43:55.0399 4560 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:43:55.0415 4560 fdPHost - ok
10:43:55.0415 4560 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:43:55.0446 4560 FDResPub - ok
10:43:55.0446 4560 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:43:55.0477 4560 FileInfo - ok
10:43:55.0477 4560 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:43:55.0508 4560 Filetrace - ok
10:43:55.0524 4560 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:55.0539 4560 flpydisk - ok
10:43:55.0555 4560 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:43:55.0571 4560 FltMgr - ok
10:43:55.0602 4560 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
10:43:55.0617 4560 FontCache - ok
10:43:55.0680 4560 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:43:55.0695 4560 FontCache3.0.0.0 - ok
10:43:55.0695 4560 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:43:55.0711 4560 FsDepends - ok
10:43:55.0758 4560 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:43:55.0789 4560 Fs_Rec - ok
10:43:55.0820 4560 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:43:55.0836 4560 fvevol - ok
10:43:55.0836 4560 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:43:55.0851 4560 gagp30kx - ok
10:43:55.0929 4560 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:55.0945 4560 GEARAspiWDM - ok
10:43:55.0976 4560 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:43:56.0007 4560 gpsvc - ok
10:43:56.0054 4560 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:43:56.0070 4560 gupdate - ok
10:43:56.0070 4560 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:43:56.0070 4560 gupdatem - ok
10:43:56.0085 4560 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:43:56.0101 4560 hcw85cir - ok
10:43:56.0132 4560 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:43:56.0148 4560 HdAudAddService - ok
10:43:56.0163 4560 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:43:56.0163 4560 HDAudBus - ok
10:43:56.0163 4560 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:43:56.0179 4560 HidBatt - ok
10:43:56.0195 4560 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:43:56.0226 4560 HidBth - ok
10:43:56.0226 4560 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:43:56.0241 4560 HidIr - ok
10:43:56.0257 4560 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:43:56.0288 4560 hidserv - ok
10:43:56.0288 4560 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:43:56.0304 4560 HidUsb - ok
10:43:56.0335 4560 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:43:56.0351 4560 hkmsvc - ok
10:43:56.0366 4560 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:43:56.0382 4560 HomeGroupListener - ok
10:43:56.0397 4560 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:43:56.0397 4560 HomeGroupProvider - ok
10:43:56.0475 4560 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:43:56.0475 4560 HPDrvMntSvc.exe - ok
10:43:56.0507 4560 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:43:56.0522 4560 hpqwmiex - ok
10:43:56.0538 4560 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:43:56.0553 4560 HpSAMD - ok
10:43:56.0569 4560 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:43:56.0600 4560 HTTP - ok
10:43:56.0600 4560 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:43:56.0616 4560 hwpolicy - ok
10:43:56.0616 4560 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:43:56.0631 4560 i8042prt - ok
10:43:56.0663 4560 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:43:56.0678 4560 iaStorV - ok
10:43:56.0725 4560 [ ACBAB67FA8DE733AF04A5F6494BF41DB ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
10:43:56.0756 4560 icsak - ok
10:43:56.0803 4560 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:43:56.0803 4560 idsvc - ok
10:43:56.0850 4560 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:43:56.0865 4560 iirsp - ok
10:43:56.0897 4560 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:43:56.0912 4560 IKEEXT - ok
10:43:56.0975 4560 [ 2B888BBDF6962E608A5E1A1D7A626ADF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:43:57.0006 4560 IntcAzAudAddService - ok
10:43:57.0021 4560 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:43:57.0021 4560 intelide - ok
10:43:57.0021 4560 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:43:57.0053 4560 intelppm - ok
10:43:57.0084 4560 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:43:57.0099 4560 IPBusEnum - ok
10:43:57.0146 4560 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:57.0146 4560 IpFilterDriver - ok
10:43:57.0162 4560 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:43:57.0177 4560 iphlpsvc - ok
10:43:57.0193 4560 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:43:57.0209 4560 IPMIDRV - ok
10:43:57.0209 4560 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:43:57.0224 4560 IPNAT - ok
10:43:57.0271 4560 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:43:57.0287 4560 iPod Service - ok
10:43:57.0287 4560 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:43:57.0318 4560 IRENUM - ok
10:43:57.0318 4560 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:43:57.0333 4560 isapnp - ok
10:43:57.0349 4560 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:43:57.0365 4560 iScsiPrt - ok
10:43:57.0380 4560 [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:43:57.0396 4560 ISWKL - ok
10:43:57.0427 4560 [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
10:43:57.0443 4560 IswSvc - ok
10:43:57.0458 4560 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:57.0474 4560 kbdclass - ok
10:43:57.0489 4560 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:43:57.0505 4560 kbdhid - ok
10:43:57.0521 4560 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:43:57.0521 4560 KeyIso - ok
10:43:57.0552 4560 [ 8D7120743A0973CEAB548B475C9D4289 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
10:43:57.0583 4560 KL1 - ok
10:43:57.0583 4560 [ CD146D8E525D6EEBDCAF24120A8AB9CE ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
10:43:57.0614 4560 kl2 - ok
10:43:57.0630 4560 [ A4813EE804A1D96DCB01AEFD7F565C6B ] KLIF C:\Windows\system32\DRIVERS\klif.sys
10:43:57.0645 4560 KLIF - ok
10:43:57.0692 4560 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:43:57.0723 4560 KSecDD - ok
10:43:57.0755 4560 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:43:57.0786 4560 KSecPkg - ok
10:43:57.0801 4560 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:43:57.0833 4560 ksthunk - ok
10:43:57.0864 4560 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:43:57.0879 4560 KtmRm - ok
10:43:57.0911 4560 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:43:57.0926 4560 LanmanServer - ok
10:43:57.0942 4560 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:43:57.0957 4560 LanmanWorkstation - ok
10:43:57.0957 4560 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:43:57.0973 4560 lltdio - ok
10:43:58.0004 4560 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:43:58.0020 4560 lltdsvc - ok
10:43:58.0035 4560 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:43:58.0051 4560 lmhosts - ok
10:43:58.0082 4560 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:43:58.0098 4560 LSI_FC - ok
10:43:58.0113 4560 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:43:58.0129 4560 LSI_SAS - ok
10:43:58.0129 4560 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:43:58.0160 4560 LSI_SAS2 - ok
10:43:58.0160 4560 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:43:58.0176 4560 LSI_SCSI - ok
10:43:58.0191 4560 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:43:58.0207 4560 luafv - ok
10:43:58.0254 4560 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:43:58.0269 4560 MBAMProtector - ok
10:43:58.0332 4560 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:43:58.0347 4560 MBAMScheduler - ok
10:43:58.0379 4560 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:43:58.0394 4560 MBAMService - ok
10:43:58.0457 4560 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:43:58.0488 4560 Mcx2Svc - ok
10:43:58.0488 4560 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:43:58.0503 4560 megasas - ok
10:43:58.0519 4560 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:43:58.0550 4560 MegaSR - ok
10:43:58.0566 4560 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:43:58.0566 4560 MMCSS - ok
10:43:58.0581 4560 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:43:58.0597 4560 Modem - ok
10:43:58.0597 4560 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:43:58.0613 4560 monitor - ok
10:43:58.0628 4560 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:43:58.0644 4560 mouclass - ok
10:43:58.0659 4560 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:43:58.0675 4560 mouhid - ok
10:43:58.0691 4560 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:43:58.0706 4560 mountmgr - ok
10:43:58.0753 4560 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:43:58.0769 4560 mpio - ok
10:43:58.0769 4560 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:43:58.0800 4560 mpsdrv - ok
10:43:58.0831 4560 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:43:58.0847 4560 MpsSvc - ok
10:43:58.0878 4560 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:43:58.0893 4560 MRxDAV - ok
10:43:58.0925 4560 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:58.0956 4560 mrxsmb - ok
10:43:58.0956 4560 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:58.0971 4560 mrxsmb10 - ok
10:43:58.0987 4560 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:59.0003 4560 mrxsmb20 - ok
10:43:59.0003 4560 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:43:59.0018 4560 msahci - ok
10:43:59.0034 4560 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:43:59.0049 4560 msdsm - ok
10:43:59.0081 4560 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:43:59.0081 4560 MSDTC - ok
10:43:59.0096 4560 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:43:59.0112 4560 Msfs - ok
10:43:59.0127 4560 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:43:59.0143 4560 mshidkmdf - ok
10:43:59.0174 4560 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:43:59.0174 4560 msisadrv - ok
10:43:59.0205 4560 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:43:59.0205 4560 MSiSCSI - ok
10:43:59.0221 4560 msiserver - ok
10:43:59.0221 4560 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:43:59.0237 4560 MSKSSRV - ok
10:43:59.0252 4560 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:59.0268 4560 MSPCLOCK - ok
10:43:59.0268 4560 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:43:59.0299 4560 MSPQM - ok
10:43:59.0315 4560 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:43:59.0330 4560 MsRPC - ok
10:43:59.0361 4560 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:43:59.0377 4560 mssmbios - ok
10:43:59.0393 4560 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:43:59.0424 4560 MSTEE - ok
10:43:59.0424 4560 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:43:59.0439 4560 MTConfig - ok
10:43:59.0455 4560 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:43:59.0471 4560 Mup - ok
10:43:59.0502 4560 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:43:59.0517 4560 napagent - ok
10:43:59.0549 4560 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:43:59.0580 4560 NativeWifiP - ok
10:43:59.0627 4560 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:43:59.0673 4560 NDIS - ok
10:43:59.0689 4560 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:43:59.0705 4560 NdisCap - ok
10:43:59.0720 4560 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:59.0736 4560 NdisTapi - ok
10:43:59.0783 4560 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:59.0814 4560 Ndisuio - ok
10:43:59.0845 4560 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:59.0876 4560 NdisWan - ok
10:43:59.0892 4560 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:43:59.0907 4560 NDProxy - ok
10:43:59.0923 4560 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:43:59.0939 4560 NetBIOS - ok
10:44:00.0001 4560 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:44:00.0017 4560 NetBT - ok
10:44:00.0048 4560 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:44:00.0048 4560 Netlogon - ok
10:44:00.0079 4560 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:44:00.0079 4560 Netman - ok
10:44:00.0095 4560 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:44:00.0110 4560 netprofm - ok
10:44:00.0126 4560 [ 064AB63C9A588D2611306AE16D017E7E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
10:44:00.0141 4560 netr28x - ok
10:44:00.0173 4560 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:44:00.0173 4560 NetTcpPortSharing - ok
10:44:00.0188 4560 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:44:00.0204 4560 nfrd960 - ok
10:44:00.0235 4560 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:44:00.0266 4560 NlaSvc - ok
10:44:00.0266 4560 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:44:00.0297 4560 Npfs - ok
10:44:00.0329 4560 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:44:00.0344 4560 nsi - ok
10:44:00.0344 4560 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:44:00.0344 4560 nsiproxy - ok
10:44:00.0422 4560 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:44:00.0469 4560 Ntfs - ok
10:44:00.0485 4560 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:44:00.0516 4560 Null - ok
10:44:00.0531 4560 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:44:00.0547 4560 nvraid - ok
10:44:00.0578 4560 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:44:00.0594 4560 nvstor - ok
10:44:00.0641 4560 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:44:00.0656 4560 nv_agp - ok
10:44:00.0656 4560 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:44:00.0672 4560 ohci1394 - ok
10:44:00.0687 4560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:44:00.0703 4560 p2pimsvc - ok
10:44:00.0719 4560 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:44:00.0734 4560 p2psvc - ok
10:44:00.0734 4560 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:44:00.0765 4560 Parport - ok
10:44:00.0781 4560 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:44:00.0797 4560 partmgr - ok
10:44:00.0812 4560 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:44:00.0828 4560 PcaSvc - ok
10:44:00.0843 4560 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:44:00.0859 4560 pci - ok
10:44:00.0875 4560 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:44:00.0890 4560 pciide - ok
10:44:00.0906 4560 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:44:00.0937 4560 pcmcia - ok
10:44:00.0953 4560 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:44:00.0968 4560 pcw - ok
10:44:00.0999 4560 pdfcDispatcher - ok
10:44:01.0031 4560 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:44:01.0062 4560 PEAUTH - ok
10:44:01.0124 4560 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:44:01.0140 4560 PerfHost - ok
10:44:01.0187 4560 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:44:01.0233 4560 pla - ok
10:44:01.0265 4560 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:44:01.0280 4560 PlugPlay - ok
10:44:01.0296 4560 PnkBstrA - ok
10:44:01.0296 4560 PnkBstrB - ok
10:44:01.0327 4560 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:44:01.0327 4560 PNRPAutoReg - ok
10:44:01.0343 4560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:44:01.0343 4560 PNRPsvc - ok
10:44:01.0358 4560 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:44:01.0374 4560 PolicyAgent - ok
10:44:01.0405 4560 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:44:01.0421 4560 Power - ok
10:44:01.0452 4560 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:44:01.0467 4560 PptpMiniport - ok
10:44:01.0467 4560 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:44:01.0499 4560 Processor - ok
10:44:01.0530 4560 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:44:01.0530 4560 ProfSvc - ok
10:44:01.0545 4560 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:44:01.0545 4560 ProtectedStorage - ok
10:44:01.0577 4560 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:44:01.0592 4560 Psched - ok
10:44:01.0623 4560 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:44:01.0670 4560 ql2300 - ok
10:44:01.0686 4560 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:44:01.0701 4560 ql40xx - ok
10:44:01.0717 4560 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:44:01.0733 4560 QWAVE - ok
10:44:01.0733 4560 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:44:01.0748 4560 QWAVEdrv - ok
10:44:01.0748 4560 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:44:01.0764 4560 RasAcd - ok
10:44:01.0779 4560 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:44:01.0811 4560 RasAgileVpn - ok
10:44:01.0826 4560 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:44:01.0842 4560 RasAuto - ok
10:44:01.0873 4560 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:44:01.0904 4560 Rasl2tp - ok
10:44:01.0935 4560 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:44:01.0951 4560 RasMan - ok
10:44:01.0967 4560 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:44:01.0998 4560 RasPppoe - ok
10:44:01.0998 4560 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:44:02.0013 4560 RasSstp - ok
10:44:02.0045 4560 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:44:02.0060 4560 rdbss - ok
10:44:02.0076 4560 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:44:02.0107 4560 rdpbus - ok
10:44:02.0107 4560 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:44:02.0123 4560 RDPCDD - ok
10:44:02.0138 4560 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:44:02.0138 4560 RDPENCDD - ok
10:44:02.0138 4560 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:44:02.0154 4560 RDPREFMP - ok
10:44:02.0185 4560 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:44:02.0185 4560 RDPWD - ok
10:44:02.0216 4560 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:44:02.0232 4560 rdyboost - ok
10:44:02.0247 4560 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:44:02.0263 4560 RemoteAccess - ok
10:44:02.0263 4560 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:44:02.0279 4560 RemoteRegistry - ok
10:44:02.0279 4560 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:44:02.0294 4560 RpcEptMapper - ok
10:44:02.0310 4560 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:44:02.0310 4560 RpcLocator - ok
10:44:02.0357 4560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:44:02.0357 4560 RpcSs - ok
10:44:02.0372 4560 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:44:02.0388 4560 rspndr - ok
10:44:02.0435 4560 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:44:02.0450 4560 RTL8167 - ok
10:44:02.0466 4560 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:44:02.0466 4560 SamSs - ok
10:44:02.0513 4560 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:44:02.0513 4560 sbp2port - ok
10:44:02.0544 4560 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:44:02.0544 4560 SCardSvr - ok
10:44:02.0575 4560 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:44:02.0591 4560 scfilter - ok
10:44:02.0637 4560 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:44:02.0653 4560 Schedule - ok
10:44:02.0684 4560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:44:02.0684 4560 SCPolicySvc - ok
10:44:02.0700 4560 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:44:02.0715 4560 SDRSVC - ok
10:44:02.0715 4560 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:44:02.0747 4560 secdrv - ok
10:44:02.0778 4560 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:44:02.0793 4560 seclogon - ok
10:44:02.0809 4560 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:44:02.0825 4560 SENS - ok
10:44:02.0825 4560 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:44:02.0825 4560 SensrSvc - ok
10:44:02.0856 4560 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:44:02.0871 4560 Serenum - ok
10:44:02.0887 4560 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:44:02.0903 4560 Serial - ok
10:44:02.0918 4560 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:44:02.0918 4560 sermouse - ok
10:44:02.0965 4560 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:44:02.0981 4560 SessionEnv - ok
10:44:02.0996 4560 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:44:03.0012 4560 sffdisk - ok
10:44:03.0012 4560 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:44:03.0027 4560 sffp_mmc - ok
10:44:03.0027 4560 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:44:03.0043 4560 sffp_sd - ok
10:44:03.0043 4560 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:44:03.0074 4560 sfloppy - ok
10:44:03.0105 4560 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:44:03.0105 4560 SharedAccess - ok
10:44:03.0152 4560 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:44:03.0168 4560 ShellHWDetection - ok
10:44:03.0168 4560 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:44:03.0183 4560 SiSRaid2 - ok
10:44:03.0199 4560 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:44:03.0230 4560 SiSRaid4 - ok
10:44:03.0246 4560 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:44:03.0261 4560 Smb - ok
10:44:03.0277 4560 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:44:03.0293 4560 SNMPTRAP - ok
10:44:03.0293 4560 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:44:03.0324 4560 spldr - ok
10:44:03.0355 4560 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:44:03.0386 4560 Spooler - ok
10:44:03.0480 4560 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:44:03.0511 4560 sppsvc - ok
10:44:03.0542 4560 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:44:03.0542 4560 sppuinotify - ok
10:44:03.0589 4560 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:44:03.0605 4560 srv - ok
10:44:03.0651 4560 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:44:03.0667 4560 srv2 - ok
10:44:03.0714 4560 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:44:03.0729 4560 srvnet - ok
10:44:03.0761 4560 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:44:03.0776 4560 SSDPSRV - ok
10:44:03.0776 4560 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:44:03.0792 4560 SstpSvc - ok
10:44:03.0807 4560 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:44:03.0823 4560 ssudmdm - ok
10:44:03.0870 4560 Steam Client Service - ok
10:44:03.0885 4560 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:44:03.0901 4560 stexstor - ok
10:44:03.0948 4560 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:44:03.0963 4560 stisvc - ok
10:44:04.0010 4560 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:44:04.0026 4560 swenum - ok
10:44:04.0041 4560 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:44:04.0057 4560 swprv - ok
10:44:04.0104 4560 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:44:04.0151 4560 SysMain - ok
10:44:04.0166 4560 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:44:04.0182 4560 TabletInputService - ok
10:44:04.0197 4560 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:44:04.0197 4560 TapiSrv - ok
10:44:04.0229 4560 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:44:04.0229 4560 TBS - ok
10:44:04.0291 4560 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:44:04.0369 4560 Tcpip - ok
10:44:04.0400 4560 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:44:04.0416 4560 TCPIP6 - ok
10:44:04.0447 4560 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:44:04.0478 4560 tcpipreg - ok
10:44:04.0494 4560 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:44:04.0525 4560 TDPIPE - ok
10:44:04.0541 4560 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:44:04.0541 4560 TDTCP - ok
10:44:04.0587 4560 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:44:04.0603 4560 tdx - ok
10:44:04.0619 4560 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:44:04.0634 4560 TermDD - ok
10:44:04.0650 4560 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:44:04.0665 4560 TermService - ok
10:44:04.0665 4560 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:44:04.0665 4560 Themes - ok
10:44:04.0697 4560 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:44:04.0697 4560 THREADORDER - ok
10:44:04.0712 4560 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:44:04.0712 4560 TrkWks - ok
10:44:04.0759 4560 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:44:04.0775 4560 TrustedInstaller - ok
10:44:04.0806 4560 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:44:04.0821 4560 tssecsrv - ok
10:44:04.0837 4560 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:44:04.0853 4560 TsUsbFlt - ok
10:44:04.0868 4560 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:44:04.0884 4560 tunnel - ok
10:44:04.0899 4560 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:44:04.0915 4560 uagp35 - ok
10:44:04.0962 4560 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:44:04.0993 4560 udfs - ok
10:44:05.0009 4560 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:44:05.0024 4560 UI0Detect - ok
10:44:05.0024 4560 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:44:05.0024 4560 uliagpkx - ok
10:44:05.0071 4560 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:44:05.0071 4560 umbus - ok
10:44:05.0102 4560 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:44:05.0118 4560 UmPass - ok
10:44:05.0133 4560 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:44:05.0149 4560 upnphost - ok
10:44:05.0165 4560 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:44:05.0180 4560 USBAAPL64 - ok
10:44:05.0196 4560 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:44:05.0227 4560 usbccgp - ok
10:44:05.0243 4560 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:44:05.0258 4560 usbcir - ok
10:44:05.0289 4560 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:44:05.0305 4560 usbehci - ok
10:44:05.0321 4560 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
10:44:05.0336 4560 usbfilter - ok
10:44:05.0352 4560 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:44:05.0383 4560 usbhub - ok
10:44:05.0383 4560 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:44:05.0414 4560 usbohci - ok
10:44:05.0430 4560 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:44:05.0430 4560 usbprint - ok
10:44:05.0445 4560 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:44:05.0461 4560 USBSTOR - ok
10:44:05.0477 4560 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:44:05.0492 4560 usbuhci - ok
10:44:05.0508 4560 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:44:05.0508 4560 UxSms - ok
10:44:05.0523 4560 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:44:05.0539 4560 VaultSvc - ok
10:44:05.0539 4560 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:44:05.0539 4560 vdrvroot - ok
10:44:05.0570 4560 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:44:05.0586 4560 vds - ok
10:44:05.0586 4560 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:44:05.0617 4560 vga - ok
10:44:05.0633 4560 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:44:05.0664 4560 VgaSave - ok
10:44:05.0695 4560 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:44:05.0711 4560 vhdmp - ok
10:44:05.0726 4560 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:44:05.0742 4560 viaide - ok
10:44:05.0757 4560 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:44:05.0773 4560 volmgr - ok
10:44:05.0804 4560 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:44:05.0820 4560 volmgrx - ok
10:44:05.0835 4560 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:44:05.0851 4560 volsnap - ok
10:44:05.0882 4560 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
10:44:05.0913 4560 Vsdatant - ok
10:44:05.0945 4560 vsmon - ok
10:44:05.0960 4560 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:44:05.0991 4560 vsmraid - ok
10:44:06.0038 4560 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:44:06.0054 4560 VSS - ok
10:44:06.0069 4560 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:44:06.0085 4560 vwifibus - ok
10:44:06.0085 4560 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:44:06.0132 4560 vwififlt - ok
10:44:06.0132 4560 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:44:06.0163 4560 vwifimp - ok
10:44:06.0194 4560 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:44:06.0194 4560 W32Time - ok
10:44:06.0210 4560 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:44:06.0225 4560 WacomPen - ok
10:44:06.0257 4560 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:44:06.0272 4560 WANARP - ok
10:44:06.0272 4560 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:44:06.0272 4560 Wanarpv6 - ok
10:44:06.0319 4560 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:44:06.0350 4560 WatAdminSvc - ok
10:44:06.0397 4560 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:44:06.0444 4560 wbengine - ok
10:44:06.0459 4560 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:44:06.0459 4560 WbioSrvc - ok
10:44:06.0506 4560 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:44:06.0522 4560 wcncsvc - ok
10:44:06.0537 4560 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:44:06.0553 4560 WcsPlugInService - ok
10:44:06.0553 4560 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:44:06.0569 4560 Wd - ok
10:44:06.0600 4560 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:44:06.0631 4560 Wdf01000 - ok
10:44:06.0631 4560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:44:06.0631 4560 WdiServiceHost - ok
10:44:06.0631 4560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:44:06.0631 4560 WdiSystemHost - ok
10:44:06.0662 4560 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:44:06.0678 4560 WebClient - ok
10:44:06.0693 4560 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:44:06.0709 4560 Wecsvc - ok
10:44:06.0709 4560 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:44:06.0709 4560 wercplsupport - ok
10:44:06.0725 4560 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:44:06.0725 4560 WerSvc - ok
10:44:06.0725 4560 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:44:06.0756 4560 WfpLwf - ok
10:44:06.0756 4560 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:44:06.0771 4560 WIMMount - ok
10:44:06.0787 4560 WinDefend - ok
10:44:06.0803 4560 WinHttpAutoProxySvc - ok
10:44:06.0834 4560 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:44:06.0849 4560 Winmgmt - ok
10:44:06.0896 4560 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:44:06.0943 4560 WinRM - ok
10:44:06.0990 4560 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:44:06.0990 4560 WinUsb - ok
10:44:07.0021 4560 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:44:07.0037 4560 Wlansvc - ok
10:44:07.0099 4560 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:44:07.0115 4560 wlidsvc - ok
10:44:07.0130 4560 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:44:07.0161 4560 WmiAcpi - ok
10:44:07.0177 4560 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:44:07.0177 4560 wmiApSrv - ok
10:44:07.0193 4560 WMPNetworkSvc - ok
10:44:07.0208 4560 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:44:07.0208 4560 WPCSvc - ok
10:44:07.0239 4560 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:44:07.0255 4560 WPDBusEnum - ok
10:44:07.0255 4560 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:44:07.0271 4560 ws2ifsl - ok
10:44:07.0286 4560 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:44:07.0302 4560 wscsvc - ok
10:44:07.0302 4560 WSearch - ok
10:44:07.0364 4560 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:44:07.0427 4560 wuauserv - ok
10:44:07.0458 4560 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:44:07.0473 4560 WudfPf - ok
10:44:07.0489 4560 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:44:07.0505 4560 WUDFRd - ok
10:44:07.0536 4560 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:44:07.0551 4560 wudfsvc - ok
10:44:07.0567 4560 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:44:07.0583 4560 WwanSvc - ok
10:44:07.0598 4560 ================ Scan global ===============================
10:44:07.0645 4560 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:44:07.0692 4560 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:44:07.0723 4560 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:44:07.0754 4560 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:44:07.0801 4560 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:44:07.0801 4560 [Global] - ok
10:44:07.0801 4560 ================ Scan MBR ==================================
10:44:07.0817 4560 [ F800E81B26AD2992AA7B42313FBDFB44 ] \Device\Harddisk0\DR0
10:44:07.0926 4560 \Device\Harddisk0\DR0 - ok
10:44:07.0926 4560 ================ Scan VBR ==================================
10:44:07.0941 4560 [ 678583AEA89CBF26CA42F98C8211DEF6 ] \Device\Harddisk0\DR0\Partition1
10:44:07.0941 4560 \Device\Harddisk0\DR0\Partition1 - ok
10:44:07.0957 4560 [ E6AEC6B77047FFEFA90672668EAB3123 ] \Device\Harddisk0\DR0\Partition2
10:44:07.0957 4560 \Device\Harddisk0\DR0\Partition2 - ok
10:44:07.0973 4560 [ F414AB8D090B35442853E87565514AD5 ] \Device\Harddisk0\DR0\Partition3
10:44:07.0973 4560 \Device\Harddisk0\DR0\Partition3 - ok
10:44:07.0973 4560 ============================================================
10:44:07.0973 4560 Scan finished
10:44:07.0973 4560 ============================================================
10:44:07.0988 0700 Detected object count: 0
10:44:07.0988 0700 Actual detected object count: 0







aswMBR report










aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-05 10:48:01
-----------------------------
10:48:01.774 OS Version: Windows x64 6.1.7601 Service Pack 1
10:48:01.774 Number of processors: 6 586 0xA00
10:48:01.774 ComputerName: CRIS-HP UserName: Cris
10:48:03.771 Initialize success
10:48:11.430 AVAST engine defs: 12110500
10:48:19.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
10:48:19.090 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
10:48:19.106 Disk 0 MBR read successfully
10:48:19.106 Disk 0 MBR scan
10:48:19.106 Disk 0 unknown MBR code
10:48:19.121 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:48:19.121 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941365 MB offset 206848
10:48:19.152 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12402 MB offset 1928122368
10:48:19.184 Disk 0 scanning C:\Windows\system32\drivers
10:48:30.962 Service scanning
10:48:46.343 Modules scanning
10:48:46.343 Disk 0 trace - called modules:
10:48:46.359 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
10:48:46.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099ce790]
10:48:46.359 3 CLASSPNP.SYS[fffff88001fcb43f] -> nt!IofCallDriver -> [0xfffffa8009d40b80]
10:48:46.375 5 amdxata.sys[fffff880010b57a8] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8009d3c9c0]
10:48:49.136 AVAST engine scan C:\Windows
10:48:51.881 AVAST engine scan C:\Windows\system32
10:52:52.231 AVAST engine scan C:\Windows\system32\drivers
10:53:07.550 AVAST engine scan C:\Users\Cris
10:58:18.116 AVAST engine scan C:\ProgramData
11:04:18.511 Scan finished successfully
11:05:09.476 Disk 0 MBR has been saved successfully to "C:\Users\Cris\Desktop\MBR.dat"
11:05:09.476 The log file has been saved successfully to "C:\Users\Cris\Desktop\aswMBR.txt"









DDS report


DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Cris at 11:09:25 on 2012-11-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12287.10222 [GMT -8:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Cris\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Cris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
mURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Google Update] "C:\Users\Cris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{18597C69-CF96-40B2-A61B-1031984445C0} : DHCPNameServer = 192.168.1.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-10-14 11864]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-14 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 ISWKL;ZoneAlarm ForceField ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm ForceField IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-9-20 635416]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-9 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-12-5 10720256]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-12-5 327168]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-5 95248]
R3 icsak;icsak;C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [2011-11-3 45448]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-2-7 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-9-20 852256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-20 346144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-20 38456]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-7 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-17 250808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-6 102368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-7 116648]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-6 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-8 1255736]
.
=============== Created Last 30 ================
.
2012-11-02 01:27:27 -------- d-----w- C:\Users\Cris\AppData\Local\FalloutNV
2012-10-22 03:15:21 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-10-22 02:12:24 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2012-10-14 03:51:44 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-14 03:51:10 -------- d-----w- C:\Users\Cris\AppData\Local\PunkBuster
2012-10-14 03:39:42 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-10-14 03:39:42 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-14 03:39:35 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-14 03:35:14 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-14 03:35:13 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-14 03:34:57 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 03:27:44 -------- d-----w- C:\Program Files (x86)\EA Games
2012-10-14 00:52:24 -------- d-----w- C:\MyBackup
2012-10-14 00:28:31 -------- d-----w- C:\Users\Cris\AppData\Local\Diagnostics
2012-10-11 01:56:12 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-11 01:56:08 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-11 01:56:07 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-11 01:56:07 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
==================== Find3M ====================
.
2012-10-09 03:25:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 03:25:02 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-20 04:35:36 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-09-20 04:35:36 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-28 17:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 11:10:05.56 ===============


Attached File  MBR.zip   526bytes   0 downloads

Edited by Tonsofice, 05 November 2012 - 02:17 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 06 November 2012 - 08:38 AM

Your logs are clean. Lets continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#5 Tonsofice

Tonsofice
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 06 November 2012 - 12:44 PM

combofix report

ComboFix 12-11-06.03 - Cris 11/06/2012 9:24.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12287.10930 [GMT -8:00]
Running from: c:\users\Cris\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Cris\Desktop\Internet Explorer.lnk
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 17:29 . 2012-11-06 17:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-06 17:29 . 2012-11-06 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 17:29 . 2012-11-06 17:29 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-11-06 06:42 . 2012-11-06 06:42 -------- d-----w- c:\users\Cris\AppData\Roaming\Unity
2012-11-06 06:39 . 2012-11-06 06:39 -------- d-----w- c:\users\Cris\AppData\Local\Unity
2012-11-02 01:27 . 2012-11-02 01:27 -------- d-----w- c:\users\Cris\AppData\Local\FalloutNV
2012-10-22 03:15 . 2012-10-22 03:15 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-22 02:12 . 2012-10-22 02:12 -------- d-----w- c:\program files (x86)\MyFree Codec
2012-10-14 03:51 . 2012-10-14 03:51 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-14 03:51 . 2012-10-14 03:51 -------- d-----w- c:\users\Cris\AppData\Local\PunkBuster
2012-10-14 03:39 . 2012-10-14 03:51 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-14 03:39 . 2012-10-14 03:39 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-14 03:39 . 2012-10-14 03:39 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-14 03:38 . 2012-10-14 03:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-14 03:35 . 2012-10-14 03:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-14 03:35 . 2012-10-14 03:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-14 03:34 . 2012-10-14 03:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 03:34 . 2012-10-14 03:34 -------- d-----w- c:\program files (x86)\Java
2012-10-14 03:33 . 2012-10-14 03:33 -------- d-----w- c:\programdata\McAfee
2012-10-14 03:27 . 2012-10-14 03:27 -------- d-----w- c:\program files (x86)\EA Games
2012-10-14 00:52 . 2012-10-14 01:25 -------- d-----w- C:\MyBackup
2012-10-14 00:28 . 2012-10-14 00:28 -------- d-----w- c:\users\Cris\AppData\Local\Diagnostics
2012-10-11 01:56 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 01:56 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 01:56 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 01:56 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 05:15 . 2012-02-09 02:38 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 03:25 . 2012-07-18 04:56 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 03:25 . 2012-02-21 07:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 02:54 . 2012-02-08 02:29 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 04:35 . 2012-10-06 17:54 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-09-20 04:35 . 2012-10-06 17:54 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-28 17:05 . 2012-09-29 08:20 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-28 17:04 . 2012-08-28 17:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-08-28 17:04 . 2012-08-28 17:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-08-28 17:04 . 2012-08-28 17:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-08-28 17:04 . 2012-08-28 17:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-08-28 17:04 . 2012-08-28 17:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-08-28 17:04 . 2012-08-28 17:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-08-28 17:04 . 2012-08-28 17:04 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-08-28 17:04 . 2012-08-28 17:04 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-08-28 17:04 . 2012-08-28 17:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-08-28 17:04 . 2012-08-28 17:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-08-28 17:04 . 2012-08-28 17:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-08-28 17:04 . 2012-08-28 17:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-08-28 17:04 . 2012-08-28 17:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-08-28 17:04 . 2012-08-28 17:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-28 17:04 . 2012-09-29 08:20 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-28 17:04 . 2012-08-28 17:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-08-28 17:04 . 2012-08-28 17:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-08-28 17:04 . 2012-08-28 17:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-08-28 17:04 . 2012-08-28 17:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-08-28 17:04 . 2012-08-28 17:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-08-28 17:04 . 2012-08-28 17:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-08-28 17:04 . 2012-08-28 17:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-08-28 17:04 . 2012-08-28 17:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-08-28 17:04 . 2012-08-28 17:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-08-28 17:04 . 2012-08-28 17:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-08-28 17:04 . 2012-08-28 17:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-08-24 11:15 . 2012-09-29 08:44 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-29 08:44 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-29 08:44 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-29 08:44 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-29 08:44 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-29 08:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-29 08:44 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-29 08:44 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-29 08:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-29 08:44 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-29 08:44 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-29 08:44 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-29 08:44 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-29 08:44 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-29 08:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-29 08:44 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-29 08:44 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-29 08:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-29 08:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-29 08:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-29 08:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-29 08:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-13 02:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 02:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 02:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 02:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-29 07:29 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-11 01:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-30 400480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-08 1255736]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-15 11864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-11-03 45448]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 03:25]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 01:42]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 01:42]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246914363-643181606-2009900390-1000Core.job
- c:\users\Cris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 01:37]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246914363-643181606-2009900390-1000UA.job
- c:\users\Cris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 01:37]
.
2012-10-30 c:\windows\Tasks\HPCeeScheduleForCris.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-246914363-643181606-2009900390-1000\Software\SecuROM\License information*]
"datasecu"=hex:95,33,da,11,63,d2,df,78,26,50,d1,1d,fd,dc,be,7a,1c,17,ca,f6,4a,
21,07,fe,c6,bb,44,60,e9,a8,97,4b,38,78,a0,87,9c,f4,e1,79,62,c0,5c,cd,63,d8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-06 09:31:21
ComboFix-quarantined-files.txt 2012-11-06 17:31
ComboFix2.txt 2012-05-14 00:50
.
Pre-Run: 872,245,940,224 bytes free
Post-Run: 872,024,162,304 bytes free
.
- - End Of File - - 5B3945322491CA85A2E958C7DBD48129






security check



Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Extreme Security Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.287
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
BillP Studios WinPatrol WinPatrol.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



adwcleaner





# AdwCleaner v2.007 - Logfile created 11/06/2012 at 09:43:29
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Cris - CRIS-HP
# Boot Mode : Normal
# Running from : C:\Users\Cris\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ZoneAlarm_Security
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Users\Cris\AppData\Local\Conduit
Folder Found : C:\Users\Cris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Cris\AppData\LocalLow\ZoneAlarm_Security

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\ZoneAlarm_Security
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D908DA3-91AA-4C62-9A11-C8DF741BFE62}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B328F01-0065-4750-B00E-B65D6BFC5C0A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Security Toolbar
Key Found : HKLM\Software\ZoneAlarm_Security
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3224 octets] - [06/11/2012 09:43:29]

########## EOF - C:\AdwCleaner[R1].txt - [3284 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 06 November 2012 - 02:27 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 7 Update 7

at the same time remove this old version of Flash.
Adobe Flash Player 10


===

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the log and let me know what problem persists.

#7 Tonsofice

Tonsofice
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 06 November 2012 - 10:58 PM

here is the log file




# AdwCleaner v2.007 - Logfile created 11/06/2012 at 19:53:59
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Cris - CRIS-HP
# Boot Mode : Normal
# Running from : C:\Users\Cris\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ZoneAlarm_Security
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Cris\AppData\Local\Conduit
Folder Deleted : C:\Users\Cris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cris\AppData\LocalLow\ZoneAlarm_Security

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\ZoneAlarm_Security
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D908DA3-91AA-4C62-9A11-C8DF741BFE62}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B328F01-0065-4750-B00E-B65D6BFC5C0A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Security Toolbar
Key Deleted : HKLM\Software\ZoneAlarm_Security
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3349 octets] - [06/11/2012 09:43:29]
AdwCleaner[R2].txt - [3409 octets] - [06/11/2012 19:53:41]
AdwCleaner[S1].txt - [3406 octets] - [06/11/2012 19:53:59]

########## EOF - C:\AdwCleaner[S1].txt - [3466 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 07 November 2012 - 10:01 AM

Looking good.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#9 Tonsofice

Tonsofice
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 11 November 2012 - 03:27 PM

The computer is doing pretty good! Haven't had any problems these past 4 days. Thanks a lot for your help nasdaq!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users