Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IP Block svchost.exe by Malwarebypes


  • This topic is locked This topic is locked
12 replies to this topic

#1 hahaimconfused

hahaimconfused

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 November 2012 - 05:39 AM

So a couple days ago I ran into a trojan on my computer and went ahead and ran MSE and Malwarebytes to try and remove it. I also ran combofix (I didn't know I shouldn't have) just to be sure my computer was entirely clean. But yesterday and today Malwarebytes is telling me it's blocking certain ip addresses requested by svchost.exe. Now that shouldn't be right should it? So I'm still sure my PC is infected. Below are my logs and attached are attach.txt and some logs from Malwarebytes and ComboFix


DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by XXXXXXX at 1:52:23 on 2012-11-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8085.5727 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
D:\My Documents\foobar2000\foobar2000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\XXXXXXX\Desktop\AutoHotKey\AutoHotkey.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WTClient] WTClient.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5BC8FB1B-8B45-416B-9EB6-8B66260317F9} : DHCPNameServer = 132.239.0.252 128.54.16.2
TCP: Interfaces\{E1A941EE-1B46-4D26-A100-337FF00C297B}\2375942554731353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E51D7717-01C0-4714-AB9C-FB72117FC280} : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.My Backup\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - ExtSQL: 2012-09-10 13:57; passifox@hanhuy.com; C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.My Backup\extensions\passifox@hanhuy.com.xpi
FF - ExtSQL: 2012-09-10 13:57; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.My Backup\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-4 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-4 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-7 2754984]
R2 Virtual Router;VirtualRouterService;C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-9-10 1930240]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-4 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-9-10 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2012-2-12 27304]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2012-2-12 17064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-10 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-20 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-13 1255736]
.
=============== Created Last 30 ================
.
2012-11-06 08:55:42 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80909D48-105E-40C8-8230-C40AA27DF206}\mpengine.dll
2012-11-05 20:47:38 -------- d--h--w- C:\Users\XXXXXXX\AppData\Roaming\RWBYTE
2012-11-05 19:27:20 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-05 07:33:34 -------- d-----w- C:\ProgramData\RedGiant
2012-11-05 06:57:54 -------- d-----w- C:\Users\XXXXXXX\AppData\Roaming\Malwarebytes
2012-11-05 06:57:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-05 06:57:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-05 06:57:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-05 03:24:31 -------- d-----w- C:\ProgramData\ALM
2012-11-05 02:48:12 -------- d-----w- C:\Users\XXXXXXX\AppData\Roaming\Thinstall
2012-11-05 02:48:12 -------- d-----w- C:\Users\XXXXXXX\AppData\Local\Thinstall
2012-10-28 01:42:47 -------- d-----w- C:\Program Files (x86)\LOVE
2012-10-20 08:30:01 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3562B1FE-8528-4C16-A644-246561938F05}\gapaengine.dll
2012-10-11 17:48:06 -------- d-----w- C:\Users\XXXXXXX\AppData\Roaming\MathWorks
2012-10-11 17:42:07 -------- d-----w- C:\Program Files\MATLAB
2012-10-10 01:06:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-10 01:06:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-10 01:06:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-10 01:06:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-10 01:06:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-10 01:06:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-10 01:06:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-09 20:26:20 -------- d-----w- C:\Users\XXXXXXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-10-07 23:07:45 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-10-07 21:36:39 -------- d-----w- C:\Users\XXXXXXX\AppData\Roaming\TeamViewer
2012-10-07 19:20:53 -------- d-----r- C:\Program Files (x86)\Skype
2012-10-07 18:18:59 -------- d-----w- C:\Users\XXXXXXX\AppData\Roaming\AccurateRip
2012-10-07 18:18:52 4022504 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-10-07 18:18:48 -------- d-----w- C:\Program Files (x86)\Illustrate
.
==================== Find3M ====================
.
2012-09-17 02:52:01 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-17 02:52:00 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-17 02:52:00 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-10 19:01:17 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-09-10 18:56:35 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-10 18:56:35 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-10 18:19:11 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 20:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 1:52:32.75 ===============

Attached Files


Edited by hahaimconfused, 06 November 2012 - 05:40 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 November 2012 - 08:59 AM

Please run the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 hahaimconfused

hahaimconfused
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 November 2012 - 12:49 PM

Here you are.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2012
Ran by SYSTEM at 06-11-2012 09:45:06
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WTClient] WTClient.exe [x]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\XXXXXX\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -update plugin [690888 2012-09-10] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 132.239.0.252 128.54.16.2

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
3 OpenVPNService; "C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe" [14848 2011-12-15] ()
2 Virtual Router; "C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe" [12288 2009-11-18] (Chris Pietschmann (http://pietschsoft.com))
2 WinTabService; "C:\Windows\System32\Drivers\WTSRV.EXE" [73728 2011-09-23] (UC-Logic Technology Corp.)

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-06 09:44 - 2012-11-06 09:44 - 00000000 ____D C:\FRST
2012-11-06 02:21 - 2011-07-16 22:21 - 00302592 ____A C:\Users\XXXXXX\Desktop\gmer.exe
2012-11-06 01:52 - 2012-11-06 01:52 - 00014791 ____A C:\Users\XXXXXX\Desktop\dds.txt
2012-11-06 01:52 - 2012-11-06 01:52 - 00007650 ____A C:\Users\XXXXXX\Desktop\attach.txt
2012-11-05 14:38 - 2012-11-05 15:24 - 10252288 ____A C:\Users\XXXXXX\Desktop\phone pony 2.sai
2012-11-05 13:49 - 2012-11-05 13:57 - 09363456 ____A C:\Users\XXXXXX\Desktop\phone pony.sai
2012-11-05 12:47 - 2012-11-05 12:47 - 00000000 ___HD C:\Users\XXXXXX\AppData\Roaming\RWBYTE
2012-11-05 11:35 - 2012-11-05 11:35 - 00002027 ____A C:\Users\XXXXXX\Desktop\RKreport[2]_D_11052012_02d1135.txt
2012-11-05 11:33 - 2012-11-05 11:33 - 00002184 ____A C:\Users\XXXXXX\Desktop\RKreport[1]_S_11052012_02d1133.txt
2012-11-05 11:20 - 2012-11-05 11:20 - 00015584 ____A C:\ComboFix.txt
2012-11-05 11:14 - 2012-11-05 11:24 - 00000000 ____D C:\Windows\erdnt
2012-11-04 23:33 - 2012-11-04 23:33 - 00000000 ____D C:\Users\All Users\RedGiant
2012-11-04 23:08 - 2012-11-05 11:35 - 00000000 ____D C:\Users\XXXXXX\Desktop\RK_Quarantine
2012-11-04 22:57 - 2012-11-04 22:57 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Malwarebytes
2012-11-04 22:57 - 2012-11-04 22:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-04 22:57 - 2012-11-04 22:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-04 22:57 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-04 19:24 - 2012-11-04 19:24 - 00000000 ____D C:\Users\All Users\ALM
2012-11-04 18:48 - 2012-11-04 18:48 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Thinstall
2012-11-04 18:48 - 2012-11-04 18:48 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Thinstall
2012-11-04 18:24 - 2012-11-06 09:36 - 00000000 ____D C:\Users\XXXXXX\Desktop\Derpy Ate The Precious Thing Files
2012-11-03 19:58 - 2012-11-05 12:12 - 00000672 ____A C:\Windows\setupact.log
2012-11-03 19:58 - 2012-11-04 23:23 - 00008236 ____A C:\Windows\PFRO.log
2012-11-03 19:58 - 2012-11-03 19:58 - 00000000 ____A C:\Windows\setuperr.log
2012-11-03 12:44 - 2012-11-03 14:15 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\FileZilla
2012-11-01 10:51 - 2012-11-01 10:51 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\U3
2012-10-29 21:16 - 2012-10-31 16:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-10-27 17:42 - 2012-11-05 11:19 - 00000000 ____D C:\Program Files (x86)\LOVE
2012-10-26 23:34 - 2012-11-03 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-19 20:00 - 2012-10-19 20:00 - 00001908 ____A C:\Windows\diagwrn.xml
2012-10-19 20:00 - 2012-10-19 20:00 - 00001908 ____A C:\Windows\diagerr.xml
2012-10-15 15:18 - 2012-10-15 15:18 - 00000000 ____D C:\Users\XXXXXX\Desktop\New folder
2012-10-12 18:57 - 2012-10-12 19:02 - 00000000 ____D C:\Users\XXXXXX\Desktop\AutoHotKey
2012-10-12 18:57 - 2012-10-12 18:57 - 00001352 ____A C:\Users\XXXXXX\Documents\AutoHotkey.ahk
2012-10-11 09:59 - 2012-10-14 11:40 - 00000000 ____D C:\Users\XXXXXX\Desktop\MLPGVG
2012-10-11 09:48 - 2012-10-11 09:48 - 00000000 ____D C:\Users\XXXXXX\Documents\MATLAB
2012-10-11 09:48 - 2012-10-11 09:48 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\MathWorks
2012-10-11 09:42 - 2012-10-11 09:42 - 00000000 ____D C:\Program Files\MATLAB
2012-10-10 20:52 - 2012-10-10 20:52 - 00203836 __RSH C:\grldr
2012-10-10 20:52 - 2012-10-10 20:52 - 00000000 __RSH C:\winx.ld
2012-10-10 00:41 - 2012-10-10 00:46 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Audacity
2012-10-09 22:42 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 22:42 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 22:42 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 22:42 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 22:42 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 22:42 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 22:42 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 22:42 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 22:42 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 22:42 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 22:42 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 22:42 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 22:42 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 22:42 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 22:42 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 17:06 - 2012-10-09 17:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-10-09 17:03 - 2012-11-03 01:45 - 00001456 ____A C:\Users\XXXXXX\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-10-09 17:01 - 2012-10-09 17:01 - 00000000 ____D C:\Users\XXXXXX\Documents\Adobe
2012-10-09 12:26 - 2012-10-09 12:26 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-10-08 23:33 - 2012-11-04 23:31 - 00000000 ____D C:\Users\XXXXXX\Desktop\art
2012-10-07 15:07 - 2012-10-07 15:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-10-07 13:36 - 2012-10-07 13:36 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\TeamViewer
2012-10-07 11:20 - 2012-11-03 19:57 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Skype
2012-10-07 11:20 - 2012-10-07 11:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-10-07 11:20 - 2012-10-07 11:20 - 00000000 ____D C:\Users\All Users\Skype
2012-10-07 10:18 - 2012-10-07 10:18 - 04022504 ____A C:\Windows\SysWOW64\SpoonUninstall.exe
2012-10-07 10:18 - 2012-10-07 10:18 - 00033846 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.bmp
2012-10-07 10:18 - 2012-10-07 10:18 - 00033846 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.bmp
2012-10-07 10:18 - 2012-10-07 10:18 - 00017950 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.dat
2012-10-07 10:18 - 2012-10-07 10:18 - 00013082 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.dat
2012-10-07 10:18 - 2012-10-07 10:18 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\AccurateRip
2012-10-07 10:18 - 2012-10-07 10:18 - 00000000 ____D C:\Program Files (x86)\Illustrate

==================== 3 Months Modified Files ==================

2012-11-06 09:42 - 2012-09-10 09:33 - 01311837 ____A C:\Windows\WindowsUpdate.log
2012-11-06 09:01 - 2012-09-10 10:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-06 08:16 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-06 06:18 - 2012-09-11 15:29 - 00000132 ____A C:\Users\XXXXXX\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-11-06 06:07 - 2012-09-10 10:03 - 00087680 ____A C:\Users\XXXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-06 01:52 - 2012-11-06 01:52 - 00014791 ____A C:\Users\XXXXXX\Desktop\dds.txt
2012-11-06 01:52 - 2012-11-06 01:52 - 00007650 ____A C:\Users\XXXXXX\Desktop\attach.txt
2012-11-05 15:24 - 2012-11-05 14:38 - 10252288 ____A C:\Users\XXXXXX\Desktop\phone pony 2.sai
2012-11-05 13:57 - 2012-11-05 13:49 - 09363456 ____A C:\Users\XXXXXX\Desktop\phone pony.sai
2012-11-05 12:12 - 2012-11-03 19:58 - 00000672 ____A C:\Windows\setupact.log
2012-11-05 11:35 - 2012-11-05 11:35 - 00002027 ____A C:\Users\XXXXXX\Desktop\RKreport[2]_D_11052012_02d1135.txt
2012-11-05 11:33 - 2012-11-05 11:33 - 00002184 ____A C:\Users\XXXXXX\Desktop\RKreport[1]_S_11052012_02d1133.txt
2012-11-05 11:20 - 2012-11-05 11:20 - 00015584 ____A C:\ComboFix.txt
2012-11-05 11:19 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-05 00:51 - 2009-07-13 20:45 - 00026576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-05 00:51 - 2009-07-13 20:45 - 00026576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-05 00:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-04 23:23 - 2012-11-03 19:58 - 00008236 ____A C:\Windows\PFRO.log
2012-11-04 23:02 - 2009-07-13 20:45 - 04967312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-03 19:58 - 2012-11-03 19:58 - 00000000 ____A C:\Windows\setuperr.log
2012-11-03 01:45 - 2012-10-09 17:03 - 00001456 ____A C:\Users\XXXXXX\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-10-19 20:00 - 2012-10-19 20:00 - 00001908 ____A C:\Windows\diagwrn.xml
2012-10-19 20:00 - 2012-10-19 20:00 - 00001908 ____A C:\Windows\diagerr.xml
2012-10-12 18:57 - 2012-10-12 18:57 - 00001352 ____A C:\Users\XXXXXX\Documents\AutoHotkey.ahk
2012-10-10 20:52 - 2012-10-10 20:52 - 00203836 __RSH C:\grldr
2012-10-10 20:52 - 2012-10-10 20:52 - 00000000 __RSH C:\winx.ld
2012-10-07 10:18 - 2012-10-07 10:18 - 04022504 ____A C:\Windows\SysWOW64\SpoonUninstall.exe
2012-10-07 10:18 - 2012-10-07 10:18 - 00033846 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.bmp
2012-10-07 10:18 - 2012-10-07 10:18 - 00033846 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.bmp
2012-10-07 10:18 - 2012-10-07 10:18 - 00017950 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp Music Converter.dat
2012-10-07 10:18 - 2012-10-07 10:18 - 00013082 ____A C:\Windows\SysWOW64\SpoonUninstall-dBpoweramp DSP Effects.dat
2012-10-04 19:33 - 2012-09-28 00:09 - 00000500 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-10-04 13:55 - 2012-10-04 13:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-10-02 02:00 - 2012-09-10 11:02 - 00002155 ____A C:\Windows\epplauncher.mif
2012-09-30 11:03 - 2012-09-27 17:06 - 11698176 ____A C:\Users\XXXXXX\Documents\twilight.sai
2012-09-29 19:54 - 2012-11-04 22:57 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-29 00:02 - 2012-09-28 10:59 - 00413696 ____A C:\Users\XXXXXX\Documents\marker.sai
2012-09-28 00:13 - 2012-09-28 00:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-09-27 11:41 - 2012-09-27 11:41 - 00002484 ____A C:\Windows\Tablet10000x6583.ini
2012-09-22 04:29 - 2012-09-22 04:29 - 00003584 ____A C:\Users\XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-16 18:52 - 2012-09-16 18:52 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-16 18:52 - 2012-09-16 18:52 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-16 18:52 - 2012-09-16 18:52 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-16 18:52 - 2012-09-16 18:52 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-16 18:52 - 2012-09-16 18:52 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-16 18:52 - 2012-09-16 18:52 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-14 11:19 - 2012-10-09 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-12 11:58 - 2012-09-12 11:58 - 00000132 ____A C:\Users\XXXXXX\AppData\Roaming\Adobe BMP Format CS6 Prefs
2012-09-11 15:56 - 2012-09-11 15:56 - 00000132 ____A C:\Users\XXXXXX\AppData\Roaming\Adobe Targa Format CS6 Prefs
2012-09-10 14:41 - 2012-09-10 14:41 - 00002464 ____A C:\Users\XXXXXX\Documents\Register Vegas Pro.htm
2012-09-10 11:02 - 2012-09-10 11:02 - 00730638 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-10 11:01 - 2012-09-10 11:01 - 00231376 ____A (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys
2012-09-10 11:01 - 2012-09-10 11:01 - 00000600 ____A C:\Users\XXXXXX\AppData\Roaming\winscp.rnd
2012-09-10 10:56 - 2012-09-10 10:56 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-10 10:56 - 2012-09-10 10:56 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-10 10:19 - 2012-09-10 10:19 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-09-10 10:09 - 2012-09-10 10:09 - 00008192 _RASH C:\BOOTSECT.BAK
2012-09-10 10:09 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-09-10 10:09 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-09-10 09:32 - 2012-09-10 09:32 - 00000020 ___SH C:\Users\XXXXXX\ntuser.ini
2012-09-10 09:11 - 2012-09-10 09:11 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-08-30 21:03 - 2012-08-30 21:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 21:03 - 2012-03-20 19:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 10:03 - 2012-10-09 22:42 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 22:42 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 22:42 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-09 22:42 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 22:42 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-23 02:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-23 02:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-23 02:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 02:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-23 02:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-23 02:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 02:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 02:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 02:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 02:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 02:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 02:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 02:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 02:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 02:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 02:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 02:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 02:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 02:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 02:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 02:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 02:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 02:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 02:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 01:18 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 01:18 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 01:18 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 12:01 - 2012-09-17 08:18 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 12:01 - 2012-08-21 12:01 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01 - 2012-08-21 12:01 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-10 16:56 - 2012-10-09 22:42 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 22:42 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-05 11:24:13
Restore point made on: 2012-11-05 11:27:17

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8084.96 MB
Available physical RAM: 7313.79 MB
Total Pagefile: 8083.16 MB
Available Pagefile: 7314.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:119.24 GB) (Free:49.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive e: (Media) (Fixed) (Total:298.09 GB) (Free:45.02 GB) NTFS
3 Drive f: (SANDISK 1GB) (Removable) (Total:0.95 GB) (Free:0.5 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Documents) (Fixed) (Total:298.09 GB) (Free:217.9 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 119 GB 0 B
Disk 2 Online 298 GB 0 B
Disk 3 Online 977 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y Documents NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 119 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 119 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Media NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 976 MB 122 KB

==================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F SANDISK 1GB FAT Removable 976 MB Healthy

=========================================================

Last Boot: 2012-11-05 02:03

==================== End Of Log =============================


Search.txt

Farbar Recovery Scan Tool (x64) Version: 05-11-2012
Ran by SYSTEM at 2012-11-06 09:45:44
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-11-05 11:20] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 November 2012 - 06:03 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 hahaimconfused

hahaimconfused
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 November 2012 - 06:33 PM

Here you are. TDSSKiller did not detect anything.

# AdwCleaner v2.007 - Logfile created 11/06/2012 at 15:24:59
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : XXXXXXX - LETH-PC
# Boot Mode : Normal
# Running from : E:\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\g1ebaxvy.default\prefs.js

[OK] File is clean.

Profile name : My Backup [Profil par défaut]
File : C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.My Backup\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [839 octets] - [06/11/2012 15:24:59]

########## EOF - C:\AdwCleaner[S1].txt - [898 octets] ##########


15:28:38.0081 3900 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:28:38.0424 3900 ============================================================
15:28:38.0424 3900 Current date / time: 2012/11/06 15:28:38.0424
15:28:38.0424 3900 SystemInfo:
15:28:38.0424 3900
15:28:38.0440 3900 OS Version: 6.1.7601 ServicePack: 1.0
15:28:38.0440 3900 Product type: Workstation
15:28:38.0440 3900 ComputerName: LETH-PC
15:28:38.0440 3900 UserName: Ryan
15:28:38.0440 3900 Windows directory: C:\Windows
15:28:38.0440 3900 System windows directory: C:\Windows
15:28:38.0440 3900 Running under WOW64
15:28:38.0440 3900 Processor architecture: Intel x64
15:28:38.0440 3900 Number of processors: 4
15:28:38.0440 3900 Page size: 0x1000
15:28:38.0440 3900 Boot type: Normal boot
15:28:38.0440 3900 ============================================================
15:28:38.0846 3900 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:38.0846 3900 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:38.0861 3900 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:38.0939 3900 Drive \Device\Harddisk3\DR3 - Size: 0x3D17C000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:28:38.0939 3900 ============================================================
15:28:38.0939 3900 \Device\Harddisk0\DR0:
15:28:38.0939 3900 MBR partitions:
15:28:38.0939 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:28:38.0939 3900 \Device\Harddisk1\DR1:
15:28:38.0939 3900 MBR partitions:
15:28:38.0939 3900 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
15:28:38.0939 3900 \Device\Harddisk2\DR2:
15:28:38.0939 3900 MBR partitions:
15:28:38.0939 3900 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:28:38.0939 3900 \Device\Harddisk3\DR3:
15:28:38.0939 3900 MBR partitions:
15:28:38.0939 3900 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B
15:28:38.0939 3900 ============================================================
15:28:38.0939 3900 C: <-> \Device\Harddisk1\DR1\Partition1
15:28:38.0970 3900 D: <-> \Device\Harddisk0\DR0\Partition1
15:28:39.0017 3900 E: <-> \Device\Harddisk2\DR2\Partition1
15:28:39.0017 3900 ============================================================
15:28:39.0017 3900 Initialize success
15:28:39.0017 3900 ============================================================
15:29:00.0623 1700 ============================================================
15:29:00.0623 1700 Scan started
15:29:00.0623 1700 Mode: Manual; TDLFS;
15:29:00.0623 1700 ============================================================
15:29:00.0810 1700 ================ Scan system memory ========================
15:29:00.0810 1700 System memory - ok
15:29:00.0810 1700 ================ Scan services =============================
15:29:00.0857 1700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:29:00.0857 1700 1394ohci - ok
15:29:00.0857 1700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:29:00.0873 1700 ACPI - ok
15:29:00.0873 1700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:29:00.0873 1700 AcpiPmi - ok
15:29:00.0888 1700 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:29:00.0951 1700 AdobeFlashPlayerUpdateSvc - ok
15:29:00.0966 1700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:29:00.0966 1700 adp94xx - ok
15:29:00.0966 1700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:29:00.0982 1700 adpahci - ok
15:29:00.0982 1700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:29:00.0982 1700 adpu320 - ok
15:29:00.0982 1700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:29:00.0982 1700 AeLookupSvc - ok
15:29:00.0982 1700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:29:00.0998 1700 AFD - ok
15:29:00.0998 1700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:29:00.0998 1700 agp440 - ok
15:29:00.0998 1700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:29:00.0998 1700 ALG - ok
15:29:00.0998 1700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:29:00.0998 1700 aliide - ok
15:29:01.0013 1700 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:29:01.0013 1700 AMD External Events Utility - ok
15:29:01.0013 1700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:29:01.0013 1700 amdide - ok
15:29:01.0013 1700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:29:01.0013 1700 AmdK8 - ok
15:29:01.0107 1700 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:29:01.0169 1700 amdkmdag - ok
15:29:01.0169 1700 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:29:01.0169 1700 amdkmdap - ok
15:29:01.0169 1700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:29:01.0169 1700 AmdPPM - ok
15:29:01.0185 1700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:29:01.0185 1700 amdsata - ok
15:29:01.0185 1700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:29:01.0185 1700 amdsbs - ok
15:29:01.0185 1700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:29:01.0185 1700 amdxata - ok
15:29:01.0185 1700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:29:01.0185 1700 AppID - ok
15:29:01.0200 1700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:29:01.0200 1700 AppIDSvc - ok
15:29:01.0200 1700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:29:01.0200 1700 Appinfo - ok
15:29:01.0200 1700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:29:01.0200 1700 Apple Mobile Device - ok
15:29:01.0216 1700 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:29:01.0216 1700 AppMgmt - ok
15:29:01.0216 1700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:29:01.0216 1700 arc - ok
15:29:01.0216 1700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:29:01.0216 1700 arcsas - ok
15:29:01.0216 1700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:29:01.0216 1700 AsyncMac - ok
15:29:01.0216 1700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:29:01.0216 1700 atapi - ok
15:29:01.0232 1700 [ EA0AF9B866DF07E8FE6C2342585788B0 ] athur C:\Windows\system32\DRIVERS\athurx.sys
15:29:01.0247 1700 athur - ok
15:29:01.0247 1700 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:29:01.0247 1700 AtiHDAudioService - ok
15:29:01.0263 1700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:29:01.0263 1700 AudioEndpointBuilder - ok
15:29:01.0278 1700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:29:01.0278 1700 AudioSrv - ok
15:29:01.0278 1700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:29:01.0278 1700 AxInstSV - ok
15:29:01.0278 1700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:29:01.0294 1700 b06bdrv - ok
15:29:01.0294 1700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:29:01.0294 1700 b57nd60a - ok
15:29:01.0294 1700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:29:01.0294 1700 BDESVC - ok
15:29:01.0310 1700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:29:01.0310 1700 Beep - ok
15:29:01.0310 1700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:29:01.0310 1700 BFE - ok
15:29:01.0325 1700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:29:01.0325 1700 BITS - ok
15:29:01.0325 1700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:29:01.0325 1700 blbdrive - ok
15:29:01.0341 1700 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:29:01.0341 1700 Bonjour Service - ok
15:29:01.0341 1700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:29:01.0341 1700 bowser - ok
15:29:01.0341 1700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:29:01.0341 1700 BrFiltLo - ok
15:29:01.0341 1700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:29:01.0356 1700 BrFiltUp - ok
15:29:01.0356 1700 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:29:01.0356 1700 BridgeMP - ok
15:29:01.0356 1700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:29:01.0356 1700 Browser - ok
15:29:01.0356 1700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:29:01.0372 1700 Brserid - ok
15:29:01.0372 1700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:29:01.0372 1700 BrSerWdm - ok
15:29:01.0372 1700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:29:01.0372 1700 BrUsbMdm - ok
15:29:01.0372 1700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:29:01.0372 1700 BrUsbSer - ok
15:29:01.0372 1700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:29:01.0372 1700 BTHMODEM - ok
15:29:01.0372 1700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:29:01.0388 1700 bthserv - ok
15:29:01.0388 1700 catchme - ok
15:29:01.0388 1700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:29:01.0388 1700 cdfs - ok
15:29:01.0388 1700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:29:01.0403 1700 cdrom - ok
15:29:01.0403 1700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:29:01.0403 1700 CertPropSvc - ok
15:29:01.0403 1700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:29:01.0403 1700 circlass - ok
15:29:01.0403 1700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:29:01.0419 1700 CLFS - ok
15:29:01.0419 1700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:01.0419 1700 clr_optimization_v2.0.50727_32 - ok
15:29:01.0434 1700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:29:01.0434 1700 clr_optimization_v2.0.50727_64 - ok
15:29:01.0434 1700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:29:01.0434 1700 clr_optimization_v4.0.30319_32 - ok
15:29:01.0450 1700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:29:01.0450 1700 clr_optimization_v4.0.30319_64 - ok
15:29:01.0450 1700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:29:01.0450 1700 CmBatt - ok
15:29:01.0450 1700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:29:01.0450 1700 cmdide - ok
15:29:01.0466 1700 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:29:01.0466 1700 CNG - ok
15:29:01.0466 1700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:29:01.0466 1700 Compbatt - ok
15:29:01.0466 1700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:29:01.0466 1700 CompositeBus - ok
15:29:01.0466 1700 COMSysApp - ok
15:29:01.0481 1700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:29:01.0481 1700 crcdisk - ok
15:29:01.0481 1700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:29:01.0481 1700 CryptSvc - ok
15:29:01.0481 1700 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:29:01.0497 1700 CSC - ok
15:29:01.0497 1700 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:29:01.0497 1700 CscService - ok
15:29:01.0512 1700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:29:01.0512 1700 DcomLaunch - ok
15:29:01.0512 1700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:29:01.0512 1700 defragsvc - ok
15:29:01.0528 1700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:29:01.0528 1700 DfsC - ok
15:29:01.0528 1700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:29:01.0528 1700 Dhcp - ok
15:29:01.0528 1700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:29:01.0528 1700 discache - ok
15:29:01.0544 1700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:29:01.0544 1700 Disk - ok
15:29:01.0544 1700 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:29:01.0544 1700 dmvsc - ok
15:29:01.0544 1700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:29:01.0544 1700 Dnscache - ok
15:29:01.0544 1700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:29:01.0559 1700 dot3svc - ok
15:29:01.0559 1700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:29:01.0559 1700 DPS - ok
15:29:01.0559 1700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:29:01.0559 1700 drmkaud - ok
15:29:01.0575 1700 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:29:01.0575 1700 DXGKrnl - ok
15:29:01.0575 1700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:29:01.0575 1700 EapHost - ok
15:29:01.0606 1700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:29:01.0622 1700 ebdrv - ok
15:29:01.0622 1700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:29:01.0622 1700 EFS - ok
15:29:01.0637 1700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:29:01.0637 1700 ehRecvr - ok
15:29:01.0637 1700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:29:01.0637 1700 ehSched - ok
15:29:01.0653 1700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:29:01.0653 1700 elxstor - ok
15:29:01.0653 1700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:29:01.0653 1700 ErrDev - ok
15:29:01.0668 1700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:29:01.0668 1700 EventSystem - ok
15:29:01.0668 1700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:29:01.0668 1700 exfat - ok
15:29:01.0668 1700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:29:01.0668 1700 fastfat - ok
15:29:01.0684 1700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:29:01.0684 1700 Fax - ok
15:29:01.0684 1700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:29:01.0684 1700 fdc - ok
15:29:01.0700 1700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:29:01.0700 1700 fdPHost - ok
15:29:01.0700 1700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:29:01.0700 1700 FDResPub - ok
15:29:01.0700 1700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:29:01.0700 1700 FileInfo - ok
15:29:01.0700 1700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:29:01.0700 1700 Filetrace - ok
15:29:01.0700 1700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:29:01.0700 1700 flpydisk - ok
15:29:01.0715 1700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:29:01.0715 1700 FltMgr - ok
15:29:01.0715 1700 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:29:01.0731 1700 FontCache - ok
15:29:01.0731 1700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:29:01.0731 1700 FontCache3.0.0.0 - ok
15:29:01.0731 1700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:29:01.0731 1700 FsDepends - ok
15:29:01.0731 1700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:29:01.0731 1700 Fs_Rec - ok
15:29:01.0746 1700 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:29:01.0746 1700 fvevol - ok
15:29:01.0746 1700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:29:01.0746 1700 gagp30kx - ok
15:29:01.0746 1700 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:29:01.0746 1700 GEARAspiWDM - ok
15:29:01.0762 1700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:29:01.0762 1700 gpsvc - ok
15:29:01.0762 1700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:29:01.0762 1700 hcw85cir - ok
15:29:01.0778 1700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:29:01.0778 1700 HdAudAddService - ok
15:29:01.0778 1700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:01.0778 1700 HDAudBus - ok
15:29:01.0778 1700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:29:01.0778 1700 HidBatt - ok
15:29:01.0778 1700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:29:01.0778 1700 HidBth - ok
15:29:01.0793 1700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:29:01.0793 1700 HidIr - ok
15:29:01.0793 1700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:29:01.0793 1700 hidserv - ok
15:29:01.0793 1700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:29:01.0809 1700 HidUsb - ok
15:29:01.0809 1700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:29:01.0809 1700 hkmsvc - ok
15:29:01.0809 1700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:29:01.0809 1700 HomeGroupListener - ok
15:29:01.0809 1700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:29:01.0824 1700 HomeGroupProvider - ok
15:29:01.0824 1700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:29:01.0824 1700 HpSAMD - ok
15:29:01.0824 1700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:29:01.0840 1700 HTTP - ok
15:29:01.0840 1700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:29:01.0840 1700 hwpolicy - ok
15:29:01.0840 1700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:01.0840 1700 i8042prt - ok
15:29:01.0840 1700 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:29:01.0856 1700 iaStor - ok
15:29:01.0856 1700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:29:01.0856 1700 iaStorV - ok
15:29:01.0871 1700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:29:01.0871 1700 idsvc - ok
15:29:01.0871 1700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:29:01.0871 1700 iirsp - ok
15:29:01.0887 1700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:29:01.0887 1700 IKEEXT - ok
15:29:01.0934 1700 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:29:01.0949 1700 IntcAzAudAddService - ok
15:29:01.0949 1700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:29:01.0949 1700 intelide - ok
15:29:01.0949 1700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:29:01.0949 1700 intelppm - ok
15:29:01.0949 1700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:29:01.0949 1700 IPBusEnum - ok
15:29:01.0949 1700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:01.0949 1700 IpFilterDriver - ok
15:29:01.0965 1700 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:29:01.0965 1700 iphlpsvc - ok
15:29:01.0965 1700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:29:01.0965 1700 IPMIDRV - ok
15:29:01.0980 1700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:29:01.0980 1700 IPNAT - ok
15:29:01.0980 1700 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:29:01.0996 1700 iPod Service - ok
15:29:01.0996 1700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:29:01.0996 1700 IRENUM - ok
15:29:01.0996 1700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:29:01.0996 1700 isapnp - ok
15:29:01.0996 1700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:29:01.0996 1700 iScsiPrt - ok
15:29:02.0012 1700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:02.0012 1700 kbdclass - ok
15:29:02.0012 1700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:29:02.0012 1700 kbdhid - ok
15:29:02.0012 1700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:29:02.0012 1700 KeyIso - ok
15:29:02.0027 1700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:29:02.0027 1700 KSecDD - ok
15:29:02.0027 1700 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:29:02.0027 1700 KSecPkg - ok
15:29:02.0027 1700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:29:02.0027 1700 ksthunk - ok
15:29:02.0027 1700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:29:02.0043 1700 KtmRm - ok
15:29:02.0043 1700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:29:02.0043 1700 LanmanServer - ok
15:29:02.0043 1700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:29:02.0043 1700 LanmanWorkstation - ok
15:29:02.0058 1700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:29:02.0058 1700 lltdio - ok
15:29:02.0058 1700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:29:02.0058 1700 lltdsvc - ok
15:29:02.0058 1700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:29:02.0058 1700 lmhosts - ok
15:29:02.0058 1700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:29:02.0074 1700 LSI_FC - ok
15:29:02.0074 1700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:29:02.0074 1700 LSI_SAS - ok
15:29:02.0074 1700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:29:02.0074 1700 LSI_SAS2 - ok
15:29:02.0074 1700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:29:02.0074 1700 LSI_SCSI - ok
15:29:02.0090 1700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:29:02.0090 1700 luafv - ok
15:29:02.0090 1700 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:29:02.0090 1700 MBAMProtector - ok
15:29:02.0090 1700 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:29:02.0090 1700 MBAMScheduler - ok
15:29:02.0105 1700 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:29:02.0105 1700 MBAMService - ok
15:29:02.0105 1700 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
15:29:02.0105 1700 MBfilt - ok
15:29:02.0121 1700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:29:02.0121 1700 Mcx2Svc - ok
15:29:02.0121 1700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:29:02.0121 1700 megasas - ok
15:29:02.0121 1700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:29:02.0121 1700 MegaSR - ok
15:29:02.0121 1700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:29:02.0121 1700 MMCSS - ok
15:29:02.0136 1700 [ BFFB0C93D9FB43CA42EF11C9240BFF7F ] Modem C:\Windows\system32\drivers\modem.sys
15:29:02.0136 1700 Modem - ok
15:29:02.0136 1700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:29:02.0136 1700 monitor - ok
15:29:02.0136 1700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:29:02.0136 1700 mouclass - ok
15:29:02.0136 1700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:29:02.0136 1700 mouhid - ok
15:29:02.0136 1700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:29:02.0136 1700 mountmgr - ok
15:29:02.0152 1700 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:29:02.0152 1700 MozillaMaintenance - ok
15:29:02.0152 1700 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:29:02.0152 1700 MpFilter - ok
15:29:02.0152 1700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:29:02.0152 1700 mpio - ok
15:29:02.0168 1700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:29:02.0168 1700 mpsdrv - ok
15:29:02.0168 1700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:29:02.0168 1700 MpsSvc - ok
15:29:02.0183 1700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:29:02.0183 1700 MRxDAV - ok
15:29:02.0183 1700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:02.0183 1700 mrxsmb - ok
15:29:02.0183 1700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:02.0183 1700 mrxsmb10 - ok
15:29:02.0199 1700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:02.0199 1700 mrxsmb20 - ok
15:29:02.0199 1700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:29:02.0199 1700 msahci - ok
15:29:02.0199 1700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:29:02.0199 1700 msdsm - ok
15:29:02.0199 1700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:29:02.0199 1700 MSDTC - ok
15:29:02.0214 1700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:29:02.0214 1700 Msfs - ok
15:29:02.0214 1700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:29:02.0214 1700 mshidkmdf - ok
15:29:02.0214 1700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:29:02.0214 1700 msisadrv - ok
15:29:02.0230 1700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:29:02.0230 1700 MSiSCSI - ok
15:29:02.0230 1700 msiserver - ok
15:29:02.0230 1700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:29:02.0230 1700 MSKSSRV - ok
15:29:02.0230 1700 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:29:02.0230 1700 MsMpSvc - ok
15:29:02.0230 1700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:02.0246 1700 MSPCLOCK - ok
15:29:02.0246 1700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:29:02.0246 1700 MSPQM - ok
15:29:02.0246 1700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:29:02.0246 1700 MsRPC - ok
15:29:02.0246 1700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:02.0246 1700 mssmbios - ok
15:29:02.0246 1700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:29:02.0261 1700 MSTEE - ok
15:29:02.0261 1700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:29:02.0261 1700 MTConfig - ok
15:29:02.0261 1700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:29:02.0261 1700 Mup - ok
15:29:02.0261 1700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:29:02.0277 1700 napagent - ok
15:29:02.0277 1700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:29:02.0277 1700 NativeWifiP - ok
15:29:02.0292 1700 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:29:02.0292 1700 NDIS - ok
15:29:02.0292 1700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:02.0292 1700 NdisCap - ok
15:29:02.0292 1700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:02.0292 1700 NdisTapi - ok
15:29:02.0292 1700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:02.0308 1700 Ndisuio - ok
15:29:02.0308 1700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:02.0308 1700 NdisWan - ok
15:29:02.0308 1700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:29:02.0308 1700 NDProxy - ok
15:29:02.0308 1700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:29:02.0308 1700 NetBIOS - ok
15:29:02.0308 1700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:29:02.0324 1700 NetBT - ok
15:29:02.0324 1700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:29:02.0324 1700 Netlogon - ok
15:29:02.0324 1700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:29:02.0324 1700 Netman - ok
15:29:02.0339 1700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:29:02.0339 1700 netprofm - ok
15:29:02.0339 1700 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:29:02.0339 1700 NetTcpPortSharing - ok
15:29:02.0339 1700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:29:02.0339 1700 nfrd960 - ok
15:29:02.0339 1700 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:29:02.0355 1700 NisDrv - ok
15:29:02.0355 1700 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
15:29:02.0355 1700 NisSrv - ok
15:29:02.0355 1700 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:29:02.0355 1700 NlaSvc - ok
15:29:02.0370 1700 [ 1675AC45BEFD9CFFADD3E251524A9468 ] NovacomD C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
15:29:02.0370 1700 NovacomD - ok
15:29:02.0370 1700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:29:02.0370 1700 Npfs - ok
15:29:02.0386 1700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:29:02.0386 1700 nsi - ok
15:29:02.0386 1700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:29:02.0386 1700 nsiproxy - ok
15:29:02.0402 1700 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:29:02.0402 1700 Ntfs - ok
15:29:02.0417 1700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:29:02.0417 1700 Null - ok
15:29:02.0417 1700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:29:02.0417 1700 nvraid - ok
15:29:02.0417 1700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:29:02.0417 1700 nvstor - ok
15:29:02.0417 1700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:29:02.0417 1700 nv_agp - ok
15:29:02.0433 1700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:29:02.0433 1700 ohci1394 - ok
15:29:02.0433 1700 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
15:29:02.0448 1700 OpenVPNService - ok
15:29:02.0448 1700 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:29:02.0448 1700 ose - ok
15:29:02.0495 1700 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:29:02.0526 1700 osppsvc - ok
15:29:02.0526 1700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:29:02.0526 1700 p2pimsvc - ok
15:29:02.0526 1700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:29:02.0542 1700 p2psvc - ok
15:29:02.0542 1700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:29:02.0542 1700 Parport - ok
15:29:02.0542 1700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:29:02.0542 1700 partmgr - ok
15:29:02.0542 1700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:29:02.0542 1700 PcaSvc - ok
15:29:02.0558 1700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:29:02.0558 1700 pci - ok
15:29:02.0558 1700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:29:02.0558 1700 pciide - ok
15:29:02.0558 1700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:29:02.0558 1700 pcmcia - ok
15:29:02.0573 1700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:29:02.0573 1700 pcw - ok
15:29:02.0573 1700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:29:02.0573 1700 PEAUTH - ok
15:29:02.0589 1700 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:29:02.0604 1700 PeerDistSvc - ok
15:29:02.0620 1700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:29:02.0620 1700 PerfHost - ok
15:29:02.0636 1700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:29:02.0651 1700 pla - ok
15:29:02.0651 1700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:29:02.0651 1700 PlugPlay - ok
15:29:02.0651 1700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:29:02.0651 1700 PNRPAutoReg - ok
15:29:02.0667 1700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:29:02.0667 1700 PNRPsvc - ok
15:29:02.0667 1700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:29:02.0667 1700 PolicyAgent - ok
15:29:02.0682 1700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:29:02.0682 1700 Power - ok
15:29:02.0682 1700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:29:02.0682 1700 PptpMiniport - ok
15:29:02.0682 1700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:29:02.0682 1700 Processor - ok
15:29:02.0682 1700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:29:02.0698 1700 ProfSvc - ok
15:29:02.0698 1700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:29:02.0698 1700 ProtectedStorage - ok
15:29:02.0698 1700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:29:02.0698 1700 Psched - ok
15:29:02.0698 1700 [ 225D3660F926FE761BC8CE10C512AA02 ] PTSimBus C:\Windows\system32\DRIVERS\PTSimBus.sys
15:29:02.0698 1700 PTSimBus - ok
15:29:02.0714 1700 [ BD2194786ABAF4860F41118C0C103E7B ] PTSimHid C:\Windows\system32\DRIVERS\PTSimHid.sys
15:29:02.0714 1700 PTSimHid - ok
15:29:02.0714 1700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:29:02.0729 1700 ql2300 - ok
15:29:02.0729 1700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:29:02.0729 1700 ql40xx - ok
15:29:02.0745 1700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:29:02.0745 1700 QWAVE - ok
15:29:02.0745 1700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:29:02.0745 1700 QWAVEdrv - ok
15:29:02.0745 1700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:29:02.0745 1700 RasAcd - ok
15:29:02.0745 1700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:02.0745 1700 RasAgileVpn - ok
15:29:02.0745 1700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:29:02.0760 1700 RasAuto - ok
15:29:02.0760 1700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:02.0760 1700 Rasl2tp - ok
15:29:02.0760 1700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:29:02.0760 1700 RasMan - ok
15:29:02.0760 1700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:02.0776 1700 RasPppoe - ok
15:29:02.0776 1700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:29:02.0776 1700 RasSstp - ok
15:29:02.0776 1700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:29:02.0776 1700 rdbss - ok
15:29:02.0776 1700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:02.0776 1700 rdpbus - ok
15:29:02.0776 1700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:02.0776 1700 RDPCDD - ok
15:29:02.0792 1700 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:29:02.0792 1700 RDPDR - ok
15:29:02.0792 1700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:29:02.0792 1700 RDPENCDD - ok
15:29:02.0792 1700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:29:02.0792 1700 RDPREFMP - ok
15:29:02.0792 1700 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:29:02.0807 1700 RdpVideoMiniport - ok
15:29:02.0807 1700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:29:02.0807 1700 RDPWD - ok
15:29:02.0807 1700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:29:02.0807 1700 rdyboost - ok
15:29:02.0807 1700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:29:02.0823 1700 RemoteAccess - ok
15:29:02.0823 1700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:29:02.0823 1700 RemoteRegistry - ok
15:29:02.0823 1700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:29:02.0823 1700 RpcEptMapper - ok
15:29:02.0823 1700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:29:02.0823 1700 RpcLocator - ok
15:29:02.0838 1700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:29:02.0838 1700 RpcSs - ok
15:29:02.0838 1700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:29:02.0838 1700 rspndr - ok
15:29:02.0854 1700 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:29:02.0854 1700 RTL8167 - ok
15:29:02.0854 1700 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:29:02.0854 1700 s3cap - ok
15:29:02.0854 1700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:29:02.0854 1700 SamSs - ok
15:29:02.0854 1700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:29:02.0854 1700 sbp2port - ok
15:29:02.0854 1700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:29:02.0870 1700 SCardSvr - ok
15:29:02.0870 1700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:29:02.0870 1700 scfilter - ok
15:29:02.0870 1700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:29:02.0885 1700 Schedule - ok
15:29:02.0885 1700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:29:02.0885 1700 SCPolicySvc - ok
15:29:02.0885 1700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:29:02.0885 1700 SDRSVC - ok
15:29:02.0901 1700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:29:02.0901 1700 secdrv - ok
15:29:02.0901 1700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:29:02.0901 1700 seclogon - ok
15:29:02.0901 1700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:29:02.0901 1700 SENS - ok
15:29:02.0901 1700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:29:02.0901 1700 SensrSvc - ok
15:29:02.0901 1700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:29:02.0916 1700 Serenum - ok
15:29:02.0916 1700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:29:02.0916 1700 Serial - ok
15:29:02.0916 1700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:29:02.0916 1700 sermouse - ok
15:29:02.0916 1700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:29:02.0916 1700 SessionEnv - ok
15:29:02.0932 1700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:29:02.0932 1700 sffdisk - ok
15:29:02.0932 1700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:29:02.0932 1700 sffp_mmc - ok
15:29:02.0932 1700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:29:02.0932 1700 sffp_sd - ok
15:29:02.0932 1700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:29:02.0932 1700 sfloppy - ok
15:29:02.0932 1700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:29:02.0948 1700 SharedAccess - ok
15:29:02.0948 1700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:02.0948 1700 ShellHWDetection - ok
15:29:02.0948 1700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:29:02.0948 1700 SiSRaid2 - ok
15:29:02.0948 1700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:29:02.0963 1700 SiSRaid4 - ok
15:29:02.0963 1700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:29:02.0963 1700 SkypeUpdate - ok
15:29:02.0963 1700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:29:02.0963 1700 Smb - ok
15:29:02.0963 1700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:29:02.0979 1700 SNMPTRAP - ok
15:29:02.0979 1700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:29:02.0979 1700 spldr - ok
15:29:02.0979 1700 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
15:29:02.0979 1700 Spooler - ok
15:29:03.0010 1700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:29:03.0026 1700 sppsvc - ok
15:29:03.0041 1700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:29:03.0041 1700 sppuinotify - ok
15:29:03.0041 1700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:29:03.0041 1700 srv - ok
15:29:03.0057 1700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:29:03.0057 1700 srv2 - ok
15:29:03.0057 1700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:29:03.0057 1700 srvnet - ok
15:29:03.0057 1700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:29:03.0072 1700 SSDPSRV - ok
15:29:03.0072 1700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:29:03.0072 1700 SstpSvc - ok
15:29:03.0072 1700 Steam Client Service - ok
15:29:03.0072 1700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:29:03.0072 1700 stexstor - ok
15:29:03.0088 1700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:29:03.0088 1700 stisvc - ok
15:29:03.0088 1700 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:29:03.0088 1700 storflt - ok
15:29:03.0088 1700 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:29:03.0088 1700 storvsc - ok
15:29:03.0088 1700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:29:03.0088 1700 swenum - ok
15:29:03.0104 1700 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:29:03.0150 1700 SwitchBoard - ok
15:29:03.0166 1700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:29:03.0166 1700 swprv - ok
15:29:03.0166 1700 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
15:29:03.0166 1700 Synth3dVsc - ok
15:29:03.0182 1700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:29:03.0197 1700 SysMain - ok
15:29:03.0197 1700 Tablet2k - ok
15:29:03.0197 1700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:03.0197 1700 TabletInputService - ok
15:29:03.0213 1700 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
15:29:03.0213 1700 tap0901 - ok
15:29:03.0213 1700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:29:03.0213 1700 TapiSrv - ok
15:29:03.0228 1700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:29:03.0228 1700 TBS - ok
15:29:03.0228 1700 [ 530A7F0966493DD437E4342F12CCD63B ] TClass2k C:\Windows\system32\DRIVERS\TClass2k.sys
15:29:03.0228 1700 TClass2k - ok
15:29:03.0244 1700 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:29:03.0260 1700 Tcpip - ok
15:29:03.0275 1700 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:29:03.0275 1700 TCPIP6 - ok
15:29:03.0275 1700 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:29:03.0275 1700 tcpipreg - ok
15:29:03.0275 1700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:29:03.0291 1700 TDPIPE - ok
15:29:03.0291 1700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:29:03.0291 1700 TDTCP - ok
15:29:03.0291 1700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:29:03.0291 1700 tdx - ok
15:29:03.0322 1700 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:29:03.0322 1700 TeamViewer7 - ok
15:29:03.0322 1700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:29:03.0322 1700 TermDD - ok
15:29:03.0338 1700 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
15:29:03.0338 1700 terminpt - ok
15:29:03.0338 1700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:29:03.0338 1700 TermService - ok
15:29:03.0353 1700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:29:03.0353 1700 Themes - ok
15:29:03.0353 1700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:29:03.0353 1700 THREADORDER - ok
15:29:03.0353 1700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:29:03.0353 1700 TrkWks - ok
15:29:03.0353 1700 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
15:29:03.0353 1700 truecrypt - ok
15:29:03.0369 1700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:03.0369 1700 TrustedInstaller - ok
15:29:03.0369 1700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:03.0369 1700 tssecsrv - ok
15:29:03.0369 1700 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:29:03.0369 1700 TsUsbFlt - ok
15:29:03.0369 1700 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:29:03.0369 1700 TsUsbGD - ok
15:29:03.0384 1700 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
15:29:03.0384 1700 tsusbhub - ok
15:29:03.0384 1700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:29:03.0384 1700 tunnel - ok
15:29:03.0384 1700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:29:03.0384 1700 uagp35 - ok
15:29:03.0384 1700 [ 01662B4865FDB282677B11CF416757CE ] UCTblHid C:\Windows\system32\DRIVERS\UCTblHid.sys
15:29:03.0384 1700 UCTblHid - ok
15:29:03.0400 1700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:29:03.0400 1700 udfs - ok
15:29:03.0400 1700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:29:03.0400 1700 UI0Detect - ok
15:29:03.0400 1700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:29:03.0400 1700 uliagpkx - ok
15:29:03.0400 1700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:29:03.0400 1700 umbus - ok
15:29:03.0416 1700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:29:03.0416 1700 UmPass - ok
15:29:03.0416 1700 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:29:03.0416 1700 UmRdpService - ok
15:29:03.0416 1700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:29:03.0431 1700 upnphost - ok
15:29:03.0431 1700 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:29:03.0431 1700 USBAAPL64 - ok
15:29:03.0431 1700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:03.0431 1700 usbccgp - ok
15:29:03.0447 1700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:29:03.0447 1700 usbcir - ok
15:29:03.0447 1700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:29:03.0447 1700 usbehci - ok
15:29:03.0447 1700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:29:03.0462 1700 usbhub - ok
15:29:03.0462 1700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:29:03.0462 1700 usbohci - ok
15:29:03.0462 1700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:29:03.0462 1700 usbprint - ok
15:29:03.0478 1700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:03.0478 1700 USBSTOR - ok
15:29:03.0478 1700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:29:03.0478 1700 usbuhci - ok
15:29:03.0478 1700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:29:03.0494 1700 UxSms - ok
15:29:03.0494 1700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:29:03.0494 1700 VaultSvc - ok
15:29:03.0494 1700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:29:03.0494 1700 vdrvroot - ok
15:29:03.0494 1700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:29:03.0494 1700 vds - ok
15:29:03.0509 1700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:03.0509 1700 vga - ok
15:29:03.0509 1700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:29:03.0509 1700 VgaSave - ok
15:29:03.0509 1700 VGPU - ok
15:29:03.0509 1700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:29:03.0509 1700 vhdmp - ok
15:29:03.0509 1700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:29:03.0525 1700 viaide - ok
15:29:03.0525 1700 [ F307DA7E96BC760B4628E204E234DCD0 ] Virtual Router C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
15:29:03.0525 1700 Virtual Router - ok
15:29:03.0525 1700 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:29:03.0525 1700 vmbus - ok
15:29:03.0540 1700 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:29:03.0540 1700 VMBusHID - ok
15:29:03.0540 1700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:29:03.0540 1700 volmgr - ok
15:29:03.0540 1700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:29:03.0540 1700 volmgrx - ok
15:29:03.0556 1700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:29:03.0556 1700 volsnap - ok
15:29:03.0556 1700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:29:03.0556 1700 vsmraid - ok
15:29:03.0572 1700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:29:03.0587 1700 VSS - ok
15:29:03.0587 1700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:29:03.0587 1700 vwifibus - ok
15:29:03.0587 1700 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:29:03.0587 1700 vwififlt - ok
15:29:03.0587 1700 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:29:03.0587 1700 vwifimp - ok
15:29:03.0603 1700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:29:03.0603 1700 W32Time - ok
15:29:03.0603 1700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:29:03.0603 1700 WacomPen - ok
15:29:03.0603 1700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:29:03.0603 1700 WANARP - ok
15:29:03.0603 1700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:29:03.0603 1700 Wanarpv6 - ok
15:29:03.0618 1700 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:29:03.0634 1700 WatAdminSvc - ok
15:29:03.0650 1700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:29:03.0650 1700 wbengine - ok
15:29:03.0650 1700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:29:03.0665 1700 WbioSrvc - ok
15:29:03.0665 1700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:29:03.0665 1700 wcncsvc - ok
15:29:03.0665 1700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:03.0665 1700 WcsPlugInService - ok
15:29:03.0665 1700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:29:03.0681 1700 Wd - ok
15:29:03.0681 1700 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:29:03.0681 1700 Wdf01000 - ok
15:29:03.0681 1700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:29:03.0681 1700 WdiServiceHost - ok
15:29:03.0696 1700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:29:03.0696 1700 WdiSystemHost - ok
15:29:03.0696 1700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:29:03.0696 1700 WebClient - ok
15:29:03.0696 1700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:29:03.0712 1700 Wecsvc - ok
15:29:03.0712 1700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:29:03.0712 1700 wercplsupport - ok
15:29:03.0712 1700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:29:03.0712 1700 WerSvc - ok
15:29:03.0712 1700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:03.0712 1700 WfpLwf - ok
15:29:03.0712 1700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:29:03.0712 1700 WIMMount - ok
15:29:03.0728 1700 WinDefend - ok
15:29:03.0728 1700 WinHttpAutoProxySvc - ok
15:29:03.0728 1700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:29:03.0728 1700 Winmgmt - ok
15:29:03.0759 1700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:29:03.0759 1700 WinRM - ok
15:29:03.0774 1700 [ CB539777611F6D816CECECE060DC6ECF ] WinTabService C:\Windows\System32\Drivers\WTSRV.EXE
15:29:03.0790 1700 WinTabService - ok
15:29:03.0790 1700 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:29:03.0790 1700 WinUsb - ok
15:29:03.0806 1700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:29:03.0806 1700 Wlansvc - ok
15:29:03.0806 1700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:29:03.0806 1700 WmiAcpi - ok
15:29:03.0821 1700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:29:03.0821 1700 wmiApSrv - ok
15:29:03.0821 1700 WMPNetworkSvc - ok
15:29:03.0821 1700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:29:03.0821 1700 WPCSvc - ok
15:29:03.0821 1700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:29:03.0821 1700 WPDBusEnum - ok
15:29:03.0837 1700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:29:03.0837 1700 ws2ifsl - ok
15:29:03.0837 1700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:29:03.0837 1700 wscsvc - ok
15:29:03.0837 1700 WSearch - ok
15:29:03.0852 1700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:29:03.0868 1700 wuauserv - ok
15:29:03.0884 1700 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:29:03.0884 1700 WudfPf - ok
15:29:03.0884 1700 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:03.0884 1700 WUDFRd - ok
15:29:03.0884 1700 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:29:03.0884 1700 wudfsvc - ok
15:29:03.0884 1700 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:29:03.0899 1700 WwanSvc - ok
15:29:03.0899 1700 ================ Scan global ===============================
15:29:03.0899 1700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:29:03.0899 1700 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:29:03.0915 1700 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:29:03.0915 1700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:29:03.0915 1700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:29:03.0915 1700 [Global] - ok
15:29:03.0915 1700 ================ Scan MBR ==================================
15:29:03.0915 1700 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:29:03.0993 1700 \Device\Harddisk0\DR0 - ok
15:29:04.0008 1700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:29:04.0227 1700 \Device\Harddisk1\DR1 - ok
15:29:04.0227 1700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
15:29:04.0289 1700 \Device\Harddisk2\DR2 - ok
15:29:04.0305 1700 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk3\DR3
15:29:04.0445 1700 \Device\Harddisk3\DR3 - ok
15:29:04.0445 1700 ================ Scan VBR ==================================
15:29:04.0445 1700 [ 15B12BC06075BF0F1DC4686E1174F918 ] \Device\Harddisk0\DR0\Partition1
15:29:04.0445 1700 \Device\Harddisk0\DR0\Partition1 - ok
15:29:04.0445 1700 [ 2BAFAE1D3C941E26D191BE99FA0486C0 ] \Device\Harddisk1\DR1\Partition1
15:29:04.0461 1700 \Device\Harddisk1\DR1\Partition1 - ok
15:29:04.0461 1700 [ 8C7E65371CFC68DDE1696954C4F5C908 ] \Device\Harddisk2\DR2\Partition1
15:29:04.0461 1700 \Device\Harddisk2\DR2\Partition1 - ok
15:29:04.0461 1700 [ 271E9EAC727651C4C0032926B4D4D9A6 ] \Device\Harddisk3\DR3\Partition1
15:29:04.0461 1700 \Device\Harddisk3\DR3\Partition1 - ok
15:29:04.0461 1700 ============================================================
15:29:04.0461 1700 Scan finished
15:29:04.0461 1700 ============================================================
15:29:04.0476 2240 Detected object count: 0
15:29:04.0476 2240 Actual detected object count: 0
15:29:11.0169 3780 Deinitialize success

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 November 2012 - 06:44 PM

Note: If you have changed the file path to XXXXXXX then you will need to change it back to the correct name for the script to work


Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DirLook::
C:\Users\XXXXXX\AppData\Roaming\RWBYTE
C:\Users\All Users\ALM


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT


Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 hahaimconfused

hahaimconfused
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 November 2012 - 08:27 PM

Combofix Log

ComboFix 12-11-06.03 - XXXXXXXX 11/06/2012 15:51:51.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8085.5173 [GMT -8:00]
Running from: c:\users\XXXXXXXX\Desktop\ComboFix.exe
Command switches used :: c:\users\XXXXXXXX\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 23:54 . 2012-11-06 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 07:33 . 2012-11-05 07:33 -------- d-----w- c:\programdata\RedGiant
2012-11-05 06:57 . 2012-11-05 06:57 -------- d-----w- c:\users\XXXXXXXX\AppData\Roaming\Malwarebytes
2012-11-05 06:57 . 2012-11-05 06:57 -------- d-----w- c:\programdata\Malwarebytes
2012-11-05 06:57 . 2012-11-05 06:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-05 06:57 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-05 03:24 . 2012-11-05 03:24 -------- d-----w- c:\programdata\ALM
2012-11-05 02:48 . 2012-11-05 02:48 -------- d-----w- c:\users\XXXXXXXX\AppData\Roaming\Thinstall
2012-11-05 02:48 . 2012-11-05 02:48 -------- d-----w- c:\users\XXXXXXXX\AppData\Local\Thinstall
2012-11-03 20:44 . 2012-11-03 22:15 -------- d-----w- c:\users\XXXXXXXX\AppData\Roaming\FileZilla
2012-11-01 18:51 . 2012-11-01 18:51 -------- d-----w- c:\users\XXXXXXXX\AppData\Roaming\U3
2012-10-30 05:16 . 2012-11-01 00:44 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-10-28 01:42 . 2012-11-05 19:19 -------- d-----w- c:\program files (x86)\LOVE
2012-10-20 08:30 . 2012-10-02 22:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3562B1FE-8528-4C16-A644-246561938F05}\gapaengine.dll
2012-10-11 17:48 . 2012-10-11 17:48 -------- d-----w- c:\users\XXXXXXXX\AppData\Roaming\MathWorks
2012-10-11 17:42 . 2012-10-11 17:42 -------- d-----w- c:\program files\MATLAB
2012-10-10 08:41 . 2012-10-10 08:46 -------- d-----w- c:\users\XXXXXXXX\AppData\Roaming\Audacity
2012-10-10 01:06 . 2012-10-10 01:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-10 01:06 . 2012-10-10 01:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-10 01:06 . 2012-10-10 01:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-10 01:06 . 2012-10-10 01:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-10 01:06 . 2012-10-10 01:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-10 01:06 . 2012-10-10 01:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-10 01:06 . 2012-10-10 01:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-10 01:06 . 2012-10-10 01:06 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-09 20:26 . 2012-10-09 20:26 -------- d-----w- c:\users\XXXXXXXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-07 18:18 . 2012-10-07 18:18 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-10-02 22:30 . 2012-10-02 22:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-17 02:52 . 2012-09-17 02:52 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-17 02:52 . 2012-09-17 02:52 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-17 02:52 . 2012-09-17 02:52 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-17 02:52 . 2012-09-17 02:52 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-17 02:52 . 2012-09-17 02:52 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-17 02:52 . 2012-09-17 02:52 188904 ----a-w- c:\windows\system32\java.exe
2012-09-10 19:01 . 2012-09-10 19:01 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-09-10 18:56 . 2012-09-10 18:56 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-10 18:56 . 2012-09-10 18:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 05:03 . 2012-03-21 03:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-23 10:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 10:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 10:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 10:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 10:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 10:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 10:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 10:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 10:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 10:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 10:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 10:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 10:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 10:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 10:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 10:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 10:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 10:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 10:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 10:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 10:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 10:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 09:18 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:18 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:18 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:01 . 2012-09-17 16:18 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 20:01 . 2012-08-21 20:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\All Users\ALM ----
.
.
---- Directory of c:\users\XXXXXXXX\AppData\Roaming\RWBYTE ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"WTClient"="WTClient.exe" [2009-10-30 32768]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-25 72192]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2011-04-20 1930240]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 54063019
*NewlyCreated* - 91117433
*Deregistered* - 54063019
*Deregistered* - 91117433
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 132.239.0.252 128.54.16.2
FF - ProfilePath - c:\users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.My Backup\
FF - ExtSQL: 2012-09-10 13:57; passifox@hanhuy.com; c:\users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.My Backup\extensions\passifox@hanhuy.com.xpi
FF - ExtSQL: 2012-09-10 13:57; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.My Backup\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:30,ef,0a,9c,a5,a2,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-06 15:55:26
ComboFix-quarantined-files.txt 2012-11-06 23:55
ComboFix2.txt 2012-11-05 19:20
.
Pre-Run: 51,863,781,376 bytes free
Post-Run: 52,699,361,280 bytes free
.
- - End Of File - - 511660B804A8BE45668C2565F94E09CC

MalwareBytes Log

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.06.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXXXXXXX :: LETH-PC [administrator]

Protection: Disabled

11/6/2012 3:56:47 PM
mbam-log-2012-11-06 (15-56-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200389
Time elapsed: 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Online Scanner

E:\Downloads\~~~~~~~\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\~~~~~~~\~~~~~~~~~~~.exe probably a variant of MSIL/Agent.EXEHAFM trojan
E:\Downloads\~~~~~~~\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\~~~~~~~\~~~~~~~~~~~.rar probably a variant of MSIL/Agent.EXEHAFM trojan

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 November 2012 - 08:36 PM

this is unusual

E:\Downloads\~~~~~~~\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\~~~~~~~\~~~~~~~~~~~.exe probably a variant of MSIL/Agent.EXEHAFM trojan
E:\Downloads\~~~~~~~\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\~~~~~~~\~~~~~~~~~~~.rar probably a variant of MSIL/Agent.EXEHAFM trojan

do the file paths contain characters that can't be read by the scanner or is there a file with the name ~~~~~~~ on your E:\ drive?

if so, I would recommend deleting them


How is the computer running now? Any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 hahaimconfused

hahaimconfused
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 November 2012 - 08:50 PM

I went ahead and deleted those files. It's running excellently right now. I'm not experiencing any slowdowns or any other notable issues.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 06 November 2012 - 08:52 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 hahaimconfused

hahaimconfused
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 November 2012 - 09:37 PM

Alright then, thank you very much for the help!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 07 November 2012 - 06:59 AM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 07 November 2012 - 06:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users