Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible MBR Rootkit


  • This topic is locked This topic is locked
76 replies to this topic

#1 naruto2715

naruto2715

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 09 November 2012 - 06:05 AM

hi

http://www.bleepingcomputer.com/forums/topic472946.html/page__pid__2889033#top ....


i did not Create a GMER Log since it is only for (32-bit versions of Windows only).....the dds.txt, attach.txt is below....

-----------------------------------------------------------------------------------------

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by rkb at 22:39:07 on 2012-11-08
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.3959.2340 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_35a1fb3404aa1180\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_35a1fb3404aa1180\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://in.yahoo.com/?p=us
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DA62C475-8E7D-4DC6-A281-B2C215EEF24C} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-8 370288]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_35a1fb3404aa1180\AESTSr64.exe [2012-10-17 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-17 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-8 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-8 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-8 44808]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-10-17 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-10-17 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-8 984144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-17 35104]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-17 325152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-21 59392]
.
=============== Created Last 30 ================
.
2012-11-08 12:16:23 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-11-08 12:16:18 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-11-08 12:16:17 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-11-08 12:16:03 41224 ----a-w- C:\Windows\avastSS.scr
2012-11-08 12:15:52 -------- d-----w- C:\Program Files\AVAST Software
2012-11-06 15:41:59 89088 ----a-w- C:\mbr.exe
2012-11-06 12:57:39 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61450EEF-FC8D-4962-A4D3-F129613ED167}\mpengine.dll
2012-10-27 09:28:25 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-10-27 09:28:25 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-10-27 09:28:25 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-27 09:28:24 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-10-27 09:28:24 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-10-27 09:28:23 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-10-26 15:12:51 -------- d-----w- C:\Windows\System32\SPReview
2012-10-25 16:10:14 -------- d-----w- C:\Windows\System32\EventProviders
2012-10-24 11:56:45 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-10-24 11:56:45 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-10-24 11:56:45 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-10-22 23:48:18 -------- d-----w- C:\ProgramData\MemeoCommon
2012-10-22 23:46:49 -------- d-----w- C:\Users\rkb\AppData\Roaming\Memeo
2012-10-22 22:51:19 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-10-22 22:21:59 -------- d-----w- C:\Users\rkb\AppData\Local\Promosoft Corporation
2012-10-22 21:30:33 -------- d-----w- C:\ProgramData\HitmanPro
2012-10-22 21:26:13 -------- d-----w- C:\Users\rkb\AppData\Roaming\Malwarebytes
2012-10-22 21:25:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-21 18:24:59 933888 ----a-w- C:\Windows\System32\sqlsrv32.dll
2012-10-21 18:23:59 78848 ----a-w- C:\Windows\System32\hbaapi.dll
2012-10-21 18:22:59 38912 ----a-w- C:\Windows\System32\drivers\CompositeBus.sys
2012-10-21 18:20:55 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-10-21 18:20:55 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-10-21 18:20:50 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-10-21 17:56:26 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-10-20 15:37:56 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-10-20 15:29:45 -------- d-----r- C:\Program Files (x86)\Skype
2012-10-18 05:38:22 -------- d-----w- C:\Windows\Panther
2012-10-18 05:37:55 -------- d-----w- C:\Windows\System32\oem
2012-10-17 22:53:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-10-17 22:53:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-10-17 22:53:37 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-10-17 22:53:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-10-17 22:53:36 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-10-17 21:13:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-17 20:01:24 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-10-17 20:01:23 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-10-17 20:01:23 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-10-17 20:01:15 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-10-17 20:01:15 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-10-17 20:01:12 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-10-17 19:59:16 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2012-10-17 19:59:16 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2012-10-17 19:59:15 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2012-10-17 19:59:15 1118720 ----a-w- C:\Windows\System32\sbe.dll
2012-10-17 19:59:14 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2012-10-17 19:59:14 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2012-10-17 19:58:52 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-10-17 19:58:49 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-10-17 19:58:43 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-10-17 19:58:43 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-10-17 19:58:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-17 19:58:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-17 19:58:05 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-10-17 19:58:05 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-10-17 19:58:01 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-17 19:58:01 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-17 19:57:58 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-10-17 19:57:57 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-10-17 19:57:05 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-10-17 19:57:05 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-10-17 19:57:04 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-10-17 19:57:04 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-10-17 19:57:00 395776 ----a-w- C:\Windows\System32\webio.dll
2012-10-17 19:57:00 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-10-17 19:55:51 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-10-17 19:54:57 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-10-17 19:54:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-10-17 19:53:15 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-10-17 19:53:15 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-10-17 19:51:48 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-10-17 19:51:48 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-10-17 19:51:47 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-10-17 19:51:46 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-10-17 19:51:46 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-10-17 19:51:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-17 19:51:11 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-10-17 19:51:11 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-10-17 19:51:11 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-10-17 19:46:45 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-10-17 19:46:45 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-17 19:44:58 2871808 ----a-w- C:\Windows\explorer.exe
2012-10-17 19:44:58 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-10-17 19:44:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-10-17 19:44:55 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-10-17 19:44:52 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-10-17 19:44:51 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-10-17 19:44:14 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-10-17 19:44:14 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-10-17 19:44:13 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-10-17 19:44:13 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-10-17 19:42:40 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-10-17 19:42:40 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-10-17 19:42:12 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-10-17 19:42:12 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-10-17 19:42:12 296960 ----a-w- C:\Windows\System32\rstrui.exe
2012-10-17 19:36:04 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-17 19:36:03 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-17 19:36:03 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-17 19:36:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-17 19:36:02 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-17 19:36:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-17 19:23:55 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-10-17 19:23:32 -------- d-----w- C:\Users\rkb\AppData\Roaming\uTorrent
2012-10-17 19:16:55 -------- d-----w- C:\ProgramData\AVAST Software
2012-10-17 18:45:22 -------- d-----w- C:\Users\rkb\AppData\Local\Microsoft Games
2012-10-17 18:44:33 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-17 18:44:33 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-17 18:34:23 -------- d-----w- C:\Windows\PCHEALTH
2012-10-17 18:34:14 -------- d-----w- C:\Users\rkb\AppData\Local\Google
2012-10-17 18:33:42 -------- d-----w- C:\Users\rkb\AppData\Local\Apps
2012-10-17 18:33:41 -------- d-----w- C:\Users\rkb\AppData\Local\Deployment
2012-10-17 18:32:34 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-10-17 18:32:09 -------- d-----w- C:\Windows\SHELLNEW
2012-10-17 18:31:55 -------- d-----w- C:\Users\rkb\AppData\Local\Microsoft Help
2012-10-17 18:15:30 74 --sh--r- C:\Windows\CT4CET.bin
2012-10-17 18:14:30 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-10-17 18:14:20 -------- d-----w- C:\Program Files (x86)\Common Files\Reallusion
2012-10-17 18:13:41 -------- d-----w- C:\Program Files (x86)\Creative
2012-10-17 18:12:17 -------- d-----w- C:\Program Files (x86)\Dell Webcam
2012-10-17 18:12:14 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys
2012-10-17 18:12:14 172704 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys
2012-10-17 18:12:08 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2012-10-17 18:11:12 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-10-17 18:11:12 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-10-17 18:11:12 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-10-17 18:11:12 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-10-17 18:11:12 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-10-17 18:11:11 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-10-17 18:11:10 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-10-17 18:11:10 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-10-17 18:01:35 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2012-10-17 18:01:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-10-17 18:01:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-10-17 18:01:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-10-17 17:59:39 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-10-17 17:59:39 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-10-17 17:59:39 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-10-17 17:56:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-10-17 17:56:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-10-17 17:56:30 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-10-17 17:56:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-10-17 17:53:17 -------- d-----w- C:\Users\rkb\AppData\Local\ATI
2012-10-17 17:46:15 0 ----a-w- C:\Windows\ativpsrm.bin
2012-10-17 17:44:00 -------- d-----w- C:\Users\rkb\AppData\Local\Broadcom
2012-10-17 17:43:43 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-10-17 17:43:43 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-10-17 17:43:43 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-10-17 17:43:43 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-10-17 17:43:26 -------- d-----w- C:\Program Files\WIDCOMM
2012-10-17 17:36:29 -------- d-----w- C:\Program Files\Synaptics
2012-10-17 17:36:10 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-10-17 17:36:10 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-10-17 17:36:10 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-10-17 17:36:10 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-10-17 17:36:10 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-10-17 17:36:09 396584 ----a-w- C:\Windows\System32\SynCOM.dll
2012-10-17 17:36:09 263464 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-10-17 17:36:08 207144 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-10-17 17:36:07 301104 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-10-17 17:31:40 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-10-17 17:31:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-10-17 17:31:04 -------- d-----w- C:\Program Files\ATI Technologies
2012-10-17 17:31:00 -------- d-----w- C:\Program Files\ATI
2012-10-17 17:29:58 19901952 ----a-w- C:\Windows\System32\atio6axx.dll
2012-10-17 17:26:36 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-10-17 17:26:36 325152 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-10-17 17:26:36 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-10-17 17:26:33 -------- d-----w- C:\Program Files (x86)\Realtek
2012-10-17 17:23:04 -------- d-----w- C:\Program Files (x86)\Cisco
2012-10-17 17:09:36 20984 ----a-w- C:\Windows\System32\drivers\bcmvwl64.sys
2012-10-17 17:08:13 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-10-17 17:07:24 -------- d-----w- C:\Intel
2012-10-17 17:01:45 45056 ----a-r- C:\Users\rkb\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-10-17 17:01:44 -------- d-----w- C:\Windows\SysWow64\vmm32
2012-10-17 17:01:44 -------- d-----w- C:\Program Files (x86)\Dell
2012-10-17 17:01:15 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M ====================
.
2012-10-26 15:16:38 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-10-26 15:16:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 22:39:26.75 =============== ---------------------------------------------------------------

Attached File  attach.txt   6.8KB   3 downloads


rmb

Edited by naruto2715, 09 November 2012 - 06:15 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:01 PM

Posted 10 November 2012 - 04:10 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 14 November 2012 - 04:29 PM

hi catbyte

thank you for the reply .

pls do not close the topic ...sorry, could not reply immediately ...i shall post the FRST.txt and Search.txt by tommorow but before that should i do the above steps with the External hard drive (320 gb) or without the External hard drive (320 gb) as i think the external hard dirve also has MBR problem ?. :)


rmb

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:01 PM

Posted 14 November 2012 - 06:59 PM

do it with out the drive plugged in to begin with

unless the external hard drive is bootable, then it wont have an MBR problem, but it might have infected files,

we can check it after

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 15 November 2012 - 02:12 PM

hi catbyte

successfully done the process and both the logs FRST.txt and Search.txt is below.

i want to download Adobe PDF can i download it ?


Farbar Recovery Scan Tool (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-16 00:18:27
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Attached File  FRST.txt   231.66KB   4 downloads

rmb

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:01 PM

Posted 15 November 2012 - 05:55 PM

i want to download Adobe PDF can i download it ?

wait for a day or so, so that we can be certain nothing will interfere with the installation

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 15 November 2012 - 07:34 PM

hi

"wait for a day or so, so that we can be certain nothing will interfere with the installation"
ok i will wait as you say.


did the above steps and both the logs TDSSKiller.exe and ComboFix.exe is below.

but i did not get anything like this

" If Malicious objects are found then ensure Cure is selected
If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)"

after scanning the TDSSKiller.exe log was created thats it.
is it correct ?


also this box did not appear
" ComboFix is backing up the Windows Registry " instead it went directly to the next step "auto scan".



05:13:41.0583 4288 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
05:13:43.0595 4288 ============================================================
05:13:43.0595 4288 Current date / time: 2012/11/16 05:13:43.0595
05:13:43.0595 4288 SystemInfo:
05:13:43.0595 4288
05:13:43.0595 4288 OS Version: 6.1.7601 ServicePack: 1.0
05:13:43.0595 4288 Product type: Workstation
05:13:43.0595 4288 ComputerName: RKB-PC
05:13:43.0595 4288 UserName: rkb
05:13:43.0595 4288 Windows directory: C:\Windows
05:13:43.0595 4288 System windows directory: C:\Windows
05:13:43.0595 4288 Running under WOW64
05:13:43.0595 4288 Processor architecture: Intel x64
05:13:43.0595 4288 Number of processors: 4
05:13:43.0595 4288 Page size: 0x1000
05:13:43.0595 4288 Boot type: Normal boot
05:13:43.0595 4288 ============================================================
05:13:44.0734 4288 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:13:44.0812 4288 ============================================================
05:13:44.0812 4288 \Device\Harddisk0\DR0:
05:13:44.0812 4288 MBR partitions:
05:13:44.0812 4288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:13:44.0812 4288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CD800
05:13:44.0812 4288 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xC42D800
05:13:44.0843 4288 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x18C2E800, BlocksNum 0xC7FF000
05:13:44.0843 4288 ============================================================
05:13:44.0890 4288 C: <-> \Device\Harddisk0\DR0\Partition3
05:13:44.0921 4288 D: <-> \Device\Harddisk0\DR0\Partition2
05:13:44.0921 4288 ============================================================
05:13:44.0921 4288 Initialize success
05:13:44.0921 4288 ============================================================
05:15:03.0010 3264 ============================================================
05:15:03.0010 3264 Scan started
05:15:03.0010 3264 Mode: Manual; TDLFS;
05:15:03.0010 3264 ============================================================
05:15:03.0494 3264 ================ Scan system memory ========================
05:15:03.0494 3264 System memory - ok
05:15:03.0494 3264 ================ Scan services =============================
05:15:03.0634 3264 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
05:15:03.0634 3264 1394ohci - ok
05:15:03.0666 3264 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
05:15:03.0666 3264 ACPI - ok
05:15:03.0697 3264 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
05:15:03.0697 3264 AcpiPmi - ok
05:15:03.0806 3264 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
05:15:03.0822 3264 AdobeFlashPlayerUpdateSvc - ok
05:15:03.0868 3264 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
05:15:03.0868 3264 adp94xx - ok
05:15:03.0900 3264 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
05:15:03.0900 3264 adpahci - ok
05:15:03.0915 3264 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
05:15:03.0915 3264 adpu320 - ok
05:15:03.0946 3264 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
05:15:03.0946 3264 AeLookupSvc - ok
05:15:04.0024 3264 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_35a1fb3404aa1180\AESTSr64.exe
05:15:04.0024 3264 AESTFilters - ok
05:15:04.0071 3264 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
05:15:04.0087 3264 AFD - ok
05:15:04.0118 3264 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
05:15:04.0118 3264 agp440 - ok
05:15:04.0149 3264 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
05:15:04.0149 3264 ALG - ok
05:15:04.0180 3264 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
05:15:04.0180 3264 aliide - ok
05:15:04.0227 3264 [ 388E79AF1C9E4D84A8559FA77F804CF6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
05:15:04.0227 3264 AMD External Events Utility - ok
05:15:04.0274 3264 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
05:15:04.0274 3264 amdide - ok
05:15:04.0321 3264 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
05:15:04.0321 3264 AmdK8 - ok
05:15:04.0508 3264 [ 79A11CB10FF02A8425DABBB040249F7D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
05:15:04.0664 3264 amdkmdag - ok
05:15:04.0695 3264 [ 6F6D47246FBB0CF65619684A0F89179E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
05:15:04.0695 3264 amdkmdap - ok
05:15:04.0742 3264 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
05:15:04.0742 3264 AmdPPM - ok
05:15:04.0789 3264 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
05:15:04.0789 3264 amdsata - ok
05:15:04.0820 3264 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
05:15:04.0820 3264 amdsbs - ok
05:15:04.0836 3264 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
05:15:04.0836 3264 amdxata - ok
05:15:04.0882 3264 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
05:15:04.0882 3264 AppID - ok
05:15:04.0914 3264 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
05:15:04.0914 3264 AppIDSvc - ok
05:15:04.0929 3264 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
05:15:04.0945 3264 Appinfo - ok
05:15:04.0976 3264 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
05:15:04.0976 3264 arc - ok
05:15:04.0992 3264 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
05:15:04.0992 3264 arcsas - ok
05:15:05.0023 3264 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
05:15:05.0023 3264 aswFsBlk - ok
05:15:05.0070 3264 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
05:15:05.0070 3264 aswMonFlt - ok
05:15:05.0085 3264 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
05:15:05.0085 3264 aswRdr - ok
05:15:05.0163 3264 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
05:15:05.0163 3264 aswSnx - ok
05:15:05.0179 3264 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
05:15:05.0179 3264 aswSP - ok
05:15:05.0194 3264 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
05:15:05.0194 3264 aswTdi - ok
05:15:05.0226 3264 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
05:15:05.0226 3264 AsyncMac - ok
05:15:05.0257 3264 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
05:15:05.0257 3264 atapi - ok
05:15:05.0304 3264 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
05:15:05.0304 3264 AtiHdmiService - ok
05:15:05.0350 3264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:15:05.0350 3264 AudioEndpointBuilder - ok
05:15:05.0366 3264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
05:15:05.0366 3264 AudioSrv - ok
05:15:05.0428 3264 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
05:15:05.0428 3264 avast! Antivirus - ok
05:15:05.0475 3264 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
05:15:05.0475 3264 AxInstSV - ok
05:15:05.0538 3264 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
05:15:05.0538 3264 b06bdrv - ok
05:15:05.0584 3264 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
05:15:05.0584 3264 b57nd60a - ok
05:15:05.0647 3264 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
05:15:05.0647 3264 BCM42RLY - ok
05:15:05.0740 3264 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
05:15:05.0756 3264 BCM43XX - ok
05:15:05.0818 3264 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
05:15:05.0818 3264 BcmVWL - ok
05:15:05.0850 3264 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
05:15:05.0850 3264 BDESVC - ok
05:15:05.0896 3264 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
05:15:05.0896 3264 Beep - ok
05:15:05.0959 3264 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
05:15:05.0959 3264 BFE - ok
05:15:06.0021 3264 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
05:15:06.0021 3264 BITS - ok
05:15:06.0052 3264 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
05:15:06.0052 3264 blbdrive - ok
05:15:06.0084 3264 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
05:15:06.0084 3264 bowser - ok
05:15:06.0130 3264 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:15:06.0130 3264 BrFiltLo - ok
05:15:06.0130 3264 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:15:06.0130 3264 BrFiltUp - ok
05:15:06.0177 3264 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
05:15:06.0177 3264 Browser - ok
05:15:06.0193 3264 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
05:15:06.0193 3264 Brserid - ok
05:15:06.0208 3264 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
05:15:06.0208 3264 BrSerWdm - ok
05:15:06.0208 3264 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
05:15:06.0208 3264 BrUsbMdm - ok
05:15:06.0240 3264 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
05:15:06.0240 3264 BrUsbSer - ok
05:15:06.0286 3264 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
05:15:06.0286 3264 BthEnum - ok
05:15:06.0302 3264 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
05:15:06.0302 3264 BTHMODEM - ok
05:15:06.0333 3264 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
05:15:06.0333 3264 BthPan - ok
05:15:06.0364 3264 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
05:15:06.0364 3264 BTHPORT - ok
05:15:06.0411 3264 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
05:15:06.0411 3264 bthserv - ok
05:15:06.0427 3264 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
05:15:06.0427 3264 BTHUSB - ok
05:15:06.0474 3264 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
05:15:06.0474 3264 btwaudio - ok
05:15:06.0505 3264 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
05:15:06.0505 3264 btwavdt - ok
05:15:06.0583 3264 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
05:15:06.0598 3264 btwdins - ok
05:15:06.0630 3264 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
05:15:06.0645 3264 btwl2cap - ok
05:15:06.0661 3264 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
05:15:06.0676 3264 btwrchid - ok
05:15:06.0692 3264 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
05:15:06.0692 3264 cdfs - ok
05:15:06.0754 3264 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
05:15:06.0754 3264 cdrom - ok
05:15:06.0786 3264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
05:15:06.0786 3264 CertPropSvc - ok
05:15:06.0817 3264 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
05:15:06.0817 3264 circlass - ok
05:15:06.0864 3264 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
05:15:06.0879 3264 CLFS - ok
05:15:06.0957 3264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:15:06.0957 3264 clr_optimization_v2.0.50727_32 - ok
05:15:07.0004 3264 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:15:07.0004 3264 clr_optimization_v2.0.50727_64 - ok
05:15:07.0082 3264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:15:07.0082 3264 clr_optimization_v4.0.30319_32 - ok
05:15:07.0129 3264 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:15:07.0129 3264 clr_optimization_v4.0.30319_64 - ok
05:15:07.0160 3264 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
05:15:07.0160 3264 CmBatt - ok
05:15:07.0191 3264 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
05:15:07.0191 3264 cmdide - ok
05:15:07.0254 3264 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
05:15:07.0254 3264 CNG - ok
05:15:07.0285 3264 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
05:15:07.0285 3264 Compbatt - ok
05:15:07.0332 3264 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
05:15:07.0347 3264 CompositeBus - ok
05:15:07.0363 3264 COMSysApp - ok
05:15:07.0378 3264 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
05:15:07.0378 3264 crcdisk - ok
05:15:07.0425 3264 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
05:15:07.0425 3264 CryptSvc - ok
05:15:07.0472 3264 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
05:15:07.0472 3264 CtClsFlt - ok
05:15:07.0550 3264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
05:15:07.0566 3264 DcomLaunch - ok
05:15:07.0597 3264 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
05:15:07.0612 3264 defragsvc - ok
05:15:07.0659 3264 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
05:15:07.0659 3264 DfsC - ok
05:15:07.0722 3264 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
05:15:07.0722 3264 Dhcp - ok
05:15:07.0753 3264 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
05:15:07.0753 3264 discache - ok
05:15:07.0784 3264 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
05:15:07.0784 3264 Disk - ok
05:15:07.0815 3264 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
05:15:07.0815 3264 Dnscache - ok
05:15:07.0846 3264 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
05:15:07.0846 3264 dot3svc - ok
05:15:07.0878 3264 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
05:15:07.0893 3264 DPS - ok
05:15:07.0924 3264 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
05:15:07.0924 3264 drmkaud - ok
05:15:07.0987 3264 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
05:15:08.0002 3264 DXGKrnl - ok
05:15:08.0034 3264 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
05:15:08.0034 3264 EapHost - ok
05:15:08.0158 3264 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
05:15:08.0190 3264 ebdrv - ok
05:15:08.0221 3264 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
05:15:08.0221 3264 EFS - ok
05:15:08.0268 3264 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
05:15:08.0268 3264 elxstor - ok
05:15:08.0314 3264 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
05:15:08.0314 3264 ErrDev - ok
05:15:08.0392 3264 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
05:15:08.0392 3264 EventSystem - ok
05:15:08.0439 3264 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
05:15:08.0439 3264 exfat - ok
05:15:08.0470 3264 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
05:15:08.0470 3264 fastfat - ok
05:15:08.0533 3264 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
05:15:08.0548 3264 Fax - ok
05:15:08.0564 3264 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
05:15:08.0564 3264 fdc - ok
05:15:08.0595 3264 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
05:15:08.0595 3264 fdPHost - ok
05:15:08.0611 3264 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
05:15:08.0611 3264 FDResPub - ok
05:15:08.0626 3264 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
05:15:08.0626 3264 FileInfo - ok
05:15:08.0642 3264 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
05:15:08.0642 3264 Filetrace - ok
05:15:08.0673 3264 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
05:15:08.0673 3264 flpydisk - ok
05:15:08.0704 3264 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
05:15:08.0720 3264 FltMgr - ok
05:15:08.0767 3264 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
05:15:08.0782 3264 FontCache - ok
05:15:08.0829 3264 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:15:08.0845 3264 FontCache3.0.0.0 - ok
05:15:08.0860 3264 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
05:15:08.0876 3264 FsDepends - ok
05:15:08.0892 3264 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
05:15:08.0892 3264 Fs_Rec - ok
05:15:08.0938 3264 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
05:15:08.0938 3264 fvevol - ok
05:15:08.0985 3264 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
05:15:08.0985 3264 gagp30kx - ok
05:15:09.0032 3264 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
05:15:09.0048 3264 gpsvc - ok
05:15:09.0126 3264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:15:09.0126 3264 gupdate - ok
05:15:09.0126 3264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:15:09.0126 3264 gupdatem - ok
05:15:09.0157 3264 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
05:15:09.0157 3264 hcw85cir - ok
05:15:09.0219 3264 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:15:09.0219 3264 HdAudAddService - ok
05:15:09.0266 3264 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
05:15:09.0266 3264 HDAudBus - ok
05:15:09.0297 3264 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
05:15:09.0297 3264 HECIx64 - ok
05:15:09.0328 3264 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
05:15:09.0328 3264 HidBatt - ok
05:15:09.0328 3264 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
05:15:09.0328 3264 HidBth - ok
05:15:09.0344 3264 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
05:15:09.0344 3264 HidIr - ok
05:15:09.0360 3264 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
05:15:09.0360 3264 hidserv - ok
05:15:09.0422 3264 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
05:15:09.0422 3264 HidUsb - ok
05:15:09.0438 3264 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
05:15:09.0453 3264 hkmsvc - ok
05:15:09.0500 3264 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:15:09.0500 3264 HomeGroupListener - ok
05:15:09.0531 3264 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:15:09.0547 3264 HomeGroupProvider - ok
05:15:09.0578 3264 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
05:15:09.0578 3264 HpSAMD - ok
05:15:09.0625 3264 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
05:15:09.0640 3264 HTTP - ok
05:15:09.0672 3264 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
05:15:09.0672 3264 hwpolicy - ok
05:15:09.0718 3264 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
05:15:09.0734 3264 i8042prt - ok
05:15:09.0765 3264 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
05:15:09.0765 3264 iaStorV - ok
05:15:09.0828 3264 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:15:09.0843 3264 idsvc - ok
05:15:09.0874 3264 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
05:15:09.0874 3264 iirsp - ok
05:15:09.0921 3264 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
05:15:09.0937 3264 IKEEXT - ok
05:15:09.0968 3264 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
05:15:09.0968 3264 intelide - ok
05:15:09.0999 3264 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
05:15:09.0999 3264 intelppm - ok
05:15:10.0015 3264 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
05:15:10.0030 3264 IPBusEnum - ok
05:15:10.0062 3264 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:15:10.0062 3264 IpFilterDriver - ok
05:15:10.0108 3264 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
05:15:10.0124 3264 iphlpsvc - ok
05:15:10.0155 3264 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
05:15:10.0155 3264 IPMIDRV - ok
05:15:10.0171 3264 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
05:15:10.0186 3264 IPNAT - ok
05:15:10.0186 3264 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
05:15:10.0202 3264 IRENUM - ok
05:15:10.0218 3264 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
05:15:10.0218 3264 isapnp - ok
05:15:10.0249 3264 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
05:15:10.0249 3264 iScsiPrt - ok
05:15:10.0296 3264 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
05:15:10.0296 3264 kbdclass - ok
05:15:10.0342 3264 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
05:15:10.0342 3264 kbdhid - ok
05:15:10.0358 3264 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
05:15:10.0358 3264 KeyIso - ok
05:15:10.0389 3264 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
05:15:10.0389 3264 KSecDD - ok
05:15:10.0420 3264 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
05:15:10.0420 3264 KSecPkg - ok
05:15:10.0452 3264 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
05:15:10.0452 3264 ksthunk - ok
05:15:10.0483 3264 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
05:15:10.0498 3264 KtmRm - ok
05:15:10.0545 3264 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
05:15:10.0545 3264 LanmanServer - ok
05:15:10.0592 3264 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:15:10.0592 3264 LanmanWorkstation - ok
05:15:10.0654 3264 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
05:15:10.0654 3264 lltdio - ok
05:15:10.0686 3264 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
05:15:10.0701 3264 lltdsvc - ok
05:15:10.0732 3264 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
05:15:10.0732 3264 lmhosts - ok
05:15:10.0748 3264 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
05:15:10.0748 3264 LSI_FC - ok
05:15:10.0764 3264 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
05:15:10.0764 3264 LSI_SAS - ok
05:15:10.0764 3264 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:15:10.0764 3264 LSI_SAS2 - ok
05:15:10.0779 3264 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:15:10.0779 3264 LSI_SCSI - ok
05:15:10.0795 3264 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
05:15:10.0795 3264 luafv - ok
05:15:10.0826 3264 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
05:15:10.0826 3264 megasas - ok
05:15:10.0826 3264 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
05:15:10.0842 3264 MegaSR - ok
05:15:10.0904 3264 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
05:15:10.0904 3264 Microsoft Office Groove Audit Service - ok
05:15:10.0935 3264 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
05:15:10.0951 3264 MMCSS - ok
05:15:10.0966 3264 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
05:15:10.0966 3264 Modem - ok
05:15:10.0998 3264 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
05:15:10.0998 3264 monitor - ok
05:15:11.0029 3264 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
05:15:11.0029 3264 mouclass - ok
05:15:11.0044 3264 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
05:15:11.0044 3264 mouhid - ok
05:15:11.0091 3264 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
05:15:11.0091 3264 mountmgr - ok
05:15:11.0122 3264 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
05:15:11.0122 3264 mpio - ok
05:15:11.0154 3264 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
05:15:11.0154 3264 mpsdrv - ok
05:15:11.0200 3264 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
05:15:11.0216 3264 MpsSvc - ok
05:15:11.0247 3264 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
05:15:11.0247 3264 MRxDAV - ok
05:15:11.0278 3264 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
05:15:11.0278 3264 mrxsmb - ok
05:15:11.0310 3264 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:15:11.0310 3264 mrxsmb10 - ok
05:15:11.0325 3264 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:15:11.0325 3264 mrxsmb20 - ok
05:15:11.0356 3264 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
05:15:11.0356 3264 msahci - ok
05:15:11.0388 3264 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
05:15:11.0388 3264 msdsm - ok
05:15:11.0419 3264 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
05:15:11.0434 3264 MSDTC - ok
05:15:11.0466 3264 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
05:15:11.0481 3264 Msfs - ok
05:15:11.0497 3264 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
05:15:11.0512 3264 mshidkmdf - ok
05:15:11.0528 3264 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
05:15:11.0528 3264 msisadrv - ok
05:15:11.0575 3264 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
05:15:11.0575 3264 MSiSCSI - ok
05:15:11.0590 3264 msiserver - ok
05:15:11.0606 3264 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
05:15:11.0622 3264 MSKSSRV - ok
05:15:11.0622 3264 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
05:15:11.0622 3264 MSPCLOCK - ok
05:15:11.0653 3264 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
05:15:11.0653 3264 MSPQM - ok
05:15:11.0700 3264 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
05:15:11.0700 3264 MsRPC - ok
05:15:11.0731 3264 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
05:15:11.0731 3264 mssmbios - ok
05:15:11.0746 3264 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
05:15:11.0762 3264 MSTEE - ok
05:15:11.0778 3264 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
05:15:11.0778 3264 MTConfig - ok
05:15:11.0809 3264 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
05:15:11.0809 3264 Mup - ok
05:15:11.0840 3264 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
05:15:11.0856 3264 napagent - ok
05:15:11.0887 3264 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
05:15:11.0887 3264 NativeWifiP - ok
05:15:11.0949 3264 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
05:15:11.0965 3264 NDIS - ok
05:15:11.0996 3264 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
05:15:11.0996 3264 NdisCap - ok
05:15:12.0012 3264 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
05:15:12.0012 3264 NdisTapi - ok
05:15:12.0058 3264 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
05:15:12.0058 3264 Ndisuio - ok
05:15:12.0090 3264 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
05:15:12.0090 3264 NdisWan - ok
05:15:12.0105 3264 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
05:15:12.0121 3264 NDProxy - ok
05:15:12.0152 3264 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
05:15:12.0152 3264 NetBIOS - ok
05:15:12.0199 3264 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
05:15:12.0199 3264 NetBT - ok
05:15:12.0230 3264 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
05:15:12.0230 3264 Netlogon - ok
05:15:12.0261 3264 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
05:15:12.0277 3264 Netman - ok
05:15:12.0292 3264 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
05:15:12.0292 3264 netprofm - ok
05:15:12.0324 3264 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:15:12.0324 3264 NetTcpPortSharing - ok
05:15:12.0355 3264 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
05:15:12.0370 3264 nfrd960 - ok
05:15:12.0433 3264 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
05:15:12.0433 3264 NlaSvc - ok
05:15:12.0448 3264 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
05:15:12.0448 3264 Npfs - ok
05:15:12.0495 3264 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
05:15:12.0495 3264 nsi - ok
05:15:12.0526 3264 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
05:15:12.0526 3264 nsiproxy - ok
05:15:12.0589 3264 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
05:15:12.0620 3264 Ntfs - ok
05:15:12.0636 3264 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
05:15:12.0636 3264 Null - ok
05:15:12.0667 3264 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
05:15:12.0667 3264 nvraid - ok
05:15:12.0698 3264 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
05:15:12.0698 3264 nvstor - ok
05:15:12.0745 3264 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
05:15:12.0745 3264 nv_agp - ok
05:15:12.0823 3264 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:15:12.0823 3264 odserv - ok
05:15:12.0854 3264 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
05:15:12.0854 3264 ohci1394 - ok
05:15:12.0901 3264 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:15:12.0901 3264 ose - ok
05:15:12.0932 3264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
05:15:12.0948 3264 p2pimsvc - ok
05:15:12.0979 3264 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
05:15:12.0994 3264 p2psvc - ok
05:15:13.0010 3264 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
05:15:13.0010 3264 Parport - ok
05:15:13.0041 3264 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
05:15:13.0041 3264 partmgr - ok
05:15:13.0057 3264 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
05:15:13.0072 3264 PcaSvc - ok
05:15:13.0104 3264 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
05:15:13.0104 3264 pci - ok
05:15:13.0135 3264 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
05:15:13.0135 3264 pciide - ok
05:15:13.0166 3264 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
05:15:13.0166 3264 pcmcia - ok
05:15:13.0182 3264 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
05:15:13.0182 3264 pcw - ok
05:15:13.0197 3264 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
05:15:13.0213 3264 PEAUTH - ok
05:15:13.0291 3264 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
05:15:13.0291 3264 PerfHost - ok
05:15:13.0369 3264 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
05:15:13.0384 3264 pla - ok
05:15:13.0431 3264 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
05:15:13.0447 3264 PlugPlay - ok
05:15:13.0478 3264 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
05:15:13.0478 3264 PNRPAutoReg - ok
05:15:13.0509 3264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
05:15:13.0509 3264 PNRPsvc - ok
05:15:13.0556 3264 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
05:15:13.0572 3264 PolicyAgent - ok
05:15:13.0603 3264 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
05:15:13.0618 3264 Power - ok
05:15:13.0665 3264 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
05:15:13.0665 3264 PptpMiniport - ok
05:15:13.0696 3264 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
05:15:13.0696 3264 Processor - ok
05:15:13.0728 3264 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
05:15:13.0728 3264 ProfSvc - ok
05:15:13.0743 3264 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:15:13.0743 3264 ProtectedStorage - ok
05:15:13.0790 3264 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
05:15:13.0790 3264 Psched - ok
05:15:13.0852 3264 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
05:15:13.0884 3264 ql2300 - ok
05:15:13.0899 3264 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
05:15:13.0915 3264 ql40xx - ok
05:15:13.0946 3264 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
05:15:13.0946 3264 QWAVE - ok
05:15:13.0962 3264 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
05:15:13.0962 3264 QWAVEdrv - ok
05:15:13.0977 3264 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
05:15:13.0977 3264 RasAcd - ok
05:15:14.0024 3264 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
05:15:14.0024 3264 RasAgileVpn - ok
05:15:14.0040 3264 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
05:15:14.0055 3264 RasAuto - ok
05:15:14.0086 3264 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
05:15:14.0086 3264 Rasl2tp - ok
05:15:14.0133 3264 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
05:15:14.0149 3264 RasMan - ok
05:15:14.0180 3264 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
05:15:14.0180 3264 RasPppoe - ok
05:15:14.0196 3264 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
05:15:14.0196 3264 RasSstp - ok
05:15:14.0227 3264 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
05:15:14.0227 3264 rdbss - ok
05:15:14.0242 3264 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
05:15:14.0258 3264 rdpbus - ok
05:15:14.0274 3264 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
05:15:14.0274 3264 RDPCDD - ok
05:15:14.0289 3264 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
05:15:14.0289 3264 RDPENCDD - ok
05:15:14.0320 3264 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
05:15:14.0320 3264 RDPREFMP - ok
05:15:14.0352 3264 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
05:15:14.0352 3264 RDPWD - ok
05:15:14.0398 3264 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
05:15:14.0414 3264 rdyboost - ok
05:15:14.0476 3264 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
05:15:14.0476 3264 RemoteAccess - ok
05:15:14.0508 3264 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
05:15:14.0508 3264 RemoteRegistry - ok
05:15:14.0539 3264 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
05:15:14.0539 3264 RFCOMM - ok
05:15:14.0554 3264 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
05:15:14.0570 3264 RpcEptMapper - ok
05:15:14.0601 3264 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
05:15:14.0601 3264 RpcLocator - ok
05:15:14.0617 3264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
05:15:14.0632 3264 RpcSs - ok
05:15:14.0679 3264 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
05:15:14.0679 3264 rspndr - ok
05:15:14.0726 3264 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
05:15:14.0742 3264 RTL8167 - ok
05:15:14.0742 3264 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
05:15:14.0757 3264 SamSs - ok
05:15:14.0788 3264 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
05:15:14.0788 3264 sbp2port - ok
05:15:14.0820 3264 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
05:15:14.0835 3264 SCardSvr - ok
05:15:14.0866 3264 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
05:15:14.0866 3264 scfilter - ok
05:15:14.0929 3264 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
05:15:14.0960 3264 Schedule - ok
05:15:14.0991 3264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
05:15:14.0991 3264 SCPolicySvc - ok
05:15:15.0007 3264 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
05:15:15.0022 3264 SDRSVC - ok
05:15:15.0054 3264 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
05:15:15.0054 3264 secdrv - ok
05:15:15.0100 3264 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
05:15:15.0116 3264 seclogon - ok
05:15:15.0163 3264 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
05:15:15.0163 3264 SENS - ok
05:15:15.0194 3264 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
05:15:15.0194 3264 SensrSvc - ok
05:15:15.0210 3264 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
05:15:15.0225 3264 Serenum - ok
05:15:15.0256 3264 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
05:15:15.0256 3264 Serial - ok
05:15:15.0288 3264 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
05:15:15.0288 3264 sermouse - ok
05:15:15.0334 3264 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
05:15:15.0334 3264 SessionEnv - ok
05:15:15.0366 3264 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
05:15:15.0366 3264 sffdisk - ok
05:15:15.0381 3264 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
05:15:15.0381 3264 sffp_mmc - ok
05:15:15.0397 3264 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
05:15:15.0397 3264 sffp_sd - ok
05:15:15.0412 3264 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
05:15:15.0412 3264 sfloppy - ok
05:15:15.0444 3264 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
05:15:15.0444 3264 SharedAccess - ok
05:15:15.0475 3264 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:15:15.0490 3264 ShellHWDetection - ok
05:15:15.0506 3264 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:15:15.0506 3264 SiSRaid2 - ok
05:15:15.0522 3264 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
05:15:15.0522 3264 SiSRaid4 - ok
05:15:15.0568 3264 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
05:15:15.0568 3264 SkypeUpdate - ok
05:15:15.0615 3264 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
05:15:15.0615 3264 Smb - ok
05:15:15.0662 3264 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
05:15:15.0662 3264 SNMPTRAP - ok
05:15:15.0693 3264 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
05:15:15.0693 3264 spldr - ok
05:15:15.0724 3264 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
05:15:15.0740 3264 Spooler - ok
05:15:15.0849 3264 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
05:15:15.0865 3264 sppsvc - ok
05:15:15.0912 3264 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
05:15:15.0912 3264 sppuinotify - ok
05:15:15.0943 3264 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
05:15:15.0958 3264 srv - ok
05:15:15.0974 3264 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
05:15:15.0990 3264 srv2 - ok
05:15:16.0021 3264 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
05:15:16.0021 3264 srvnet - ok
05:15:16.0052 3264 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
05:15:16.0068 3264 SSDPSRV - ok
05:15:16.0083 3264 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
05:15:16.0099 3264 SstpSvc - ok
05:15:16.0177 3264 [ DE9E765BD64FFF598E9F3AAB41874D8A ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_35a1fb3404aa1180\STacSV64.exe
05:15:16.0177 3264 STacSV - ok
05:15:16.0208 3264 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
05:15:16.0208 3264 stexstor - ok
05:15:16.0270 3264 [ 3FE584503DC68CD206143BC334C43484 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
05:15:16.0270 3264 STHDA - ok
05:15:16.0333 3264 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
05:15:16.0348 3264 stisvc - ok
05:15:16.0380 3264 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
05:15:16.0380 3264 swenum - ok
05:15:16.0442 3264 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
05:15:16.0458 3264 swprv - ok
05:15:16.0489 3264 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
05:15:16.0504 3264 SynTP - ok
05:15:16.0567 3264 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
05:15:16.0598 3264 SysMain - ok
05:15:16.0629 3264 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:15:16.0645 3264 TabletInputService - ok
05:15:16.0660 3264 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
05:15:16.0676 3264 TapiSrv - ok
05:15:16.0707 3264 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
05:15:16.0707 3264 TBS - ok
05:15:16.0785 3264 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
05:15:16.0816 3264 Tcpip - ok
05:15:16.0848 3264 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
05:15:16.0863 3264 TCPIP6 - ok
05:15:16.0894 3264 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
05:15:16.0894 3264 tcpipreg - ok
05:15:16.0926 3264 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
05:15:16.0926 3264 TDPIPE - ok
05:15:16.0957 3264 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
05:15:16.0957 3264 TDTCP - ok
05:15:16.0988 3264 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
05:15:16.0988 3264 tdx - ok
05:15:17.0035 3264 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
05:15:17.0035 3264 TermDD - ok
05:15:17.0050 3264 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
05:15:17.0066 3264 TermService - ok
05:15:17.0097 3264 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
05:15:17.0097 3264 Themes - ok
05:15:17.0128 3264 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
05:15:17.0128 3264 THREADORDER - ok
05:15:17.0144 3264 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
05:15:17.0160 3264 TrkWks - ok
05:15:17.0222 3264 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:15:17.0222 3264 TrustedInstaller - ok
05:15:17.0269 3264 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
05:15:17.0269 3264 tssecsrv - ok
05:15:17.0331 3264 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
05:15:17.0331 3264 TsUsbFlt - ok
05:15:17.0378 3264 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
05:15:17.0378 3264 tunnel - ok
05:15:17.0394 3264 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
05:15:17.0409 3264 uagp35 - ok
05:15:17.0440 3264 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
05:15:17.0456 3264 udfs - ok
05:15:17.0487 3264 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
05:15:17.0487 3264 UI0Detect - ok
05:15:17.0518 3264 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
05:15:17.0534 3264 uliagpkx - ok
05:15:17.0581 3264 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
05:15:17.0581 3264 umbus - ok
05:15:17.0612 3264 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
05:15:17.0612 3264 UmPass - ok
05:15:17.0643 3264 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
05:15:17.0659 3264 upnphost - ok
05:15:17.0706 3264 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
05:15:17.0706 3264 usbccgp - ok
05:15:17.0752 3264 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
05:15:17.0768 3264 usbcir - ok
05:15:17.0784 3264 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
05:15:17.0784 3264 usbehci - ok
05:15:17.0815 3264 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
05:15:17.0830 3264 usbhub - ok
05:15:17.0830 3264 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
05:15:17.0846 3264 usbohci - ok
05:15:17.0877 3264 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
05:15:17.0877 3264 usbprint - ok
05:15:17.0908 3264 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:15:17.0908 3264 USBSTOR - ok
05:15:17.0940 3264 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
05:15:17.0940 3264 usbuhci - ok
05:15:17.0986 3264 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
05:15:18.0002 3264 usbvideo - ok
05:15:18.0018 3264 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
05:15:18.0018 3264 UxSms - ok
05:15:18.0033 3264 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
05:15:18.0033 3264 VaultSvc - ok
05:15:18.0064 3264 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
05:15:18.0064 3264 vdrvroot - ok
05:15:18.0111 3264 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
05:15:18.0127 3264 vds - ok
05:15:18.0158 3264 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
05:15:18.0158 3264 vga - ok
05:15:18.0174 3264 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
05:15:18.0174 3264 VgaSave - ok
05:15:18.0205 3264 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
05:15:18.0205 3264 vhdmp - ok
05:15:18.0236 3264 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
05:15:18.0236 3264 viaide - ok
05:15:18.0283 3264 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
05:15:18.0283 3264 volmgr - ok
05:15:18.0314 3264 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
05:15:18.0314 3264 volmgrx - ok
05:15:18.0361 3264 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
05:15:18.0361 3264 volsnap - ok
05:15:18.0423 3264 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
05:15:18.0423 3264 vsmraid - ok
05:15:18.0517 3264 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
05:15:18.0532 3264 VSS - ok
05:15:18.0548 3264 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
05:15:18.0564 3264 vwifibus - ok
05:15:18.0579 3264 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
05:15:18.0595 3264 vwififlt - ok
05:15:18.0626 3264 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
05:15:18.0626 3264 vwifimp - ok
05:15:18.0673 3264 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
05:15:18.0688 3264 W32Time - ok
05:15:18.0720 3264 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
05:15:18.0720 3264 WacomPen - ok
05:15:18.0766 3264 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
05:15:18.0766 3264 WANARP - ok
05:15:18.0782 3264 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
05:15:18.0782 3264 Wanarpv6 - ok
05:15:18.0844 3264 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
05:15:18.0876 3264 wbengine - ok
05:15:18.0907 3264 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
05:15:18.0907 3264 WbioSrvc - ok
05:15:18.0938 3264 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
05:15:18.0954 3264 wcncsvc - ok
05:15:18.0969 3264 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:15:18.0985 3264 WcsPlugInService - ok
05:15:19.0016 3264 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
05:15:19.0016 3264 Wd - ok
05:15:19.0047 3264 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
05:15:19.0063 3264 Wdf01000 - ok
05:15:19.0094 3264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
05:15:19.0094 3264 WdiServiceHost - ok
05:15:19.0110 3264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
05:15:19.0110 3264 WdiSystemHost - ok
05:15:19.0141 3264 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
05:15:19.0156 3264 WebClient - ok
05:15:19.0188 3264 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
05:15:19.0188 3264 Wecsvc - ok
05:15:19.0203 3264 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
05:15:19.0219 3264 wercplsupport - ok
05:15:19.0266 3264 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
05:15:19.0266 3264 WerSvc - ok
05:15:19.0312 3264 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
05:15:19.0312 3264 WfpLwf - ok
05:15:19.0344 3264 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
05:15:19.0344 3264 WIMMount - ok
05:15:19.0359 3264 WinDefend - ok
05:15:19.0359 3264 WinHttpAutoProxySvc - ok
05:15:19.0406 3264 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
05:15:19.0406 3264 Winmgmt - ok
05:15:19.0500 3264 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
05:15:19.0531 3264 WinRM - ok
05:15:19.0593 3264 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
05:15:19.0609 3264 Wlansvc - ok
05:15:19.0671 3264 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
05:15:19.0687 3264 wltrysvc - ok
05:15:19.0734 3264 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
05:15:19.0734 3264 WmiAcpi - ok
05:15:19.0765 3264 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
05:15:19.0765 3264 wmiApSrv - ok
05:15:19.0796 3264 WMPNetworkSvc - ok
05:15:19.0827 3264 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
05:15:19.0827 3264 WPCSvc - ok
05:15:19.0858 3264 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
05:15:19.0858 3264 WPDBusEnum - ok
05:15:19.0890 3264 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
05:15:19.0890 3264 ws2ifsl - ok
05:15:19.0905 3264 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
05:15:19.0921 3264 wscsvc - ok
05:15:19.0921 3264 WSearch - ok
05:15:20.0014 3264 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
05:15:20.0046 3264 wuauserv - ok
05:15:20.0077 3264 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
05:15:20.0077 3264 WudfPf - ok
05:15:20.0124 3264 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
05:15:20.0124 3264 WUDFRd - ok
05:15:20.0155 3264 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
05:15:20.0155 3264 wudfsvc - ok
05:15:20.0186 3264 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
05:15:20.0202 3264 WwanSvc - ok
05:15:20.0233 3264 ================ Scan global ===============================
05:15:20.0264 3264 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
05:15:20.0295 3264 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
05:15:20.0311 3264 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
05:15:20.0342 3264 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
05:15:20.0373 3264 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
05:15:20.0389 3264 [Global] - ok
05:15:20.0389 3264 ================ Scan MBR ==================================
05:15:20.0404 3264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:15:21.0590 3264 \Device\Harddisk0\DR0 - ok
05:15:21.0590 3264 ================ Scan VBR ==================================
05:15:21.0606 3264 [ E83D5D52B2E766AE25832246E3B74779 ] \Device\Harddisk0\DR0\Partition1
05:15:21.0606 3264 \Device\Harddisk0\DR0\Partition1 - ok
05:15:21.0621 3264 [ 7F779D63294B3A14565D2741112DF206 ] \Device\Harddisk0\DR0\Partition2
05:15:21.0621 3264 \Device\Harddisk0\DR0\Partition2 - ok
05:15:21.0652 3264 [ 7830DEF78B7F6020340585B55566F939 ] \Device\Harddisk0\DR0\Partition3
05:15:21.0652 3264 \Device\Harddisk0\DR0\Partition3 - ok
05:15:21.0668 3264 [ 6AF7508EDBE7AEA29AFB94C4DAEFCF5B ] \Device\Harddisk0\DR0\Partition4
05:15:21.0668 3264 \Device\Harddisk0\DR0\Partition4 - ok
05:15:21.0668 3264 ============================================================
05:15:21.0668 3264 Scan finished
05:15:21.0668 3264 ============================================================
05:15:21.0684 4648 Detected object count: 0
05:15:21.0684 4648 Actual detected object count: 0

----------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 12-11-15.01 - rkb 11/16/2012 5:36.1.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.3959.2548 [GMT 5.5:30]
Running from: c:\users\rkb\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 08:12 . 2012-11-16 08:12 -------- d-----w- C:\FRST
2012-11-16 00:10 . 2012-11-16 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-14 21:39 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 21:39 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 21:39 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 21:39 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 21:31 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 21:31 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 21:31 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 21:31 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 21:31 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 21:31 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 21:31 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 17:59 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 17:59 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 17:19 . 2012-10-16 21:01 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF50F5D5-50FF-4F7B-92A4-392E5E00F21B}\mpengine.dll
2012-11-09 10:48 . 2012-11-09 10:48 -------- d-----w- c:\programdata\CyberLink
2012-11-08 12:16 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-08 12:16 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-08 12:16 . 2012-10-15 15:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-08 12:16 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-08 12:16 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-08 12:16 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-08 12:16 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-08 12:16 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-08 12:15 . 2012-11-08 12:15 -------- d-----w- c:\program files\AVAST Software
2012-11-06 15:41 . 2012-11-06 15:42 89088 ----a-w- C:\mbr.exe
2012-10-27 09:28 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-27 09:28 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-27 09:28 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-27 09:28 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-27 09:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-26 15:12 . 2012-10-26 15:12 -------- d-----w- c:\windows\system32\SPReview
2012-10-25 16:10 . 2012-10-25 16:10 -------- d-----w- c:\windows\system32\EventProviders
2012-10-24 11:56 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-10-24 11:56 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-10-24 11:56 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-22 23:48 . 2012-10-22 23:48 -------- d-----w- c:\programdata\MemeoCommon
2012-10-22 22:51 . 2012-10-24 15:20 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-22 21:30 . 2012-10-22 22:51 -------- d-----w- c:\programdata\HitmanPro
2012-10-22 21:25 . 2012-10-22 21:25 -------- d-----w- c:\programdata\Malwarebytes
2012-10-21 18:25 . 2010-11-20 13:27 14633472 ----a-w- c:\windows\system32\wmp.dll
2012-10-21 18:24 . 2010-11-20 13:29 345600 ----a-w- c:\windows\system32\fveapi.dll
2012-10-21 18:23 . 2010-11-20 13:33 14720 ----a-w- c:\windows\system32\drivers\hwpolicy.sys
2012-10-21 18:22 . 2010-11-20 13:27 13824 ----a-w- c:\windows\system32\wshirda.dll
2012-10-21 18:20 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-10-21 18:20 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-10-21 18:20 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-10-21 17:56 . 2012-10-24 14:11 -------- d-----w- c:\program files (x86)\VideoLAN
2012-10-20 15:29 . 2012-10-20 15:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-20 15:29 . 2012-10-20 15:29 -------- d-----r- c:\program files (x86)\Skype
2012-10-20 15:29 . 2012-10-20 15:29 -------- d-----w- c:\programdata\Skype
2012-10-20 15:26 . 2012-11-14 21:31 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-20 15:06 . 2012-10-20 15:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-10-18 05:38 . 2012-10-17 16:14 -------- d-----w- c:\windows\Panther
2012-10-18 05:37 . 2012-10-18 05:37 -------- d-----w- c:\windows\system32\oem
2012-10-17 22:53 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-17 22:53 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-17 22:53 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-17 22:53 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-17 22:53 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-17 20:08 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-10-17 20:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-10-17 20:01 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2012-10-17 20:01 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-10-17 20:01 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2012-10-17 20:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-17 20:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-10-17 20:01 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-10-17 19:59 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-10-17 19:59 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-10-17 19:59 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-10-17 19:59 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-10-17 19:59 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-10-17 19:59 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-10-17 19:58 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-10-17 19:58 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-10-17 19:58 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-10-17 19:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-10-17 19:58 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-17 19:58 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-17 19:58 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-10-17 19:58 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-10-17 19:58 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-17 19:58 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-17 19:57 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-10-17 19:57 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-10-17 19:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-10-17 19:57 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-10-17 19:57 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-17 19:57 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-17 19:57 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-10-17 19:57 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-10-17 19:55 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-10-17 19:54 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-10-17 19:54 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-10-17 19:53 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-10-17 19:53 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-10-17 19:51 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-10-17 19:51 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-10-17 19:51 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-10-17 19:51 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-10-17 19:51 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-10-17 19:51 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-10-17 19:51 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-10-17 19:51 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-10-17 19:51 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-10-17 19:49 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-10-17 19:46 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-17 19:46 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-10-17 19:44 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-10-17 19:44 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-10-17 19:44 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-10-17 19:44 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-10-17 19:44 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-10-17 19:44 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-10-17 19:44 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-10-17 19:44 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-10-17 19:44 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-10-17 19:44 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-10-17 19:42 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-10-17 19:42 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-10-17 19:42 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-17 19:42 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-10-17 19:42 . 2010-11-20 13:25 296960 ----a-w- c:\windows\system32\rstrui.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 15:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-10-26 15:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-20 17:38 . 2012-10-17 20:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-01 98304]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_35a1fb3404aa1180\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-01 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14412888
*NewlyCreated* - 62967287
*Deregistered* - 14412888
*Deregistered* - 62967287
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 18:44]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17 18:34]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-04-06 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://in.yahoo.com/?p=us
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 05:42:10
ComboFix-quarantined-files.txt 2012-11-16 00:12
.
Pre-Run: 65,618,649,088 bytes free
Post-Run: 65,595,076,608 bytes free
.
- - End Of File - - 3637C28C17169F99CF4005C98D470579


rmb

Edited by naruto2715, 15 November 2012 - 07:39 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:01 PM

Posted 15 November 2012 - 08:17 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 15 November 2012 - 08:44 PM

AdwCleaner log ...


# AdwCleaner v2.007 - Logfile created 11/16/2012 at 07:10:13
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (64 bits)
# User : rkb - RKB-PC
# Boot Mode : Normal
# Running from : C:\Users\rkb\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\rkb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [658 octets] - [16/11/2012 07:10:13]

########## EOF - C:\AdwCleaner[S1].txt - [717 octets] ##########


rmb

#10 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 15 November 2012 - 09:06 PM

"When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important "

as soon as i clicked ok the MBAM log was created i did not get the above said show results or remove selected ...

MBAM log ..

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
rkb :: RKB-PC [administrator]

11/16/2012 7:23:42 AM
mbam-log-2012-11-16 (07-23-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202493
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


rmb

#11 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 16 November 2012 - 04:44 AM

i ran ESET scan as soon as it finished, laptop got shutdown as laptop battery charge got over ....after switching it on i ran the ESET scan again i got "no threats

found" ...since u said "LIST OF THREATS FOUND" contents to be included ..i did not have any content.. so i was searching in C drive if any logs are there..

i found the log in Local disk(c:) > program files(x86) > ESET > ESET online scanner .. is it correct ?. the ESET log is below.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b999521747ac443a7e9e92e0fa9811a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-16 03:17:51
# local_time=2012-11-16 08:47:51 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 12329 104663980 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=106786
# found=0
# cleaned=0
# scan_time=2930
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b999521747ac443a7e9e92e0fa9811a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-16 09:11:27
# local_time=2012-11-16 02:41:27 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 33439 104685090 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=106895
# found=0
# cleaned=0
# scan_time=3037
ESETSmartInstaller@High as downloader log:
all ok


rmb

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:01 PM

Posted 16 November 2012 - 07:18 AM

Looks good!

How is the computer running now? Are there any outstanding issues?





P2P - I see you have P2P software µTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Programs and Features.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 November 2012 - 06:59 PM

hi cat byte

as u said i unistalled the utorrent .

as of now the laptop is running good ... i think now the laptop is clear ...

only one issue is the external hard drive ? .


rmb

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:01 PM

Posted 17 November 2012 - 07:01 PM

plug in the external hard drive (don't access any of the files on the HD at this time) now run the ESET online scan > choosing the external hard drive to scan

post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 naruto2715

naruto2715
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 November 2012 - 07:08 PM

ok shall do it . its taking time as it is downloading components .

rmb




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users