Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Infection: iastor.sys bsod


  • This topic is locked This topic is locked
12 replies to this topic

#1 marky1991

marky1991

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 12 November 2012 - 07:49 PM

As mentioned in the title, I believe I had a tdss infection. (I believe I have already removed the infection (I tried to solve the problem myself), but confirmation would obviously be appreciated) I now am left with the aftereffects of the infection, which I don't know how to fix.

More specifically, my computer crashes with a bsod referring to iastor.sys whenever I boot into windows. I am only able to boot into safe mode.

My zipped up minidump folder (I'm really not sure if this is the right subforum for this or not. If not, I apologize.) can be accessed here: http://marky1991.dyndns.org/archivos/minidump.zip and the last 5 dumps can be accessed here: http://marky1991.dyndns.org/archivos/last_5_minidump.zip .

Attached are the requested DDS and GMER logs.

Thank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 12 November 2012 - 11:13 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 marky1991

marky1991
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 13 November 2012 - 12:02 AM

In order to get rougekiller to successfully complete its scan, I had to disable the MBR check. I figured any results were better than none. Also, for the rougekiller scan, I intentionally unchecked a clump of files (starting with "accents.exe" and ending with "shortcuts.exe") in my startup folder that I personally created and can guarantee their safety. Just to be explicit, the BSODs are still ocurring at this point. Thanks for the help thus far.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java DB 10.5.3.0
JavaFX 2.0.2
JavaFX 2.0.2 SDK
Java™ 6 Update 22
Java™ 6 Update 29
Java™ 7 Update 2
Java™ SE Development Kit 6 Update 23
Java™ SE Development Kit 6 Update 26
Java™ SE Development Kit 7
Java™ SE Development Kit 7 Update 2
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

# AdwCleaner v2.007 - Fichero creado el 12/11/2012 a 23:32:08
# Actualizado el 06/11/2012 por Xplode
# Sistema operativo : Windows 7 Professional Service Pack 1 (32 bits)
# Usuario : Background - KIRBY
# Modo de inicio : Modo seguro con funciones de red
# Ejecutado desde : C:\Users\Background\Desktop\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Program Files\DAEMON Tools Toolbar
Carpeta Suprimido : C:\Users\Background\AppData\Local\APN
Fichero Suprimido : C:\Users\Background\AppData\Roaming\Mozilla\Firefox\Profiles\77jfina8.default\searchplugins\daemon-search.xml

***** [Registro] *****

Clave Supprimida : HKCU\Software\AppDataLow\Software\Crossrider
Clave Supprimida : HKCU\Software\Conduit
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clave Supprimida : HKLM\Software\Conduit
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Mozilla Firefox v14.0.1 (en-US)

Nombre del perfil : default
Fichero : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\in7rivxq.default\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

Nombre del perfil : default
Fichero : C:\Users\Mom.TOUCH-COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\x50bmokd.default\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

Nombre del perfil : default
Fichero : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\cgyeimgk.default\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

Nombre del perfil : default
Fichero : C:\Users\Background\AppData\Roaming\Mozilla\Firefox\Profiles\77jfina8.default\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

-\\ Google Chrome v23.0.1271.64

Fichero : C:\Users\Mom.TOUCH-COMPUTER\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

Fichero : C:\Users\Background\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[S1].txt - [2343 octets] - [12/11/2012 23:32:08]

########## EOF - C:\AdwCleaner[S1].txt - [2403 octets] ##########

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Background [Admin rights]
Mode : Remove -- Date : 11/12/2012 23:57:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 25 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NortonUpdateAgent (C:\ProgramData\Norton\NUA.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\Background\AppData\Local\Google\Chrome\Application\23.0.1271.64\chrome_frame_helper.exe" --startup) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\32408179 (C:\Windows\system32\drivers\22875887.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\32408179 (C:\Windows\system32\drivers\22875887.sys) -> DELETED
[STARTUP][SUSP PATH] accents.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\accents.exe -> NOT SELECTED
[STARTUP][SUSP PATH] alarm.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alarm.exe -> NOT SELECTED
[STARTUP][SUSP PATH] forums.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\forums.exe -> NOT SELECTED
[STARTUP][SUSP PATH] monitor off.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monitor off.exe -> NOT SELECTED
[STARTUP][SUSP PATH] music.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\music.exe -> NOT SELECTED
[STARTUP][SUSP PATH] notepad, calc, paint.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notepad, calc, paint.exe -> NOT SELECTED
[STARTUP][SUSP PATH] programs.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.exe -> NOT SELECTED
[STARTUP][SUSP PATH] run python.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\run python.exe -> NOT SELECTED
[STARTUP][SUSP PATH] shortcuts.exe @Background : C:\Users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcuts.exe -> NOT SELECTED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{20793EFA-F38B-45C6-AD4C-B8CCFD454893} : NameServer (68.87.68.162,68.87.74.162) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{59D77A88-773A-4F4E-A9C5-AE39175870B2} : NameServer (68.87.68.162,68.87.74.162) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{20793EFA-F38B-45C6-AD4C-B8CCFD454893} : NameServer (68.87.68.162,68.87.74.162) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{59D77A88-773A-4F4E-A9C5-AE39175870B2} : NameServer (68.87.68.162,68.87.74.162) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[2]_D_11122012_02d2357.txt >>
RKreport[1]_S_11122012_02d2356.txt ; RKreport[2]_D_11122012_02d2357.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 13 November 2012 - 12:10 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 marky1991

marky1991
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 13 November 2012 - 12:55 AM

I've noticed no change in the computer's symptoms; the only sign of trouble are the BSODs that prevent me from running explorer out of safe mode.

When running the scan, it complained that norton was running, but according to windows, neither norton's service nor any process related to norton was running at the time. There was no icon for norton in the taskbar (thus no way for me to deactivate it). I'm not sure why combofix was claiming that norton was on.

ComboFix 12-11-12.03 - Background 11/13/2012 0:20.2.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.3082.18.3327.2268 [GMT -5:00]
Running from: c:\users\Background\Downloads\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Background\AppData\Roaming\Galcon
c:\users\Background\AppData\Roaming\Galcon\galcon.inc
c:\users\Background\AppData\Roaming\Galcon\galcon.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Background\AppData\Local\temp
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Mom\AppData\Local\temp
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Mom.TOUCH-COMPUTER\AppData\Local\temp
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 05:32 . 2012-11-13 05:32 -------- d-----w- c:\users\Adam\AppData\Local\temp
2012-11-12 23:23 . 2012-11-12 23:23 -------- d-----w- c:\program files\WhoCrashed
2012-11-11 04:43 . 2012-11-11 18:27 -------- d-----w- C:\CRABcon
2012-11-11 04:41 . 2012-11-11 04:42 -------- d-----w- c:\users\Background\.ssh
2012-11-11 04:38 . 2012-11-11 04:39 -------- d-----w- c:\program files\Git
2012-11-11 04:36 . 2012-11-11 04:36 -------- d-----w- c:\users\Background\AppData\Local\Programs
2012-11-05 07:53 . 2012-11-05 07:53 -------- d-----w- c:\users\Background\AppData\Roaming\Intel Corporation
2012-11-05 07:46 . 2012-11-05 07:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-05 07:02 . 2010-09-13 23:18 353304 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-05 06:54 . 2012-11-05 06:54 -------- d-----w- C:\Intel
2012-11-05 06:54 . 2012-11-12 20:33 -------- d-----w- c:\program files\Intel
2012-10-30 01:29 . 2012-11-05 07:53 -------- d-s---w- c:\users\Background\Google Drive
2012-10-27 16:50 . 2012-10-27 16:50 -------- d-----w- c:\users\Background\AppData\Roaming\e-academy Inc
2012-10-27 16:50 . 2012-10-27 16:50 -------- d-----w- c:\users\Background\AppData\Local\e-academy Inc
2012-10-19 05:22 . 2012-10-19 05:22 -------- d-----w- c:\program files\Common Files\Skype
2012-10-19 05:19 . 2012-03-06 00:40 240704 ----a-w- c:\windows\system32\RaCoInst.dll
2012-10-19 05:19 . 2012-03-06 00:40 1580096 ----a-w- c:\windows\system32\drivers\netr28.sys
2012-10-19 05:19 . 2012-10-19 05:19 -------- d-----w- c:\programdata\Ralink Driver
2012-10-16 19:28 . 2012-10-16 19:28 -------- d-----w- c:\users\Background\AppData\Roaming\MiKTeX
2012-10-16 18:44 . 2012-10-16 18:44 -------- d-----w- c:\users\Background\AppData\Local\MiKTeX
2012-10-16 18:31 . 2012-10-16 18:31 -------- d-----w- c:\programdata\MiKTeX
2012-10-16 18:28 . 2012-10-16 18:29 -------- d-----w- c:\program files\MiKTeX 2.9
2012-10-15 07:27 . 2012-10-15 07:27 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-10-15 07:27 . 2012-10-15 07:27 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-10-14 17:18 . 2012-10-14 17:18 -------- d-----w- c:\program files\CamStudio 2.6b
2012-10-14 17:18 . 2010-10-24 04:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-29 23:30 . 2012-04-07 06:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-29 23:30 . 2011-06-06 02:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 19:27 . 2012-08-03 20:20 421006 ----a-w- C:\MGlogs.zip
2012-09-30 00:54 . 2012-04-22 18:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-12 20:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-10 05:36 . 2012-09-10 05:36 3072 ----a-w- c:\windows\system32\drivers\es-ES\nfsrdr.sys.mui
2012-09-10 05:36 . 2012-09-10 05:36 6656 ----a-w- c:\windows\system32\drivers\es-ES\rdvgkmd.sys.mui
2012-09-10 05:36 . 2012-09-10 05:36 2048 ----a-w- c:\windows\system32\drivers\es-ES\vpcnfltr.sys.mui
2012-09-10 05:36 . 2012-09-10 05:36 14336 ----a-w- c:\windows\system32\drivers\es-ES\vpcvmm.sys.mui
2012-09-10 05:36 . 2012-09-10 05:36 3584 ----a-w- c:\windows\system32\drivers\es-ES\vpchbus.sys.mui
2012-09-10 05:36 . 2012-09-10 05:36 4608 ----a-w- c:\windows\system32\drivers\es-ES\tsusbhub.sys.mui
2012-09-10 05:36 . 2012-09-10 05:36 2048 ----a-w- c:\windows\system32\drivers\es-ES\vpcuxd.sys.mui
2012-09-10 05:36 . 2012-09-10 05:36 2048 ----a-w- c:\windows\system32\drivers\es-ES\vpcusb.sys.mui
2012-09-10 00:31 . 2012-09-10 00:31 1102359 ----a-w- C:\Vistalizator.exe
2012-09-09 20:56 . 2012-09-09 20:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-09 20:56 . 2012-09-09 20:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-09 20:56 . 2012-09-09 20:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-09 20:56 . 2012-09-09 20:56 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-09-09 20:56 . 2012-09-09 20:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-09 20:56 . 2012-09-09 20:56 367104 ----a-w- c:\windows\system32\html.iec
2012-09-09 20:56 . 2012-09-09 20:56 161792 ----a-w- c:\windows\system32\msls31.dll
2012-09-09 20:56 . 2012-09-09 20:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-09 20:56 . 2012-09-09 20:56 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-09-09 20:56 . 2012-09-09 20:56 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-09-09 20:56 . 2012-09-09 20:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-09 20:56 . 2012-09-09 20:56 152064 ----a-w- c:\windows\system32\wextract.exe
2012-09-09 20:56 . 2012-09-09 20:56 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-09-09 20:56 . 2012-09-09 20:56 11776 ----a-w- c:\windows\system32\mshta.exe
2012-09-09 20:56 . 2012-09-09 20:56 101888 ----a-w- c:\windows\system32\admparse.dll
2012-09-09 20:31 . 2012-09-09 20:31 2560 ----a-w- c:\windows\system32\drivers\es-ES\usbrpm.sys.mui
2012-09-09 20:31 . 2012-09-09 20:31 16896 ----a-w- c:\windows\system32\drivers\es-ES\fvevol.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\WpdMtpDr.dll.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\qwavedrv.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 16384 ----a-w- c:\windows\system32\drivers\es-ES\nwifi.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\es-ES\LXKPTPRC.DLL.mui
2012-09-09 20:30 . 2012-09-09 20:30 9728 ----a-w- c:\windows\system32\drivers\es-ES\battc.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 6656 ----a-w- c:\windows\system32\drivers\es-ES\IPMIDrv.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 5632 ----a-w- c:\windows\system32\drivers\es-ES\sermouse.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 5632 ----a-w- c:\windows\system32\drivers\es-ES\e100b325.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 5632 ----a-w- c:\windows\system32\drivers\es-ES\bcm4sbxp.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 5120 ----a-w- c:\windows\system32\drivers\es-ES\kbdclass.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 4608 ----a-w- c:\windows\system32\drivers\es-ES\mouclass.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 4096 ----a-w- c:\windows\system32\drivers\es-ES\wacompen.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 4096 ----a-w- c:\windows\system32\drivers\es-ES\vhdmp.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 4096 ----a-w- c:\windows\system32\drivers\es-ES\vdrvroot.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 4096 ----a-w- c:\windows\system32\drivers\es-ES\tpm.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 4096 ----a-w- c:\windows\system32\drivers\es-ES\isapnp.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3584 ----a-w- c:\windows\system32\drivers\es-ES\parport.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3584 ----a-w- c:\windows\system32\drivers\es-ES\ataport.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 33792 ----a-w- c:\windows\system32\drivers\es-ES\yk62x86.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3072 ----a-w- c:\windows\system32\drivers\es-ES\umbus.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3072 ----a-w- c:\windows\system32\drivers\es-ES\parvdm.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3072 ----a-w- c:\windows\system32\drivers\es-ES\mssmbios.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3072 ----a-w- c:\windows\system32\drivers\es-ES\mouhid.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3072 ----a-w- c:\windows\system32\drivers\es-ES\getn62.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 26112 ----a-w- c:\windows\system32\drivers\es-ES\volsnap.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 25600 ----a-w- c:\windows\system32\drivers\es-ES\usbport.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\UAGP35.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\MTConfig.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\kbdhid.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\GAGP30KX.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 22016 ----a-w- c:\windows\system32\drivers\es-ES\e1y6032.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 22016 ----a-w- c:\windows\system32\drivers\es-ES\e1e6032.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 20992 ----a-w- c:\windows\system32\drivers\es-ES\viac7.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 20992 ----a-w- c:\windows\system32\drivers\es-ES\processr.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 20992 ----a-w- c:\windows\system32\drivers\es-ES\intelppm.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 20992 ----a-w- c:\windows\system32\drivers\es-ES\amdppm.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 20992 ----a-w- c:\windows\system32\drivers\es-ES\amdk8.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2048 ----a-w- c:\windows\system32\drivers\es-ES\wd.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2048 ----a-w- c:\windows\system32\drivers\es-ES\disk.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2048 ----a-w- c:\windows\system32\drivers\es-ES\cdrom.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2048 ----a-w- c:\windows\system32\drivers\es-ES\amdide.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 19456 ----a-w- c:\windows\system32\drivers\es-ES\E1G60I32.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 12800 ----a-w- c:\windows\system32\drivers\es-ES\k57nd60x.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 12800 ----a-w- c:\windows\system32\drivers\es-ES\b57nd60x.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11776 ----a-w- c:\windows\system32\drivers\es-ES\usbhub.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11776 ----a-w- c:\windows\system32\drivers\es-ES\ohci1394.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11776 ----a-w- c:\windows\system32\drivers\es-ES\e1q6032.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11776 ----a-w- c:\windows\system32\drivers\es-ES\e1k6032.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11776 ----a-w- c:\windows\system32\drivers\es-ES\1394ohci.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11264 ----a-w- c:\windows\system32\drivers\es-ES\serial.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11264 ----a-w- c:\windows\system32\drivers\es-ES\i8042prt.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11264 ----a-w- c:\windows\system32\drivers\es-ES\BrSerId.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 11264 ----a-w- c:\windows\system32\drivers\es-ES\BrSerIb.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 10752 ----a-w- c:\windows\system32\drivers\es-ES\ltmdmnt.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 10752 ----a-w- c:\windows\system32\drivers\es-ES\acpi.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 9216 ----a-w- c:\windows\system32\drivers\es-ES\pci.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 8192 ----a-w- c:\windows\system32\drivers\es-ES\bthport.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 4096 ----a-w- c:\windows\system32\drivers\es-ES\hdaudbus.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 3584 ----a-w- c:\windows\system32\drivers\es-ES\atikmdag.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\vwifibus.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\VIAAGP.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\ULIAGPKX.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\SISAGP.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\NV_AGP.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\BTHUSB.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\AMDAGP.SYS.mui
2012-09-09 20:30 . 2012-09-09 20:30 2560 ----a-w- c:\windows\system32\drivers\es-ES\AGP440.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 2048 ----a-w- c:\windows\system32\drivers\es-ES\bthenum.sys.mui
2012-09-09 20:30 . 2012-09-09 20:30 7168 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\WUDFUsbccidDriver.dll.mui
2012-10-15 07:27 . 2012-04-18 22:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Background\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Background\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Background\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Background\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-10-25 16052192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-03-12 1314816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
.
c:\users\Mom.TOUCH-COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Background\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
.
c:\users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
accents.exe [2012-6-13 809472]
alarm.exe [2012-4-22 807936]
Dropbox.lnk - c:\users\Background\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
forums.exe [2012-4-22 803328]
monitor off.exe [2012-4-22 802816]
music.exe [2012-4-22 804352]
notepad, calc, paint.exe [2012-4-22 804352]
programs.exe [2012-6-20 804864]
run python.exe [2012-6-24 805888]
shortcuts.exe [2012-6-20 804864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Background^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.lnk]
backup=c:\windows\pss\.lnk.Startup
backupExtension=.Startup
path=c:\users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
.
[HKLM\~\startupfolder\C:^Users^Background^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
path=c:\users\Background\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Azureus]
2012-10-17 20:43 309728 ----a-w- c:\program files\Vuze\Azureus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 19:26 1148200 ----a-w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 21:29 144384 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-20 22:08 136176 ----atw- c:\users\Background\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP KEYBOARD]
2008-06-20 21:47 464384 ----a-w- c:\program files\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-23 14:11 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 00:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-31 15:39 13797920 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 16:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-03-12 23:11 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-03 23:30 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28 815704 ----a-w- c:\program files\TightVNC\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-12 16:12 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:30]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 03:58]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 03:58]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732049066-2889435954-2058304733-1001Core.job
- c:\users\Mom.TOUCH-COMPUTER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-11 16:30]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732049066-2889435954-2058304733-1001UA.job
- c:\users\Mom.TOUCH-COMPUTER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-11 16:30]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732049066-2889435954-2058304733-1003Core.job
- c:\users\Background\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 22:08]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732049066-2889435954-2058304733-1003UA.job
- c:\users\Background\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 22:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.galcon.com/forums/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{20793EFA-F38B-45C6-AD4C-B8CCFD454893}: NameServer = 68.87.68.162,68.87.74.162
TCP: Interfaces\{59D77A88-773A-4F4E-A9C5-AE39175870B2}: NameServer = 68.87.68.162,68.87.74.162
FF - ProfilePath - c:\users\Background\AppData\Roaming\Mozilla\Firefox\Profiles\77jfina8.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.galcon.com/forums/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{145B29F4-A56B-4B90-BBAC-45784EBEBBB7}"=hex:51,66,7a,6c,4c,1d,38,12,9a,2a,48,
10,59,eb,fe,0e,c4,ba,06,38,4b,e0,ff,a3
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{5093EB4C-3E93-40AB-9266-B607BA87BDC8}"=hex:51,66,7a,6c,4c,1d,38,12,22,e8,80,
54,a1,70,c5,05,ed,70,f5,47,bf,d9,f9,dc
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:24,20,2d,28,aa,41,cd,01
.
[HKEY_USERS\S-1-5-21-3732049066-2889435954-2058304733-1003\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_USERS\S-1-5-21-3732049066-2889435954-2058304733-1003\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{0D0415D6-3C19-4247-BB00-C486AD3B49A5}"=""
"{0E5A2F31-BD79-4C7B-8B9D-5C26AB6BAF4B}"=""
"{2A301837-6F67-489A-B508-0D73C790C152}"=""
"{35191D49-B1AC-435C-9B04-E85828BA1470}"=""
"{3FBC213D-F2EF-4DFF-958D-99B81A081895}"=""
"{4CFF2A1B-19F2-4479-829B-0986BAFCACDC}"=""
"{78803148-2545-4E8C-B008-49D07D698F5D}"=""
"{8F62E32E-0AD6-4BA1-A646-4A3DBA7F030A}"=""
"{A68EE9B4-0ED5-4778-95E7-7C99D31F7BD9}"=""
"{B1236AB3-0E05-40BA-806A-C2EFFE4938D5}"=""
"{C15DA4D9-28EE-4634-8D7E-B7524B424D80}"=""
"{D03F4AB9-C179-40DF-8935-F1912544ACE3}"=""
"{EC415F12-CAF6-4630-A5C6-B1C707A6F989}"=""
"{F18C482F-BBE7-4365-9A78-B753EF068E6B}"=""
"{F907BDD6-225B-463F-A6A2-65ABE108ED80}"=""
"{7B767751-A4F8-41E8-B195-2B1B2BB0A2A2}"=""
"{C8DC7C6D-C213-4655-87B8-18CB822BDEC6}"=""
"{08908FF0-ACF6-4888-B74A-4D441134687D}"=""
"{288B073C-E33F-4FEB-9D90-7A2D2A68D206}"=""
"{77438E9F-AF36-44DB-93B9-D4F0883A99F1}"=""
"{C6C02FE5-67F7-49D8-9D89-4ACCB6EAE3D8}"=""
"{0F0E402B-FFFB-4DFD-B28A-DDADF73E6454}"=""
"{C3CEACC1-EB62-4A8E-948C-9B8EE51FDA18}"=""
"{E3516063-8A5F-45CC-9C70-BA7C82532904}"=""
"{EED1C477-C4C3-4466-8F07-9475C8E3B624}"=""
"{A45C4E19-EAA4-4CDE-8C97-300789AED3FE}"=""
"{A98F3D21-810F-429F-9951-9C0C1F673E13}"=""
"{8EA3A97F-D435-4B98-94A0-5A183DB2A747}"=""
"{5933F3F7-8EA8-42B3-918A-59F74DA69658}"=""
"{61EB3A57-10B0-42E0-8DED-7405642F0170}"=""
"{15E70A79-EFAC-40DE-BAB4-8A3D86C5D2CA}"=""
"{DB962764-4728-4E3A-8CB8-9DAADD5A0781}"=""
"{20436B9C-6709-4C85-931E-32A87F5E8DBB}"=""
"{95BA52BC-A021-4A97-BB94-5467E0F27200}"=""
"{22BEDBE1-CBD9-4404-B345-0A14DA37F080}"=""
"{D2820F4B-7465-48C0-9D07-EDD55D09F228}"=""
"{0E15A971-7622-4463-AED0-63B62E0DCF6D}"=""
"{7A9B4DDE-199A-4D2D-A510-128B0A385659}"=""
"{FCDC465A-1F12-4CC9-87F2-46C67955D536}"=""
"{27C8BF3A-DD6E-415C-8778-D0C8ED846085}"=""
"{5D88BC4D-060B-4E97-A296-724AEC5A8789}"=""
"{701F6BBE-BC48-4DD3-BD35-B18C40B7211D}"=""
"{945AE161-AA7A-4490-BB16-90575B5A73CE}"=""
"{7A7E4AB0-1291-4F6B-9425-8A091EE6AD0E}"=""
"{E275C566-7A55-4A95-B541-626657A6C33E}"=""
"{E30CC268-2A1E-48F9-BD1C-594E8DA074E0}"=""
"{F993241B-6333-4EB1-A38A-6215F78FB1AD}"=""
"{BDE5E57A-22CF-4054-A152-98DAC4DAC42E}"=""
"{8F1EF17F-8B9A-4E87-8A86-469FA5F5B09F}"=""
"{F09EBC35-4A7D-4957-A1DD-7D62B8A94871}"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_2892"="{951E4DA8-F1F6-4BF3-AB2F-AF028F0F1FED}"
"ccSvcHst_UserSession_3916"="{D6D2966E-CD8F-4B9B-B1B4-9829CF11054F}"
"ccSvcHst_UserSession_4012"="{141718F6-19E3-417A-85E5-D2217ABA6440}"
"ccSvcHst_UserSession_3520"="{1D0AEAA7-9E3C-48C9-ACB0-0F8DA21B501E}"
"ccSvcHst_UserSession_3844"="{139EC54A-6074-46B5-BB33-46302D6CA096}"
"ccSvcHst_UserSession_4024"="{3B403973-F446-47D6-8248-0EBB7CF729C2}"
"ccSvcHst_UserSession_712"="{BE69A8B3-49A6-4959-89F2-3EF5EC4C312C}"
"ccSvcHst_UserSession_4084"="{FB09D1A1-3388-4001-B94D-1135067799E4}"
"ccSvcHst_UserSession_220"="{03AF6E19-5528-4CD3-A1A4-402086F2A331}"
"ccSvcHst_UserSession_2708"="{554D5790-A7EC-4337-A3ED-7D8251652E15}"
"ccSvcHst_UserSession_3252"="{0686F640-99B3-414E-B5E2-82B084925942}"
"ccSvcHst_UserSession_2008"="{F492B440-DFEB-4CFB-8955-33FA4DE789B0}"
"ccSvcHst_UserSession_3492"="{2038EDEE-C870-4E63-B2FE-A2804D5C630F}"
"ccSvcHst_UserSession_3452"="{CF156D6B-3D98-47EC-8243-9822A93D2E9A}"
"ccSvcHst_UserSession_3156"="{CD61764E-1B0C-4DAE-BB52-C7897E7AC803}"
"ccSvcHst_UserSession_584"="{33547C9D-7DF2-472A-A6A6-12EDC41E76FF}"
"ccSvcHst_UserSession_3560"="{35DFC072-B22B-412B-B8FD-A6DFD0FFF7A6}"
"ccSvcHst_UserSession_2468"="{3F7FBC23-D081-4070-97E0-49162E25D500}"
"ccSvcHst_UserSession_3420"="{EC0F5C3E-605E-45C3-B981-6B19066BFF7E}"
"ccSvcHst_N360"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"IPS_COMMAND_CHANNEL"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ncw_performance_IPC"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"_ProcessDetection_"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccGenericEvent_Global_EM"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccGenericEvent_Global_LM"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"_AvProdSvcComm_"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"SNDServiceRequestChannel"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"SNDLocationChannel"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccSettingsService"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"_isDataPrComm_"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"BashIPCChannel"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"g_coVistaProxyChannel"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"_HSPlayerCommand_"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ipcChannel_ShastaServer"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"SymRedirSvcRequestChannel"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"FWAlert"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccGenericLog_Manager"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"NortonNetServiceIPC"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"NetMapServiceIPC"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"isError_Service_IPC"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"_buSvcComm_"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"_buVssComm_"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"Tuneup_Context_Switch_Channel"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccSvcHst_UserSession_3576"="{2F6923A0-43D2-4760-BB46-FE2CC49CD228}"
"_ReputationSvcComm_ReputationPublisher"="{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"
"ccSvcHst_UserSession_2564"="{D4FAE72A-4679-404C-B5B2-BD70D347BFDC}"
"ccSvcHst_UserSession_2816"="{7F7FD54C-03E6-47F4-93EF-33C8C436DDC7}"
"ccSvcHst_UserSession_3700"="{C5DB59A6-7D2B-40AF-B6CB-7FE186AC6BBD}"
"ccSvcHst_UserSession_3244"="{482D7DCF-D749-43EA-9584-3214C6D76CC1}"
"ccSvcHst_UserSession_3432"="{A42355D9-EB4A-4DB5-9E31-E7037826D2C7}"
"ccSvcHst_UserSession_3600"="{ECC35A54-6194-4742-BBE5-4EB776754DCA}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"AvProdSession_01"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"AvProdSession_Options_01"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"AvProdSession_Scanless_01"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"_buUIComm_"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"clt::AlertChannel2_01"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"TRUSTCHANNEL"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"SDKCHANNEL1"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"ToasterNotify\\SessionID_1"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"AccountServices_1"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"FormHandler_1"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
"ccSvcHst_UserSession_3604"="{1F12D962-BA07-408A-9723-CFD7409DABE0}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{07803608-8130-43F3-9D68-7459DA3A96CC}"=""
"{141718F6-19E3-417A-85E5-D2217ABA6440}"=""
"{1D8FC38C-E45E-4D83-9551-103CD389EAAF}"=""
"{28356A88-DF37-4BE1-9E19-BF873C644CDE}"=""
"{3F640DD7-D961-4AD7-BA03-71C5E64961F9}"=""
"{44F411AE-FA78-4578-B7B4-63E12FD07481}"=""
"{5409E3A9-C3E5-44C7-9A13-5D81014D23B9}"=""
"{6F53F5B6-17D3-4A7F-9112-9A0173E02426}"=""
"{7942D56A-3821-4813-8559-F71E90674034}"=""
"{80F1DFCD-DF85-4DE0-8777-8C7C9F37FC0A}"=""
"{951E4DA8-F1F6-4BF3-AB2F-AF028F0F1FED}"=""
"{99AB4361-5014-4A48-A8AA-DD765345E836}"=""
"{ABD4BB80-4A69-46B2-AE86-5D151A13F5F2}"=""
"{D2C5E74E-13AE-4FBF-9019-C2EADFF80FF4}"=""
"{D6D2966E-CD8F-4B9B-B1B4-9829CF11054F}"=""
"{EDD87377-88E5-4780-B141-9B574B28F0EA}"=""
"{F97D1DE4-24DE-4DC1-9A73-D70895E17575}"=""
"{F99FD51D-EE3F-41D0-AA50-14A5A814FE56}"=""
"{FE27B9E8-FF3B-4ED3-B1A0-59AF0E126AA9}"=""
"{B96E1D42-00F6-40B3-8351-B3A06DB9645C}"=""
"{FF1D1B59-4C01-45D5-A5EC-9E2C5D5EEBFA}"=""
"{4E9A331D-E879-4612-B18C-F5C4900DEEEE}"=""
"{997F32CD-D3BC-470E-84CF-F4B2E43B6097}"=""
"{6E148293-0A2C-43E8-B5C2-B2AC800B70C5}"=""
"{EF05860E-1608-4E48-8DB2-DE64B9F524D8}"=""
"{CB4FC926-3E31-444D-A6F8-928BBBC5B2BD}"=""
"{EAD7397E-A3D2-4975-977F-AF0A92860C89}"=""
"{7354058D-6E5F-488B-9386-2CC2E8564FD6}"=""
"{CD054B62-88DE-4C35-B989-49E0B516BB89}"=""
"{B29BB74A-D161-4086-A7AD-FE6B337C93A2}"=""
"{1D0AEAA7-9E3C-48C9-ACB0-0F8DA21B501E}"=""
"{B784978C-0AD1-432F-95D8-42EBD868CCFD}"=""
"{139EC54A-6074-46B5-BB33-46302D6CA096}"=""
"{5AC9F92D-98A4-42AB-A1E7-92FE629D9B05}"=""
"{3B403973-F446-47D6-8248-0EBB7CF729C2}"=""
"{FBE93B60-FD7E-4CC7-B4BE-83F2992BE515}"=""
"{BE69A8B3-49A6-4959-89F2-3EF5EC4C312C}"=""
"{716F7BF1-2DC4-4488-BCAA-506068393679}"=""
"{FB09D1A1-3388-4001-B94D-1135067799E4}"=""
"{30700276-B792-442C-8CC4-473A975B53E3}"=""
"{03AF6E19-5528-4CD3-A1A4-402086F2A331}"=""
"{4A4B659E-520C-434C-96CF-CE8F43989D80}"=""
"{554D5790-A7EC-4337-A3ED-7D8251652E15}"=""
"{416889F4-6FCF-452B-BBD1-17CD930E29C9}"=""
"{0686F640-99B3-414E-B5E2-82B084925942}"=""
"{73C172F2-9767-4B7E-943B-BE9C0BB4603B}"=""
"{F492B440-DFEB-4CFB-8955-33FA4DE789B0}"=""
"{92090559-598E-4088-88E1-A30662DC39CB}"=""
"{2038EDEE-C870-4E63-B2FE-A2804D5C630F}"=""
"{3B722A5B-30FE-46C9-A4EB-52534D43DDE6}"=""
"{CF156D6B-3D98-47EC-8243-9822A93D2E9A}"=""
"{3686C2E1-4317-4809-B0A6-4003CD7DD445}"=""
"{CD61764E-1B0C-4DAE-BB52-C7897E7AC803}"=""
"{AA839779-9377-4917-B95A-49635AD5D058}"=""
"{B34169C8-3B0D-4772-999E-1E6DD1CA5987}"=""
"{3213E646-3032-460F-A27D-F08B390A8E0D}"=""
"{4A8FFB2A-ECF4-4B1B-A245-F30DF157C2EF}"=""
"{DE825C19-34C7-4D36-9EEE-223A8A78781A}"=""
"{C17352DC-EED7-4C83-A233-C2B2163DD534}"=""
"{33547C9D-7DF2-472A-A6A6-12EDC41E76FF}"=""
"{A0000C59-66C1-4D6C-AF1E-563680E95A4C}"=""
"{35DFC072-B22B-412B-B8FD-A6DFD0FFF7A6}"=""
"{C0A1B899-D3A9-4D0C-B962-E068FC47B74C}"=""
"{3F7FBC23-D081-4070-97E0-49162E25D500}"=""
"{D7342477-EF97-4312-B2CA-1B01A02ACA98}"=""
"{EC0F5C3E-605E-45C3-B981-6B19066BFF7E}"=""
"{2F3C2993-676C-42F6-A918-D023E316F448}"=""
"{84058666-2F05-4F35-B29C-DE59293E8FAE}"=""
"{0D0174B2-117C-4CAC-87B5-7C5A755D9FB0}"=""
"{2F6923A0-43D2-4760-BB46-FE2CC49CD228}"=""
"{0095B88F-51A4-466A-BEDA-41AC82B044A4}"=""
"{D4FAE72A-4679-404C-B5B2-BD70D347BFDC}"=""
"{1478EF69-F08B-40A5-88A3-0EE81CDC7C71}"=""
"{7F7FD54C-03E6-47F4-93EF-33C8C436DDC7}"=""
"{AEDB69B1-67C1-4AD8-88AA-7D69697C4436}"=""
"{C5DB59A6-7D2B-40AF-B6CB-7FE186AC6BBD}"=""
"{18821747-F70D-4DBD-8EFD-C2C15B38E26D}"=""
"{482D7DCF-D749-43EA-9584-3214C6D76CC1}"=""
"{B1EE3256-BFEB-4AF7-97E4-D6B863A8D922}"=""
"{A42355D9-EB4A-4DB5-9E31-E7037826D2C7}"=""
"{1ADF43A1-17D9-40D4-9CC8-2314A73ACC3B}"=""
"{D0553455-1758-4AC3-B0E2-B52028DA9AE8}"=""
"{6A7415E6-8DE9-41CC-B347-D9A2836EC31F}"=""
"{ECC35A54-6194-4742-BBE5-4EB776754DCA}"=""
"{F24B82F2-595D-4DC0-A768-13BF4C9007C2}"=""
"{1F12D962-BA07-408A-9723-CFD7409DABE0}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-13 00:35:58
ComboFix-quarantined-files.txt 2012-11-13 05:35
ComboFix2.txt 2012-11-12 21:43
ComboFix3.txt 2012-04-22 20:56
.
Pre-Run: 219,992,104,960 bytes libres
Post-Run: 219,766,136,832 bytes libres
.
- - End Of File - - 0B84146663A7E03A83F0967CDDC91409

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 13 November 2012 - 04:21 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 marky1991

marky1991
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 13 November 2012 - 01:00 PM

11:34:23.0088 1348 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:34:23.0447 1348 ============================================================
11:34:23.0447 1348 Current date / time: 2012/11/13 11:34:23.0447
11:34:23.0447 1348 SystemInfo:
11:34:23.0447 1348
11:34:23.0447 1348 OS Version: 6.1.7601 ServicePack: 1.0
11:34:23.0447 1348 Product type: Workstation
11:34:23.0447 1348 ComputerName: KIRBY
11:34:23.0447 1348 UserName: Background
11:34:23.0447 1348 Windows directory: C:\Windows
11:34:23.0447 1348 System windows directory: C:\Windows
11:34:23.0447 1348 Processor architecture: Intel x86
11:34:23.0447 1348 Number of processors: 2
11:34:23.0447 1348 Page size: 0x1000
11:34:23.0447 1348 Boot type: Safe boot with network
11:34:23.0447 1348 ============================================================
11:34:23.0899 1348 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:34:23.0899 1348 ============================================================
11:34:23.0899 1348 \Device\Harddisk0\DR0:
11:34:23.0899 1348 MBR partitions:
11:34:23.0899 1348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
11:34:23.0899 1348 ============================================================
11:34:23.0946 1348 C: <-> \Device\Harddisk0\DR0\Partition1
11:34:23.0946 1348 ============================================================
11:34:23.0946 1348 Initialize success
11:34:23.0946 1348 ============================================================
11:34:33.0852 1360 ============================================================
11:34:33.0852 1360 Scan started
11:34:33.0852 1360 Mode: Manual;
11:34:33.0852 1360 ============================================================
11:34:34.0055 1360 ================ Scan system memory ========================
11:34:34.0055 1360 System memory - ok
11:34:34.0055 1360 ================ Scan services =============================
11:34:34.0242 1360 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:34:34.0242 1360 1394ohci - ok
11:34:34.0289 1360 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:34:34.0289 1360 ACPI - ok
11:34:34.0320 1360 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:34:34.0320 1360 AcpiPmi - ok
11:34:34.0367 1360 [ 9AF9890A9A1D8558E4353942F0713B15 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
11:34:34.0367 1360 ADIHdAudAddService - ok
11:34:34.0492 1360 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:34:34.0492 1360 AdobeARMservice - ok
11:34:34.0570 1360 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:34:34.0570 1360 AdobeFlashPlayerUpdateSvc - ok
11:34:34.0632 1360 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:34:34.0632 1360 adp94xx - ok
11:34:34.0648 1360 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:34:34.0663 1360 adpahci - ok
11:34:34.0679 1360 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:34:34.0679 1360 adpu320 - ok
11:34:34.0772 1360 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
11:34:34.0772 1360 AEADIFilters - ok
11:34:34.0804 1360 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:34:34.0819 1360 AeLookupSvc - ok
11:34:34.0913 1360 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:34:34.0928 1360 AFD - ok
11:34:34.0944 1360 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:34:34.0944 1360 agp440 - ok
11:34:34.0975 1360 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:34:34.0991 1360 aic78xx - ok
11:34:35.0022 1360 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:34:35.0022 1360 ALG - ok
11:34:35.0038 1360 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:34:35.0038 1360 aliide - ok
11:34:35.0084 1360 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:34:35.0084 1360 amdagp - ok
11:34:35.0100 1360 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:34:35.0100 1360 amdide - ok
11:34:35.0162 1360 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:34:35.0162 1360 AmdK8 - ok
11:34:35.0178 1360 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:34:35.0178 1360 AmdPPM - ok
11:34:35.0209 1360 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:34:35.0225 1360 amdsata - ok
11:34:35.0256 1360 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:34:35.0256 1360 amdsbs - ok
11:34:35.0318 1360 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:34:35.0318 1360 amdxata - ok
11:34:35.0350 1360 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:34:35.0350 1360 AppID - ok
11:34:35.0365 1360 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:34:35.0365 1360 AppIDSvc - ok
11:34:35.0381 1360 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
11:34:35.0381 1360 Appinfo - ok
11:34:35.0474 1360 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:34:35.0474 1360 Apple Mobile Device - ok
11:34:35.0521 1360 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
11:34:35.0537 1360 AppMgmt - ok
11:34:35.0552 1360 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
11:34:35.0552 1360 arc - ok
11:34:35.0568 1360 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:34:35.0568 1360 arcsas - ok
11:34:35.0693 1360 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:34:35.0693 1360 aspnet_state - ok
11:34:35.0724 1360 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:35.0724 1360 AsyncMac - ok
11:34:35.0771 1360 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:34:35.0771 1360 atapi - ok
11:34:35.0833 1360 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:34:35.0833 1360 AudioEndpointBuilder - ok
11:34:35.0864 1360 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:34:35.0864 1360 Audiosrv - ok
11:34:35.0974 1360 [ 7FC6D570DBC850EFC7647D3416D0E35A ] AVerBDA6x C:\Windows\system32\DRIVERS\AVerBDA716x.sys
11:34:36.0005 1360 AVerBDA6x - ok
11:34:36.0052 1360 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:34:36.0052 1360 AxInstSV - ok
11:34:36.0067 1360 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
11:34:36.0083 1360 b06bdrv - ok
11:34:36.0114 1360 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:34:36.0114 1360 b57nd60x - ok
11:34:36.0176 1360 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:34:36.0176 1360 BDESVC - ok
11:34:36.0176 1360 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:34:36.0192 1360 Beep - ok
11:34:36.0223 1360 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
11:34:36.0239 1360 BFE - ok
11:34:36.0395 1360 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
11:34:36.0395 1360 BHDrvx86 - ok
11:34:36.0473 1360 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
11:34:36.0582 1360 BITS - ok
11:34:36.0644 1360 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:34:36.0660 1360 blbdrive - ok
11:34:36.0707 1360 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:34:36.0707 1360 Bonjour Service - ok
11:34:36.0738 1360 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:34:36.0738 1360 bowser - ok
11:34:36.0769 1360 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:34:36.0769 1360 BrFiltLo - ok
11:34:36.0785 1360 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:34:36.0785 1360 BrFiltUp - ok
11:34:36.0832 1360 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:34:36.0832 1360 BridgeMP - ok
11:34:36.0925 1360 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:34:36.0925 1360 Browser - ok
11:34:36.0956 1360 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:34:36.0956 1360 Brserid - ok
11:34:36.0988 1360 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:34:36.0988 1360 BrSerWdm - ok
11:34:37.0019 1360 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:34:37.0019 1360 BrUsbMdm - ok
11:34:37.0034 1360 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:34:37.0034 1360 BrUsbSer - ok
11:34:37.0081 1360 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:34:37.0081 1360 BthEnum - ok
11:34:37.0112 1360 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:34:37.0112 1360 BTHMODEM - ok
11:34:37.0128 1360 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:34:37.0128 1360 BthPan - ok
11:34:37.0190 1360 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:34:37.0190 1360 BTHPORT - ok
11:34:37.0253 1360 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:34:37.0253 1360 bthserv - ok
11:34:37.0268 1360 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:34:37.0268 1360 BTHUSB - ok
11:34:37.0409 1360 catchme - ok
11:34:37.0534 1360 [ 1FA1C0E73ECA849BED29A47C508F7F17 ] ccHP C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
11:34:37.0565 1360 ccHP - ok
11:34:37.0612 1360 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:34:37.0612 1360 cdfs - ok
11:34:37.0658 1360 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:34:37.0658 1360 cdrom - ok
11:34:37.0705 1360 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:34:37.0705 1360 CertPropSvc - ok
11:34:37.0768 1360 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:34:37.0768 1360 circlass - ok
11:34:37.0814 1360 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:34:37.0814 1360 CLFS - ok
11:34:37.0861 1360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:37.0861 1360 clr_optimization_v2.0.50727_32 - ok
11:34:37.0924 1360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:34:37.0986 1360 clr_optimization_v4.0.30319_32 - ok
11:34:38.0002 1360 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:34:38.0002 1360 CmBatt - ok
11:34:38.0002 1360 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:34:38.0002 1360 cmdide - ok
11:34:38.0048 1360 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
11:34:38.0048 1360 CNG - ok
11:34:38.0080 1360 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:34:38.0080 1360 Compbatt - ok
11:34:38.0095 1360 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:34:38.0095 1360 CompositeBus - ok
11:34:38.0111 1360 COMSysApp - ok
11:34:38.0126 1360 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:34:38.0126 1360 crcdisk - ok
11:34:38.0173 1360 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:34:38.0173 1360 CryptSvc - ok
11:34:38.0220 1360 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
11:34:38.0236 1360 CSC - ok
11:34:38.0251 1360 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
11:34:38.0267 1360 CscService - ok
11:34:38.0314 1360 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:34:38.0329 1360 DcomLaunch - ok
11:34:38.0392 1360 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:34:38.0392 1360 defragsvc - ok
11:34:38.0438 1360 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:34:38.0438 1360 DfsC - ok
11:34:38.0470 1360 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:34:38.0470 1360 Dhcp - ok
11:34:38.0485 1360 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:34:38.0485 1360 discache - ok
11:34:38.0563 1360 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
11:34:38.0563 1360 Disk - ok
11:34:38.0579 1360 dlcc_device - ok
11:34:38.0626 1360 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:34:38.0626 1360 dmvsc - ok
11:34:38.0672 1360 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:34:38.0672 1360 Dnscache - ok
11:34:38.0688 1360 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
11:34:38.0688 1360 dot3svc - ok
11:34:38.0735 1360 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:34:38.0735 1360 DPS - ok
11:34:38.0813 1360 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:34:38.0813 1360 drmkaud - ok
11:34:38.0844 1360 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:34:38.0860 1360 DXGKrnl - ok
11:34:38.0922 1360 [ AB173501AB6BE92B1C2558CB2A60EB9F ] DynDNS Updater C:\Program Files\DynDNS Updater\DynUpSvc.exe
11:34:38.0922 1360 DynDNS Updater - ok
11:34:38.0969 1360 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:34:38.0969 1360 EapHost - ok
11:34:39.0078 1360 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
11:34:39.0125 1360 ebdrv - ok
11:34:39.0187 1360 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:34:39.0187 1360 eeCtrl - ok
11:34:39.0203 1360 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
11:34:39.0203 1360 EFS - ok
11:34:39.0296 1360 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:34:39.0296 1360 ehRecvr - ok
11:34:39.0312 1360 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:34:39.0312 1360 ehSched - ok
11:34:39.0374 1360 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
11:34:39.0374 1360 ElbyCDIO - ok
11:34:39.0421 1360 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:34:39.0421 1360 elxstor - ok
11:34:39.0452 1360 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:34:39.0452 1360 EraserUtilRebootDrv - ok
11:34:39.0499 1360 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:34:39.0499 1360 ErrDev - ok
11:34:39.0577 1360 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:34:39.0577 1360 EventSystem - ok
11:34:39.0593 1360 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:34:39.0593 1360 exfat - ok
11:34:39.0624 1360 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:34:39.0624 1360 fastfat - ok
11:34:39.0671 1360 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:34:39.0671 1360 Fax - ok
11:34:39.0718 1360 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
11:34:39.0733 1360 fdc - ok
11:34:39.0764 1360 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:34:39.0764 1360 fdPHost - ok
11:34:39.0780 1360 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:34:39.0780 1360 FDResPub - ok
11:34:39.0796 1360 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:34:39.0796 1360 FileInfo - ok
11:34:39.0827 1360 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:34:39.0827 1360 Filetrace - ok
11:34:39.0842 1360 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:34:39.0842 1360 flpydisk - ok
11:34:39.0858 1360 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:34:39.0874 1360 FltMgr - ok
11:34:39.0920 1360 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
11:34:39.0936 1360 FontCache - ok
11:34:40.0045 1360 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:34:40.0045 1360 FontCache3.0.0.0 - ok
11:34:40.0061 1360 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:34:40.0061 1360 FsDepends - ok
11:34:40.0076 1360 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:34:40.0076 1360 Fs_Rec - ok
11:34:40.0123 1360 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:34:40.0123 1360 fvevol - ok
11:34:40.0154 1360 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:34:40.0154 1360 gagp30kx - ok
11:34:40.0186 1360 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:34:40.0186 1360 GEARAspiWDM - ok
11:34:40.0248 1360 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
11:34:40.0264 1360 giveio - ok
11:34:40.0310 1360 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:34:40.0326 1360 gpsvc - ok
11:34:40.0420 1360 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:34:40.0420 1360 gupdate - ok
11:34:40.0435 1360 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:34:40.0435 1360 gupdatem - ok
11:34:40.0498 1360 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:34:40.0498 1360 hcw85cir - ok
11:34:40.0544 1360 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:34:40.0544 1360 HDAudBus - ok
11:34:40.0560 1360 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:34:40.0560 1360 HidBatt - ok
11:34:40.0576 1360 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:34:40.0576 1360 HidBth - ok
11:34:40.0607 1360 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:34:40.0607 1360 HidIr - ok
11:34:40.0638 1360 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
11:34:40.0638 1360 hidserv - ok
11:34:40.0685 1360 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:34:40.0685 1360 HidUsb - ok
11:34:40.0716 1360 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:34:40.0716 1360 hkmsvc - ok
11:34:40.0747 1360 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:34:40.0747 1360 HomeGroupListener - ok
11:34:40.0794 1360 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:34:40.0794 1360 HomeGroupProvider - ok
11:34:40.0888 1360 [ 4AA78C37C3E5AE56946FDFD7B9C93A5E ] HP Touch Screen Enhance C:\Program Files\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
11:34:40.0888 1360 HP Touch Screen Enhance - ok
11:34:40.0903 1360 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:34:40.0903 1360 HpSAMD - ok
11:34:40.0919 1360 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:34:40.0934 1360 HTTP - ok
11:34:40.0950 1360 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:34:40.0950 1360 hwpolicy - ok
11:34:40.0981 1360 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:34:40.0981 1360 i8042prt - ok
11:34:41.0012 1360 [ F4F4CBC7F6C7CB940AA9F0AAF3EF1104 ] iaStor C:\Windows\system32\drivers\iaStor.sys
11:34:41.0012 1360 iaStor - ok
11:34:41.0153 1360 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:34:41.0153 1360 IAStorDataMgrSvc - ok
11:34:41.0168 1360 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:34:41.0184 1360 iaStorV - ok
11:34:41.0246 1360 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:34:41.0262 1360 IDriverT - ok
11:34:41.0324 1360 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:34:41.0324 1360 idsvc - ok
11:34:41.0449 1360 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121109.001\IDSvix86.sys
11:34:41.0449 1360 IDSVix86 - ok
11:34:41.0496 1360 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:34:41.0496 1360 iirsp - ok
11:34:41.0543 1360 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
11:34:41.0543 1360 IKEEXT - ok
11:34:41.0574 1360 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:34:41.0574 1360 intelide - ok
11:34:41.0621 1360 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:34:41.0621 1360 intelppm - ok
11:34:41.0668 1360 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:34:41.0668 1360 IPBusEnum - ok
11:34:41.0699 1360 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:34:41.0699 1360 IpFilterDriver - ok
11:34:41.0761 1360 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:34:41.0761 1360 iphlpsvc - ok
11:34:41.0792 1360 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:34:41.0792 1360 IPMIDRV - ok
11:34:41.0808 1360 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:34:41.0808 1360 IPNAT - ok
11:34:41.0870 1360 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:34:41.0886 1360 iPod Service - ok
11:34:41.0902 1360 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:34:41.0902 1360 IRENUM - ok
11:34:41.0917 1360 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:34:41.0917 1360 isapnp - ok
11:34:41.0948 1360 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:34:41.0948 1360 iScsiPrt - ok
11:34:41.0964 1360 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:34:41.0964 1360 kbdclass - ok
11:34:41.0980 1360 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:34:41.0980 1360 kbdhid - ok
11:34:41.0995 1360 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
11:34:41.0995 1360 KeyIso - ok
11:34:42.0026 1360 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:34:42.0026 1360 KSecDD - ok
11:34:42.0042 1360 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:34:42.0042 1360 KSecPkg - ok
11:34:42.0089 1360 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:34:42.0104 1360 KtmRm - ok
11:34:42.0151 1360 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
11:34:42.0167 1360 LanmanServer - ok
11:34:42.0198 1360 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:34:42.0214 1360 LanmanWorkstation - ok
11:34:42.0260 1360 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:34:42.0260 1360 lltdio - ok
11:34:42.0307 1360 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:34:42.0307 1360 lltdsvc - ok
11:34:42.0338 1360 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:34:42.0338 1360 lmhosts - ok
11:34:42.0370 1360 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:34:42.0370 1360 LSI_FC - ok
11:34:42.0401 1360 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:34:42.0401 1360 LSI_SAS - ok
11:34:42.0432 1360 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:34:42.0432 1360 LSI_SAS2 - ok
11:34:42.0463 1360 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:34:42.0463 1360 LSI_SCSI - ok
11:34:42.0510 1360 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:34:42.0510 1360 luafv - ok
11:34:42.0541 1360 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:34:42.0541 1360 MBAMProtector - ok
11:34:42.0666 1360 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:34:42.0666 1360 MBAMScheduler - ok
11:34:42.0697 1360 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:34:42.0697 1360 MBAMService - ok
11:34:42.0744 1360 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:34:42.0744 1360 Mcx2Svc - ok
11:34:42.0760 1360 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
11:34:42.0760 1360 megasas - ok
11:34:42.0775 1360 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:34:42.0791 1360 MegaSR - ok
11:34:42.0838 1360 Microsoft SharePoint Workspace Audit Service - ok
11:34:42.0884 1360 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:34:42.0884 1360 MMCSS - ok
11:34:42.0900 1360 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:34:42.0900 1360 Modem - ok
11:34:42.0916 1360 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:34:42.0916 1360 monitor - ok
11:34:42.0962 1360 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:34:42.0962 1360 mouclass - ok
11:34:42.0978 1360 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:34:42.0978 1360 mouhid - ok
11:34:42.0994 1360 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:34:42.0994 1360 mountmgr - ok
11:34:43.0056 1360 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:34:43.0072 1360 MozillaMaintenance - ok
11:34:43.0103 1360 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
11:34:43.0103 1360 mpio - ok
11:34:43.0118 1360 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:34:43.0118 1360 mpsdrv - ok
11:34:43.0150 1360 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:34:43.0165 1360 MpsSvc - ok
11:34:43.0181 1360 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:34:43.0181 1360 MRxDAV - ok
11:34:43.0228 1360 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:34:43.0228 1360 mrxsmb - ok
11:34:43.0243 1360 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:34:43.0243 1360 mrxsmb10 - ok
11:34:43.0259 1360 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:34:43.0259 1360 mrxsmb20 - ok
11:34:43.0274 1360 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:34:43.0290 1360 msahci - ok
11:34:43.0321 1360 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:34:43.0321 1360 msdsm - ok
11:34:43.0352 1360 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:34:43.0352 1360 MSDTC - ok
11:34:43.0384 1360 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:34:43.0384 1360 Msfs - ok
11:34:43.0399 1360 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:34:43.0399 1360 mshidkmdf - ok
11:34:43.0415 1360 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:34:43.0415 1360 msisadrv - ok
11:34:43.0477 1360 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:34:43.0477 1360 MSiSCSI - ok
11:34:43.0477 1360 msiserver - ok
11:34:43.0540 1360 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:34:43.0540 1360 MSKSSRV - ok
11:34:43.0555 1360 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:34:43.0555 1360 MSPCLOCK - ok
11:34:43.0571 1360 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:34:43.0586 1360 MSPQM - ok
11:34:43.0602 1360 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:34:43.0602 1360 MsRPC - ok
11:34:43.0633 1360 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:34:43.0633 1360 mssmbios - ok
11:34:43.0664 1360 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:34:43.0664 1360 MSTEE - ok
11:34:43.0680 1360 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:34:43.0680 1360 MTConfig - ok
11:34:43.0696 1360 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:34:43.0696 1360 Mup - ok
11:34:43.0789 1360 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
11:34:43.0789 1360 N360 - ok
11:34:43.0836 1360 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:34:43.0836 1360 napagent - ok
11:34:43.0898 1360 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:34:43.0898 1360 NativeWifiP - ok
11:34:43.0976 1360 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121111.008\NAVENG.SYS
11:34:43.0976 1360 NAVENG - ok
11:34:44.0023 1360 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121111.008\NAVEX15.SYS
11:34:44.0054 1360 NAVEX15 - ok
11:34:44.0117 1360 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:34:44.0117 1360 NDIS - ok
11:34:44.0148 1360 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:34:44.0148 1360 NdisCap - ok
11:34:44.0195 1360 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:34:44.0195 1360 NdisTapi - ok
11:34:44.0210 1360 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:34:44.0210 1360 Ndisuio - ok
11:34:44.0226 1360 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:34:44.0242 1360 NdisWan - ok
11:34:44.0257 1360 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:34:44.0257 1360 NDProxy - ok
11:34:44.0273 1360 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:34:44.0273 1360 NetBIOS - ok
11:34:44.0320 1360 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:34:44.0320 1360 NetBT - ok
11:34:44.0335 1360 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
11:34:44.0335 1360 Netlogon - ok
11:34:44.0398 1360 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:34:44.0398 1360 Netman - ok
11:34:44.0429 1360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:34:44.0444 1360 NetMsmqActivator - ok
11:34:44.0460 1360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:34:44.0460 1360 NetPipeActivator - ok
11:34:44.0476 1360 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:34:44.0491 1360 netprofm - ok
11:34:44.0569 1360 [ F9DC9001195CB174612B97E18796335A ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
11:34:44.0585 1360 netr28 - ok
11:34:44.0585 1360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:34:44.0585 1360 NetTcpActivator - ok
11:34:44.0600 1360 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:34:44.0616 1360 NetTcpPortSharing - ok
11:34:44.0663 1360 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:34:44.0663 1360 nfrd960 - ok
11:34:44.0694 1360 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:34:44.0694 1360 NlaSvc - ok
11:34:44.0772 1360 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
11:34:44.0772 1360 NPF - ok
11:34:44.0788 1360 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:34:44.0788 1360 Npfs - ok
11:34:44.0803 1360 npggsvc - ok
11:34:44.0819 1360 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:34:44.0819 1360 nsi - ok
11:34:44.0834 1360 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:34:44.0834 1360 nsiproxy - ok
11:34:44.0866 1360 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:34:44.0897 1360 Ntfs - ok
11:34:44.0912 1360 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:34:44.0912 1360 Null - ok
11:34:45.0100 1360 [ B71077E8B72B2ABF4A6F9C4242F600BB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:34:45.0271 1360 nvlddmkm - ok
11:34:45.0302 1360 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:34:45.0318 1360 nvraid - ok
11:34:45.0334 1360 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:34:45.0334 1360 nvstor - ok
11:34:45.0365 1360 [ A59A238CE95BA78D1112CBB7623455C9 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:34:45.0365 1360 nvsvc - ok
11:34:45.0396 1360 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:34:45.0396 1360 nv_agp - ok
11:34:45.0427 1360 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:34:45.0427 1360 ohci1394 - ok
11:34:45.0521 1360 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:34:45.0521 1360 ose - ok
11:34:45.0630 1360 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:34:45.0724 1360 osppsvc - ok
11:34:45.0786 1360 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:34:45.0786 1360 p2pimsvc - ok
11:34:45.0802 1360 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:34:45.0802 1360 p2psvc - ok
11:34:45.0848 1360 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
11:34:45.0864 1360 Parport - ok
11:34:45.0895 1360 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:34:45.0895 1360 partmgr - ok
11:34:45.0911 1360 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:34:45.0911 1360 Parvdm - ok
11:34:45.0958 1360 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:34:45.0958 1360 PcaSvc - ok
11:34:45.0973 1360 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
11:34:45.0973 1360 pci - ok
11:34:46.0004 1360 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:34:46.0004 1360 pciide - ok
11:34:46.0051 1360 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:34:46.0051 1360 pcmcia - ok
11:34:46.0067 1360 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:34:46.0067 1360 pcw - ok
11:34:46.0114 1360 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:34:46.0114 1360 PEAUTH - ok
11:34:46.0176 1360 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:34:46.0176 1360 PeerDistSvc - ok
11:34:46.0301 1360 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
11:34:46.0332 1360 pla - ok
11:34:46.0394 1360 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:34:46.0394 1360 PlugPlay - ok
11:34:46.0410 1360 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:34:46.0410 1360 PNRPAutoReg - ok
11:34:46.0426 1360 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:34:46.0426 1360 PNRPsvc - ok
11:34:46.0472 1360 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:34:46.0488 1360 PolicyAgent - ok
11:34:46.0519 1360 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
11:34:46.0519 1360 Power - ok
11:34:46.0582 1360 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:34:46.0582 1360 PptpMiniport - ok
11:34:46.0597 1360 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
11:34:46.0597 1360 Processor - ok
11:34:46.0644 1360 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
11:34:46.0644 1360 ProfSvc - ok
11:34:46.0675 1360 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:34:46.0675 1360 ProtectedStorage - ok
11:34:46.0706 1360 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:34:46.0706 1360 Psched - ok
11:34:46.0784 1360 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:34:46.0816 1360 ql2300 - ok
11:34:46.0831 1360 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:34:46.0831 1360 ql40xx - ok
11:34:46.0862 1360 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:34:46.0862 1360 QWAVE - ok
11:34:46.0894 1360 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:34:46.0894 1360 QWAVEdrv - ok
11:34:46.0909 1360 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:34:46.0909 1360 RasAcd - ok
11:34:46.0972 1360 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:34:46.0972 1360 RasAgileVpn - ok
11:34:46.0972 1360 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:34:46.0987 1360 RasAuto - ok
11:34:47.0018 1360 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:34:47.0018 1360 Rasl2tp - ok
11:34:47.0065 1360 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:34:47.0065 1360 RasMan - ok
11:34:47.0096 1360 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:34:47.0096 1360 RasPppoe - ok
11:34:47.0096 1360 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:34:47.0112 1360 RasSstp - ok
11:34:47.0128 1360 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:34:47.0128 1360 rdbss - ok
11:34:47.0128 1360 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:34:47.0128 1360 rdpbus - ok
11:34:47.0159 1360 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:34:47.0174 1360 RDPCDD - ok
11:34:47.0221 1360 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:34:47.0221 1360 RDPDR - ok
11:34:47.0252 1360 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:34:47.0252 1360 RDPENCDD - ok
11:34:47.0268 1360 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:34:47.0268 1360 RDPREFMP - ok
11:34:47.0299 1360 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:34:47.0299 1360 RDPWD - ok
11:34:47.0315 1360 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:34:47.0315 1360 rdyboost - ok
11:34:47.0362 1360 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:34:47.0362 1360 RemoteAccess - ok
11:34:47.0408 1360 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:34:47.0408 1360 RemoteRegistry - ok
11:34:47.0471 1360 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:34:47.0471 1360 RFCOMM - ok
11:34:47.0518 1360 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
11:34:47.0533 1360 rpcapd - ok
11:34:47.0549 1360 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:34:47.0549 1360 RpcEptMapper - ok
11:34:47.0596 1360 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:34:47.0596 1360 RpcLocator - ok
11:34:47.0627 1360 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
11:34:47.0627 1360 RpcSs - ok
11:34:47.0658 1360 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:34:47.0674 1360 rspndr - ok
11:34:47.0736 1360 [ 034088AACDEA485F9758964FB8BA571A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
11:34:47.0736 1360 RTL8169 - ok
11:34:47.0783 1360 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:34:47.0783 1360 s3cap - ok
11:34:47.0798 1360 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
11:34:47.0798 1360 SamSs - ok
11:34:47.0830 1360 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:34:47.0845 1360 sbp2port - ok
11:34:47.0861 1360 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:34:47.0876 1360 SCardSvr - ok
11:34:47.0908 1360 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:34:47.0908 1360 scfilter - ok
11:34:47.0939 1360 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:34:47.0939 1360 Schedule - ok
11:34:47.0970 1360 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:34:47.0970 1360 SCPolicySvc - ok
11:34:48.0001 1360 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:34:48.0001 1360 SDRSVC - ok
11:34:48.0048 1360 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:34:48.0048 1360 secdrv - ok
11:34:48.0064 1360 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:34:48.0064 1360 seclogon - ok
11:34:48.0110 1360 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
11:34:48.0110 1360 SENS - ok
11:34:48.0142 1360 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:34:48.0142 1360 SensrSvc - ok
11:34:48.0173 1360 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:34:48.0173 1360 Serenum - ok
11:34:48.0220 1360 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
11:34:48.0220 1360 Serial - ok
11:34:48.0251 1360 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:34:48.0251 1360 sermouse - ok
11:34:48.0282 1360 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:34:48.0298 1360 SessionEnv - ok
11:34:48.0329 1360 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:34:48.0329 1360 sffdisk - ok
11:34:48.0344 1360 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:34:48.0344 1360 sffp_mmc - ok
11:34:48.0391 1360 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:34:48.0391 1360 sffp_sd - ok
11:34:48.0407 1360 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:34:48.0407 1360 sfloppy - ok
11:34:48.0469 1360 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:34:48.0469 1360 SharedAccess - ok
11:34:48.0500 1360 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:34:48.0500 1360 ShellHWDetection - ok
11:34:48.0532 1360 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:34:48.0532 1360 sisagp - ok
11:34:48.0563 1360 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:34:48.0563 1360 SiSRaid2 - ok
11:34:48.0563 1360 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:34:48.0563 1360 SiSRaid4 - ok
11:34:48.0656 1360 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:34:48.0656 1360 SkypeUpdate - ok
11:34:48.0688 1360 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:34:48.0703 1360 Smb - ok
11:34:48.0750 1360 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:34:48.0766 1360 SNMPTRAP - ok
11:34:48.0812 1360 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
11:34:48.0812 1360 speedfan - ok
11:34:48.0828 1360 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:34:48.0828 1360 spldr - ok
11:34:48.0890 1360 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
11:34:48.0890 1360 Spooler - ok
11:34:48.0953 1360 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:34:49.0015 1360 sppsvc - ok
11:34:49.0031 1360 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:34:49.0031 1360 sppuinotify - ok
11:34:49.0078 1360 [ A199171385BE17973FD800FA91F8F78A ] sptd C:\Windows\System32\Drivers\sptd.sys
11:34:49.0078 1360 sptd - ok
11:34:49.0156 1360 [ EC5C3C6260F4019B03DFAA03EC8CBF6A ] SRTSP C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS
11:34:49.0171 1360 SRTSP - ok
11:34:49.0171 1360 [ 55D5C37ED41231E3AC2063D16DF50840 ] SRTSPX C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS
11:34:49.0171 1360 SRTSPX - ok
11:34:49.0202 1360 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:34:49.0202 1360 srv - ok
11:34:49.0234 1360 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:34:49.0234 1360 srv2 - ok
11:34:49.0265 1360 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:34:49.0265 1360 srvnet - ok
11:34:49.0343 1360 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
11:34:49.0343 1360 sscdbus - ok
11:34:49.0358 1360 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
11:34:49.0358 1360 sscdmdfl - ok
11:34:49.0390 1360 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
11:34:49.0390 1360 sscdmdm - ok
11:34:49.0421 1360 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
11:34:49.0421 1360 sscdserd - ok
11:34:49.0468 1360 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:34:49.0483 1360 SSDPSRV - ok
11:34:49.0530 1360 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:34:49.0530 1360 SstpSvc - ok
11:34:49.0546 1360 Steam Client Service - ok
11:34:49.0592 1360 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:34:49.0592 1360 stexstor - ok
11:34:49.0655 1360 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:34:49.0655 1360 StiSvc - ok
11:34:49.0702 1360 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:34:49.0702 1360 storflt - ok
11:34:49.0748 1360 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
11:34:49.0748 1360 StorSvc - ok
11:34:49.0764 1360 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:34:49.0764 1360 storvsc - ok
11:34:49.0780 1360 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:34:49.0795 1360 swenum - ok
11:34:49.0811 1360 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:34:49.0811 1360 swprv - ok
11:34:49.0858 1360 [ 56890BF9D9204B93042089D4B45AE671 ] SymDS C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS
11:34:49.0858 1360 SymDS - ok
11:34:49.0889 1360 [ 10BA64273FEFF4DF0A7CCB0FF3B9B26B ] SymEFA C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS
11:34:49.0904 1360 SymEFA - ok
11:34:49.0967 1360 [ 961B48B86F94D4CC8CEB483F8AA89374 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
11:34:49.0967 1360 SymEvent - ok
11:34:50.0029 1360 [ DC80FBF0A348E54853EF82EED4E11E35 ] SymIRON C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS
11:34:50.0029 1360 SymIRON - ok
11:34:50.0060 1360 [ B501D61792D8355EAE7EB4F7449A9D99 ] SYMTDIv C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS
11:34:50.0060 1360 SYMTDIv - ok
11:34:50.0092 1360 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:34:50.0123 1360 SysMain - ok
11:34:50.0138 1360 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:34:50.0138 1360 TabletInputService - ok
11:34:50.0170 1360 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:34:50.0170 1360 TapiSrv - ok
11:34:50.0201 1360 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:34:50.0201 1360 TBS - ok
11:34:50.0248 1360 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:34:50.0279 1360 Tcpip - ok
11:34:50.0310 1360 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:34:50.0326 1360 TCPIP6 - ok
11:34:50.0372 1360 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:34:50.0388 1360 tcpipreg - ok
11:34:50.0419 1360 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:34:50.0419 1360 TDPIPE - ok
11:34:50.0435 1360 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:34:50.0435 1360 TDTCP - ok
11:34:50.0482 1360 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:34:50.0482 1360 tdx - ok
11:34:50.0497 1360 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:34:50.0497 1360 TermDD - ok
11:34:50.0513 1360 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
11:34:50.0528 1360 TermService - ok
11:34:50.0544 1360 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:34:50.0560 1360 Themes - ok
11:34:50.0560 1360 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:34:50.0575 1360 THREADORDER - ok
11:34:50.0622 1360 [ CE92B84ED806F1C5C340A51DFD3E49BC ] TlntSvr C:\Windows\System32\tlntsvr.exe
11:34:50.0622 1360 TlntSvr - ok
11:34:50.0653 1360 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:34:50.0653 1360 TrkWks - ok
11:34:50.0731 1360 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:34:50.0731 1360 TrustedInstaller - ok
11:34:50.0747 1360 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:34:50.0747 1360 tssecsrv - ok
11:34:50.0762 1360 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:34:50.0762 1360 TsUsbFlt - ok
11:34:50.0794 1360 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:34:50.0794 1360 TsUsbGD - ok
11:34:50.0840 1360 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:34:50.0840 1360 tunnel - ok
11:34:50.0965 1360 [ 711561440FDC396CB6E4C69C13375A38 ] tvnserver C:\Program Files\TightVNC\tvnserver.exe
11:34:50.0965 1360 tvnserver - ok
11:34:50.0981 1360 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:34:50.0981 1360 uagp35 - ok
11:34:51.0028 1360 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:34:51.0028 1360 udfs - ok
11:34:51.0059 1360 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:34:51.0074 1360 UI0Detect - ok
11:34:51.0090 1360 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:34:51.0090 1360 uliagpkx - ok
11:34:51.0106 1360 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:34:51.0106 1360 umbus - ok
11:34:51.0137 1360 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
11:34:51.0137 1360 UmPass - ok
11:34:51.0199 1360 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
11:34:51.0199 1360 UmRdpService - ok
11:34:51.0230 1360 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:34:51.0246 1360 upnphost - ok
11:34:51.0293 1360 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
11:34:51.0293 1360 USBAAPL - ok
11:34:51.0308 1360 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:34:51.0324 1360 usbccgp - ok
11:34:51.0355 1360 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:34:51.0355 1360 usbcir - ok
11:34:51.0371 1360 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:34:51.0386 1360 usbehci - ok
11:34:51.0402 1360 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:34:51.0402 1360 usbhub - ok
11:34:51.0433 1360 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:34:51.0433 1360 usbohci - ok
11:34:51.0464 1360 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:34:51.0464 1360 usbprint - ok
11:34:51.0480 1360 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:34:51.0480 1360 USBSTOR - ok
11:34:51.0496 1360 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:34:51.0511 1360 usbuhci - ok
11:34:51.0589 1360 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:34:51.0589 1360 usbvideo - ok
11:34:51.0605 1360 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:34:51.0605 1360 UxSms - ok
11:34:51.0620 1360 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
11:34:51.0620 1360 VaultSvc - ok
11:34:51.0667 1360 [ 8F417B4B9985F0095CCAF37C58859C4E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
11:34:51.0667 1360 VBoxDrv - ok
11:34:51.0698 1360 [ EF3F7E498AD2E617FDCBEE939A258015 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:34:51.0714 1360 VBoxNetAdp - ok
11:34:51.0761 1360 [ 8ADAA94B516C7CB6962846E527FBCBFA ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
11:34:51.0761 1360 VBoxUSBMon - ok
11:34:51.0776 1360 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:34:51.0776 1360 vdrvroot - ok
11:34:51.0808 1360 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:34:51.0808 1360 vds - ok
11:34:51.0823 1360 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:34:51.0823 1360 vga - ok
11:34:51.0839 1360 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:34:51.0839 1360 VgaSave - ok
11:34:51.0886 1360 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:34:51.0886 1360 vhdmp - ok
11:34:51.0917 1360 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:34:51.0917 1360 viaagp - ok
11:34:51.0948 1360 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:34:51.0948 1360 ViaC7 - ok
11:34:51.0979 1360 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:34:51.0979 1360 viaide - ok
11:34:52.0010 1360 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:34:52.0010 1360 vmbus - ok
11:34:52.0042 1360 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:34:52.0042 1360 VMBusHID - ok
11:34:52.0057 1360 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:34:52.0057 1360 volmgr - ok
11:34:52.0088 1360 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:34:52.0088 1360 volmgrx - ok
11:34:52.0104 1360 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:34:52.0120 1360 volsnap - ok
11:34:52.0135 1360 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:34:52.0135 1360 vsmraid - ok
11:34:52.0182 1360 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:34:52.0182 1360 VSS - ok
11:34:52.0213 1360 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:34:52.0213 1360 vwifibus - ok
11:34:52.0244 1360 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:34:52.0244 1360 vwififlt - ok
11:34:52.0276 1360 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:34:52.0291 1360 W32Time - ok
11:34:52.0307 1360 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:34:52.0307 1360 WacomPen - ok
11:34:52.0322 1360 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:34:52.0322 1360 WANARP - ok
11:34:52.0338 1360 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:34:52.0338 1360 Wanarpv6 - ok
11:34:52.0447 1360 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:34:52.0478 1360 WatAdminSvc - ok
11:34:52.0525 1360 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
11:34:52.0556 1360 wbengine - ok
11:34:52.0588 1360 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:34:52.0588 1360 WbioSrvc - ok
11:34:52.0603 1360 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:34:52.0603 1360 wcncsvc - ok
11:34:52.0650 1360 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:34:52.0650 1360 WcsPlugInService - ok
11:34:52.0666 1360 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
11:34:52.0666 1360 Wd - ok
11:34:52.0681 1360 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:34:52.0681 1360 Wdf01000 - ok
11:34:52.0697 1360 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:34:52.0712 1360 WdiServiceHost - ok
11:34:52.0728 1360 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:34:52.0728 1360 WdiSystemHost - ok
11:34:52.0744 1360 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
11:34:52.0744 1360 WebClient - ok
11:34:52.0775 1360 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:34:52.0775 1360 Wecsvc - ok
11:34:52.0790 1360 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:34:52.0790 1360 wercplsupport - ok
11:34:52.0837 1360 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:34:52.0837 1360 WerSvc - ok
11:34:52.0884 1360 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:34:52.0884 1360 WfpLwf - ok
11:34:52.0915 1360 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:34:52.0915 1360 WIMMount - ok
11:34:52.0993 1360 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:34:52.0993 1360 WinDefend - ok
11:34:53.0040 1360 WinHttpAutoProxySvc - ok
11:34:53.0102 1360 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:34:53.0118 1360 Winmgmt - ok
11:34:53.0134 1360 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
11:34:53.0165 1360 WinRM - ok
11:34:53.0243 1360 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:34:53.0243 1360 WinUsb - ok
11:34:53.0321 1360 [ 7F8C1E35F4A05B49D01768561C3E7551 ] WinVNC4 C:\Program Files\TigerVNC\winvnc4.exe
11:34:53.0336 1360 WinVNC4 - ok
11:34:53.0368 1360 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:34:53.0368 1360 Wlansvc - ok
11:34:53.0492 1360 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:34:53.0524 1360 wlidsvc - ok
11:34:53.0539 1360 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:34:53.0539 1360 WmiAcpi - ok
11:34:53.0586 1360 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:34:53.0586 1360 wmiApSrv - ok
11:34:53.0695 1360 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:34:53.0711 1360 WMPNetworkSvc - ok
11:34:53.0758 1360 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:34:53.0758 1360 WPCSvc - ok
11:34:53.0773 1360 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:34:53.0773 1360 WPDBusEnum - ok
11:34:53.0820 1360 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:34:53.0820 1360 ws2ifsl - ok
11:34:53.0851 1360 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
11:34:53.0867 1360 wscsvc - ok
11:34:53.0867 1360 WSearch - ok
11:34:53.0914 1360 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:34:53.0992 1360 wuauserv - ok
11:34:53.0992 1360 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:34:54.0007 1360 WudfPf - ok
11:34:54.0038 1360 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:34:54.0038 1360 WUDFRd - ok
11:34:54.0070 1360 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:34:54.0085 1360 wudfsvc - ok
11:34:54.0101 1360 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:34:54.0101 1360 WwanSvc - ok
11:34:54.0194 1360 [ 26A58088828164072EE042B3D3780D3F ] Z-Cron C:\Program Files\Z-Cron\z-cron.exe
11:34:54.0210 1360 Z-Cron - ok
11:34:54.0226 1360 ================ Scan global ===============================
11:34:54.0272 1360 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:34:54.0304 1360 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:34:54.0319 1360 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:34:54.0350 1360 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:34:54.0397 1360 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:34:54.0397 1360 [Global] - ok
11:34:54.0397 1360 ================ Scan MBR ==================================
11:34:54.0413 1360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:34:54.0413 1360 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:34:54.0444 1360 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:34:54.0444 1360 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:34:54.0460 1360 ================ Scan VBR ==================================
11:34:54.0491 1360 [ 39A280F2527FF5FFC1AEA1A7764B2BA6 ] \Device\Harddisk0\DR0\Partition1
11:34:54.0491 1360 \Device\Harddisk0\DR0\Partition1 - ok
11:34:54.0491 1360 ============================================================
11:34:54.0491 1360 Scan finished
11:34:54.0491 1360 ============================================================
11:34:54.0506 1948 Detected object count: 1
11:34:54.0506 1948 Actual detected object count: 1
11:35:31.0635 1948 \Device\Harddisk0\DR0\# - copied to quarantine
11:35:31.0651 1948 \Device\Harddisk0\DR0 - copied to quarantine
11:35:31.0744 1948 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:35:31.0775 1948 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:35:31.0775 1948 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:35:31.0807 1948 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:35:31.0822 1948 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:35:31.0822 1948 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:35:31.0822 1948 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:35:31.0838 1948 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:35:31.0838 1948 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:35:31.0838 1948 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:35:31.0838 1948 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:35:31.0853 1948 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:35:31.0853 1948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:35:31.0853 1948 \Device\Harddisk0\DR0 - ok
11:35:32.0009 1948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:35:44.0957 1728 Deinitialize success


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 11:51:13
-----------------------------
11:51:13.265 OS Version: Windows 6.1.7601 Service Pack 1
11:51:13.265 Number of processors: 2 586 0xF0D
11:51:13.265 ComputerName: KIRBY UserName:
11:51:29.848 Initialize success
11:52:23.778 AVAST engine defs: 12111300
11:52:34.791 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:52:34.791 Disk 0 Vendor: ST375063 DE13 Size: 715404MB BusType: 3
11:52:34.822 Disk 0 MBR read successfully
11:52:34.822 Disk 0 MBR scan
11:52:34.822 Disk 0 Windows 7 default MBR code
11:52:34.838 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
11:52:34.854 Disk 0 scanning sectors +1465145344
11:52:34.947 Disk 0 scanning C:\Windows\system32\drivers
11:52:48.036 Service scanning
11:53:22.538 Modules scanning
11:53:29.106 Disk 0 trace - called modules:
11:53:29.122 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
11:53:29.122 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f15030]
11:53:29.137 3 CLASSPNP.SYS[8b79859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x854a4028]
11:53:30.728 AVAST engine scan C:\Windows
11:53:35.096 AVAST engine scan C:\Windows\system32
11:57:00.908 AVAST engine scan C:\Windows\system32\drivers
11:57:18.785 AVAST engine scan C:\Users\Background
12:36:59.006 AVAST engine scan C:\ProgramData
12:50:20.208 Scan finished successfully
12:54:50.463 Disk 0 MBR has been saved successfully to "C:\Users\Background\Desktop\MBR.dat"
12:54:50.494 The log file has been saved successfully to "C:\Users\Background\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 13 November 2012 - 01:14 PM

can you boot into normal mode now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 marky1991

marky1991
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 13 November 2012 - 02:17 PM

Yes.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 13 November 2012 - 05:15 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 16 November 2012 - 09:21 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 18 November 2012 - 11:48 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 PM

Posted 21 November 2012 - 11:34 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users