Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 mer547

mer547

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 November 2012 - 07:53 PM

Hey there,

Been having issues with my computer for the last few weeks and I've pretty much run every virus check, malware program and anti-root kit that I could find.

I'm having problems with the Google Redirect Virus. Basically when I am in Chrome, if I search for something, usually the 2nd or 3rd thing I click goes to ClickLiveSearch or some other page that I wasn't searching for. The pages will sometimes look legit (Norton Antivirus, some 3rd party sales page) and sometimes it will look like a sketchy search page. If I hit back and get back to Google, and then click on the same link, it takes me where I want to go. The issue only occurs in Chrome and has not proved to be a problem in Explorer or Mozilla.

I ran Microsoft Essentials a while back and it said it quarantined the Alureon virus. I ran it yesterday and it did not pick up any new threats. I ran both Malwarebytes Anti-Malware and Malwarebyte's Antiroot. The Anti-Malware picked up something and cleared it (forgot what it was), but now it says I'm clean. The Anti-root didn't pick up anything.

I went through a manual process to remove any Google Redirect but couldn't find anything unusual (used ATechJourney's guide - http://atechjourney.com/google-redirect-virus-remove-manually.html/).

I also ran TDSSKiller's scan and it picked up a physical drive as being suspicious. \Device\Harddisk\DR0. It suggested to SKIP which I did. I'll paste the log below.

I've run a few other programs which have found nothing and I have tried restoring my computer to an earlier point, but so far I still have issues whenever I used Chrome.

I'm currently running Windows 7, 64-bit.

Here are the logs for TDSS Killer

21:19:21.0095 2504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:19:21.0845 2504 ============================================================
21:19:21.0845 2504 Current date / time: 2012/11/22 21:19:21.0845
21:19:21.0845 2504 SystemInfo:
21:19:21.0845 2504
21:19:21.0845 2504 OS Version: 6.1.7601 ServicePack: 1.0
21:19:21.0845 2504 Product type: Workstation
21:19:21.0845 2504 ComputerName: IDEALINTERNET
21:19:21.0847 2504 UserName: Ideal Internet
21:19:21.0848 2504 Windows directory: C:\Windows
21:19:21.0848 2504 System windows directory: C:\Windows
21:19:21.0848 2504 Running under WOW64
21:19:21.0848 2504 Processor architecture: Intel x64
21:19:21.0848 2504 Number of processors: 2
21:19:21.0848 2504 Page size: 0x1000
21:19:21.0848 2504 Boot type: Normal boot
21:19:21.0848 2504 ============================================================
21:19:28.0591 2504 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:19:28.0594 2504 ============================================================
21:19:28.0594 2504 \Device\Harddisk0\DR0:
21:19:28.0594 2504 MBR partitions:
21:19:28.0594 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:19:28.0594 2504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x49071000
21:19:28.0594 2504 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x490A3800, BlocksNum 0x17B4000
21:19:28.0594 2504 ============================================================
21:19:28.0611 2504 C: <-> \Device\Harddisk0\DR0\Partition2
21:19:28.0837 2504 D: <-> \Device\Harddisk0\DR0\Partition3
21:19:28.0837 2504 ============================================================
21:19:28.0837 2504 Initialize success
21:19:28.0837 2504 ============================================================
21:19:52.0150 5592 ============================================================
21:19:52.0150 5592 Scan started
21:19:52.0150 5592 Mode: Manual; TDLFS;
21:19:52.0150 5592 ============================================================
21:19:52.0593 5592 ================ Scan system memory ========================
21:19:52.0593 5592 System memory - ok
21:19:52.0594 5592 ================ Scan services =============================
21:19:52.0738 5592 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:19:52.0741 5592 1394ohci - ok
21:19:52.0780 5592 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:19:52.0784 5592 ACPI - ok
21:19:52.0819 5592 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:19:52.0820 5592 AcpiPmi - ok
21:19:52.0891 5592 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:19:52.0895 5592 Adobe LM Service - ok
21:19:52.0995 5592 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:19:52.0997 5592 AdobeARMservice - ok
21:19:53.0160 5592 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:19:53.0165 5592 AdobeFlashPlayerUpdateSvc - ok
21:19:53.0233 5592 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:19:53.0248 5592 adp94xx - ok
21:19:53.0278 5592 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:19:53.0283 5592 adpahci - ok
21:19:53.0298 5592 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:19:53.0300 5592 adpu320 - ok
21:19:53.0322 5592 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:19:53.0324 5592 AeLookupSvc - ok
21:19:53.0378 5592 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:19:53.0391 5592 AFD - ok
21:19:53.0423 5592 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:19:53.0425 5592 agp440 - ok
21:19:53.0440 5592 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:19:53.0442 5592 ALG - ok
21:19:53.0468 5592 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:19:53.0469 5592 aliide - ok
21:19:53.0512 5592 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:19:53.0516 5592 AMD External Events Utility - ok
21:19:53.0632 5592 AMD FUEL Service - ok
21:19:53.0644 5592 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:19:53.0649 5592 amdide - ok
21:19:53.0708 5592 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
21:19:53.0710 5592 amdiox64 - ok
21:19:53.0745 5592 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:19:53.0746 5592 AmdK8 - ok
21:19:53.0984 5592 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:19:54.0203 5592 amdkmdag - ok
21:19:54.0222 5592 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:19:54.0226 5592 amdkmdap - ok
21:19:54.0255 5592 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:19:54.0257 5592 AmdPPM - ok
21:19:54.0296 5592 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:19:54.0298 5592 amdsata - ok
21:19:54.0326 5592 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:19:54.0329 5592 amdsbs - ok
21:19:54.0347 5592 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:19:54.0349 5592 amdxata - ok
21:19:54.0368 5592 [ 8A2B4818215D8A6FF54DC3F0D63CBB2D ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
21:19:54.0369 5592 amd_sata - ok
21:19:54.0382 5592 [ A2D8977623E13591B15F6370C6CC37B0 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
21:19:54.0384 5592 amd_xata - ok
21:19:54.0420 5592 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:19:54.0422 5592 AODDriver4.1 - ok
21:19:54.0464 5592 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:19:54.0466 5592 AppID - ok
21:19:54.0488 5592 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:19:54.0489 5592 AppIDSvc - ok
21:19:54.0532 5592 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:19:54.0533 5592 Appinfo - ok
21:19:54.0549 5592 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:19:54.0550 5592 arc - ok
21:19:54.0555 5592 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:19:54.0557 5592 arcsas - ok
21:19:54.0566 5592 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:19:54.0568 5592 AsyncMac - ok
21:19:54.0599 5592 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:19:54.0600 5592 atapi - ok
21:19:54.0647 5592 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
21:19:54.0649 5592 AtiPcie - ok
21:19:54.0686 5592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:19:54.0700 5592 AudioEndpointBuilder - ok
21:19:54.0710 5592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:19:54.0714 5592 AudioSrv - ok
21:19:54.0762 5592 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:19:54.0764 5592 AxInstSV - ok
21:19:54.0795 5592 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:19:54.0801 5592 b06bdrv - ok
21:19:54.0815 5592 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:19:54.0819 5592 b57nd60a - ok
21:19:54.0838 5592 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:19:54.0844 5592 BDESVC - ok
21:19:54.0855 5592 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:19:54.0856 5592 Beep - ok
21:19:54.0914 5592 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:19:54.0932 5592 BFE - ok
21:19:54.0970 5592 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:19:54.0988 5592 BITS - ok
21:19:55.0015 5592 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:19:55.0016 5592 blbdrive - ok
21:19:55.0058 5592 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:19:55.0059 5592 bowser - ok
21:19:55.0064 5592 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:19:55.0065 5592 BrFiltLo - ok
21:19:55.0069 5592 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:19:55.0070 5592 BrFiltUp - ok
21:19:55.0114 5592 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:19:55.0116 5592 Browser - ok
21:19:55.0142 5592 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:19:55.0145 5592 Brserid - ok
21:19:55.0150 5592 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:19:55.0152 5592 BrSerWdm - ok
21:19:55.0156 5592 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:19:55.0157 5592 BrUsbMdm - ok
21:19:55.0163 5592 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:19:55.0165 5592 BrUsbSer - ok
21:19:55.0212 5592 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:19:55.0213 5592 BTHMODEM - ok
21:19:55.0247 5592 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:19:55.0249 5592 bthserv - ok
21:19:55.0280 5592 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:19:55.0282 5592 cdfs - ok
21:19:55.0331 5592 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:19:55.0333 5592 cdrom - ok
21:19:55.0355 5592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:19:55.0357 5592 CertPropSvc - ok
21:19:55.0382 5592 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:19:55.0384 5592 circlass - ok
21:19:55.0399 5592 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:19:55.0403 5592 CLFS - ok
21:19:55.0460 5592 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:55.0462 5592 clr_optimization_v2.0.50727_32 - ok
21:19:55.0501 5592 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:19:55.0503 5592 clr_optimization_v2.0.50727_64 - ok
21:19:55.0571 5592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:55.0581 5592 clr_optimization_v4.0.30319_32 - ok
21:19:55.0618 5592 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:19:55.0621 5592 clr_optimization_v4.0.30319_64 - ok
21:19:55.0626 5592 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:19:55.0627 5592 CmBatt - ok
21:19:55.0667 5592 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:19:55.0669 5592 cmdide - ok
21:19:55.0713 5592 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:19:55.0728 5592 CNG - ok
21:19:55.0768 5592 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:19:55.0769 5592 Compbatt - ok
21:19:55.0798 5592 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:19:55.0799 5592 CompositeBus - ok
21:19:55.0815 5592 COMSysApp - ok
21:19:55.0820 5592 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:19:55.0822 5592 crcdisk - ok
21:19:55.0860 5592 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:19:55.0862 5592 CryptSvc - ok
21:19:55.0899 5592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:19:55.0906 5592 DcomLaunch - ok
21:19:55.0950 5592 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:19:55.0954 5592 defragsvc - ok
21:19:55.0994 5592 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:19:55.0996 5592 DfsC - ok
21:19:56.0032 5592 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:19:56.0036 5592 Dhcp - ok
21:19:56.0050 5592 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:19:56.0051 5592 discache - ok
21:19:56.0071 5592 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:19:56.0074 5592 Disk - ok
21:19:56.0116 5592 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:19:56.0140 5592 Dnscache - ok
21:19:56.0177 5592 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:19:56.0183 5592 dot3svc - ok
21:19:56.0231 5592 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:19:56.0234 5592 DPS - ok
21:19:56.0276 5592 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:19:56.0278 5592 drmkaud - ok
21:19:56.0333 5592 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:19:56.0362 5592 DXGKrnl - ok
21:19:56.0383 5592 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:19:56.0387 5592 EapHost - ok
21:19:56.0464 5592 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:19:56.0519 5592 ebdrv - ok
21:19:56.0545 5592 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:19:56.0547 5592 EFS - ok
21:19:56.0584 5592 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:19:56.0600 5592 ehRecvr - ok
21:19:56.0624 5592 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:19:56.0627 5592 ehSched - ok
21:19:56.0665 5592 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:19:56.0680 5592 elxstor - ok
21:19:56.0709 5592 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:19:56.0714 5592 ErrDev - ok
21:19:56.0786 5592 esgiguard - ok
21:19:56.0824 5592 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:19:56.0840 5592 EventSystem - ok
21:19:56.0857 5592 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:19:56.0862 5592 exfat - ok
21:19:56.0881 5592 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:19:56.0886 5592 fastfat - ok
21:19:56.0941 5592 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:19:56.0958 5592 Fax - ok
21:19:56.0975 5592 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:19:56.0977 5592 fdc - ok
21:19:57.0003 5592 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:19:57.0006 5592 fdPHost - ok
21:19:57.0031 5592 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:19:57.0034 5592 FDResPub - ok
21:19:57.0050 5592 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:19:57.0052 5592 FileInfo - ok
21:19:57.0063 5592 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:19:57.0067 5592 Filetrace - ok
21:19:57.0093 5592 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:19:57.0096 5592 flpydisk - ok
21:19:57.0139 5592 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:19:57.0145 5592 FltMgr - ok
21:19:57.0204 5592 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:19:57.0238 5592 FontCache - ok
21:19:57.0291 5592 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:19:57.0294 5592 FontCache3.0.0.0 - ok
21:19:57.0311 5592 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:19:57.0317 5592 FsDepends - ok
21:19:57.0360 5592 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:19:57.0363 5592 Fs_Rec - ok
21:19:57.0416 5592 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:19:57.0420 5592 fvevol - ok
21:19:57.0442 5592 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:19:57.0446 5592 gagp30kx - ok
21:19:57.0517 5592 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:19:57.0523 5592 GameConsoleService - ok
21:19:57.0586 5592 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:19:57.0604 5592 gpsvc - ok
21:19:57.0733 5592 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:19:57.0738 5592 gupdate - ok
21:19:57.0775 5592 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:19:57.0777 5592 gupdatem - ok
21:19:57.0799 5592 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:19:57.0802 5592 hcw85cir - ok
21:19:57.0855 5592 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:19:57.0874 5592 HdAudAddService - ok
21:19:57.0908 5592 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:19:57.0911 5592 HDAudBus - ok
21:19:57.0926 5592 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:19:57.0927 5592 HidBatt - ok
21:19:57.0932 5592 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:19:57.0934 5592 HidBth - ok
21:19:57.0941 5592 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:19:57.0944 5592 HidIr - ok
21:19:57.0967 5592 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:19:57.0969 5592 hidserv - ok
21:19:58.0011 5592 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:19:58.0013 5592 HidUsb - ok
21:19:58.0040 5592 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:19:58.0043 5592 hkmsvc - ok
21:19:58.0078 5592 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:19:58.0082 5592 HomeGroupListener - ok
21:19:58.0114 5592 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:19:58.0118 5592 HomeGroupProvider - ok
21:19:58.0228 5592 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:19:58.0233 5592 HP Support Assistant Service - ok
21:19:58.0305 5592 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:19:58.0310 5592 HPClientSvc - ok
21:19:58.0374 5592 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:19:58.0400 5592 hpqwmiex - ok
21:19:58.0435 5592 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:19:58.0438 5592 HpSAMD - ok
21:19:58.0482 5592 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:19:58.0499 5592 HTTP - ok
21:19:58.0533 5592 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:19:58.0534 5592 hwpolicy - ok
21:19:58.0562 5592 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:19:58.0564 5592 i8042prt - ok
21:19:58.0603 5592 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:19:58.0608 5592 iaStorV - ok
21:19:58.0649 5592 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:19:58.0667 5592 idsvc - ok
21:19:58.0695 5592 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:19:58.0696 5592 iirsp - ok
21:19:58.0723 5592 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:19:58.0740 5592 IKEEXT - ok
21:19:58.0812 5592 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:19:58.0855 5592 IntcAzAudAddService - ok
21:19:58.0885 5592 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:19:58.0887 5592 intelide - ok
21:19:58.0900 5592 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:19:58.0902 5592 intelppm - ok
21:19:58.0924 5592 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:19:58.0926 5592 IPBusEnum - ok
21:19:58.0954 5592 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:19:58.0955 5592 IpFilterDriver - ok
21:19:58.0986 5592 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:19:59.0001 5592 iphlpsvc - ok
21:19:59.0021 5592 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:19:59.0023 5592 IPMIDRV - ok
21:19:59.0042 5592 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:19:59.0044 5592 IPNAT - ok
21:19:59.0076 5592 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:19:59.0078 5592 IRENUM - ok
21:19:59.0089 5592 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:19:59.0091 5592 isapnp - ok
21:19:59.0109 5592 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:19:59.0113 5592 iScsiPrt - ok
21:19:59.0151 5592 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:19:59.0152 5592 kbdclass - ok
21:19:59.0165 5592 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:19:59.0166 5592 kbdhid - ok
21:19:59.0179 5592 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:19:59.0180 5592 KeyIso - ok
21:19:59.0218 5592 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:19:59.0219 5592 KSecDD - ok
21:19:59.0260 5592 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:19:59.0263 5592 KSecPkg - ok
21:19:59.0278 5592 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:19:59.0280 5592 ksthunk - ok
21:19:59.0303 5592 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:19:59.0308 5592 KtmRm - ok
21:19:59.0343 5592 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:19:59.0348 5592 LanmanServer - ok
21:19:59.0373 5592 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:19:59.0376 5592 LanmanWorkstation - ok
21:19:59.0411 5592 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:19:59.0412 5592 LightScribeService - ok
21:19:59.0457 5592 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:19:59.0458 5592 lltdio - ok
21:19:59.0485 5592 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:19:59.0489 5592 lltdsvc - ok
21:19:59.0504 5592 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:19:59.0506 5592 lmhosts - ok
21:19:59.0525 5592 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:19:59.0528 5592 LSI_FC - ok
21:19:59.0534 5592 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:19:59.0535 5592 LSI_SAS - ok
21:19:59.0541 5592 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:19:59.0542 5592 LSI_SAS2 - ok
21:19:59.0557 5592 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:19:59.0558 5592 LSI_SCSI - ok
21:19:59.0590 5592 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:19:59.0591 5592 luafv - ok
21:19:59.0632 5592 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:19:59.0634 5592 LVPr2M64 - ok
21:19:59.0649 5592 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:19:59.0650 5592 LVPr2Mon - ok
21:19:59.0746 5592 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:19:59.0753 5592 LVPrcS64 - ok
21:19:59.0803 5592 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:19:59.0808 5592 LVRS64 - ok
21:19:59.0973 5592 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:20:00.0120 5592 LVUVC64 - ok
21:20:00.0174 5592 [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
21:20:00.0175 5592 mbamchameleon - ok
21:20:00.0206 5592 [ 6C266CF659311A2B9A0F177767B782BF ] mbamswissarmy C:\Windows\system32\drivers\mbamswissarmy.sys
21:20:00.0208 5592 mbamswissarmy - ok
21:20:00.0233 5592 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:20:00.0235 5592 Mcx2Svc - ok
21:20:00.0240 5592 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:20:00.0241 5592 megasas - ok
21:20:00.0274 5592 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:20:00.0278 5592 MegaSR - ok
21:20:00.0317 5592 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:20:00.0319 5592 MMCSS - ok
21:20:00.0324 5592 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:20:00.0325 5592 Modem - ok
21:20:00.0374 5592 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:20:00.0376 5592 monitor - ok
21:20:00.0444 5592 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:20:00.0447 5592 mouclass - ok
21:20:00.0485 5592 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:20:00.0487 5592 mouhid - ok
21:20:00.0535 5592 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:20:00.0537 5592 mountmgr - ok
21:20:00.0610 5592 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:20:00.0612 5592 MozillaMaintenance - ok
21:20:00.0663 5592 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:20:00.0666 5592 MpFilter - ok
21:20:00.0698 5592 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:20:00.0702 5592 mpio - ok
21:20:00.0721 5592 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:20:00.0723 5592 mpsdrv - ok
21:20:00.0770 5592 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:20:00.0788 5592 MpsSvc - ok
21:20:00.0828 5592 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:20:00.0831 5592 MRxDAV - ok
21:20:00.0863 5592 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:20:00.0868 5592 mrxsmb - ok
21:20:00.0898 5592 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:20:00.0903 5592 mrxsmb10 - ok
21:20:00.0932 5592 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:20:00.0935 5592 mrxsmb20 - ok
21:20:00.0953 5592 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:20:00.0954 5592 msahci - ok
21:20:00.0989 5592 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:20:00.0993 5592 msdsm - ok
21:20:01.0006 5592 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:20:01.0010 5592 MSDTC - ok
21:20:01.0038 5592 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:20:01.0040 5592 Msfs - ok
21:20:01.0081 5592 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:20:01.0084 5592 mshidkmdf - ok
21:20:01.0119 5592 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:20:01.0120 5592 msisadrv - ok
21:20:01.0151 5592 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:20:01.0156 5592 MSiSCSI - ok
21:20:01.0164 5592 msiserver - ok
21:20:01.0193 5592 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:20:01.0195 5592 MSKSSRV - ok
21:20:01.0291 5592 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:20:01.0294 5592 MsMpSvc - ok
21:20:01.0317 5592 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:20:01.0318 5592 MSPCLOCK - ok
21:20:01.0325 5592 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:20:01.0326 5592 MSPQM - ok
21:20:01.0367 5592 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:20:01.0374 5592 MsRPC - ok
21:20:01.0396 5592 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:20:01.0398 5592 mssmbios - ok
21:20:01.0410 5592 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:20:01.0412 5592 MSTEE - ok
21:20:01.0422 5592 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:20:01.0424 5592 MTConfig - ok
21:20:01.0454 5592 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:20:01.0455 5592 Mup - ok
21:20:01.0499 5592 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:20:01.0514 5592 napagent - ok
21:20:01.0540 5592 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:20:01.0546 5592 NativeWifiP - ok
21:20:01.0618 5592 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:20:01.0643 5592 NDIS - ok
21:20:01.0672 5592 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:20:01.0673 5592 NdisCap - ok
21:20:01.0703 5592 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:20:01.0705 5592 NdisTapi - ok
21:20:01.0745 5592 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:20:01.0746 5592 Ndisuio - ok
21:20:01.0778 5592 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:20:01.0780 5592 NdisWan - ok
21:20:01.0821 5592 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:20:01.0823 5592 NDProxy - ok
21:20:01.0835 5592 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:20:01.0837 5592 NetBIOS - ok
21:20:01.0875 5592 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:20:01.0878 5592 NetBT - ok
21:20:01.0887 5592 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:20:01.0888 5592 Netlogon - ok
21:20:01.0926 5592 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:20:01.0931 5592 Netman - ok
21:20:01.0957 5592 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:20:01.0964 5592 netprofm - ok
21:20:02.0008 5592 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:02.0010 5592 NetTcpPortSharing - ok
21:20:02.0025 5592 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:20:02.0027 5592 nfrd960 - ok
21:20:02.0078 5592 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:20:02.0080 5592 NisDrv - ok
21:20:02.0133 5592 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:20:02.0150 5592 NisSrv - ok
21:20:02.0224 5592 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:20:02.0242 5592 NlaSvc - ok
21:20:02.0271 5592 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:20:02.0273 5592 Npfs - ok
21:20:02.0288 5592 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:20:02.0290 5592 nsi - ok
21:20:02.0306 5592 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:20:02.0307 5592 nsiproxy - ok
21:20:02.0362 5592 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:20:02.0396 5592 Ntfs - ok
21:20:02.0436 5592 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:20:02.0437 5592 Null - ok
21:20:02.0451 5592 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:20:02.0453 5592 nvraid - ok
21:20:02.0489 5592 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:20:02.0492 5592 nvstor - ok
21:20:02.0524 5592 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:20:02.0526 5592 nv_agp - ok
21:20:02.0562 5592 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:20:02.0565 5592 ohci1394 - ok
21:20:02.0585 5592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:20:02.0589 5592 p2pimsvc - ok
21:20:02.0623 5592 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:20:02.0629 5592 p2psvc - ok
21:20:02.0696 5592 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:20:02.0702 5592 Parport - ok
21:20:02.0779 5592 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:20:02.0782 5592 partmgr - ok
21:20:02.0805 5592 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:20:02.0809 5592 PcaSvc - ok
21:20:02.0822 5592 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:20:02.0826 5592 pci - ok
21:20:02.0842 5592 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:20:02.0844 5592 pciide - ok
21:20:02.0856 5592 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:20:02.0859 5592 pcmcia - ok
21:20:02.0872 5592 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:20:02.0873 5592 pcw - ok
21:20:02.0914 5592 pdfcDispatcher - ok
21:20:02.0933 5592 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:20:02.0948 5592 PEAUTH - ok
21:20:03.0043 5592 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:20:03.0046 5592 PerfHost - ok
21:20:03.0099 5592 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:20:03.0125 5592 pla - ok
21:20:03.0163 5592 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:20:03.0178 5592 PlugPlay - ok
21:20:03.0194 5592 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:20:03.0196 5592 PNRPAutoReg - ok
21:20:03.0218 5592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:20:03.0220 5592 PNRPsvc - ok
21:20:03.0235 5592 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:20:03.0250 5592 PolicyAgent - ok
21:20:03.0267 5592 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:20:03.0271 5592 Power - ok
21:20:03.0303 5592 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:20:03.0305 5592 PptpMiniport - ok
21:20:03.0319 5592 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:20:03.0320 5592 Processor - ok
21:20:03.0360 5592 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:20:03.0365 5592 ProfSvc - ok
21:20:03.0378 5592 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:20:03.0380 5592 ProtectedStorage - ok
21:20:03.0414 5592 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:20:03.0417 5592 Psched - ok
21:20:03.0455 5592 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:20:03.0482 5592 ql2300 - ok
21:20:03.0488 5592 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:20:03.0490 5592 ql40xx - ok
21:20:03.0514 5592 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:20:03.0518 5592 QWAVE - ok
21:20:03.0531 5592 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:20:03.0533 5592 QWAVEdrv - ok
21:20:03.0537 5592 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:20:03.0538 5592 RasAcd - ok
21:20:03.0587 5592 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:20:03.0589 5592 RasAgileVpn - ok
21:20:03.0598 5592 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:20:03.0601 5592 RasAuto - ok
21:20:03.0628 5592 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:20:03.0631 5592 Rasl2tp - ok
21:20:03.0664 5592 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:20:03.0669 5592 RasMan - ok
21:20:03.0701 5592 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:20:03.0703 5592 RasPppoe - ok
21:20:03.0739 5592 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:20:03.0741 5592 RasSstp - ok
21:20:03.0773 5592 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:20:03.0777 5592 rdbss - ok
21:20:03.0800 5592 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:20:03.0801 5592 rdpbus - ok
21:20:03.0815 5592 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:20:03.0816 5592 RDPCDD - ok
21:20:03.0823 5592 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:20:03.0825 5592 RDPENCDD - ok
21:20:03.0854 5592 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:20:03.0855 5592 RDPREFMP - ok
21:20:03.0886 5592 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:20:03.0889 5592 RDPWD - ok
21:20:03.0928 5592 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:20:03.0931 5592 rdyboost - ok
21:20:03.0954 5592 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:20:03.0956 5592 RemoteAccess - ok
21:20:03.0968 5592 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:20:03.0971 5592 RemoteRegistry - ok
21:20:04.0002 5592 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
21:20:04.0007 5592 RoxioNow Service - ok
21:20:04.0042 5592 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:20:04.0044 5592 RpcEptMapper - ok
21:20:04.0065 5592 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:20:04.0067 5592 RpcLocator - ok
21:20:04.0099 5592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:20:04.0103 5592 RpcSs - ok
21:20:04.0108 5592 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:20:04.0110 5592 rspndr - ok
21:20:04.0169 5592 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:20:04.0174 5592 RTL8167 - ok
21:20:04.0220 5592 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:20:04.0221 5592 SamSs - ok
21:20:04.0249 5592 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:20:04.0250 5592 sbp2port - ok
21:20:04.0264 5592 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:20:04.0268 5592 SCardSvr - ok
21:20:04.0300 5592 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:20:04.0301 5592 scfilter - ok
21:20:04.0358 5592 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:20:04.0395 5592 Schedule - ok
21:20:04.0422 5592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:20:04.0424 5592 SCPolicySvc - ok
21:20:04.0452 5592 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:20:04.0457 5592 SDRSVC - ok
21:20:04.0474 5592 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:20:04.0475 5592 secdrv - ok
21:20:04.0504 5592 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:20:04.0507 5592 seclogon - ok
21:20:04.0519 5592 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:20:04.0521 5592 SENS - ok
21:20:04.0530 5592 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:20:04.0533 5592 SensrSvc - ok
21:20:04.0549 5592 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:20:04.0551 5592 Serenum - ok
21:20:04.0555 5592 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:20:04.0557 5592 Serial - ok
21:20:04.0608 5592 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:20:04.0609 5592 sermouse - ok
21:20:04.0641 5592 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:20:04.0644 5592 SessionEnv - ok
21:20:04.0675 5592 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:20:04.0677 5592 sffdisk - ok
21:20:04.0688 5592 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:20:04.0689 5592 sffp_mmc - ok
21:20:04.0693 5592 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:20:04.0695 5592 sffp_sd - ok
21:20:04.0701 5592 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:20:04.0703 5592 sfloppy - ok
21:20:04.0726 5592 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:20:04.0731 5592 SharedAccess - ok
21:20:04.0765 5592 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:20:04.0780 5592 ShellHWDetection - ok
21:20:04.0787 5592 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:20:04.0789 5592 SiSRaid2 - ok
21:20:04.0805 5592 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:20:04.0807 5592 SiSRaid4 - ok
21:20:04.0860 5592 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:20:04.0862 5592 SkypeUpdate - ok
21:20:04.0869 5592 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:20:04.0870 5592 Smb - ok
21:20:04.0908 5592 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:20:04.0910 5592 SNMPTRAP - ok
21:20:04.0939 5592 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:20:04.0940 5592 spldr - ok
21:20:04.0989 5592 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:20:05.0004 5592 Spooler - ok
21:20:05.0105 5592 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:20:05.0220 5592 sppsvc - ok
21:20:05.0259 5592 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:20:05.0263 5592 sppuinotify - ok
21:20:05.0293 5592 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:20:05.0308 5592 srv - ok
21:20:05.0326 5592 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:20:05.0333 5592 srv2 - ok
21:20:05.0343 5592 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:20:05.0345 5592 srvnet - ok
21:20:05.0380 5592 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:20:05.0384 5592 SSDPSRV - ok
21:20:05.0395 5592 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:20:05.0399 5592 SstpSvc - ok
21:20:05.0437 5592 Steam Client Service - ok
21:20:05.0452 5592 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:20:05.0454 5592 stexstor - ok
21:20:05.0493 5592 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:20:05.0508 5592 stisvc - ok
21:20:05.0535 5592 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:20:05.0537 5592 swenum - ok
21:20:05.0652 5592 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:20:05.0677 5592 SwitchBoard - ok
21:20:05.0722 5592 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:20:05.0735 5592 swprv - ok
21:20:05.0818 5592 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:20:05.0864 5592 SysMain - ok
21:20:05.0904 5592 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:20:05.0907 5592 TabletInputService - ok
21:20:05.0950 5592 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:20:05.0966 5592 TapiSrv - ok
21:20:05.0992 5592 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:20:05.0996 5592 TBS - ok
21:20:06.0064 5592 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:20:06.0108 5592 Tcpip - ok
21:20:06.0162 5592 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:20:06.0175 5592 TCPIP6 - ok
21:20:06.0199 5592 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:20:06.0201 5592 tcpipreg - ok
21:20:06.0236 5592 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:20:06.0237 5592 TDPIPE - ok
21:20:06.0265 5592 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:20:06.0266 5592 TDTCP - ok
21:20:06.0304 5592 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:20:06.0306 5592 tdx - ok
21:20:06.0323 5592 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:20:06.0324 5592 TermDD - ok
21:20:06.0365 5592 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:20:06.0370 5592 TermService - ok
21:20:06.0379 5592 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:20:06.0382 5592 Themes - ok
21:20:06.0400 5592 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:20:06.0401 5592 THREADORDER - ok
21:20:06.0412 5592 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:20:06.0415 5592 TrkWks - ok
21:20:06.0466 5592 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:20:06.0469 5592 TrustedInstaller - ok
21:20:06.0501 5592 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:20:06.0502 5592 tssecsrv - ok
21:20:06.0558 5592 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:20:06.0560 5592 TsUsbFlt - ok
21:20:06.0598 5592 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:20:06.0602 5592 tunnel - ok
21:20:06.0627 5592 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:20:06.0631 5592 uagp35 - ok
21:20:06.0678 5592 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:20:06.0695 5592 udfs - ok
21:20:06.0738 5592 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:20:06.0743 5592 UI0Detect - ok
21:20:06.0783 5592 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:20:06.0785 5592 uliagpkx - ok
21:20:06.0830 5592 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:20:06.0834 5592 umbus - ok
21:20:06.0862 5592 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:20:06.0864 5592 UmPass - ok
21:20:06.0894 5592 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:20:06.0910 5592 upnphost - ok
21:20:06.0950 5592 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:20:06.0954 5592 usbaudio - ok
21:20:06.0974 5592 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:20:06.0977 5592 usbccgp - ok
21:20:07.0014 5592 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:20:07.0017 5592 usbcir - ok
21:20:07.0021 5592 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:20:07.0023 5592 usbehci - ok
21:20:07.0045 5592 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
21:20:07.0047 5592 usbfilter - ok
21:20:07.0065 5592 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:20:07.0071 5592 usbhub - ok
21:20:07.0087 5592 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:20:07.0089 5592 usbohci - ok
21:20:07.0124 5592 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:20:07.0125 5592 usbprint - ok
21:20:07.0175 5592 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:20:07.0177 5592 usbscan - ok
21:20:07.0205 5592 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:20:07.0207 5592 USBSTOR - ok
21:20:07.0223 5592 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:20:07.0225 5592 usbuhci - ok
21:20:07.0253 5592 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:20:07.0255 5592 usbvideo - ok
21:20:07.0274 5592 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:20:07.0276 5592 UxSms - ok
21:20:07.0286 5592 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:20:07.0287 5592 VaultSvc - ok
21:20:07.0302 5592 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:20:07.0303 5592 vdrvroot - ok
21:20:07.0348 5592 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:20:07.0364 5592 vds - ok
21:20:07.0387 5592 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:20:07.0388 5592 vga - ok
21:20:07.0402 5592 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:20:07.0403 5592 VgaSave - ok
21:20:07.0422 5592 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:20:07.0425 5592 vhdmp - ok
21:20:07.0443 5592 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:20:07.0444 5592 viaide - ok
21:20:07.0463 5592 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:20:07.0466 5592 volmgr - ok
21:20:07.0505 5592 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:20:07.0509 5592 volmgrx - ok
21:20:07.0535 5592 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:20:07.0541 5592 volsnap - ok
21:20:07.0581 5592 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:20:07.0586 5592 vsmraid - ok
21:20:07.0647 5592 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:20:07.0685 5592 VSS - ok
21:20:07.0722 5592 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:20:07.0723 5592 vwifibus - ok
21:20:07.0738 5592 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:20:07.0753 5592 W32Time - ok
21:20:07.0783 5592 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:20:07.0785 5592 WacomPen - ok
21:20:07.0822 5592 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:20:07.0825 5592 WANARP - ok
21:20:07.0840 5592 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:20:07.0842 5592 Wanarpv6 - ok
21:20:07.0915 5592 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:20:07.0947 5592 WatAdminSvc - ok
21:20:08.0024 5592 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:20:08.0059 5592 wbengine - ok
21:20:08.0078 5592 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:20:08.0084 5592 WbioSrvc - ok
21:20:08.0128 5592 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:20:08.0135 5592 wcncsvc - ok
21:20:08.0159 5592 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:20:08.0167 5592 WcsPlugInService - ok
21:20:08.0189 5592 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:20:08.0191 5592 Wd - ok
21:20:08.0305 5592 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:20:08.0323 5592 Wdf01000 - ok
21:20:08.0372 5592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:20:08.0376 5592 WdiServiceHost - ok
21:20:08.0390 5592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:20:08.0393 5592 WdiSystemHost - ok
21:20:08.0431 5592 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:20:08.0446 5592 WebClient - ok
21:20:08.0505 5592 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:20:08.0516 5592 Wecsvc - ok
21:20:08.0551 5592 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:20:08.0555 5592 wercplsupport - ok
21:20:08.0598 5592 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:20:08.0602 5592 WerSvc - ok
21:20:08.0649 5592 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:20:08.0652 5592 WfpLwf - ok
21:20:08.0674 5592 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:20:08.0676 5592 WIMMount - ok
21:20:08.0692 5592 WinDefend - ok
21:20:08.0709 5592 WinHttpAutoProxySvc - ok
21:20:08.0777 5592 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:20:08.0784 5592 Winmgmt - ok
21:20:08.0857 5592 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:20:08.0902 5592 WinRM - ok
21:20:08.0949 5592 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:20:08.0969 5592 Wlansvc - ok
21:20:09.0088 5592 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:20:09.0133 5592 wlidsvc - ok
21:20:09.0172 5592 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:20:09.0173 5592 WmiAcpi - ok
21:20:09.0193 5592 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:20:09.0196 5592 wmiApSrv - ok
21:20:09.0218 5592 WMPNetworkSvc - ok
21:20:09.0226 5592 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:20:09.0229 5592 WPCSvc - ok
21:20:09.0261 5592 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:20:09.0265 5592 WPDBusEnum - ok
21:20:09.0289 5592 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:20:09.0291 5592 ws2ifsl - ok
21:20:09.0303 5592 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:20:09.0306 5592 wscsvc - ok
21:20:09.0310 5592 WSearch - ok
21:20:09.0375 5592 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:20:09.0419 5592 wuauserv - ok
21:20:09.0449 5592 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:20:09.0451 5592 WudfPf - ok
21:20:09.0504 5592 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:20:09.0507 5592 WUDFRd - ok
21:20:09.0537 5592 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:20:09.0541 5592 wudfsvc - ok
21:20:09.0577 5592 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:20:09.0582 5592 WwanSvc - ok
21:20:09.0595 5592 ================ Scan global ===============================
21:20:09.0637 5592 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:20:09.0679 5592 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:20:09.0718 5592 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:20:09.0744 5592 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:20:09.0765 5592 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:20:09.0780 5592 [Global] - ok
21:20:09.0781 5592 ================ Scan MBR ==================================
21:20:09.0789 5592 [ 04A697A840A9C0EB00F016329361A06F ] \Device\Harddisk0\DR0
21:20:10.0320 5592 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:20:10.0320 5592 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:20:10.0321 5592 ================ Scan VBR ==================================
21:20:10.0330 5592 [ 1DAFC20313A4A9B04DFA7EBD060A929C ] \Device\Harddisk0\DR0\Partition1
21:20:10.0335 5592 \Device\Harddisk0\DR0\Partition1 - ok
21:20:10.0351 5592 [ 49BA93E6080DDA20F95DA2E76DA83B50 ] \Device\Harddisk0\DR0\Partition2
21:20:10.0353 5592 \Device\Harddisk0\DR0\Partition2 - ok
21:20:10.0392 5592 [ 9C940836BD8CBEDD5691C9A90F7030D6 ] \Device\Harddisk0\DR0\Partition3
21:20:10.0394 5592 \Device\Harddisk0\DR0\Partition3 - ok
21:20:10.0395 5592 ============================================================
21:20:10.0395 5592 Scan finished
21:20:10.0395 5592 ============================================================
21:20:10.0415 5584 Detected object count: 1
21:20:10.0415 5584 Actual detected object count: 1
21:20:28.0138 5584 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:20:28.0138 5584 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:43:37.0424 3620 ============================================================
19:43:37.0460 3620 Scan started
19:43:37.0460 3620 Mode: Manual; TDLFS;
19:43:37.0460 3620 ============================================================
19:43:45.0242 5700 ============================================================
19:43:45.0242 5700 Scan started
19:43:45.0242 5700 Mode: Manual; TDLFS;
19:43:45.0242 5700 ============================================================
19:43:45.0660 5700 ================ Scan system memory ========================
19:43:45.0660 5700 System memory - ok
19:43:45.0661 5700 ================ Scan services =============================
19:43:45.0889 5700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:43:45.0927 5700 1394ohci - ok
19:43:45.0956 5700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:43:45.0960 5700 ACPI - ok
19:43:46.0012 5700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:43:46.0014 5700 AcpiPmi - ok
19:43:46.0116 5700 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:43:46.0118 5700 Adobe LM Service - ok
19:43:46.0254 5700 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:43:46.0267 5700 AdobeARMservice - ok
19:43:46.0419 5700 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:43:46.0423 5700 AdobeFlashPlayerUpdateSvc - ok
19:43:46.0515 5700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:43:46.0534 5700 adp94xx - ok
19:43:46.0555 5700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:43:46.0572 5700 adpahci - ok
19:43:46.0615 5700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:43:46.0618 5700 adpu320 - ok
19:43:46.0665 5700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:43:46.0680 5700 AeLookupSvc - ok
19:43:46.0721 5700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:43:46.0735 5700 AFD - ok
19:43:46.0766 5700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:43:46.0768 5700 agp440 - ok
19:43:46.0783 5700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:43:46.0785 5700 ALG - ok
19:43:46.0819 5700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:43:46.0821 5700 aliide - ok
19:43:46.0863 5700 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:43:46.0904 5700 AMD External Events Utility - ok
19:43:47.0016 5700 AMD FUEL Service - ok
19:43:47.0032 5700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:43:47.0033 5700 amdide - ok
19:43:47.0068 5700 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:43:47.0070 5700 amdiox64 - ok
19:43:47.0129 5700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:43:47.0131 5700 AmdK8 - ok
19:43:47.0370 5700 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:43:47.0567 5700 amdkmdag - ok
19:43:47.0589 5700 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:43:47.0595 5700 amdkmdap - ok
19:43:47.0615 5700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:43:47.0616 5700 AmdPPM - ok
19:43:47.0648 5700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:43:47.0649 5700 amdsata - ok
19:43:47.0669 5700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:43:47.0673 5700 amdsbs - ok
19:43:47.0690 5700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:43:47.0704 5700 amdxata - ok
19:43:47.0736 5700 [ 8A2B4818215D8A6FF54DC3F0D63CBB2D ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
19:43:47.0738 5700 amd_sata - ok
19:43:47.0749 5700 [ A2D8977623E13591B15F6370C6CC37B0 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
19:43:47.0751 5700 amd_xata - ok
19:43:47.0797 5700 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:43:47.0824 5700 AODDriver4.1 - ok
19:43:47.0890 5700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:43:47.0893 5700 AppID - ok
19:43:47.0914 5700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:43:47.0915 5700 AppIDSvc - ok
19:43:47.0958 5700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:43:47.0959 5700 Appinfo - ok
19:43:47.0966 5700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:43:47.0968 5700 arc - ok
19:43:47.0975 5700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:43:47.0978 5700 arcsas - ok
19:43:47.0993 5700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:47.0996 5700 AsyncMac - ok
19:43:48.0034 5700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:43:48.0037 5700 atapi - ok
19:43:48.0082 5700 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:43:48.0088 5700 AtiPcie - ok
19:43:48.0146 5700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:43:48.0163 5700 AudioEndpointBuilder - ok
19:43:48.0175 5700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:43:48.0180 5700 AudioSrv - ok
19:43:48.0230 5700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:43:48.0238 5700 AxInstSV - ok
19:43:48.0299 5700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:43:48.0313 5700 b06bdrv - ok
19:43:48.0325 5700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:43:48.0330 5700 b57nd60a - ok
19:43:48.0356 5700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:43:48.0360 5700 BDESVC - ok
19:43:48.0389 5700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:43:48.0391 5700 Beep - ok
19:43:48.0450 5700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:43:48.0466 5700 BFE - ok
19:43:48.0531 5700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:43:48.0680 5700 BITS - ok
19:43:48.0707 5700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:43:48.0710 5700 blbdrive - ok
19:43:48.0736 5700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:43:48.0738 5700 bowser - ok
19:43:48.0744 5700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:43:48.0747 5700 BrFiltLo - ok
19:43:48.0755 5700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:43:48.0758 5700 BrFiltUp - ok
19:43:48.0807 5700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:43:48.0809 5700 Browser - ok
19:43:48.0835 5700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:43:48.0840 5700 Brserid - ok
19:43:48.0853 5700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:43:48.0855 5700 BrSerWdm - ok
19:43:48.0863 5700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:43:48.0864 5700 BrUsbMdm - ok
19:43:48.0874 5700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:43:48.0875 5700 BrUsbSer - ok
19:43:48.0883 5700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:43:48.0890 5700 BTHMODEM - ok
19:43:48.0915 5700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:43:48.0917 5700 bthserv - ok
19:43:49.0019 5700 [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11 C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
19:43:49.0200 5700 cbVSCService11 - ok
19:43:49.0229 5700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:43:49.0231 5700 cdfs - ok
19:43:49.0274 5700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:43:49.0277 5700 cdrom - ok
19:43:49.0315 5700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:43:49.0317 5700 CertPropSvc - ok
19:43:49.0334 5700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:43:49.0336 5700 circlass - ok
19:43:49.0358 5700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:43:49.0363 5700 CLFS - ok
19:43:49.0419 5700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:43:49.0425 5700 clr_optimization_v2.0.50727_32 - ok
19:43:49.0461 5700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:43:49.0474 5700 clr_optimization_v2.0.50727_64 - ok
19:43:49.0539 5700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:43:49.0575 5700 clr_optimization_v4.0.30319_32 - ok
19:43:49.0603 5700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:43:49.0610 5700 clr_optimization_v4.0.30319_64 - ok
19:43:49.0652 5700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:43:49.0654 5700 CmBatt - ok
19:43:49.0669 5700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:43:49.0671 5700 cmdide - ok
19:43:49.0715 5700 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:43:49.0754 5700 CNG - ok
19:43:49.0786 5700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:43:49.0804 5700 Compbatt - ok
19:43:49.0832 5700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:43:49.0835 5700 CompositeBus - ok
19:43:49.0849 5700 COMSysApp - ok
19:43:49.0870 5700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:43:49.0872 5700 crcdisk - ok
19:43:49.0927 5700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:43:49.0931 5700 CryptSvc - ok
19:43:49.0967 5700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:43:49.0993 5700 DcomLaunch - ok
19:43:50.0018 5700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:43:50.0066 5700 defragsvc - ok
19:43:50.0113 5700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:43:50.0124 5700 DfsC - ok
19:43:50.0175 5700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:43:50.0194 5700 Dhcp - ok
19:43:50.0221 5700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:43:50.0223 5700 discache - ok
19:43:50.0255 5700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:43:50.0280 5700 Disk - ok
19:43:50.0332 5700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:43:50.0336 5700 Dnscache - ok
19:43:50.0378 5700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:43:50.0779 5700 dot3svc - ok
19:43:50.0809 5700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:43:50.0812 5700 DPS - ok
19:43:50.0853 5700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:43:50.0855 5700 drmkaud - ok
19:43:50.0900 5700 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:43:50.0918 5700 DXGKrnl - ok
19:43:50.0944 5700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:43:50.0947 5700 EapHost - ok
19:43:51.0017 5700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:43:51.0088 5700 ebdrv - ok
19:43:51.0122 5700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:43:51.0124 5700 EFS - ok
19:43:51.0170 5700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:43:51.0204 5700 ehRecvr - ok
19:43:51.0226 5700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:43:51.0231 5700 ehSched - ok
19:43:51.0256 5700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:43:51.0271 5700 elxstor - ok
19:43:51.0302 5700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:43:51.0304 5700 ErrDev - ok
19:43:51.0362 5700 esgiguard - ok
19:43:51.0409 5700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:43:51.0422 5700 EventSystem - ok
19:43:51.0431 5700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:43:51.0434 5700 exfat - ok
19:43:51.0445 5700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:43:51.0450 5700 fastfat - ok
19:43:51.0500 5700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:43:51.0517 5700 Fax - ok
19:43:51.0523 5700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:43:51.0525 5700 fdc - ok
19:43:51.0558 5700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:43:51.0559 5700 fdPHost - ok
19:43:51.0574 5700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:43:51.0576 5700 FDResPub - ok
19:43:51.0585 5700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:43:51.0588 5700 FileInfo - ok
19:43:51.0599 5700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:43:51.0600 5700 Filetrace - ok
19:43:51.0620 5700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:43:51.0622 5700 flpydisk - ok
19:43:51.0674 5700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:43:51.0679 5700 FltMgr - ok
19:43:51.0726 5700 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:43:51.0750 5700 FontCache - ok
19:43:51.0792 5700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:43:51.0794 5700 FontCache3.0.0.0 - ok
19:43:51.0813 5700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:43:51.0815 5700 FsDepends - ok
19:43:51.0853 5700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:43:51.0875 5700 Fs_Rec - ok
19:43:51.0943 5700 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:43:51.0946 5700 fvevol - ok
19:43:51.0968 5700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:43:51.0971 5700 gagp30kx - ok
19:43:52.0035 5700 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:43:52.0040 5700 GameConsoleService - ok
19:43:52.0087 5700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:43:52.0105 5700 gpsvc - ok
19:43:52.0216 5700 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:43:52.0218 5700 gupdate - ok
19:43:52.0254 5700 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:43:52.0255 5700 gupdatem - ok
19:43:52.0276 5700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:43:52.0277 5700 hcw85cir - ok
19:43:52.0323 5700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:43:52.0328 5700 HdAudAddService - ok
19:43:52.0384 5700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:43:52.0387 5700 HDAudBus - ok
19:43:52.0411 5700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:43:52.0414 5700 HidBatt - ok
19:43:52.0423 5700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:43:52.0435 5700 HidBth - ok
19:43:52.0444 5700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:43:52.0451 5700 HidIr - ok
19:43:52.0486 5700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:43:52.0489 5700 hidserv - ok
19:43:52.0530 5700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:43:52.0532 5700 HidUsb - ok
19:43:52.0561 5700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:43:52.0566 5700 hkmsvc - ok
19:43:52.0605 5700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:43:52.0609 5700 HomeGroupListener - ok
19:43:52.0641 5700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:43:52.0644 5700 HomeGroupProvider - ok
19:43:52.0755 5700 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:43:52.0826 5700 HP Support Assistant Service - ok
19:43:52.0898 5700 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:43:52.0903 5700 HPClientSvc - ok
19:43:52.0965 5700 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:43:52.0992 5700 hpqwmiex - ok
19:43:53.0037 5700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:43:53.0039 5700 HpSAMD - ok
19:43:53.0092 5700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:43:53.0110 5700 HTTP - ok
19:43:53.0143 5700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:43:53.0144 5700 hwpolicy - ok
19:43:53.0181 5700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:43:53.0183 5700 i8042prt - ok
19:43:53.0221 5700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:43:53.0226 5700 iaStorV - ok
19:43:53.0275 5700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:43:53.0308 5700 idsvc - ok
19:43:53.0337 5700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:43:53.0339 5700 iirsp - ok
19:43:53.0367 5700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:43:53.0384 5700 IKEEXT - ok
19:43:53.0467 5700 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:43:53.0524 5700 IntcAzAudAddService - ok
19:43:53.0536 5700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:43:53.0538 5700 intelide - ok
19:43:53.0566 5700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:43:53.0574 5700 intelppm - ok
19:43:53.0600 5700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:43:53.0604 5700 IPBusEnum - ok
19:43:53.0638 5700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:53.0656 5700 IpFilterDriver - ok
19:43:53.0688 5700 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:43:53.0768 5700 iphlpsvc - ok
19:43:53.0797 5700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:43:53.0799 5700 IPMIDRV - ok
19:43:53.0820 5700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:43:53.0823 5700 IPNAT - ok
19:43:53.0852 5700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:43:53.0854 5700 IRENUM - ok
19:43:53.0874 5700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:43:53.0876 5700 isapnp - ok
19:43:53.0910 5700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:43:53.0915 5700 iScsiPrt - ok
19:43:53.0943 5700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:43:53.0945 5700 kbdclass - ok
19:43:53.0958 5700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:43:53.0960 5700 kbdhid - ok
19:43:53.0971 5700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:43:53.0973 5700 KeyIso - ok
19:43:54.0019 5700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:43:54.0020 5700 KSecDD - ok
19:43:54.0070 5700 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:43:54.0087 5700 KSecPkg - ok
19:43:54.0113 5700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:43:54.0114 5700 ksthunk - ok
19:43:54.0145 5700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:43:54.0151 5700 KtmRm - ok
19:43:54.0195 5700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:43:54.0205 5700 LanmanServer - ok
19:43:54.0240 5700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:43:54.0248 5700 LanmanWorkstation - ok
19:43:54.0303 5700 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:43:54.0661 5700 LightScribeService - ok
19:43:54.0708 5700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:43:54.0710 5700 lltdio - ok
19:43:54.0737 5700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:43:54.0747 5700 lltdsvc - ok
19:43:54.0764 5700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:43:54.0765 5700 lmhosts - ok
19:43:54.0818 5700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:43:54.0820 5700 LSI_FC - ok
19:43:54.0829 5700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:43:54.0831 5700 LSI_SAS - ok
19:43:54.0841 5700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:43:54.0843 5700 LSI_SAS2 - ok
19:43:54.0859 5700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:43:54.0863 5700 LSI_SCSI - ok
19:43:54.0907 5700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:43:54.0911 5700 luafv - ok
19:43:54.0958 5700 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:43:55.0097 5700 LVPr2M64 - ok
19:43:55.0137 5700 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:43:55.0138 5700 LVPr2Mon - ok
19:43:55.0212 5700 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:43:55.0216 5700 LVPrcS64 - ok
19:43:55.0262 5700 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
19:43:55.0267 5700 LVRS64 - ok
19:43:55.0397 5700 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
19:43:55.0504 5700 LVUVC64 - ok
19:43:55.0534 5700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:43:55.0538 5700 Mcx2Svc - ok
19:43:55.0552 5700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:43:55.0558 5700 megasas - ok
19:43:55.0575 5700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:43:55.0580 5700 MegaSR - ok
19:43:55.0610 5700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:43:55.0612 5700 MMCSS - ok
19:43:55.0621 5700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:43:55.0623 5700 Modem - ok
19:43:55.0667 5700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:43:55.0669 5700 monitor - ok
19:43:55.0703 5700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:43:55.0705 5700 mouclass - ok
19:43:55.0761 5700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:43:55.0774 5700 mouhid - ok
19:43:55.0802 5700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:43:55.0805 5700 mountmgr - ok
19:43:55.0869 5700 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:43:55.0877 5700 MozillaMaintenance - ok
19:43:55.0930 5700 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:43:55.0934 5700 MpFilter - ok
19:43:55.0966 5700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:43:55.0969 5700 mpio - ok
19:43:56.0014 5700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:43:56.0016 5700 mpsdrv - ok
19:43:56.0066 5700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:43:56.0087 5700 MpsSvc - ok
19:43:56.0187 5700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:43:56.0191 5700 MRxDAV - ok
19:43:56.0214 5700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:56.0216 5700 mrxsmb - ok
19:43:56.0249 5700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:56.0253 5700 mrxsmb10 - ok
19:43:56.0274 5700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:56.0277 5700 mrxsmb20 - ok
19:43:56.0295 5700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:43:56.0296 5700 msahci - ok
19:43:56.0331 5700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:43:56.0333 5700 msdsm - ok
19:43:56.0349 5700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:43:56.0353 5700 MSDTC - ok
19:43:56.0389 5700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:43:56.0390 5700 Msfs - ok
19:43:56.0407 5700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:43:56.0410 5700 mshidkmdf - ok
19:43:56.0444 5700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:43:56.0446 5700 msisadrv - ok
19:43:56.0477 5700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:43:56.0480 5700 MSiSCSI - ok
19:43:56.0488 5700 msiserver - ok
19:43:56.0519 5700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:43:56.0520 5700 MSKSSRV - ok
19:43:56.0625 5700 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:43:56.0628 5700 MsMpSvc - ok
19:43:56.0648 5700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:56.0649 5700 MSPCLOCK - ok
19:43:56.0658 5700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:43:56.0659 5700 MSPQM - ok
19:43:56.0709 5700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:43:56.0716 5700 MsRPC - ok
19:43:56.0738 5700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:43:56.0740 5700 mssmbios - ok
19:43:56.0760 5700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:43:56.0762 5700 MSTEE - ok
19:43:56.0770 5700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:43:56.0771 5700 MTConfig - ok
19:43:56.0805 5700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:43:56.0808 5700 Mup - ok
19:43:56.0840 5700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:43:56.0848 5700 napagent - ok
19:43:56.0865 5700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:43:56.0870 5700 NativeWifiP - ok
19:43:56.0942 5700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:43:56.0960 5700 NDIS - ok
19:43:56.0981 5700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:56.0986 5700 NdisCap - ok
19:43:57.0013 5700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:57.0014 5700 NdisTapi - ok
19:43:57.0054 5700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:57.0056 5700 Ndisuio - ok
19:43:57.0087 5700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:57.0089 5700 NdisWan - ok
19:43:57.0130 5700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:43:57.0133 5700 NDProxy - ok
19:43:57.0153 5700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:43:57.0154 5700 NetBIOS - ok
19:43:57.0193 5700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:43:57.0196 5700 NetBT - ok
19:43:57.0204 5700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:43:57.0206 5700 Netlogon - ok
19:43:57.0227 5700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:43:57.0234 5700 Netman - ok
19:43:57.0258 5700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:43:57.0265 5700 netprofm - ok
19:43:57.0293 5700 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:43:57.0296 5700 NetTcpPortSharing - ok
19:43:57.0319 5700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:43:57.0321 5700 nfrd960 - ok
19:43:57.0379 5700 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:43:57.0381 5700 NisDrv - ok
19:43:57.0438 5700 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:43:57.0443 5700 NisSrv - ok
19:43:57.0498 5700 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:43:57.0538 5700 NlaSvc - ok
19:43:57.0555 5700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:43:57.0557 5700 Npfs - ok
19:43:57.0588 5700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:43:57.0590 5700 nsi - ok
19:43:57.0607 5700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:43:57.0608 5700 nsiproxy - ok
19:43:57.0671 5700 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:43:57.0741 5700 Ntfs - ok
19:43:57.0779 5700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:43:57.0780 5700 Null - ok
19:43:57.0802 5700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:43:57.0817 5700 nvraid - ok
19:43:57.0850 5700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:43:57.0855 5700 nvstor - ok
19:43:57.0884 5700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:43:57.0886 5700 nv_agp - ok
19:43:57.0922 5700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:43:57.0925 5700 ohci1394 - ok
19:43:57.0969 5700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:43:57.0985 5700 p2pimsvc - ok
19:43:58.0009 5700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:43:58.0073 5700 p2psvc - ok
19:43:58.0129 5700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:43:58.0131 5700 Parport - ok
19:43:58.0172 5700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:43:58.0174 5700 partmgr - ok
19:43:58.0214 5700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:43:58.0217 5700 PcaSvc - ok
19:43:58.0256 5700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:43:58.0258 5700 pci - ok
19:43:58.0293 5700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:43:58.0295 5700 pciide - ok
19:43:58.0324 5700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:43:58.0329 5700 pcmcia - ok
19:43:58.0365 5700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:43:58.0367 5700 pcw - ok
19:43:58.0406 5700 pdfcDispatcher - ok
19:43:58.0435 5700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:43:58.0453 5700 PEAUTH - ok
19:43:58.0553 5700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:43:58.0579 5700 PerfHost - ok
19:43:58.0659 5700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:43:58.0684 5700 pla - ok
19:43:58.0722 5700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:43:58.0736 5700 PlugPlay - ok
19:43:58.0753 5700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:43:58.0755 5700 PNRPAutoReg - ok
19:43:58.0777 5700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:43:58.0781 5700 PNRPsvc - ok
19:43:58.0803 5700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:43:58.0818 5700 PolicyAgent - ok
19:43:58.0843 5700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:43:58.0846 5700 Power - ok
19:43:58.0887 5700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:43:58.0890 5700 PptpMiniport - ok
19:43:58.0912 5700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:43:58.0915 5700 Processor - ok
19:43:58.0953 5700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:43:58.0957 5700 ProfSvc - ok
19:43:58.0971 5700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:43:58.0973 5700 ProtectedStorage - ok
19:43:59.0015 5700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:43:59.0018 5700 Psched - ok
19:43:59.0061 5700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:43:59.0093 5700 ql2300 - ok
19:43:59.0108 5700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:43:59.0110 5700 ql40xx - ok
19:43:59.0140 5700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:43:59.0144 5700 QWAVE - ok
19:43:59.0157 5700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:43:59.0158 5700 QWAVEdrv - ok
19:43:59.0168 5700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:43:59.0170 5700 RasAcd - ok
19:43:59.0205 5700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:43:59.0206 5700 RasAgileVpn - ok
19:43:59.0224 5700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:43:59.0226 5700 RasAuto - ok
19:43:59.0263 5700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:43:59.0265 5700 Rasl2tp - ok
19:43:59.0307 5700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:43:59.0312 5700 RasMan - ok
19:43:59.0344 5700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:43:59.0346 5700 RasPppoe - ok
19:43:59.0381 5700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:43:59.0384 5700 RasSstp - ok
19:43:59.0424 5700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:43:59.0427 5700 rdbss - ok
19:43:59.0443 5700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:43:59.0445 5700 rdpbus - ok
19:43:59.0457 5700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:43:59.0458 5700 RDPCDD - ok
19:43:59.0472 5700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:43:59.0473 5700 RDPENCDD - ok
19:43:59.0488 5700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:43:59.0490 5700 RDPREFMP - ok
19:43:59.0529 5700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:43:59.0534 5700 RDPWD - ok
19:43:59.0570 5700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:43:59.0574 5700 rdyboost - ok
19:43:59.0596 5700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:43:59.0599 5700 RemoteAccess - ok
19:43:59.0623 5700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:43:59.0637 5700 RemoteRegistry - ok
19:43:59.0670 5700 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:43:59.0675 5700 RoxioNow Service - ok
19:43:59.0709 5700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:43:59.0711 5700 RpcEptMapper - ok
19:43:59.0741 5700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:43:59.0743 5700 RpcLocator - ok
19:43:59.0775 5700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:43:59.0779 5700 RpcSs - ok
19:43:59.0789 5700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:43:59.0791 5700 rspndr - ok
19:43:59.0828 5700 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:43:59.0833 5700 RTL8167 - ok
19:43:59.0854 5700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:43:59.0855 5700 SamSs - ok
19:43:59.0891 5700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:43:59.0893 5700 sbp2port - ok
19:43:59.0915 5700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:43:59.0920 5700 SCardSvr - ok
19:43:59.0951 5700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:43:59.0953 5700 scfilter - ok
19:44:00.0000 5700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:44:00.0039 5700 Schedule - ok
19:44:00.0065 5700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:44:00.0066 5700 SCPolicySvc - ok
19:44:00.0103 5700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:44:00.0194 5700 SDRSVC - ok
19:44:00.0233 5700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:44:00.0245 5700 secdrv - ok
19:44:00.0338 5700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:44:00.0371 5700 seclogon - ok
19:44:00.0411 5700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:44:00.0415 5700 SENS - ok
19:44:00.0432 5700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:44:00.0438 5700 SensrSvc - ok
19:44:00.0467 5700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:44:00.0468 5700 Serenum - ok
19:44:00.0481 5700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:44:00.0485 5700 Serial - ok
19:44:00.0517 5700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:44:00.0521 5700 sermouse - ok
19:44:00.0583 5700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:44:00.0596 5700 SessionEnv - ok
19:44:00.0635 5700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:44:00.0637 5700 sffdisk - ok
19:44:00.0673 5700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:44:00.0674 5700 sffp_mmc - ok
19:44:00.0683 5700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:44:00.0689 5700 sffp_sd - ok
19:44:00.0699 5700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:44:00.0709 5700 sfloppy - ok
19:44:00.0835 5700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:44:00.0851 5700 SharedAccess - ok
19:44:00.0908 5700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:00.0924 5700 ShellHWDetection - ok
19:44:00.0933 5700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:44:00.0935 5700 SiSRaid2 - ok
19:44:00.0956 5700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:44:00.0959 5700 SiSRaid4 - ok
19:44:01.0036 5700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:01.0041 5700 SkypeUpdate - ok
19:44:01.0050 5700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:44:01.0093 5700 Smb - ok
19:44:01.0142 5700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:44:01.0147 5700 SNMPTRAP - ok
19:44:01.0165 5700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:44:01.0168 5700 spldr - ok
19:44:01.0226 5700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:44:01.0241 5700 Spooler - ok
19:44:01.0332 5700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:44:01.0405 5700 sppsvc - ok
19:44:01.0418 5700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:44:01.0425 5700 sppuinotify - ok
19:44:01.0469 5700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:44:01.0485 5700 srv - ok
19:44:01.0511 5700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:44:01.0520 5700 srv2 - ok
19:44:01.0535 5700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:44:01.0538 5700 srvnet - ok
19:44:01.0557 5700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:44:01.0577 5700 SSDPSRV - ok
19:44:01.0596 5700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:44:01.0600 5700 SstpSvc - ok
19:44:01.0646 5700 Steam Client Service - ok
19:44:01.0662 5700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:44:01.0663 5700 stexstor - ok
19:44:01.0708 5700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:44:01.0728 5700 stisvc - ok
19:44:01.0761 5700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:44:01.0763 5700 swenum - ok
19:44:01.0864 5700 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:44:02.0273 5700 SwitchBoard - ok
19:44:02.0318 5700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:44:02.0334 5700 swprv - ok
19:44:02.0389 5700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:44:02.0425 5700 SysMain - ok
19:44:02.0463 5700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:02.0466 5700 TabletInputService - ok
19:44:02.0508 5700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:44:02.0513 5700 TapiSrv - ok
19:44:02.0530 5700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:44:02.0534 5700 TBS - ok
19:44:02.0589 5700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:44:02.0643 5700 Tcpip - ok
19:44:02.0702 5700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:44:02.0716 5700 TCPIP6 - ok
19:44:02.0749 5700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:44:02.0771 5700 tcpipreg - ok
19:44:02.0812 5700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:44:02.0814 5700 TDPIPE - ok
19:44:02.0841 5700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:44:02.0842 5700 TDTCP - ok
19:44:02.0880 5700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:44:02.0883 5700 tdx - ok
19:44:02.0899 5700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:44:02.0901 5700 TermDD - ok
19:44:02.0949 5700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:44:02.0966 5700 TermService - ok
19:44:02.0980 5700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:44:02.0983 5700 Themes - ok
19:44:03.0001 5700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:44:03.0003 5700 THREADORDER - ok
19:44:03.0021 5700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:44:03.0025 5700 TrkWks - ok
19:44:03.0075 5700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:44:03.0078 5700 TrustedInstaller - ok
19:44:03.0110 5700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:03.0112 5700 tssecsrv - ok
19:44:03.0175 5700 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:44:03.0177 5700 TsUsbFlt - ok
19:44:03.0207 5700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:44:03.0210 5700 tunnel - ok
19:44:03.0228 5700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:44:03.0230 5700 uagp35 - ok
19:44:03.0262 5700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:44:03.0266 5700 udfs - ok
19:44:03.0305 5700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:44:03.0307 5700 UI0Detect - ok
19:44:03.0342 5700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:44:03.0343 5700 uliagpkx - ok
19:44:03.0389 5700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:44:03.0391 5700 umbus - ok
19:44:03.0412 5700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:44:03.0414 5700 UmPass - ok
19:44:03.0436 5700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:44:03.0453 5700 upnphost - ok
19:44:03.0491 5700 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:44:03.0494 5700 usbaudio - ok
19:44:03.0516 5700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:03.0520 5700 usbccgp - ok
19:44:03.0564 5700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:44:03.0566 5700 usbcir - ok
19:44:03.0575 5700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:44:03.0577 5700 usbehci - ok
19:44:03.0604 5700 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:44:03.0606 5700 usbfilter - ok
19:44:03.0623 5700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:44:03.0628 5700 usbhub - ok
19:44:03.0638 5700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:44:03.0640 5700 usbohci - ok
19:44:03.0675 5700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:44:03.0684 5700 usbprint - ok
19:44:03.0726 5700 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:44:03.0728 5700 usbscan - ok
19:44:03.0756 5700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:03.0758 5700 USBSTOR - ok
19:44:03.0782 5700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:44:03.0786 5700 usbuhci - ok
19:44:03.0820 5700 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:44:03.0828 5700 usbvideo - ok
19:44:03.0849 5700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:44:03.0854 5700 UxSms - ok
19:44:03.0870 5700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:44:03.0872 5700 VaultSvc - ok
19:44:03.0902 5700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:44:03.0905 5700 vdrvroot - ok
19:44:03.0949 5700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:44:03.0966 5700 vds - ok
19:44:03.0987 5700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:03.0989 5700 vga - ok
19:44:04.0011 5700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:44:04.0014 5700 VgaSave - ok
19:44:04.0031 5700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:44:04.0035 5700 vhdmp - ok
19:44:04.0052 5700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:44:04.0053 5700 viaide - ok
19:44:04.0073 5700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:44:04.0075 5700 volmgr - ok
19:44:04.0114 5700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:44:04.0119 5700 volmgrx - ok
19:44:04.0144 5700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:44:04.0149 5700 volsnap - ok
19:44:04.0188 5700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:44:04.0191 5700 vsmraid - ok
19:44:04.0237 5700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:44:04.0271 5700 VSS - ok
19:44:04.0289 5700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:44:04.0305 5700 vwifibus - ok
19:44:04.0330 5700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:44:04.0345 5700 W32Time - ok
19:44:04.0357 5700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:44:04.0366 5700 WacomPen - ok
19:44:04.0406 5700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:44:04.0410 5700 WANARP - ok
19:44:04.0434 5700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:44:04.0435 5700 Wanarpv6 - ok
19:44:04.0500 5700 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:44:04.0526 5700 WatAdminSvc - ok
19:44:04.0579 5700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:44:04.0606 5700 wbengine - ok
19:44:04.0637 5700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:44:04.0643 5700 WbioSrvc - ok
19:44:04.0678 5700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:44:04.0694 5700 wcncsvc - ok
19:44:04.0709 5700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:44:04.0714 5700 WcsPlugInService - ok
19:44:04.0720 5700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:44:04.0723 5700 Wd - ok
19:44:04.0764 5700 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:44:04.0780 5700 Wdf01000 - ok
19:44:04.0798 5700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:44:04.0801 5700 WdiServiceHost - ok
19:44:04.0808 5700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:44:04.0810 5700 WdiSystemHost - ok
19:44:04.0847 5700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:44:04.0853 5700 WebClient - ok
19:44:04.0872 5700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:44:04.0878 5700 Wecsvc - ok
19:44:04.0896 5700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:44:04.0899 5700 wercplsupport - ok
19:44:04.0915 5700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:44:04.0919 5700 WerSvc - ok
19:44:04.0948 5700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:44:04.0950 5700 WfpLwf - ok
19:44:04.0966 5700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:44:04.0969 5700 WIMMount - ok
19:44:04.0985 5700 WinDefend - ok
19:44:04.0993 5700 WinHttpAutoProxySvc - ok
19:44:05.0036 5700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:44:05.0041 5700 Winmgmt - ok
19:44:05.0227 5700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:44:05.0288 5700 WinRM - ok
19:44:05.0342 5700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:44:05.0361 5700 Wlansvc - ok
19:44:05.0479 5700 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:44:05.0529 5700 wlidsvc - ok
19:44:05.0572 5700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:44:05.0574 5700 WmiAcpi - ok
19:44:05.0594 5700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:44:05.0597 5700 wmiApSrv - ok
19:44:05.0619 5700 WMPNetworkSvc - ok
19:44:05.0635 5700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:44:05.0638 5700 WPCSvc - ok
19:44:05.0670 5700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:44:05.0674 5700 WPDBusEnum - ok
19:44:05.0698 5700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:44:05.0701 5700 ws2ifsl - ok
19:44:05.0720 5700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:44:05.0723 5700 wscsvc - ok
19:44:05.0731 5700 WSearch - ok
19:44:05.0801 5700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:44:05.0848 5700 wuauserv - ok
19:44:05.0875 5700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:44:05.0892 5700 WudfPf - ok
19:44:05.0954 5700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:06.0007 5700 WUDFRd - ok
19:44:06.0055 5700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:44:06.0113 5700 wudfsvc - ok
19:44:06.0145 5700 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:44:06.0238 5700 WwanSvc - ok
19:44:06.0255 5700 ================ Scan global ===============================
19:44:06.0279 5700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:44:06.0329 5700 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:44:06.0346 5700 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:44:06.0378 5700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:44:06.0399 5700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:44:06.0415 5700 [Global] - ok
19:44:06.0418 5700 ================ Scan MBR ==================================
19:44:06.0431 5700 [ 04A697A840A9C0EB00F016329361A06F ] \Device\Harddisk0\DR0
19:44:07.0044 5700 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:44:07.0044 5700 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:44:07.0049 5700 ================ Scan VBR ==================================
19:44:07.0054 5700 [ 1DAFC20313A4A9B04DFA7EBD060A929C ] \Device\Harddisk0\DR0\Partition1
19:44:07.0055 5700 \Device\Harddisk0\DR0\Partition1 - ok
19:44:07.0085 5700 [ 49BA93E6080DDA20F95DA2E76DA83B50 ] \Device\Harddisk0\DR0\Partition2
19:44:07.0086 5700 \Device\Harddisk0\DR0\Partition2 - ok
19:44:07.0118 5700 [ 9C940836BD8CBEDD5691C9A90F7030D6 ] \Device\Harddisk0\DR0\Partition3
19:44:07.0119 5700 \Device\Harddisk0\DR0\Partition3 - ok
19:44:07.0120 5700 ============================================================
19:44:07.0120 5700 Scan finished
19:44:07.0120 5700 ============================================================
19:44:07.0135 6044 Detected object count: 1
19:44:07.0135 6044 Actual detected object count: 1
19:49:01.0829 6044 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:49:01.0829 6044 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



Thanks in advance for checking this out!

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:51 AM

Posted 24 November 2012 - 07:53 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 25 November 2012 - 08:05 PM

Thanks for getting back with me and checking this out!

Here are the logs from the FRST.text

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 25-11-2012 19:52:20
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup [602624 2009-03-12] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-07-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Ideal Internet\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Ideal Internet\...\Run: [Akamai NetSession Interface] "C:\Users\Ideal Internet\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Ideal Internet\...\Run: [AdobeBridge] [x]
HKU\Ideal Internet\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Ideal Internet\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3389080 2012-11-05] (Electronic Arts)
HKU\Ideal Internet\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin [692152 2012-10-24] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Z1] C:\Users\Ideal Internet\Desktop\mbar\mbar.exe /cleanup /s [1341800 2012-11-22] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Ideal Internet\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ideal Internet\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Ideal Internet\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2011-08-22] (Adobe Systems)
2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-07-31] (CobianSoft, Luis Cobian)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-22 18:35 - 2012-11-22 18:51 - 00000000 ____D C:\Users\Ideal Internet\Backup_11_12
2012-11-22 18:30 - 2012-11-22 18:30 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-11-22 18:28 - 2012-11-22 18:29 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\Ideal Internet\Downloads\cbSetup.exe
2012-11-22 18:18 - 2012-11-22 18:18 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Ideal Internet\Desktop\iexplorer.exe.exe
2012-11-22 17:58 - 2012-11-22 18:14 - 00000000 ____D C:\Users\Ideal Internet\Desktop\mbar
2012-11-22 17:57 - 2012-11-22 18:18 - 15155400 ____A C:\Users\Ideal Internet\Downloads\mbar-1.01.0.1009.zip
2012-11-21 20:25 - 2012-11-21 20:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\39166355.sys
2012-11-21 20:12 - 2012-11-21 20:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-21 20:05 - 2012-11-21 20:05 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Ideal Internet\Downloads\tdsskiller.exe
2012-11-21 19:20 - 2012-11-21 19:20 - 00000000 ____D C:\Windows\pss
2012-11-21 18:20 - 2012-11-21 18:20 - 00000000 ____A C:\autoexec.bat
2012-11-21 18:19 - 2012-11-21 18:19 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-11-21 18:18 - 2012-11-21 19:33 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-21 18:17 - 2012-11-21 18:17 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Ideal Internet\Downloads\SpyHunter-Installer.exe
2012-11-21 10:29 - 2012-11-21 10:29 - 00002187 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-11-21 10:23 - 2012-11-21 10:23 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-19 13:22 - 2012-11-19 13:21 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-11-19 13:21 - 2012-11-19 13:21 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-19 13:21 - 2012-11-19 13:21 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-19 13:21 - 2012-11-19 13:21 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-19 00:10 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-19 00:10 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-19 00:10 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-19 00:10 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-19 00:04 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-19 00:04 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-19 00:04 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-19 00:04 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-19 00:04 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-19 00:04 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-19 00:04 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-19 00:04 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-19 00:04 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-19 00:04 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-19 00:04 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-19 00:04 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-19 00:04 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-19 00:04 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-19 00:04 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-19 00:04 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-19 00:04 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-19 00:04 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-19 00:04 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-19 00:04 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-19 00:04 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-19 00:04 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-19 00:04 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-19 00:04 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-19 00:04 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-19 00:04 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-19 00:04 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-19 00:04 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-19 00:04 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-19 00:04 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-19 00:04 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-19 00:04 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-19 00:01 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-19 00:01 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-19 00:01 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-19 00:01 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-19 00:01 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-19 00:01 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-19 00:01 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-19 00:01 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-18 12:58 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-18 12:58 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-18 12:58 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-18 12:58 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-18 12:58 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-18 12:58 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-18 12:58 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-18 12:58 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-18 12:58 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-18 12:58 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-18 12:58 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-18 12:58 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-18 12:58 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-18 12:58 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-18 12:58 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-18 12:58 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-18 12:58 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-18 12:57 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-18 12:57 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-07 06:23 - 2012-11-07 06:24 - 00998624 ____A (Solid State Networks) C:\Users\Ideal Internet\Downloads\install_flashplayer11x32au_mssd_aih.exe
2012-11-06 15:41 - 2012-11-06 15:43 - 00000000 ____D C:\Users\Ideal Internet\Documents\OnLive App
2012-11-05 19:08 - 2012-11-05 19:09 - 00000000 ____D C:\Users\Ideal Internet\AppData\Roaming\Origin
2012-11-05 19:08 - 2012-11-05 19:08 - 00000000 ____D C:\Users\Ideal Internet\AppData\Local\Origin
2012-11-05 19:08 - 2012-11-05 19:08 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-11-05 18:28 - 2012-11-05 19:09 - 00000000 ____D C:\Users\All Users\Origin
2012-11-05 18:28 - 2012-11-05 19:08 - 00000000 ____D C:\Program Files (x86)\Origin
2012-11-05 18:28 - 2012-11-05 18:28 - 00000985 ____A C:\Users\Public\Desktop\Origin.lnk
2012-11-05 18:28 - 2012-11-05 18:28 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-11-05 18:27 - 2012-11-05 18:27 - 16910408 ____A (Electronic Arts, Inc.) C:\Users\Ideal Internet\Downloads\OriginThinSetup.exe
2012-11-05 09:01 - 2012-11-05 09:03 - 78203977 ____A C:\Users\Ideal Internet\Downloads\peprally.zip
2012-11-05 09:01 - 2012-11-05 09:03 - 114937209 ____A C:\Users\Ideal Internet\Downloads\LeapYear.zip
2012-11-03 11:38 - 2012-11-03 11:38 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-11-01 16:38 - 2012-11-01 16:38 - 00045666 ____A C:\Users\Ideal Internet\Downloads\noname.eml
2012-11-01 14:39 - 2012-11-01 14:39 - 00009020 ____A C:\Users\Ideal Internet\Downloads\Harold's_Shooter_Example.fla
2012-11-01 10:25 - 2012-11-01 10:25 - 00000000 ____D C:\Program Files (x86)\LifeRPG_r2
2012-11-01 08:47 - 2012-11-01 08:47 - 01357561 ____A C:\Users\Ideal Internet\Downloads\LifeRPG_r2.zip
2012-10-31 07:38 - 2012-10-31 07:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-26 12:08 - 2012-10-26 12:08 - 00000000 ____D C:\Users\Ideal Internet\Downloads\While_You_Were_Sleeping-(DatPiff.com)


==================== One Month Modified Files and Folders =======

2012-11-25 16:48 - 2012-10-24 18:52 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-25 16:47 - 2011-08-19 23:00 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-11-25 16:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-25 16:47 - 2009-07-13 20:51 - 00045720 ____A C:\Windows\setupact.log
2012-11-25 16:46 - 2010-10-24 19:09 - 00068566 ____A C:\Windows\PFRO.log
2012-11-25 16:45 - 2010-10-24 16:54 - 01612993 ____A C:\Windows\WindowsUpdate.log
2012-11-25 16:42 - 2012-03-15 10:05 - 00000000 ____D C:\Users\Ideal Internet\AppData\Roaming\Dropbox
2012-11-25 16:41 - 2012-11-25 16:41 - 00000000 ____D C:\FRST
2012-11-25 16:34 - 2012-07-12 06:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-25 16:32 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-25 15:57 - 2012-10-24 18:52 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-25 13:46 - 2012-03-16 11:20 - 00001456 ____A C:\Users\Ideal Internet\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-11-24 21:18 - 2010-10-24 17:09 - 00000000 ____D C:\Users\All Users\PDFC
2012-11-23 22:10 - 2011-09-08 19:39 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForIDEALINTERNET$.job
2012-11-23 17:58 - 2010-10-24 16:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-11-23 17:42 - 2012-03-19 08:30 - 00000000 ____D C:\Users\Ideal Internet\AppData\Roaming\Skype
2012-11-23 16:59 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-23 16:59 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-23 06:35 - 2012-03-15 10:11 - 00000000 ____D C:\Users\Ideal Internet\Work
2012-11-22 18:51 - 2012-11-22 18:35 - 00000000 ____D C:\Users\Ideal Internet\Backup_11_12
2012-11-22 18:35 - 2011-08-01 08:48 - 00000000 ____D C:\users\Ideal Internet
2012-11-22 18:30 - 2012-11-22 18:30 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-11-22 18:29 - 2012-11-22 18:28 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\Ideal Internet\Downloads\cbSetup.exe
2012-11-22 18:18 - 2012-11-22 18:18 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Ideal Internet\Desktop\iexplorer.exe.exe
2012-11-22 18:18 - 2012-11-22 17:57 - 15155400 ____A C:\Users\Ideal Internet\Downloads\mbar-1.01.0.1009.zip
2012-11-22 18:14 - 2012-11-22 17:58 - 00000000 ____D C:\Users\Ideal Internet\Desktop\mbar
2012-11-21 20:25 - 2012-11-21 20:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\39166355.sys
2012-11-21 20:18 - 2012-03-15 10:09 - 00000000 ___RD C:\Users\Ideal Internet\Dropbox
2012-11-21 20:12 - 2012-11-21 20:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-21 20:05 - 2012-11-21 20:05 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Ideal Internet\Downloads\tdsskiller.exe
2012-11-21 19:33 - 2012-11-21 18:18 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-21 19:23 - 2012-03-14 20:04 - 00000368 ____A C:\Windows\Tasks\HPCeeScheduleForIdeal Internet.job
2012-11-21 19:20 - 2012-11-21 19:20 - 00000000 ____D C:\Windows\pss
2012-11-21 18:20 - 2012-11-21 18:20 - 00000000 ____A C:\autoexec.bat
2012-11-21 18:19 - 2012-11-21 18:19 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-11-21 18:17 - 2012-11-21 18:17 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Ideal Internet\Downloads\SpyHunter-Installer.exe
2012-11-21 12:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-11-21 11:25 - 2010-10-24 16:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-21 10:29 - 2012-11-21 10:29 - 00002187 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-11-21 10:29 - 2010-10-24 16:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-11-21 10:27 - 2011-09-22 20:11 - 00000000 ____D C:\Users\Ideal Internet\AppData\Roaming\hpqLog
2012-11-21 10:23 - 2012-11-21 10:23 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-21 10:19 - 2010-06-14 18:07 - 00000000 ___AD C:\swsetup
2012-11-20 15:30 - 2011-08-02 15:16 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-11-20 15:28 - 2011-08-02 15:15 - 00000000 ____D C:\Users\Ideal Internet\AppData\Roaming\HP Support Assistant
2012-11-20 15:28 - 2011-08-02 12:51 - 00000000 ____D C:\Users\Ideal Internet\AppData\Roaming\HpUpdate
2012-11-19 13:21 - 2012-11-19 13:22 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-11-19 13:21 - 2012-11-19 13:21 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-19 13:21 - 2012-11-19 13:21 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-19 13:21 - 2012-11-19 13:21 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-19 13:21 - 2012-08-05 16:15 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-11-19 13:21 - 2011-08-04 10:00 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-11-19 13:21 - 2011-08-04 10:00 - 00000000 ____D C:\Program Files (x86)\Java
2012-11-19 13:08 - 2011-08-04 10:19 - 00000000 ____D C:\Program Files (x86)\Everything
2012-11-19 07:08 - 2011-08-22 08:42 - 00072136 ____A C:\Users\Ideal Internet\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-19 01:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-19 00:35 - 2009-07-13 20:45 - 04872520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-19 00:02 - 2011-08-29 11:00 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-07 06:25 - 2011-08-22 16:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-07 06:24 - 2012-11-07 06:23 - 00998624 ____A (Solid State Networks) C:\Users\Ideal Internet\Downloads\install_flashplayer11x32au_mssd_aih.exe
2012-11-06 16:08 - 2012-02-07 11:42 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-06 16:08 - 2011-08-04 07:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-06 15:43 - 2012-11-06 15:41 - 00000000 ____D C:\Users\Ideal Internet\Documents\OnLive App
2012-11-05 19:09 - 2012-11-05 19:08 - 00000000 ____D C:\Users\Ideal Internet\AppData\Roaming\Origin
2012-11-05 19:09 - 2012-11-05 18:28 - 00000000 ____D C:\Users\All Users\Origin
2012-11-05 19:08 - 2012-11-05 19:08 - 00000000 ____D C:\Users\Ideal Internet\AppData\Local\Origin
2012-11-05 19:08 - 2012-11-05 19:08 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-11-05 19:08 - 2012-11-05 18:28 - 00000000 ____D C:\Program Files (x86)\Origin
2012-11-05 18:28 - 2012-11-05 18:28 - 00000985 ____A C:\Users\Public\Desktop\Origin.lnk
2012-11-05 18:28 - 2012-11-05 18:28 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-11-05 18:27 - 2012-11-05 18:27 - 16910408 ____A (Electronic Arts, Inc.) C:\Users\Ideal Internet\Downloads\OriginThinSetup.exe
2012-11-05 09:03 - 2012-11-05 09:01 - 78203977 ____A C:\Users\Ideal Internet\Downloads\peprally.zip
2012-11-05 09:03 - 2012-11-05 09:01 - 114937209 ____A C:\Users\Ideal Internet\Downloads\LeapYear.zip
2012-11-03 16:24 - 2011-09-09 00:28 - 00000000 ____D C:\Users\Ideal Internet\AppData\Local\CrashDumps
2012-11-03 11:38 - 2012-11-03 11:38 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-11-03 10:42 - 2012-04-26 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-02 09:03 - 2011-08-29 14:41 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-01 16:38 - 2012-11-01 16:38 - 00045666 ____A C:\Users\Ideal Internet\Downloads\noname.eml
2012-11-01 14:39 - 2012-11-01 14:39 - 00009020 ____A C:\Users\Ideal Internet\Downloads\Harold's_Shooter_Example.fla
2012-11-01 10:25 - 2012-11-01 10:25 - 00000000 ____D C:\Program Files (x86)\LifeRPG_r2
2012-11-01 08:47 - 2012-11-01 08:47 - 01357561 ____A C:\Users\Ideal Internet\Downloads\LifeRPG_r2.zip
2012-10-31 07:39 - 2012-10-31 07:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-26 12:08 - 2012-10-26 12:08 - 00000000 ____D C:\Users\Ideal Internet\Downloads\While_You_Were_Sleeping-(DatPiff.com)


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-06 07:51:41
Restore point made on: 2012-11-18 12:44:21
Restore point made on: 2012-11-19 00:00:31
Restore point made on: 2012-11-19 13:18:56
Restore point made on: 2012-11-21 10:25:50
Restore point made on: 2012-11-21 11:37:43
Restore point made on: 2012-11-21 12:24:10
Restore point made on: 2012-11-21 18:18:50
Restore point made on: 2012-11-21 18:52:34
Restore point made on: 2012-11-21 19:31:35
Restore point made on: 2012-11-22 06:10:32
Restore point made on: 2012-11-22 18:39:15

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 2815.29 MB
Available physical RAM: 2080.51 MB
Total Pagefile: 2813.43 MB
Available Pagefile: 2050.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:584.22 GB) (Free:420.54 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.85 GB) (Free:1.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (Lexar) (Removable) (Total:3.73 GB) (Free:2.62 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 584 GB 101 MB
Partition 3 Primary 11 GB 584 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 584 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 564 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Lexar FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-11-25 04:40

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:51 AM

Posted 25 November 2012 - 08:21 PM

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 25 November 2012 - 08:51 PM

I just finished running the Malware Anti-Rootkit Program. The two logs are copied below. About to run ComboFix. I'll send over that log when it is completed.


Dated Log

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ideal Internet :: IDEALINTERNET [administrator]

11/25/2012 8:45:41 PM
mbar-log-2012-11-25 (20-45-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27666
Time elapsed: 13 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



System Log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.900000 GHz
Memory total: 2952040448, free: 523182080

------------ Kernel report ------------
11/22/2012 20:59:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002998700
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000004f\
Lower Device Object: 0xfffffa8002515140
Lower Device Driver Name: \Driver\amd_sata\
Driver name found: amd_sata
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.22.11
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002998700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002998150, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002998700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800298a040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8002515140, DeviceName: \Device\0000004f\, DriverName: \Driver\amd_sata\
------------ End ----------
Upper DeviceData: 0xfffff8a00a217800, 0xfffffa8002998700, 0xfffffa8004832790
Lower DeviceData: 0xfffff8a0017203d0, 0xfffffa8002515140, 0xfffffa80055ade40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 533CF94C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1225199616

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1225406464 Numsec = 24854528

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.900000 GHz
Memory total: 2952040448, free: 2091761664

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.900000 GHz
Memory total: 2952040448, free: 1068699648

------------ Kernel report ------------
11/25/2012 20:31:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\lpk.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8003d61790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006a\
Lower Device Object: 0xfffffa8003d65b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800299f470
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000004f\
Lower Device Object: 0xfffffa800298b060
Lower Device Driver Name: \Driver\amd_sata\
Driver name found: amd_sata
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.25.08
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800299f470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80029a0040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800299f470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002991040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa800298b060, DeviceName: \Device\0000004f\, DriverName: \Driver\amd_sata\
------------ End ----------
Upper DeviceData: 0xfffff8a009f46220, 0xfffffa800299f470, 0xfffffa8003d44790
Lower DeviceData: 0xfffff8a00d37d770, 0xfffffa800298b060, 0xfffffa800408a730
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 533CF94C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1225199616

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1225406464 Numsec = 24854528

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8003d61790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003d65690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003d61790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003d5d040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8003d65b60, DeviceName: \Device\0000006a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00bd0adf0, 0xfffffa8003d61790, 0xfffffa800375d210
Lower DeviceData: 0xfffff8a00a9acee0, 0xfffffa8003d65b60, 0xfffffa800283fe40
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 1128 Numsec = 7830424
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4009754624 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

#6 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 25 November 2012 - 09:35 PM

Here is the ComboFix Log.

ComboFix 12-11-25.01 - Ideal Internet 11/25/2012 21:01:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1544 [GMT -5:00]
Running from: c:\users\Ideal Internet\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 02:14 . 2012-11-26 02:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-26 02:14 . 2012-11-26 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 00:41 . 2012-11-26 00:41 -------- d-----w- C:\FRST
2012-11-25 04:28 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E94C3D9D-0381-4527-A0B0-A87BF67975A7}\mpengine.dll
2012-11-24 04:28 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-23 02:35 . 2012-11-23 02:51 -------- d-----w- c:\users\Ideal Internet\Backup_11_12
2012-11-23 02:30 . 2012-11-23 02:30 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-11-22 04:25 . 2012-11-22 04:25 208216 ----a-w- c:\windows\system32\drivers\39166355.sys
2012-11-22 04:12 . 2012-11-22 04:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 02:19 . 2012-11-22 02:19 -------- d-----w- c:\program files\Enigma Software Group
2012-11-22 02:18 . 2012-11-22 03:33 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-21 18:23 . 2012-11-21 18:23 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-19 21:22 . 2012-11-19 21:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-19 21:21 . 2012-11-19 21:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-19 08:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 08:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 08:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 08:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 20:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-18 20:57 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-06 03:08 . 2012-11-06 03:09 -------- d-----w- c:\users\Ideal Internet\AppData\Roaming\Origin
2012-11-06 03:08 . 2012-11-06 03:08 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-06 03:08 . 2012-11-06 03:08 -------- d-----w- c:\users\Ideal Internet\AppData\Local\Origin
2012-11-06 02:28 . 2012-11-06 03:09 -------- d-----w- c:\programdata\Origin
2012-11-06 02:28 . 2012-11-06 02:28 -------- d-----w- c:\programdata\Electronic Arts
2012-11-06 02:28 . 2012-11-06 03:08 -------- d-----w- c:\program files (x86)\Origin
2012-11-01 18:25 . 2012-11-01 18:25 -------- d-----w- c:\program files (x86)\LifeRPG_r2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 21:21 . 2012-08-06 00:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-19 21:21 . 2011-08-04 18:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-19 08:02 . 2011-08-29 19:00 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 03:34 . 2012-03-30 21:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-25 03:34 . 2011-08-04 16:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 07:12 . 2012-10-25 02:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2F1588-41C6-4040-865A-E59D330A8220}\gapaengine.dll
2012-10-03 07:12 . 2011-09-09 03:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 00:54 . 2011-08-04 15:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-25 02:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-25 02:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-25 02:24 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2011-04-27 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-25 02:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-25 02:24 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-25 02:24 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
2012-07-09 22:46 351136 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Ideal Internet\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"AdobeBridge"="" [BU]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-11-06 3389080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Ideal Internet\Desktop\mbar\mbar.exe" [2012-11-26 1341800]
.
c:\users\Ideal Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-03 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:34]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 02:52]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 02:52]
.
2012-11-22 c:\windows\Tasks\HPCeeScheduleForIdeal Internet.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-11-24 c:\windows\Tasks\HPCeeScheduleForIDEALINTERNET$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ideal Internet\AppData\Roaming\Mozilla\Firefox\Profiles\p8y7uckp.default\
FF - prefs.js: browser.startup.homepage - hxxp://bleephomepage.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=37E8730B-B8BF-4ADF-A6BC-5EAB83C6F956&apn_ptnrs=&apn_sauid=E96291BD-7354-4D11-A862-19D7FFAC43C5&apn_dtid=OSJ000&&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-25 21:32:31
ComboFix-quarantined-files.txt 2012-11-26 02:32
ComboFix2.txt 2012-10-21 01:39
.
Pre-Run: 452,030,443,520 bytes free
Post-Run: 453,541,433,344 bytes free
.
- - End Of File - - AC840740AA3600E6FE457392315740A5

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:51 AM

Posted 25 November 2012 - 11:24 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 25 November 2012 - 11:56 PM

The Junkware Removal log is below. Will run the online scanner momentarily.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.1 (11.25.2012)
OS: Windows 7 Home Premium x64
Ran by Ideal Internet on Sun 11/25/2012 at 23:49:54.75
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\ApnUpdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Ideal Internet\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\Users\Ideal Internet\AppData\Roaming\mozilla\firefox\profiles\p8y7uckp.default\user.js
Successfully deleted: [File] C:\Users\Ideal Internet\AppData\Roaming\mozilla\firefox\profiles\p8y7uckp.default\extensions\xcxarpznjl@xcxarpznjl.org.xpi [Tracur]
Successfully deleted the following from C:\Users\Ideal Internet\AppData\Roaming\mozilla\firefox\profiles\p8y7uckp.default\prefs.js

user_pref("keyword.URL", "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=37E8730B-B8BF-4ADF-A6BC-5EAB83C6F956&apn_ptnrs=&apn_sauid=E96291BD-7354-4D11-A862-19D7FFAC43C5&apn_dtid=OSJ000&&q=");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/25/2012 at 23:54:30.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 26 November 2012 - 03:24 AM

The ESET Scan picked up an Olmarik trojan. The log is below. I restarted my computer after running the scan and although its quarantined, I'm still getting a redirect when using Google in Chrome. Think we're getting somewhere though :thumbup2::)

C:\TDSSKiller_Quarantine\21.11.2012_23.05.15\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\21.11.2012_23.05.15\tdlfs0000\tsk0002.dta Win32/Olmarik.AYG trojan
C:\TDSSKiller_Quarantine\21.11.2012_23.05.15\tdlfs0001\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\21.11.2012_23.05.15\tdlfs0001\tsk0002.dta Win32/Olmarik.AYG trojan
C:\Users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\background.html Win32/BHO.OEI trojan
C:\Users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\ContentScript.js Win32/BHO.OEI trojan

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:51 AM

Posted 26 November 2012 - 09:10 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\background.html 
C:\Users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\ContentScript.js 
 
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 26 November 2012 - 09:57 AM

Here is the ComboFix's log. I will run RogueKiller and post it soon.

ComboFix 12-11-26.01 - Ideal Internet 11/26/2012 9:39.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1477 [GMT -5:00]
Running from: c:\users\Ideal Internet\Desktop\ComboFix.exe
Command switches used :: c:\users\Ideal Internet\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\background.html"
"c:\users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\ContentScript.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\background.html
c:\users\Ideal Internet\AppData\Local\Google\Chrome\User Data\Default\Default\aadidegcgbdcdigdgbggdgdfdedjdhda\ContentScript.js
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 14:49 . 2012-11-26 14:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-26 14:49 . 2012-11-26 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 08:29 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49DBDC0A-E377-4E39-B23C-4F2C198240AB}\mpengine.dll
2012-11-26 08:14 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-26 04:59 . 2012-11-26 04:59 -------- d-----w- c:\program files (x86)\ESET
2012-11-26 04:49 . 2012-11-26 04:49 -------- d-----w- c:\windows\ERUNT
2012-11-26 04:49 . 2012-11-26 04:49 -------- d-----w- C:\JRT
2012-11-26 00:41 . 2012-11-26 00:41 -------- d-----w- C:\FRST
2012-11-23 02:35 . 2012-11-23 02:51 -------- d-----w- c:\users\Ideal Internet\Backup_11_12
2012-11-23 02:30 . 2012-11-23 02:30 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-11-22 04:25 . 2012-11-22 04:25 208216 ----a-w- c:\windows\system32\drivers\39166355.sys
2012-11-22 04:12 . 2012-11-22 04:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 02:19 . 2012-11-22 02:19 -------- d-----w- c:\program files\Enigma Software Group
2012-11-22 02:18 . 2012-11-22 03:33 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-21 18:23 . 2012-11-21 18:23 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-19 21:22 . 2012-11-19 21:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-19 21:21 . 2012-11-19 21:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-19 08:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 08:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 08:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 08:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 20:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-18 20:57 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-06 03:08 . 2012-11-06 03:09 -------- d-----w- c:\users\Ideal Internet\AppData\Roaming\Origin
2012-11-06 03:08 . 2012-11-06 03:08 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-06 03:08 . 2012-11-06 03:08 -------- d-----w- c:\users\Ideal Internet\AppData\Local\Origin
2012-11-06 02:28 . 2012-11-06 03:09 -------- d-----w- c:\programdata\Origin
2012-11-06 02:28 . 2012-11-06 02:28 -------- d-----w- c:\programdata\Electronic Arts
2012-11-06 02:28 . 2012-11-06 03:08 -------- d-----w- c:\program files (x86)\Origin
2012-11-01 18:25 . 2012-11-01 18:25 -------- d-----w- c:\program files (x86)\LifeRPG_r2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 21:21 . 2012-08-06 00:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-19 21:21 . 2011-08-04 18:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-19 08:02 . 2011-08-29 19:00 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 03:34 . 2012-03-30 21:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-25 03:34 . 2011-08-04 16:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 07:12 . 2012-10-25 02:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2F1588-41C6-4040-865A-E59D330A8220}\gapaengine.dll
2012-10-03 07:12 . 2011-09-09 03:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 00:54 . 2011-08-04 15:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-25 02:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-25 02:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-25 02:24 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2011-04-27 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-25 02:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-25 02:24 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-25 02:24 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
2012-07-09 22:46 351136 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Ideal Internet\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"AdobeBridge"="" [BU]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-11-06 3389080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Ideal Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-03 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:34]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 02:52]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 02:52]
.
2012-11-22 c:\windows\Tasks\HPCeeScheduleForIdeal Internet.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-11-24 c:\windows\Tasks\HPCeeScheduleForIDEALINTERNET$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ideal Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ideal Internet\AppData\Roaming\Mozilla\Firefox\Profiles\p8y7uckp.default\
FF - prefs.js: browser.startup.homepage - hxxp://bleephomepage.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-26 09:51:41
ComboFix-quarantined-files.txt 2012-11-26 14:51
ComboFix2.txt 2012-11-26 02:32
ComboFix3.txt 2012-10-21 01:39
.
Pre-Run: 453,025,329,152 bytes free
Post-Run: 453,192,552,448 bytes free
.
- - End Of File - - CBAE123D12F8691CD543C900886BF97A

#12 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 26 November 2012 - 10:29 AM

Ran RogueKiller. When I clicked the "Delete" button the first time, it gave me an extra report. I'll posts the logs, but it may be one or two extra.

Log 1

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ideal Internet [Admin rights]
Mode : Scan -- Date : 11/26/2012 10:01:07

Bad processes : 0

Registry Entries : 6
[TASK][PREVRUN] HPCustParticipation HP Deskjet 3050 J610 series : "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe" /UA 9.0 /DDV 0x0805 -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++
--- User ---
[MBR] e3d81cbf63ad2906c08df1a2a511aba3
[BSP] 2a1edccfe2ba3c006bfc3e8f3fd7f91e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598242 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1225406464 | Size: 12136 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] eec59ca89be769ec272acfdb4b7b835d
[BSP] 9075d69fb3d431f30d486506f627a043 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

Finished : << RKreport[2]_S_11262012_02d1001.txt >>
RKreport[1].txt ; RKreport[2]_S_11262012_02d1001.txt



Log 2
RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ideal Internet [Admin rights]
Mode : Remove -- Date : 11/26/2012 10:01:49

Bad processes : 0

Registry Entries : 5
[TASK][PREVRUN] HPCustParticipation HP Deskjet 3050 J610 series : "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe" /UA 9.0 /DDV 0x0805 -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++
--- User ---
[MBR] e3d81cbf63ad2906c08df1a2a511aba3
[BSP] 2a1edccfe2ba3c006bfc3e8f3fd7f91e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598242 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1225406464 | Size: 12136 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] eec59ca89be769ec272acfdb4b7b835d
[BSP] 9075d69fb3d431f30d486506f627a043 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

Finished : << RKreport[3]_D_11262012_02d1001.txt >>
RKreport[1].txt ; RKreport[2]_S_11262012_02d1001.txt ; RKreport[3]_D_11262012_02d1001.txt


Log 3
RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ideal Internet [Admin rights]
Mode : Remove -- Date : 11/26/2012 10:02:36

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++
--- User ---
[MBR] e3d81cbf63ad2906c08df1a2a511aba3
[BSP] 2a1edccfe2ba3c006bfc3e8f3fd7f91e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598242 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1225406464 | Size: 12136 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] eec59ca89be769ec272acfdb4b7b835d
[BSP] 9075d69fb3d431f30d486506f627a043 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

Finished : << RKreport[4]_D_11262012_02d1002.txt >>
RKreport[1].txt ; RKreport[2]_S_11262012_02d1001.txt ; RKreport[3]_D_11262012_02d1001.txt ; RKreport[4]_D_11262012_02d1002.txt


Log 4 - Shortcut
RogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ideal Internet [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/26/2012 10:06:31

Bad processes : 0

Driver : [NOT LOADED]

File attributes restored:
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 109 / Fail 0
My documents: Success 7 / Fail 7
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 58 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[5]_SC_11262012_02d1006.txt >>
RKreport[1].txt ; RKreport[2]_S_11262012_02d1001.txt ; RKreport[3]_D_11262012_02d1001.txt ; RKreport[4]_D_11262012_02d1002.txt ; RKreport[5]_SC_11262012_02d1006.txt

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:51 AM

Posted 26 November 2012 - 11:07 AM

logs look good

how is the computer running now?

Are there any outstanding issues

(if there are, please describe in as much detail as possible)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 mer547

mer547
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 26 November 2012 - 11:30 AM

Actually everything looks like its running great :thumbsup: I'm no longer getting a redirect (as far as I can tell). I've tried doing a dozen or so searches and its never gone that long without a redirect. Things seem to be moving faster as well.

Thanks a ton for your help! I really appreciate the quick responses and the time you spent working with me. You're awesome!

Edited by mer547, 26 November 2012 - 11:30 AM.


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:51 AM

Posted 26 November 2012 - 12:03 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the TDSSKiller, JTR and all theFarbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image



If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users