Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to cure Rootkit.boot.pihar.c


  • This topic is locked This topic is locked
36 replies to this topic

#1 whinis

whinis

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 December 2012 - 08:02 AM

I have used the several tools at my disposal to attempt to remove the rootkit, even tried to rewrite the MBR through usb drives. However it doesn't appear to go anywhere and adware continue to reappear in my startup and registry.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by John at 7:56:55 on 2012-12-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4085.2115 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Users\John\Downloads\tdsskiller.exe
C:\Users\John\Downloads\RogueKiller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225824
uURLSearchHooks: BitTorrentControl_v10 Toolbar: {db61f672-0d05-4997-bec6-96eaab7c4106} - C:\Program Files (x86)\BitTorrentControl_v10\prxtbBitT.dll
mURLSearchHooks: BitTorrentControl_v10 Toolbar: {db61f672-0d05-4997-bec6-96eaab7c4106} - C:\Program Files (x86)\BitTorrentControl_v10\prxtbBitT.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Shop to Win: {3A90A078-4BB9-4568-9557-CDEEFCAE68A0} - C:\Program Files (x86)\Shop to Win 22\Shop to Win 22.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: BitTorrentControl_v10 Toolbar: {db61f672-0d05-4997-bec6-96eaab7c4106} - C:\Program Files (x86)\BitTorrentControl_v10\prxtbBitT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: BitTorrentControl_v10 Toolbar: {DB61F672-0D05-4997-BEC6-96EAAB7C4106} - C:\Program Files (x86)\BitTorrentControl_v10\prxtbBitT.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: BitTorrentControl_v10 Toolbar: {db61f672-0d05-4997-bec6-96eaab7c4106} - C:\Program Files (x86)\BitTorrentControl_v10\prxtbBitT.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{85AD8712-2C47-441D-A56A-751819FEB16A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{85AD8712-2C47-441D-A56A-751819FEB16A}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{85AD8712-2C47-441D-A56A-751819FEB16A}\84F6D65674 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9E4226F1-5BFC-490A-BFDE-3F55B9AEB359} : DHCPNameServer = 192.168.1.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\klmmpe4s.default-1353589593860\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-11-10 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-11-25 14904]
R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-11-10 35104]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-29 58368]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;C:\Windows\System32\drivers\PPJoyBus64.sys [2009-11-3 20032]
R3 PPortJoystick;Parallel Port Joystick Device Driver;C:\Windows\System32\drivers\PPortJoy64.sys [2009-11-3 39488]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 copperhd;Razer Copperhead Driver;C:\Windows\System32\drivers\copperhd.sys [2006-5-24 13824]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]
S3 libusb0;Atmel - LibUsb Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2011-1-25 43456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2011-12-18 74240]
S3 SliceDisk5;SliceDisk5;C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [2011-11-24 31824]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-10 1255736]
.
=============== Created Last 30 ================
.
2012-12-07 11:39:49 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{28617A9D-1058-43BB-B997-D7B1AAC8E15A}\mpengine.dll
2012-12-07 03:13:18 -------- d-----w- C:\FRST
2012-12-07 01:37:41 -------- d-----w- C:\$RECYCLE.BIN
2012-12-07 01:23:09 98816 ----a-w- C:\Windows\sed.exe
2012-12-07 01:23:09 256000 ----a-w- C:\Windows\PEV.exe
2012-12-07 01:23:09 208896 ----a-w- C:\Windows\MBR.exe
2012-12-06 23:58:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-06 23:55:47 -------- d-----w- C:\Users\John\AppData\Local\PDF Writer
2012-12-06 23:54:36 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-12-06 23:54:03 227840 ----a-w- C:\Windows\SysWow64\bzFlRdr.dll
2012-12-06 23:54:03 139264 ----a-w- C:\Windows\SysWow64\bzpdfc.dll
2012-12-06 23:54:03 103424 ----a-w- C:\Windows\SysWow64\bzDCT.dll
2012-12-06 23:54:03 -------- d-----w- C:\Users\John\AppData\Roaming\PDF Writer
2012-12-06 23:54:03 -------- d-----w- C:\ProgramData\PDF Writer
2012-12-06 23:54:03 -------- d-----w- C:\Program Files\Common Files\Bullzip
2012-12-06 23:54:00 218624 ----a-w- C:\Windows\System32\bzpdf.dll
2012-12-06 23:53:57 140288 ----a-w- C:\Windows\SysWow64\comdlg32.OCX
2012-12-06 23:53:57 -------- d-----w- C:\Program Files\Bullzip
2012-12-06 23:53:43 -------- d-----w- C:\Users\John\AppData\Local\Programs
2012-12-05 21:59:47 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes
2012-12-05 21:59:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-05 21:59:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-05 21:59:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-30 22:55:52 -------- d-----w- C:\Jumpshot
2012-11-30 22:55:40 -------- d-----w- C:\Windows\jumpshot.com
2012-11-29 03:05:48 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-11-24 03:34:06 -------- d-----w- C:\Users\John\AppData\Roaming\Microsoft Corporation
2012-11-23 23:51:20 -------- d-----w- C:\Users\John\AppData\Local\IsolatedStorage
2012-11-23 23:51:18 -------- d-----w- C:\Users\John\AppData\Roaming\VisualAssist
2012-11-23 23:51:13 -------- d-----w- C:\Users\John\AppData\Local\VisualAssist
2012-11-23 23:38:14 -------- d-----w- C:\Users\John\AppData\Roaming\Atmel
2012-11-23 23:38:10 -------- d-----w- C:\Users\John\AppData\Local\Atmel
2012-11-23 23:36:14 -------- d-----w- C:\Program Files\Seggger
2012-11-23 23:35:49 157184 ----a-w- C:\Windows\SysWow64\wdapi1001.dll
2012-11-23 23:35:49 143360 ----a-w- C:\Windows\SysWow64\wdapi1002.dll
2012-11-23 23:35:49 141824 ----a-w- C:\Windows\SysWow64\wdapi811.dll
2012-11-23 23:35:49 110592 ----a-w- C:\Windows\SysWow64\wdapi921.dll
2012-11-23 23:35:47 260608 ----a-w- C:\Windows\System32\drivers\windrvr6.sys
2012-11-23 23:35:47 143360 ----a-w- C:\Windows\SysWow64\wdapi1010.dll
2012-11-23 23:35:47 110592 ----a-w- C:\Windows\SysWow64\wdapi1011.dll
2012-11-23 23:34:39 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-11-23 23:33:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-11-23 23:33:43 84192 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-11-23 23:32:31 -------- d-----w- C:\Windows\SysWow64\1033
2012-11-23 23:32:07 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-11-23 23:32:07 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-11-21 19:34:33 -------- d-----w- C:\Users\John\AppData\Local\Macromedia
2012-11-21 15:39:59 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-20 18:32:52 -------- d-----w- C:\Program Files\Nightly
2012-11-17 16:47:43 -------- d-----w- C:\Users\John\AppData\Roaming\Unity
2012-11-17 14:50:23 -------- d-----w- C:\Users\John\AppData\Local\Unity
2012-11-16 00:32:47 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-11-15 08:07:51 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:07:50 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 08:07:50 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 08:07:50 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 08:01:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 08:01:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 08:01:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 08:01:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 08:01:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 08:01:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 08:01:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-13 00:34:49 -------- d-----w- C:\Program Files (x86)\FTL
.
==================== Find3M ====================
.
2012-11-04 17:37:21 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 17:37:21 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-04 17:37:05 9575864 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 7:57:19.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:17 AM

Posted 07 December 2012 - 08:20 AM

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 whinis

whinis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 December 2012 - 09:04 PM

I attempted to run it and it never prompted me to restart and just appeared to hang(let it sit for 4 hours). I even attempted to manually restart and the pihar is still there. I am now posting the logs.

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.12.07.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: ASUSLAPTOP [administrator]

12/7/2012 6:15:42 PM
mbar-log-2012-12-07 (18-15-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 25948
Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_14_infected.mbam (Rootkit.Pihar.MBR) -> Delete on reboot. [bb86c0352af71da09bfb852b86cb724f]

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4283600896, free: 2039386112

------------ Kernel report ------------
12/07/2012 16:22:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\windrvr6.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\PPJoyBus64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\sffp_sd.sys
\SystemRoot\system32\DRIVERS\sffdisk.sys
\SystemRoot\system32\DRIVERS\PPortJoy64.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\12774864.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\Wldap32.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800487f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004242060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa80043e1b30
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80047f7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa800425c060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8003bd5bc0
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80047f7790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80047f72c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80047f7790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800425c060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00c91fab0, 0xfffffa80047f7790, 0xfffffa800765c790
Lower DeviceData: 0xfffff8a014b1c890, 0xfffffa800425c060, 0xfffffa8003bd5bc0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BBC58B91

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 14 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.MBR]
Failed to find a bootable drive
Unable to find a new boot partition - Manually change the active partition to disable the infection (0 4294967295)

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 625139712
Partition file system is NTFS
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-13-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800487f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800487fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800487f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80042241e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004242060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00fb285a0, 0xfffffa800487f060, 0xfffffa80060ed790
Lower DeviceData: 0xfffff8a004d7cf20, 0xfffffa8004242060, 0xfffffa80043e1b30
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 624930816

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8005b75650, DeviceName: \Device\Harddisk2\SR0\, DriverName: \Driver\sffdisk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b75180, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b75650, DeviceName: \Device\Harddisk2\SR0\, DriverName: \Driver\sffdisk\
DevicePointer: 0xfffffa8005b75930, DeviceName: Unknown, DriverName: \Driver\sffp_sd\
DevicePointer: 0xfffffa8005b6d3d0, DeviceName: \Device\SdBus-0\, DriverName: \Driver\sdbus\
------------ End ----------
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 8192 Numsec = 15515648

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 7948206080 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "C:\Users\John\Desktop\LeagueOfLegends\layout.bin" is sparse (flags = 32768)
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4283600896, free: 3112640512

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4283600896, free: 2823917568

------------ Kernel report ------------
12/07/2012 18:03:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\windrvr6.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\PPJoyBus64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\sffp_sd.sys
\SystemRoot\system32\DRIVERS\sffdisk.sys
\SystemRoot\system32\DRIVERS\PPortJoy64.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004883060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80041c3680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80047f2790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa8004233060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80047f2790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80047f22c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80047f2790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004233060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a004a1a910, 0xfffffa80047f2790, 0xfffffa8007777540
Lower DeviceData: 0xfffff8a004838fe0, 0xfffffa8004233060, 0xfffffa80077ce930
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BBC58B91

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 14 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.MBR]
Failed to find a bootable drive
Unable to find a new boot partition - Manually change the active partition to disable the infection (0 4294967295)

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 625139712
Partition file system is NTFS
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-13-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8004883060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004883b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004883060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800421b520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80041c3680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a004119be0, 0xfffffa8004883060, 0xfffffa8003986790
Lower DeviceData: 0xfffff8a00488c280, 0xfffffa80041c3680, 0xfffffa80076c13d0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 624930816

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8005b5ad60, DeviceName: \Device\Harddisk2\SR0\, DriverName: \Driver\sffdisk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b5a890, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b5ad60, DeviceName: \Device\Harddisk2\SR0\, DriverName: \Driver\sffdisk\
DevicePointer: 0xfffffa8005b58300, DeviceName: Unknown, DriverName: \Driver\sffp_sd\
DevicePointer: 0xfffffa8005b568b0, DeviceName: \Device\SdBus-0\, DriverName: \Driver\sdbus\
------------ End ----------
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 8192 Numsec = 15515648

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 7948206080 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "C:\Users\John\Desktop\LeagueOfLegends\layout.bin" is sparse (flags = 32768)
Done!
Scan finished

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:17 AM

Posted 07 December 2012 - 09:10 PM

please reboot the computer, then run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 whinis

whinis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 December 2012 - 09:33 PM

A tdss filesystem was found however cure was not available. Also curing the MBR was apparently not an option so I selected write with standard code.

21:25:23.0684 5324 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:25:24.0034 5324 ============================================================
21:25:24.0034 5324 Current date / time: 2012/12/07 21:25:24.0034
21:25:24.0034 5324 SystemInfo:
21:25:24.0034 5324
21:25:24.0034 5324 OS Version: 6.1.7601 ServicePack: 1.0
21:25:24.0034 5324 Product type: Workstation
21:25:24.0034 5324 ComputerName: ASUSLAPTOP
21:25:24.0034 5324 UserName: John
21:25:24.0034 5324 Windows directory: C:\Windows
21:25:24.0034 5324 System windows directory: C:\Windows
21:25:24.0034 5324 Running under WOW64
21:25:24.0034 5324 Processor architecture: Intel x64
21:25:24.0034 5324 Number of processors: 8
21:25:24.0034 5324 Page size: 0x1000
21:25:24.0034 5324 Boot type: Normal boot
21:25:24.0034 5324 ============================================================
21:25:27.0914 5324 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:25:28.0004 5324 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:25:28.0024 5324 ============================================================
21:25:28.0024 5324 \Device\Harddisk1\DR1:
21:25:28.0064 5324 MBR partitions:
21:25:28.0064 5324 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:25:28.0064 5324 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB000
21:25:28.0064 5324 \Device\Harddisk0\DR0:
21:25:28.0064 5324 MBR partitions:
21:25:28.0064 5324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542E000
21:25:28.0064 5324 ============================================================
21:25:28.0084 5324 C: <-> \Device\Harddisk0\DR0\Partition1
21:25:28.0114 5324 D: <-> \Device\Harddisk1\DR1\Partition2
21:25:28.0114 5324 ============================================================
21:25:28.0114 5324 Initialize success
21:25:28.0114 5324 ============================================================
21:25:49.0077 6120 ============================================================
21:25:49.0077 6120 Scan started
21:25:49.0077 6120 Mode: Manual; TDLFS;
21:25:49.0077 6120 ============================================================
21:25:49.0607 6120 ================ Scan system memory ========================
21:25:49.0607 6120 System memory - ok
21:25:49.0607 6120 ================ Scan services =============================
21:25:49.0727 6120 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:25:49.0737 6120 1394ohci - ok
21:25:49.0747 6120 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:25:49.0757 6120 ACPI - ok
21:25:49.0777 6120 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:25:49.0787 6120 AcpiPmi - ok
21:25:49.0887 6120 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:25:49.0887 6120 AdobeARMservice - ok
21:25:50.0017 6120 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:50.0017 6120 AdobeFlashPlayerUpdateSvc - ok
21:25:50.0067 6120 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:25:50.0077 6120 adp94xx - ok
21:25:50.0097 6120 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:25:50.0107 6120 adpahci - ok
21:25:50.0127 6120 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:25:50.0137 6120 adpu320 - ok
21:25:50.0157 6120 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:25:50.0157 6120 AeLookupSvc - ok
21:25:50.0197 6120 [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent C:\Windows\system32\FBAgent.exe
21:25:50.0207 6120 AFBAgent - ok
21:25:50.0257 6120 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:25:50.0277 6120 AFD - ok
21:25:50.0297 6120 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:25:50.0297 6120 agp440 - ok
21:25:50.0317 6120 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:25:50.0327 6120 ALG - ok
21:25:50.0337 6120 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:25:50.0337 6120 aliide - ok
21:25:50.0347 6120 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:25:50.0357 6120 amdide - ok
21:25:50.0367 6120 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:25:50.0377 6120 AmdK8 - ok
21:25:50.0387 6120 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:25:50.0387 6120 AmdPPM - ok
21:25:50.0407 6120 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:25:50.0417 6120 amdsata - ok
21:25:50.0427 6120 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:25:50.0437 6120 amdsbs - ok
21:25:50.0447 6120 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:25:50.0447 6120 amdxata - ok
21:25:50.0467 6120 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:25:50.0477 6120 AppID - ok
21:25:50.0487 6120 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:25:50.0487 6120 AppIDSvc - ok
21:25:50.0507 6120 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:25:50.0507 6120 Appinfo - ok
21:25:50.0567 6120 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:25:50.0567 6120 Apple Mobile Device - ok
21:25:50.0597 6120 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:25:50.0597 6120 AppMgmt - ok
21:25:50.0617 6120 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:25:50.0627 6120 arc - ok
21:25:50.0637 6120 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:25:50.0637 6120 arcsas - ok
21:25:50.0687 6120 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
21:25:50.0687 6120 ASLDRService - ok
21:25:50.0757 6120 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
21:25:50.0757 6120 ASMMAP64 - ok
21:25:50.0887 6120 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:25:50.0887 6120 aspnet_state - ok
21:25:50.0907 6120 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:50.0917 6120 AsyncMac - ok
21:25:50.0927 6120 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:25:50.0927 6120 atapi - ok
21:25:50.0947 6120 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
21:25:50.0947 6120 ATKGFNEXSrv - ok
21:25:50.0997 6120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:25:51.0027 6120 AudioEndpointBuilder - ok
21:25:51.0057 6120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:25:51.0067 6120 AudioSrv - ok
21:25:51.0097 6120 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:25:51.0097 6120 AxInstSV - ok
21:25:51.0127 6120 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:25:51.0137 6120 b06bdrv - ok
21:25:51.0177 6120 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:51.0187 6120 b57nd60a - ok
21:25:51.0228 6120 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:25:51.0228 6120 BDESVC - ok
21:25:51.0248 6120 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:25:51.0248 6120 Beep - ok
21:25:51.0318 6120 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:25:51.0338 6120 BFE - ok
21:25:51.0388 6120 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:25:51.0408 6120 BITS - ok
21:25:51.0448 6120 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:51.0448 6120 blbdrive - ok
21:25:51.0508 6120 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:25:51.0518 6120 Bonjour Service - ok
21:25:51.0568 6120 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:25:51.0568 6120 bowser - ok
21:25:51.0588 6120 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:25:51.0588 6120 BrFiltLo - ok
21:25:51.0608 6120 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:25:51.0608 6120 BrFiltUp - ok
21:25:51.0638 6120 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:25:51.0638 6120 BridgeMP - ok
21:25:51.0678 6120 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:25:51.0688 6120 Browser - ok
21:25:51.0708 6120 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:25:51.0708 6120 Brserid - ok
21:25:51.0728 6120 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:51.0728 6120 BrSerWdm - ok
21:25:51.0738 6120 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:51.0748 6120 BrUsbMdm - ok
21:25:51.0758 6120 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:51.0768 6120 BrUsbSer - ok
21:25:51.0818 6120 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:25:51.0818 6120 BthEnum - ok
21:25:51.0838 6120 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:25:51.0838 6120 BTHMODEM - ok
21:25:51.0868 6120 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:25:51.0868 6120 BthPan - ok
21:25:51.0898 6120 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:25:51.0908 6120 BTHPORT - ok
21:25:51.0938 6120 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:25:51.0938 6120 bthserv - ok
21:25:51.0978 6120 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:25:51.0998 6120 BTHUSB - ok
21:25:52.0078 6120 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:25:52.0118 6120 btwaudio - ok
21:25:52.0148 6120 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:25:52.0148 6120 btwavdt - ok
21:25:52.0238 6120 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:25:52.0248 6120 btwdins - ok
21:25:52.0268 6120 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:25:52.0268 6120 btwl2cap - ok
21:25:52.0278 6120 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:25:52.0278 6120 btwrchid - ok
21:25:52.0308 6120 catchme - ok
21:25:52.0338 6120 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:25:52.0338 6120 cdfs - ok
21:25:52.0368 6120 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:25:52.0368 6120 cdrom - ok
21:25:52.0388 6120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:25:52.0398 6120 CertPropSvc - ok
21:25:52.0408 6120 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:25:52.0408 6120 circlass - ok
21:25:52.0428 6120 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:25:52.0438 6120 CLFS - ok
21:25:52.0498 6120 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:52.0498 6120 clr_optimization_v2.0.50727_32 - ok
21:25:52.0528 6120 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:25:52.0528 6120 clr_optimization_v2.0.50727_64 - ok
21:25:52.0608 6120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:52.0608 6120 clr_optimization_v4.0.30319_32 - ok
21:25:52.0638 6120 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:25:52.0638 6120 clr_optimization_v4.0.30319_64 - ok
21:25:52.0658 6120 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:52.0658 6120 CmBatt - ok
21:25:52.0678 6120 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:25:52.0678 6120 cmdide - ok
21:25:52.0728 6120 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:25:52.0738 6120 CNG - ok
21:25:52.0758 6120 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:25:52.0758 6120 Compbatt - ok
21:25:52.0778 6120 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:25:52.0788 6120 CompositeBus - ok
21:25:52.0798 6120 COMSysApp - ok
21:25:52.0818 6120 [ 71879A4AB90D21BCCF9E3CFCF0BB5F4A ] copperhd C:\Windows\system32\drivers\copperhd.sys
21:25:52.0828 6120 copperhd - ok
21:25:52.0838 6120 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:25:52.0838 6120 crcdisk - ok
21:25:52.0898 6120 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:25:52.0898 6120 CryptSvc - ok
21:25:52.0938 6120 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:25:52.0948 6120 CSC - ok
21:25:52.0978 6120 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:25:52.0988 6120 CscService - ok
21:25:53.0028 6120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:25:53.0038 6120 DcomLaunch - ok
21:25:53.0068 6120 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:25:53.0068 6120 defragsvc - ok
21:25:53.0088 6120 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:25:53.0088 6120 DfsC - ok
21:25:53.0118 6120 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:25:53.0128 6120 Dhcp - ok
21:25:53.0228 6120 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
21:25:53.0228 6120 DirMngr - ok
21:25:53.0258 6120 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:25:53.0258 6120 discache - ok
21:25:53.0288 6120 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:25:53.0288 6120 Disk - ok
21:25:53.0328 6120 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:25:53.0328 6120 dmvsc - ok
21:25:53.0368 6120 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:25:53.0368 6120 Dnscache - ok
21:25:53.0388 6120 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:25:53.0388 6120 dot3svc - ok
21:25:53.0408 6120 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:25:53.0408 6120 DPS - ok
21:25:53.0438 6120 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:25:53.0438 6120 drmkaud - ok
21:25:53.0478 6120 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:25:53.0518 6120 DXGKrnl - ok
21:25:53.0558 6120 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:25:53.0558 6120 EapHost - ok
21:25:53.0658 6120 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:25:53.0758 6120 ebdrv - ok
21:25:53.0798 6120 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:25:53.0798 6120 EFS - ok
21:25:53.0858 6120 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:25:53.0868 6120 ehRecvr - ok
21:25:53.0888 6120 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:25:53.0898 6120 ehSched - ok
21:25:53.0928 6120 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:25:53.0948 6120 elxstor - ok
21:25:53.0958 6120 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:25:53.0968 6120 ErrDev - ok
21:25:53.0998 6120 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:25:53.0998 6120 EventSystem - ok
21:25:54.0038 6120 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:25:54.0038 6120 exfat - ok
21:25:54.0058 6120 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:25:54.0058 6120 fastfat - ok
21:25:54.0098 6120 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:25:54.0108 6120 Fax - ok
21:25:54.0128 6120 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:25:54.0128 6120 fdc - ok
21:25:54.0148 6120 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:25:54.0148 6120 fdPHost - ok
21:25:54.0158 6120 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:25:54.0158 6120 FDResPub - ok
21:25:54.0178 6120 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:25:54.0178 6120 FileInfo - ok
21:25:54.0188 6120 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:25:54.0188 6120 Filetrace - ok
21:25:54.0208 6120 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:25:54.0208 6120 flpydisk - ok
21:25:54.0228 6120 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:25:54.0238 6120 FltMgr - ok
21:25:54.0298 6120 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:25:54.0338 6120 FontCache - ok
21:25:54.0378 6120 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:25:54.0378 6120 FontCache3.0.0.0 - ok
21:25:54.0398 6120 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:25:54.0398 6120 FsDepends - ok
21:25:54.0438 6120 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:25:54.0448 6120 Fs_Rec - ok
21:25:54.0468 6120 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:25:54.0468 6120 fvevol - ok
21:25:54.0488 6120 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:25:54.0488 6120 gagp30kx - ok
21:25:54.0538 6120 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:54.0538 6120 GEARAspiWDM - ok
21:25:54.0578 6120 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:25:54.0598 6120 gpsvc - ok
21:25:54.0638 6120 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:25:54.0638 6120 hamachi - ok
21:25:54.0788 6120 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:25:54.0808 6120 Hamachi2Svc - ok
21:25:54.0828 6120 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:25:54.0828 6120 hcw85cir - ok
21:25:54.0868 6120 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:25:54.0878 6120 HdAudAddService - ok
21:25:54.0908 6120 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:25:54.0908 6120 HDAudBus - ok
21:25:54.0928 6120 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:25:54.0928 6120 HidBatt - ok
21:25:54.0948 6120 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:25:54.0958 6120 HidBth - ok
21:25:54.0978 6120 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:25:54.0978 6120 HidIr - ok
21:25:55.0008 6120 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:25:55.0008 6120 hidserv - ok
21:25:55.0028 6120 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:25:55.0028 6120 HidUsb - ok
21:25:55.0048 6120 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:25:55.0048 6120 hkmsvc - ok
21:25:55.0078 6120 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:25:55.0078 6120 HomeGroupListener - ok
21:25:55.0118 6120 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:25:55.0118 6120 HomeGroupProvider - ok
21:25:55.0148 6120 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:25:55.0148 6120 HpSAMD - ok
21:25:55.0198 6120 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:25:55.0208 6120 HTTP - ok
21:25:55.0238 6120 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:25:55.0238 6120 hwpolicy - ok
21:25:55.0258 6120 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:25:55.0258 6120 i8042prt - ok
21:25:55.0298 6120 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:25:55.0308 6120 iaStorV - ok
21:25:55.0358 6120 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:25:55.0378 6120 idsvc - ok
21:25:55.0398 6120 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:25:55.0398 6120 iirsp - ok
21:25:55.0448 6120 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:25:55.0458 6120 IKEEXT - ok
21:25:55.0548 6120 [ A9638FA0FB0C5B86229C3FD809CE8CFF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:25:55.0628 6120 IntcAzAudAddService - ok
21:25:55.0648 6120 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:25:55.0658 6120 intelide - ok
21:25:55.0678 6120 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:25:55.0678 6120 intelppm - ok
21:25:55.0708 6120 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:25:55.0708 6120 IPBusEnum - ok
21:25:55.0728 6120 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:55.0728 6120 IpFilterDriver - ok
21:25:55.0788 6120 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:25:55.0818 6120 iphlpsvc - ok
21:25:55.0828 6120 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:25:55.0828 6120 IPMIDRV - ok
21:25:55.0848 6120 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:25:55.0848 6120 IPNAT - ok
21:25:55.0908 6120 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:25:55.0918 6120 iPod Service - ok
21:25:55.0928 6120 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:25:55.0928 6120 IRENUM - ok
21:25:55.0948 6120 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:25:55.0948 6120 isapnp - ok
21:25:55.0958 6120 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:25:55.0958 6120 iScsiPrt - ok
21:25:55.0988 6120 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:55.0988 6120 kbdclass - ok
21:25:56.0008 6120 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:56.0008 6120 kbdhid - ok
21:25:56.0018 6120 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:25:56.0018 6120 KeyIso - ok
21:25:56.0058 6120 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:25:56.0058 6120 KSecDD - ok
21:25:56.0068 6120 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:25:56.0078 6120 KSecPkg - ok
21:25:56.0098 6120 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:25:56.0098 6120 ksthunk - ok
21:25:56.0118 6120 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:25:56.0128 6120 KtmRm - ok
21:25:56.0158 6120 [ 01C711667ABEDF8148998F3AC91991DB ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:25:56.0158 6120 L1C - ok
21:25:56.0208 6120 [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
21:25:56.0218 6120 LADF_CaptureOnly - ok
21:25:56.0258 6120 [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
21:25:56.0268 6120 LADF_RenderOnly - ok
21:25:56.0298 6120 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:25:56.0308 6120 LanmanServer - ok
21:25:56.0328 6120 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:25:56.0338 6120 LanmanWorkstation - ok
21:25:56.0378 6120 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
21:25:56.0378 6120 LGBusEnum - ok
21:25:56.0418 6120 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
21:25:56.0418 6120 LGVirHid - ok
21:25:56.0468 6120 [ 285954C6C6EF43B78AB84034750FAC6A ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
21:25:56.0468 6120 libusb0 - ok
21:25:56.0498 6120 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:25:56.0508 6120 lltdio - ok
21:25:56.0538 6120 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:25:56.0548 6120 lltdsvc - ok
21:25:56.0568 6120 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:25:56.0568 6120 lmhosts - ok
21:25:56.0598 6120 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:25:56.0598 6120 LSI_FC - ok
21:25:56.0628 6120 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:25:56.0628 6120 LSI_SAS - ok
21:25:56.0648 6120 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:25:56.0648 6120 LSI_SAS2 - ok
21:25:56.0668 6120 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:25:56.0668 6120 LSI_SCSI - ok
21:25:56.0688 6120 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:25:56.0688 6120 luafv - ok
21:25:56.0788 6120 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
21:25:56.0798 6120 McComponentHostService - ok
21:25:56.0828 6120 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:25:56.0838 6120 Mcx2Svc - ok
21:25:56.0858 6120 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:25:56.0858 6120 megasas - ok
21:25:56.0878 6120 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:25:56.0888 6120 MegaSR - ok
21:25:56.0968 6120 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:25:56.0968 6120 Microsoft Office Groove Audit Service - ok
21:25:56.0998 6120 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:25:56.0998 6120 MMCSS - ok
21:25:57.0018 6120 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:25:57.0018 6120 Modem - ok
21:25:57.0038 6120 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:25:57.0038 6120 monitor - ok
21:25:57.0058 6120 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:25:57.0058 6120 mouclass - ok
21:25:57.0088 6120 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:25:57.0088 6120 mouhid - ok
21:25:57.0108 6120 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:25:57.0108 6120 mountmgr - ok
21:25:57.0228 6120 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:25:57.0228 6120 MozillaMaintenance - ok
21:25:57.0248 6120 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:25:57.0248 6120 mpio - ok
21:25:57.0268 6120 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:25:57.0268 6120 mpsdrv - ok
21:25:57.0318 6120 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:25:57.0348 6120 MpsSvc - ok
21:25:57.0378 6120 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:25:57.0378 6120 MRxDAV - ok
21:25:57.0428 6120 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:57.0428 6120 mrxsmb - ok
21:25:57.0438 6120 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:57.0448 6120 mrxsmb10 - ok
21:25:57.0458 6120 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:57.0458 6120 mrxsmb20 - ok
21:25:57.0468 6120 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:25:57.0468 6120 msahci - ok
21:25:57.0488 6120 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:25:57.0498 6120 msdsm - ok
21:25:57.0508 6120 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:25:57.0508 6120 MSDTC - ok
21:25:57.0538 6120 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:25:57.0538 6120 Msfs - ok
21:25:57.0558 6120 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:25:57.0558 6120 mshidkmdf - ok
21:25:57.0568 6120 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:25:57.0568 6120 msisadrv - ok
21:25:57.0598 6120 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:25:57.0598 6120 MSiSCSI - ok
21:25:57.0598 6120 msiserver - ok
21:25:57.0618 6120 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:25:57.0618 6120 MSKSSRV - ok
21:25:57.0628 6120 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:57.0628 6120 MSPCLOCK - ok
21:25:57.0628 6120 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:25:57.0628 6120 MSPQM - ok
21:25:57.0658 6120 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:25:57.0658 6120 MsRPC - ok
21:25:57.0668 6120 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:57.0678 6120 mssmbios - ok
21:25:57.0688 6120 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:25:57.0688 6120 MSTEE - ok
21:25:57.0708 6120 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:25:57.0708 6120 MTConfig - ok
21:25:57.0748 6120 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:25:57.0748 6120 MTsensor - ok
21:25:57.0768 6120 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:25:57.0768 6120 Mup - ok
21:25:57.0798 6120 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:25:57.0808 6120 napagent - ok
21:25:57.0838 6120 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:25:57.0848 6120 NativeWifiP - ok
21:25:57.0918 6120 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:25:57.0928 6120 NDIS - ok
21:25:57.0948 6120 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:57.0948 6120 NdisCap - ok
21:25:57.0968 6120 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:57.0968 6120 NdisTapi - ok
21:25:57.0988 6120 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:57.0988 6120 Ndisuio - ok
21:25:57.0998 6120 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:57.0998 6120 NdisWan - ok
21:25:58.0018 6120 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:25:58.0018 6120 NDProxy - ok
21:25:58.0048 6120 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:25:58.0048 6120 NetBIOS - ok
21:25:58.0058 6120 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:25:58.0068 6120 NetBT - ok
21:25:58.0088 6120 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:25:58.0088 6120 Netlogon - ok
21:25:58.0128 6120 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:25:58.0128 6120 Netman - ok
21:25:58.0168 6120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:58.0168 6120 NetMsmqActivator - ok
21:25:58.0178 6120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:58.0178 6120 NetPipeActivator - ok
21:25:58.0198 6120 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:25:58.0208 6120 netprofm - ok
21:25:58.0218 6120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:58.0218 6120 NetTcpActivator - ok
21:25:58.0228 6120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:58.0228 6120 NetTcpPortSharing - ok
21:25:58.0419 6120 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
21:25:58.0589 6120 NETwNs64 - ok
21:25:58.0619 6120 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:25:58.0619 6120 nfrd960 - ok
21:25:58.0649 6120 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:25:58.0659 6120 NlaSvc - ok
21:25:58.0669 6120 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:25:58.0669 6120 Npfs - ok
21:25:58.0679 6120 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:25:58.0689 6120 nsi - ok
21:25:58.0699 6120 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:25:58.0699 6120 nsiproxy - ok
21:25:58.0789 6120 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:25:58.0809 6120 Ntfs - ok
21:25:58.0819 6120 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:25:58.0819 6120 Null - ok
21:25:59.0109 6120 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:25:59.0349 6120 nvlddmkm - ok
21:25:59.0369 6120 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:25:59.0379 6120 nvraid - ok
21:25:59.0399 6120 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:25:59.0409 6120 nvstor - ok
21:25:59.0449 6120 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:25:59.0459 6120 nvsvc - ok
21:25:59.0509 6120 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:25:59.0519 6120 nvUpdatusService - ok
21:25:59.0539 6120 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:25:59.0549 6120 nv_agp - ok
21:25:59.0629 6120 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:25:59.0629 6120 odserv - ok
21:25:59.0649 6120 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:25:59.0659 6120 ohci1394 - ok
21:25:59.0709 6120 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:25:59.0709 6120 ose - ok
21:25:59.0749 6120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:25:59.0759 6120 p2pimsvc - ok
21:25:59.0779 6120 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:25:59.0789 6120 p2psvc - ok
21:25:59.0799 6120 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:25:59.0809 6120 Parport - ok
21:25:59.0839 6120 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:25:59.0839 6120 partmgr - ok
21:25:59.0849 6120 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:25:59.0859 6120 PcaSvc - ok
21:25:59.0869 6120 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:25:59.0879 6120 pci - ok
21:25:59.0899 6120 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:25:59.0899 6120 pciide - ok
21:25:59.0919 6120 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:25:59.0919 6120 pcmcia - ok
21:25:59.0939 6120 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:25:59.0939 6120 pcw - ok
21:25:59.0969 6120 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:25:59.0979 6120 PEAUTH - ok
21:26:00.0039 6120 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:26:00.0059 6120 PeerDistSvc - ok
21:26:00.0119 6120 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:26:00.0119 6120 PerfHost - ok
21:26:00.0179 6120 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:26:00.0199 6120 pla - ok
21:26:00.0259 6120 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:26:00.0269 6120 PlugPlay - ok
21:26:00.0289 6120 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:26:00.0289 6120 PNRPAutoReg - ok
21:26:00.0309 6120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:26:00.0319 6120 PNRPsvc - ok
21:26:00.0359 6120 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:26:00.0359 6120 PolicyAgent - ok
21:26:00.0389 6120 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:26:00.0389 6120 Power - ok
21:26:00.0439 6120 [ 610183C42EFB6A9A0E3F31DBCABB6A58 ] PPJoyBus C:\Windows\system32\DRIVERS\PPJoyBus64.sys
21:26:00.0449 6120 PPJoyBus - ok
21:26:00.0499 6120 [ FF42F471562D6ADD62B11A3E0279CDC2 ] PPortJoystick C:\Windows\system32\DRIVERS\PPortJoy64.sys
21:26:00.0499 6120 PPortJoystick - ok
21:26:00.0519 6120 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:26:00.0529 6120 PptpMiniport - ok
21:26:00.0539 6120 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:26:00.0539 6120 Processor - ok
21:26:00.0589 6120 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:26:00.0589 6120 ProfSvc - ok
21:26:00.0599 6120 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:26:00.0599 6120 ProtectedStorage - ok
21:26:00.0629 6120 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:26:00.0629 6120 Psched - ok
21:26:00.0689 6120 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:26:00.0729 6120 ql2300 - ok
21:26:00.0749 6120 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:26:00.0759 6120 ql40xx - ok
21:26:00.0779 6120 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:26:00.0789 6120 QWAVE - ok
21:26:00.0799 6120 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:26:00.0809 6120 QWAVEdrv - ok
21:26:00.0819 6120 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:26:00.0819 6120 RasAcd - ok
21:26:00.0849 6120 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:00.0849 6120 RasAgileVpn - ok
21:26:00.0869 6120 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:26:00.0869 6120 RasAuto - ok
21:26:00.0889 6120 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:00.0889 6120 Rasl2tp - ok
21:26:00.0929 6120 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:26:00.0939 6120 RasMan - ok
21:26:00.0949 6120 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:00.0959 6120 RasPppoe - ok
21:26:00.0969 6120 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:26:00.0969 6120 RasSstp - ok
21:26:00.0989 6120 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:26:00.0999 6120 rdbss - ok
21:26:01.0009 6120 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:01.0009 6120 rdpbus - ok
21:26:01.0029 6120 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:01.0039 6120 RDPCDD - ok
21:26:01.0059 6120 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:26:01.0059 6120 RDPDR - ok
21:26:01.0079 6120 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:26:01.0079 6120 RDPENCDD - ok
21:26:01.0099 6120 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:26:01.0099 6120 RDPREFMP - ok
21:26:01.0149 6120 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:26:01.0149 6120 RdpVideoMiniport - ok
21:26:01.0179 6120 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:26:01.0189 6120 RDPWD - ok
21:26:01.0219 6120 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:26:01.0219 6120 rdyboost - ok
21:26:01.0249 6120 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:26:01.0259 6120 RemoteAccess - ok
21:26:01.0279 6120 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:26:01.0289 6120 RemoteRegistry - ok
21:26:01.0319 6120 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:26:01.0319 6120 RFCOMM - ok
21:26:01.0339 6120 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:26:01.0339 6120 RpcEptMapper - ok
21:26:01.0359 6120 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:26:01.0369 6120 RpcLocator - ok
21:26:01.0389 6120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:26:01.0399 6120 RpcSs - ok
21:26:01.0429 6120 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:26:01.0429 6120 rspndr - ok
21:26:01.0469 6120 [ EC425B78926F0B5EE79C9E3FB3C49031 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
21:26:01.0469 6120 rzudd - ok
21:26:01.0509 6120 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:26:01.0509 6120 s3cap - ok
21:26:01.0529 6120 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:26:01.0529 6120 SamSs - ok
21:26:01.0549 6120 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:26:01.0549 6120 sbp2port - ok
21:26:01.0569 6120 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:26:01.0579 6120 SCardSvr - ok
21:26:01.0629 6120 [ 7FB7A7448D6D3609724C3E5BD7A90F8E ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
21:26:01.0639 6120 SCDEmu - ok
21:26:01.0649 6120 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:26:01.0649 6120 scfilter - ok
21:26:01.0689 6120 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:26:01.0709 6120 Schedule - ok
21:26:01.0719 6120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:26:01.0719 6120 SCPolicySvc - ok
21:26:01.0749 6120 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:26:01.0749 6120 sdbus - ok
21:26:01.0769 6120 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:26:01.0769 6120 SDRSVC - ok
21:26:01.0799 6120 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:26:01.0799 6120 secdrv - ok
21:26:01.0809 6120 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:26:01.0809 6120 seclogon - ok
21:26:01.0829 6120 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:26:01.0829 6120 SENS - ok
21:26:01.0849 6120 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:26:01.0849 6120 SensrSvc - ok
21:26:01.0859 6120 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:26:01.0859 6120 Serenum - ok
21:26:01.0889 6120 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:26:01.0889 6120 Serial - ok
21:26:01.0909 6120 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:26:01.0909 6120 sermouse - ok
21:26:01.0939 6120 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:26:01.0939 6120 SessionEnv - ok
21:26:01.0949 6120 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:26:01.0949 6120 sffdisk - ok
21:26:01.0959 6120 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:26:01.0959 6120 sffp_mmc - ok
21:26:01.0969 6120 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:26:01.0969 6120 sffp_sd - ok
21:26:01.0979 6120 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:26:01.0989 6120 sfloppy - ok
21:26:02.0019 6120 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:26:02.0019 6120 SharedAccess - ok
21:26:02.0039 6120 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:26:02.0039 6120 ShellHWDetection - ok
21:26:02.0059 6120 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:26:02.0059 6120 SiSRaid2 - ok
21:26:02.0069 6120 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:26:02.0069 6120 SiSRaid4 - ok
21:26:02.0259 6120 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:26:02.0279 6120 Skype C2C Service - ok
21:26:02.0349 6120 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:26:02.0349 6120 SkypeUpdate - ok
21:26:02.0459 6120 [ BA8B51F09A17A14D11A26289AE2858B6 ] SliceDisk5 C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys
21:26:02.0459 6120 SliceDisk5 - ok
21:26:02.0469 6120 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:26:02.0469 6120 Smb - ok
21:26:02.0529 6120 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:26:02.0539 6120 SNMPTRAP - ok
21:26:02.0559 6120 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:26:02.0559 6120 spldr - ok
21:26:02.0599 6120 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:26:02.0609 6120 Spooler - ok
21:26:02.0699 6120 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:26:02.0729 6120 sppsvc - ok
21:26:02.0739 6120 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:26:02.0739 6120 sppuinotify - ok
21:26:02.0789 6120 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:26:02.0789 6120 srv - ok
21:26:02.0809 6120 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:26:02.0809 6120 srv2 - ok
21:26:02.0829 6120 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:26:02.0829 6120 srvnet - ok
21:26:02.0859 6120 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:26:02.0859 6120 SSDPSRV - ok
21:26:02.0869 6120 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:26:02.0879 6120 SstpSvc - ok
21:26:02.0889 6120 Steam Client Service - ok
21:26:02.0929 6120 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:26:02.0929 6120 Stereo Service - ok
21:26:02.0949 6120 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:26:02.0949 6120 stexstor - ok
21:26:02.0989 6120 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:26:02.0999 6120 stisvc - ok
21:26:03.0029 6120 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:26:03.0029 6120 storflt - ok
21:26:03.0059 6120 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:26:03.0059 6120 storvsc - ok
21:26:03.0079 6120 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:26:03.0079 6120 swenum - ok
21:26:03.0099 6120 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:26:03.0109 6120 swprv - ok
21:26:03.0139 6120 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
21:26:03.0149 6120 Synth3dVsc - ok
21:26:03.0199 6120 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:26:03.0219 6120 SysMain - ok
21:26:03.0249 6120 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:26:03.0249 6120 TabletInputService - ok
21:26:03.0259 6120 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:26:03.0269 6120 TapiSrv - ok
21:26:03.0279 6120 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:26:03.0289 6120 TBS - ok
21:26:03.0369 6120 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:26:03.0389 6120 Tcpip - ok
21:26:03.0449 6120 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:26:03.0459 6120 TCPIP6 - ok
21:26:03.0479 6120 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:26:03.0479 6120 tcpipreg - ok
21:26:03.0499 6120 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:26:03.0499 6120 TDPIPE - ok
21:26:03.0529 6120 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:26:03.0529 6120 TDTCP - ok
21:26:03.0549 6120 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:26:03.0549 6120 tdx - ok
21:26:03.0559 6120 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:26:03.0559 6120 TermDD - ok
21:26:03.0569 6120 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
21:26:03.0569 6120 terminpt - ok
21:26:03.0599 6120 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:26:03.0609 6120 TermService - ok
21:26:03.0629 6120 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:26:03.0629 6120 Themes - ok
21:26:03.0659 6120 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:26:03.0659 6120 THREADORDER - ok
21:26:03.0669 6120 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:26:03.0669 6120 TrkWks - ok
21:26:03.0709 6120 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:26:03.0709 6120 TrustedInstaller - ok
21:26:03.0729 6120 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:03.0729 6120 tssecsrv - ok
21:26:03.0749 6120 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:26:03.0749 6120 TsUsbFlt - ok
21:26:03.0779 6120 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:26:03.0779 6120 TsUsbGD - ok
21:26:03.0789 6120 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
21:26:03.0789 6120 tsusbhub - ok
21:26:03.0819 6120 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:26:03.0819 6120 tunnel - ok
21:26:03.0839 6120 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:26:03.0839 6120 uagp35 - ok
21:26:03.0859 6120 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:26:03.0859 6120 udfs - ok
21:26:03.0879 6120 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:26:03.0879 6120 UI0Detect - ok
21:26:03.0899 6120 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:26:03.0899 6120 uliagpkx - ok
21:26:03.0909 6120 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:26:03.0909 6120 umbus - ok
21:26:03.0939 6120 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:26:03.0939 6120 UmPass - ok
21:26:03.0959 6120 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:26:03.0969 6120 UmRdpService - ok
21:26:03.0989 6120 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:26:03.0989 6120 upnphost - ok
21:26:04.0039 6120 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:26:04.0039 6120 USBAAPL64 - ok
21:26:04.0099 6120 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:26:04.0099 6120 usbaudio - ok
21:26:04.0139 6120 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:26:04.0139 6120 usbccgp - ok
21:26:04.0159 6120 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:26:04.0159 6120 usbcir - ok
21:26:04.0199 6120 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:26:04.0199 6120 usbehci - ok
21:26:04.0229 6120 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:26:04.0239 6120 usbhub - ok
21:26:04.0249 6120 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:26:04.0249 6120 usbohci - ok
21:26:04.0259 6120 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:26:04.0259 6120 usbprint - ok
21:26:04.0279 6120 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:26:04.0279 6120 USBSTOR - ok
21:26:04.0289 6120 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:26:04.0289 6120 usbuhci - ok
21:26:04.0319 6120 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:26:04.0319 6120 usbvideo - ok
21:26:04.0369 6120 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
21:26:04.0369 6120 usb_rndisx - ok
21:26:04.0399 6120 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:26:04.0399 6120 UxSms - ok
21:26:04.0409 6120 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:26:04.0419 6120 VaultSvc - ok
21:26:04.0439 6120 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:26:04.0439 6120 vdrvroot - ok
21:26:04.0469 6120 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:26:04.0479 6120 vds - ok
21:26:04.0499 6120 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:26:04.0499 6120 vga - ok
21:26:04.0529 6120 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:26:04.0529 6120 VgaSave - ok
21:26:04.0539 6120 VGPU - ok
21:26:04.0569 6120 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:26:04.0569 6120 vhdmp - ok
21:26:04.0589 6120 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:26:04.0589 6120 viaide - ok
21:26:04.0599 6120 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:26:04.0599 6120 vmbus - ok
21:26:04.0619 6120 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:26:04.0619 6120 VMBusHID - ok
21:26:04.0639 6120 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:26:04.0639 6120 volmgr - ok
21:26:04.0659 6120 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:26:04.0669 6120 volmgrx - ok
21:26:04.0679 6120 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:26:04.0689 6120 volsnap - ok
21:26:04.0709 6120 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:26:04.0719 6120 vsmraid - ok
21:26:04.0769 6120 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:26:04.0789 6120 VSS - ok
21:26:04.0829 6120 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:26:04.0829 6120 vwifibus - ok
21:26:04.0849 6120 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:26:04.0849 6120 vwififlt - ok
21:26:04.0869 6120 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:26:04.0869 6120 vwifimp - ok
21:26:04.0899 6120 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:26:04.0909 6120 W32Time - ok
21:26:04.0929 6120 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:26:04.0929 6120 WacomPen - ok
21:26:05.0029 6120 [ 5CF6E9A685199445FEE02FE8C191C9BA ] wampapache c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
21:26:05.0029 6120 wampapache - ok
21:26:05.0069 6120 wampmysqld - ok
21:26:05.0099 6120 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:26:05.0099 6120 WANARP - ok
21:26:05.0099 6120 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:26:05.0109 6120 Wanarpv6 - ok
21:26:05.0169 6120 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:26:05.0199 6120 WatAdminSvc - ok
21:26:05.0249 6120 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:26:05.0269 6120 wbengine - ok
21:26:05.0289 6120 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:26:05.0289 6120 WbioSrvc - ok
21:26:05.0309 6120 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:26:05.0319 6120 wcncsvc - ok
21:26:05.0329 6120 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:26:05.0329 6120 WcsPlugInService - ok
21:26:05.0349 6120 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:26:05.0349 6120 Wd - ok
21:26:05.0399 6120 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:26:05.0399 6120 Wdf01000 - ok
21:26:05.0439 6120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:26:05.0439 6120 WdiServiceHost - ok
21:26:05.0449 6120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:26:05.0449 6120 WdiSystemHost - ok
21:26:05.0479 6120 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:26:05.0479 6120 WebClient - ok
21:26:05.0499 6120 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:26:05.0499 6120 Wecsvc - ok
21:26:05.0519 6120 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:26:05.0519 6120 wercplsupport - ok
21:26:05.0539 6120 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:26:05.0549 6120 WerSvc - ok
21:26:05.0559 6120 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:26:05.0559 6120 WfpLwf - ok
21:26:05.0569 6120 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:26:05.0569 6120 WIMMount - ok
21:26:05.0599 6120 WinDefend - ok
21:26:05.0649 6120 [ 4032F1D329FBB5E3662DDD8EF2343E3B ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
21:26:05.0659 6120 WinDriver6 - ok
21:26:05.0659 6120 WinHttpAutoProxySvc - ok
21:26:05.0719 6120 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:26:05.0719 6120 Winmgmt - ok
21:26:05.0779 6120 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:26:05.0799 6120 WinRM - ok
21:26:05.0859 6120 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:26:05.0859 6120 WinUsb - ok
21:26:05.0909 6120 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:26:05.0919 6120 Wlansvc - ok
21:26:05.0939 6120 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:26:05.0939 6120 WmiAcpi - ok
21:26:05.0969 6120 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:26:05.0979 6120 wmiApSrv - ok
21:26:05.0999 6120 WMPNetworkSvc - ok
21:26:06.0019 6120 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:26:06.0019 6120 WPCSvc - ok
21:26:06.0039 6120 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:26:06.0039 6120 WPDBusEnum - ok
21:26:06.0059 6120 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:26:06.0059 6120 ws2ifsl - ok
21:26:06.0089 6120 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:26:06.0099 6120 wscsvc - ok
21:26:06.0099 6120 WSearch - ok
21:26:06.0199 6120 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:26:06.0219 6120 wuauserv - ok
21:26:06.0250 6120 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:26:06.0250 6120 WudfPf - ok
21:26:06.0290 6120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:26:06.0300 6120 WUDFRd - ok
21:26:06.0330 6120 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:26:06.0340 6120 wudfsvc - ok
21:26:06.0360 6120 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:26:06.0370 6120 WwanSvc - ok
21:26:06.0430 6120 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:26:06.0430 6120 xusb21 - ok
21:26:06.0480 6120 ================ Scan global ===============================
21:26:06.0500 6120 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:26:06.0540 6120 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:26:06.0560 6120 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:26:06.0580 6120 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:26:06.0600 6120 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:26:06.0610 6120 [Global] - ok
21:26:06.0610 6120 ================ Scan MBR ==================================
21:26:06.0610 6120 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:26:07.0240 6120 \Device\Harddisk1\DR1 - ok
21:26:07.0260 6120 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
21:26:07.0320 6120 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:26:07.0320 6120 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:26:07.0420 6120 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:26:07.0420 6120 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:26:07.0420 6120 ================ Scan VBR ==================================
21:26:07.0460 6120 [ 1818FD22B8D92D53AE9A99E158C26992 ] \Device\Harddisk1\DR1\Partition1
21:26:07.0460 6120 \Device\Harddisk1\DR1\Partition1 - ok
21:26:07.0470 6120 [ 0DC24AB5FE5F4AD1809EBC4EA5A33B77 ] \Device\Harddisk1\DR1\Partition2
21:26:07.0470 6120 \Device\Harddisk1\DR1\Partition2 - ok
21:26:07.0470 6120 [ D4D84DDB88A1571B18738693647AE3D6 ] \Device\Harddisk0\DR0\Partition1
21:26:07.0480 6120 \Device\Harddisk0\DR0\Partition1 - ok
21:26:07.0480 6120 ============================================================
21:26:07.0480 6120 Scan finished
21:26:07.0480 6120 ============================================================
21:26:07.0490 1008 Detected object count: 2
21:26:07.0490 1008 Actual detected object count: 2
21:26:18.0641 1008 \Device\Harddisk0\DR0\# - copied to quarantine
21:26:18.0641 1008 \Device\Harddisk0\DR0 - copied to quarantine
21:26:18.0761 1008 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:26:18.0761 1008 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:26:18.0791 1008 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:26:18.0811 1008 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:26:18.0811 1008 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:26:18.0821 1008 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:26:18.0821 1008 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:26:18.0821 1008 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:26:18.0831 1008 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:26:18.0831 1008 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:26:18.0831 1008 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:26:18.0841 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0841 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0851 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0851 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0861 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0861 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0871 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0871 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0881 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0881 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0891 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0891 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0901 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0911 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0911 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0921 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0921 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0931 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0931 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0941 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:26:18.0941 1008 \Device\Harddisk0\DR0 - processing error
21:26:29.0903 1008 \Device\Harddisk0\DR0 - will be restored on reboot
21:26:29.0903 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
21:26:29.0903 1008 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:26:29.0903 1008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:26:31.0983 5744 Deinitialize success

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:17 AM

Posted 07 December 2012 - 09:56 PM

ok, very good, we still have more work to do, so stay with me.

Make sure you reboot the computer then run the following:


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 whinis

whinis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 December 2012 - 10:15 PM

ComboFix 12-12-07.01 - John 12/07/2012 22:02:08.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4085.2496 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 03:09 . 2012-12-08 03:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-08 03:09 . 2012-12-08 03:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 02:53 . 2012-12-08 02:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-07 11:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28617A9D-1058-43BB-B997-D7B1AAC8E15A}\mpengine.dll
2012-12-07 03:13 . 2012-12-07 03:13 -------- d-----w- C:\FRST
2012-12-06 23:58 . 2012-12-08 02:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-06 23:55 . 2012-12-06 23:55 -------- d-----w- c:\users\John\AppData\Local\PDF Writer
2012-12-06 23:54 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\users\John\AppData\Roaming\PDF Writer
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\programdata\PDF Writer
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\program files\Common Files\Bullzip
2012-12-06 23:54 . 2012-12-05 06:14 139264 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-12-06 23:54 . 2008-10-30 06:14 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-12-06 23:54 . 2008-07-09 06:14 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-12-06 23:54 . 2012-12-05 06:14 218624 ----a-w- c:\windows\system32\bzpdf.dll
2012-12-06 23:53 . 2012-12-06 23:53 -------- d-----w- c:\program files\Bullzip
2012-12-06 23:53 . 1999-05-06 22:00 140288 ----a-w- c:\windows\SysWow64\comdlg32.OCX
2012-12-06 23:53 . 2012-12-06 23:53 -------- d-----w- c:\users\John\AppData\Local\Programs
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\programdata\Malwarebytes
2012-12-05 21:59 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 22:55 . 2012-11-30 18:00 -------- d-----w- C:\Jumpshot
2012-11-30 22:55 . 2012-11-30 22:55 -------- d-----w- c:\windows\jumpshot.com
2012-11-29 03:05 . 2012-11-29 03:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-24 03:34 . 2012-11-24 03:34 -------- d-----w- c:\users\John\AppData\Roaming\Microsoft Corporation
2012-11-23 23:51 . 2012-11-23 23:51 -------- d-----w- c:\users\John\AppData\Local\IsolatedStorage
2012-11-23 23:51 . 2012-11-25 19:39 -------- d-----w- c:\users\John\AppData\Roaming\VisualAssist
2012-11-23 23:51 . 2012-11-25 19:39 -------- d-----w- c:\users\John\AppData\Local\VisualAssist
2012-11-23 23:38 . 2012-11-23 23:38 -------- d-----w- c:\users\John\AppData\Roaming\Atmel
2012-11-23 23:38 . 2012-11-23 23:38 -------- d-----w- c:\users\John\AppData\Local\Atmel
2012-11-23 23:36 . 2012-11-23 23:36 -------- d-----w- c:\program files\DIFX
2012-11-23 23:36 . 2012-11-23 23:36 -------- d-----w- c:\program files\Seggger
2012-11-23 23:35 . 2009-07-14 15:07 143360 ----a-w- c:\windows\SysWow64\wdapi1002.dll
2012-11-23 23:35 . 2009-05-14 18:21 157184 ----a-w- c:\windows\SysWow64\wdapi1001.dll
2012-11-23 23:35 . 2008-07-04 14:51 110592 ----a-w- c:\windows\SysWow64\wdapi921.dll
2012-11-23 23:35 . 2006-10-18 20:39 141824 ----a-w- c:\windows\SysWow64\wdapi811.dll
2012-11-23 23:35 . 2012-02-27 19:46 260608 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-11-23 23:35 . 2010-01-18 01:13 110592 ----a-w- c:\windows\SysWow64\wdapi1011.dll
2012-11-23 23:35 . 2009-09-02 16:48 143360 ----a-w- c:\windows\SysWow64\wdapi1010.dll
2012-11-23 23:34 . 2012-11-23 23:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-11-23 23:33 . 2012-11-23 23:33 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-11-23 23:33 . 2012-11-25 15:07 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\windows\SysWow64\1033
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-11-21 19:34 . 2012-11-21 19:34 -------- d-----w- c:\users\John\AppData\Local\Macromedia
2012-11-21 15:39 . 2012-12-06 20:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-20 18:32 . 2012-11-21 02:27 -------- d-----w- c:\program files\Nightly
2012-11-17 16:47 . 2012-11-17 16:47 -------- d-----w- c:\users\John\AppData\Roaming\Unity
2012-11-17 14:50 . 2012-11-17 14:50 -------- d-----w- c:\users\John\AppData\Local\Unity
2012-11-16 00:32 . 2012-11-16 00:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-15 08:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-13 00:34 . 2012-11-13 00:35 -------- d-----w- c:\program files (x86)\FTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 17:37 . 2012-11-04 16:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 17:37 . 2011-11-11 01:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 17:37 . 2012-11-04 17:37 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-16 08:38 . 2012-11-28 11:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-14 19:19 . 2012-10-10 11:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 11:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-10 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db61f672-0d05-4997-bec6-96eaab7c4106}"= "c:\program files (x86)\BitTorrentControl_v10\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{db61f672-0d05-4997-bec6-96eaab7c4106}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A90A078-4BB9-4568-9557-CDEEFCAE68A0}]
2010-12-29 18:20 14432 ----a-w- c:\program files (x86)\Shop to Win 22\Shop to Win 22.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{db61f672-0d05-4997-bec6-96eaab7c4106}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentControl_v10\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
"{db61f672-0d05-4997-bec6-96eaab7c4106}"= "c:\program files (x86)\BitTorrentControl_v10\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CLASSES_ROOT\clsid\{db61f672-0d05-4997-bec6-96eaab7c4106}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-11-18 968592]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-07 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-01-30 315272]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
R3 libusb0;Atmel - LibUsb Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-01-25 43456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2011-12-19 74240]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [2011-02-26 31824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-10 1255736]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-11-10 35104]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-30 58368]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2009-11-04 20032]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2009-11-04 39488]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17713982
*NewlyCreated* - 84506902
*Deregistered* - 17713982
*Deregistered* - 84506902
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:37]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529369-3746976906-3756048341-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 03:19]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529369-3746976906-3756048341-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 03:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225824
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\klmmpe4s.default-1353589593860\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-84506902.sys
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
WebBrowser-{DB61F672-0D05-4997-BEC6-96EAAB7C4106} - (no file)
AddRemove-{92A196AE-9B4D-499C-94D4-18FA2061B3CE}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\0f\15$7?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-07 22:11:03
ComboFix-quarantined-files.txt 2012-12-08 03:11
ComboFix2.txt 2012-12-07 01:44
.
Pre-Run: 220,781,912,064 bytes free
Post-Run: 220,517,064,704 bytes free
.
- - End Of File - - 497EDB9711771936A1385FF2C11E784F

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:17 AM

Posted 07 December 2012 - 10:31 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll | c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 whinis

whinis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 08 December 2012 - 12:51 AM

I found it impossible to get to ESET on IE as it was filled with pop-ups without text( just ok) and a constant bugging to launch a sslaunch.exe that I kept denieing, this was after mbam reported no problems. So I ran it from their smart installer.

ComboFix 12-12-07.01 - John 12/07/2012 22:02:08.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4085.2496 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 03:09 . 2012-12-08 03:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-08 03:09 . 2012-12-08 03:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 02:53 . 2012-12-08 02:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-07 11:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28617A9D-1058-43BB-B997-D7B1AAC8E15A}\mpengine.dll
2012-12-07 03:13 . 2012-12-07 03:13 -------- d-----w- C:\FRST
2012-12-06 23:58 . 2012-12-08 02:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-06 23:55 . 2012-12-06 23:55 -------- d-----w- c:\users\John\AppData\Local\PDF Writer
2012-12-06 23:54 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\users\John\AppData\Roaming\PDF Writer
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\programdata\PDF Writer
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\program files\Common Files\Bullzip
2012-12-06 23:54 . 2012-12-05 06:14 139264 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-12-06 23:54 . 2008-10-30 06:14 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-12-06 23:54 . 2008-07-09 06:14 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-12-06 23:54 . 2012-12-05 06:14 218624 ----a-w- c:\windows\system32\bzpdf.dll
2012-12-06 23:53 . 2012-12-06 23:53 -------- d-----w- c:\program files\Bullzip
2012-12-06 23:53 . 1999-05-06 22:00 140288 ----a-w- c:\windows\SysWow64\comdlg32.OCX
2012-12-06 23:53 . 2012-12-06 23:53 -------- d-----w- c:\users\John\AppData\Local\Programs
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\programdata\Malwarebytes
2012-12-05 21:59 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 22:55 . 2012-11-30 18:00 -------- d-----w- C:\Jumpshot
2012-11-30 22:55 . 2012-11-30 22:55 -------- d-----w- c:\windows\jumpshot.com
2012-11-29 03:05 . 2012-11-29 03:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-24 03:34 . 2012-11-24 03:34 -------- d-----w- c:\users\John\AppData\Roaming\Microsoft Corporation
2012-11-23 23:51 . 2012-11-23 23:51 -------- d-----w- c:\users\John\AppData\Local\IsolatedStorage
2012-11-23 23:51 . 2012-11-25 19:39 -------- d-----w- c:\users\John\AppData\Roaming\VisualAssist
2012-11-23 23:51 . 2012-11-25 19:39 -------- d-----w- c:\users\John\AppData\Local\VisualAssist
2012-11-23 23:38 . 2012-11-23 23:38 -------- d-----w- c:\users\John\AppData\Roaming\Atmel
2012-11-23 23:38 . 2012-11-23 23:38 -------- d-----w- c:\users\John\AppData\Local\Atmel
2012-11-23 23:36 . 2012-11-23 23:36 -------- d-----w- c:\program files\DIFX
2012-11-23 23:36 . 2012-11-23 23:36 -------- d-----w- c:\program files\Seggger
2012-11-23 23:35 . 2009-07-14 15:07 143360 ----a-w- c:\windows\SysWow64\wdapi1002.dll
2012-11-23 23:35 . 2009-05-14 18:21 157184 ----a-w- c:\windows\SysWow64\wdapi1001.dll
2012-11-23 23:35 . 2008-07-04 14:51 110592 ----a-w- c:\windows\SysWow64\wdapi921.dll
2012-11-23 23:35 . 2006-10-18 20:39 141824 ----a-w- c:\windows\SysWow64\wdapi811.dll
2012-11-23 23:35 . 2012-02-27 19:46 260608 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-11-23 23:35 . 2010-01-18 01:13 110592 ----a-w- c:\windows\SysWow64\wdapi1011.dll
2012-11-23 23:35 . 2009-09-02 16:48 143360 ----a-w- c:\windows\SysWow64\wdapi1010.dll
2012-11-23 23:34 . 2012-11-23 23:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-11-23 23:33 . 2012-11-23 23:33 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-11-23 23:33 . 2012-11-25 15:07 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\windows\SysWow64\1033
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-11-21 19:34 . 2012-11-21 19:34 -------- d-----w- c:\users\John\AppData\Local\Macromedia
2012-11-21 15:39 . 2012-12-06 20:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-20 18:32 . 2012-11-21 02:27 -------- d-----w- c:\program files\Nightly
2012-11-17 16:47 . 2012-11-17 16:47 -------- d-----w- c:\users\John\AppData\Roaming\Unity
2012-11-17 14:50 . 2012-11-17 14:50 -------- d-----w- c:\users\John\AppData\Local\Unity
2012-11-16 00:32 . 2012-11-16 00:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-15 08:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-13 00:34 . 2012-11-13 00:35 -------- d-----w- c:\program files (x86)\FTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 17:37 . 2012-11-04 16:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 17:37 . 2011-11-11 01:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 17:37 . 2012-11-04 17:37 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-16 08:38 . 2012-11-28 11:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-14 19:19 . 2012-10-10 11:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 11:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-10 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db61f672-0d05-4997-bec6-96eaab7c4106}"= "c:\program files (x86)\BitTorrentControl_v10\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{db61f672-0d05-4997-bec6-96eaab7c4106}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A90A078-4BB9-4568-9557-CDEEFCAE68A0}]
2010-12-29 18:20 14432 ----a-w- c:\program files (x86)\Shop to Win 22\Shop to Win 22.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{db61f672-0d05-4997-bec6-96eaab7c4106}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentControl_v10\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
"{db61f672-0d05-4997-bec6-96eaab7c4106}"= "c:\program files (x86)\BitTorrentControl_v10\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CLASSES_ROOT\clsid\{db61f672-0d05-4997-bec6-96eaab7c4106}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-11-18 968592]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-07 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-01-30 315272]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
R3 libusb0;Atmel - LibUsb Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-01-25 43456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2011-12-19 74240]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [2011-02-26 31824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-10 1255736]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-11-10 35104]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-30 58368]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2009-11-04 20032]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2009-11-04 39488]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17713982
*NewlyCreated* - 84506902
*Deregistered* - 17713982
*Deregistered* - 84506902
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:37]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529369-3746976906-3756048341-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 03:19]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529369-3746976906-3756048341-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 03:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225824
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\klmmpe4s.default-1353589593860\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-84506902.sys
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
WebBrowser-{DB61F672-0D05-4997-BEC6-96EAAB7C4106} - (no file)
AddRemove-{92A196AE-9B4D-499C-94D4-18FA2061B3CE}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\0f\15$7?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-07 22:11:03
ComboFix-quarantined-files.txt 2012-12-08 03:11
ComboFix2.txt 2012-12-07 01:44
.
Pre-Run: 220,781,912,064 bytes free
Post-Run: 220,517,064,704 bytes free
.
- - End Of File - - 497EDB9711771936A1385FF2C11E784F



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.9.6 (12.07.2012:1)
OS: Windows 7 Ultimate x64
Ran by John on Fri 12/07/2012 at 22:51:48.58
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2105529369-3746976906-3756048341-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduitsearchscopes"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\pricegong"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\toolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\shoptowin"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\shoppingbho.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fcbccb87-9224-4b8d-b117-f56d924beb18}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcbccb87-9224-4b8d-b117-f56d924beb18}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\John\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons.com couponbar"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
Successfully deleted the following from C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\klmmpe4s.default-1353589593860\prefs.js

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Coupons.com CouponBar\\\\fi



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/07/2012 at 22:56:48.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v2.011 - Logfile created 12/07/2012 at 22:59:27
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : John - ASUSLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\BitTorrentControl_v10
Folder Deleted : C:\Users\John\AppData\LocalLow\BitTorrentControl_v10

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v10
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB61F672-0D05-4997-BEC6-96EAAB7C4106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B217C99-9D43-435F-B23E-9EBD52FC670A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB61F672-0D05-4997-BEC6-96EAAB7C4106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\Software\BitTorrentControl_v10
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063945.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063945.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225824
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9B217C99-9D43-435F-B23E-9EBD52FC670A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9B217C99-9D43-435F-B23E-9EBD52FC670A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB61F672-0D05-4997-BEC6-96EAAB7C4106}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626560FE-7159-42C1-AD59-AB16F39214F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7125A35C-6B9C-4E15-BA06-9DAC0999538A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB61F672-0D05-4997-BEC6-96EAAB7C4106}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v10 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DB61F672-0D05-4997-BEC6-96EAAB7C4106}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{DB61F672-0D05-4997-BEC6-96EAAB7C4106}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DB61F672-0D05-4997-BEC6-96EAAB7C4106}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB61F672-0D05-4997-BEC6-96EAAB7C4106}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default-1353589593860 [Profil par défaut]
File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\klmmpe4s.default-1353589593860\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://search.conduit.com/?ctid=CT3225824&SearchSource=48",
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225824&SearchSource=48"[...]
Deleted [l.1755] : homepage = "hxxp://search.conduit.com/?ctid=CT3225824&SearchSource=48",
Deleted [l.2083] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225824&SearchSource=48" ]

*************************

AdwCleaner[S1].txt - [9901 octets] - [07/12/2012 22:59:27]

########## EOF - C:\AdwCleaner[S1].txt - [9961 octets] ##########


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: ASUSLAPTOP [administrator]

12/7/2012 11:03:52 PM
mbam-log-2012-12-07 (23-03-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229792
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Program Files (x86)\Vuze\bunndle.zip a variant of Win32/Bunndle application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\John\Desktop\Old Firefox Data\extensions\dsnbnzksns@dsnbnzksns.org.xpi JS/Redirector.NBX trojan
C:\Users\John\Documents\ubcd511.iso Win32/PSWTool.KonBoot.A application
C:\Users\John\Documents\uscb\ubcd\images\konboot.img.gz Win32/PSWTool.KonBoot.A application

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:17 AM

Posted 08 December 2012 - 01:02 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files (x86)\Vuze\bunndle.zip 
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll 
C:\Users\John\Desktop\Old Firefox Data\extensions\dsnbnzksns@dsnbnzksns.org.xpi 
C:\Users\John\Documents\ubcd511.iso 
C:\Users\John\Documents\uscb\ubcd\images\konboot.img.gz 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT



Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.





Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 whinis

whinis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 08 December 2012 - 10:12 AM

I don't see any malicious content actively running, however TDSSkiller still shows the rootkit as being here. Also java was shown as not being on my computer even though I had version 6.

tdss killer log

10:04:08.0024 1396 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:04:08.0584 1396 ============================================================
10:04:08.0584 1396 Current date / time: 2012/12/08 10:04:08.0584
10:04:08.0584 1396 SystemInfo:
10:04:08.0584 1396
10:04:08.0584 1396 OS Version: 6.1.7601 ServicePack: 1.0
10:04:08.0584 1396 Product type: Workstation
10:04:08.0584 1396 ComputerName: ASUSLAPTOP
10:04:08.0584 1396 UserName: John
10:04:08.0584 1396 Windows directory: C:\Windows
10:04:08.0584 1396 System windows directory: C:\Windows
10:04:08.0584 1396 Running under WOW64
10:04:08.0584 1396 Processor architecture: Intel x64
10:04:08.0584 1396 Number of processors: 8
10:04:08.0584 1396 Page size: 0x1000
10:04:08.0584 1396 Boot type: Normal boot
10:04:08.0584 1396 ============================================================
10:04:12.0162 1396 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:04:12.0177 1396 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:04:12.0193 1396 ============================================================
10:04:12.0193 1396 \Device\Harddisk1\DR1:
10:04:12.0193 1396 MBR partitions:
10:04:12.0193 1396 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:04:12.0193 1396 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB000
10:04:12.0193 1396 \Device\Harddisk0\DR0:
10:04:12.0193 1396 MBR partitions:
10:04:12.0193 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542E000
10:04:12.0193 1396 ============================================================
10:04:12.0287 1396 C: <-> \Device\Harddisk0\DR0\Partition1
10:04:12.0318 1396 D: <-> \Device\Harddisk1\DR1\Partition2
10:04:12.0318 1396 ============================================================
10:04:12.0318 1396 Initialize success
10:04:12.0318 1396 ============================================================
10:04:19.0166 0940 ============================================================
10:04:19.0166 0940 Scan started
10:04:19.0166 0940 Mode: Manual; TDLFS;
10:04:19.0166 0940 ============================================================
10:04:21.0943 0940 ================ Scan system memory ========================
10:04:21.0943 0940 System memory - ok
10:04:21.0943 0940 ================ Scan services =============================
10:04:22.0099 0940 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:04:22.0099 0940 1394ohci - ok
10:04:22.0130 0940 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:04:22.0146 0940 ACPI - ok
10:04:22.0161 0940 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:04:22.0161 0940 AcpiPmi - ok
10:04:22.0271 0940 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:04:22.0271 0940 AdobeARMservice - ok
10:04:22.0411 0940 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:04:22.0427 0940 AdobeFlashPlayerUpdateSvc - ok
10:04:22.0473 0940 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:04:22.0489 0940 adp94xx - ok
10:04:22.0520 0940 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:04:22.0536 0940 adpahci - ok
10:04:22.0551 0940 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:04:22.0551 0940 adpu320 - ok
10:04:22.0583 0940 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:04:22.0583 0940 AeLookupSvc - ok
10:04:22.0629 0940 [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent C:\Windows\system32\FBAgent.exe
10:04:22.0629 0940 AFBAgent - ok
10:04:22.0692 0940 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:04:22.0707 0940 AFD - ok
10:04:22.0723 0940 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:04:22.0723 0940 agp440 - ok
10:04:22.0739 0940 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:04:22.0754 0940 ALG - ok
10:04:22.0754 0940 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:04:22.0770 0940 aliide - ok
10:04:22.0770 0940 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:04:22.0770 0940 amdide - ok
10:04:22.0801 0940 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:04:22.0801 0940 AmdK8 - ok
10:04:22.0817 0940 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:04:22.0817 0940 AmdPPM - ok
10:04:22.0848 0940 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:04:22.0848 0940 amdsata - ok
10:04:22.0863 0940 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:04:22.0863 0940 amdsbs - ok
10:04:22.0879 0940 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:04:22.0879 0940 amdxata - ok
10:04:22.0910 0940 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:04:22.0910 0940 AppID - ok
10:04:22.0910 0940 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:04:22.0926 0940 AppIDSvc - ok
10:04:22.0941 0940 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:04:22.0941 0940 Appinfo - ok
10:04:23.0004 0940 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:04:23.0004 0940 Apple Mobile Device - ok
10:04:23.0035 0940 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:04:23.0035 0940 AppMgmt - ok
10:04:23.0051 0940 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:04:23.0051 0940 arc - ok
10:04:23.0066 0940 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:04:23.0066 0940 arcsas - ok
10:04:23.0144 0940 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
10:04:23.0144 0940 ASLDRService - ok
10:04:23.0222 0940 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
10:04:23.0222 0940 ASMMAP64 - ok
10:04:23.0347 0940 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:04:23.0378 0940 aspnet_state - ok
10:04:23.0425 0940 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:04:23.0425 0940 AsyncMac - ok
10:04:23.0441 0940 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:04:23.0441 0940 atapi - ok
10:04:23.0441 0940 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
10:04:23.0456 0940 ATKGFNEXSrv - ok
10:04:23.0487 0940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:04:23.0519 0940 AudioEndpointBuilder - ok
10:04:23.0534 0940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:04:23.0550 0940 AudioSrv - ok
10:04:23.0581 0940 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:04:23.0581 0940 AxInstSV - ok
10:04:23.0612 0940 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:04:23.0628 0940 b06bdrv - ok
10:04:23.0659 0940 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:04:23.0659 0940 b57nd60a - ok
10:04:23.0706 0940 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:04:23.0706 0940 BDESVC - ok
10:04:23.0737 0940 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:04:23.0737 0940 Beep - ok
10:04:23.0784 0940 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:04:23.0815 0940 BFE - ok
10:04:23.0862 0940 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:04:23.0893 0940 BITS - ok
10:04:23.0909 0940 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:04:23.0909 0940 blbdrive - ok
10:04:23.0971 0940 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:04:23.0971 0940 Bonjour Service - ok
10:04:24.0033 0940 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:04:24.0033 0940 bowser - ok
10:04:24.0111 0940 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:04:24.0127 0940 BrFiltLo - ok
10:04:24.0143 0940 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:04:24.0143 0940 BrFiltUp - ok
10:04:24.0221 0940 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:04:24.0221 0940 BridgeMP - ok
10:04:24.0283 0940 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:04:24.0283 0940 Browser - ok
10:04:24.0330 0940 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:04:24.0345 0940 Brserid - ok
10:04:24.0361 0940 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:04:24.0361 0940 BrSerWdm - ok
10:04:24.0377 0940 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:04:24.0392 0940 BrUsbMdm - ok
10:04:24.0423 0940 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:04:24.0423 0940 BrUsbSer - ok
10:04:24.0517 0940 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:04:24.0517 0940 BthEnum - ok
10:04:24.0533 0940 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:04:24.0548 0940 BTHMODEM - ok
10:04:24.0564 0940 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:04:24.0579 0940 BthPan - ok
10:04:24.0673 0940 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:04:24.0704 0940 BTHPORT - ok
10:04:24.0735 0940 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:04:24.0735 0940 bthserv - ok
10:04:24.0751 0940 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:04:24.0751 0940 BTHUSB - ok
10:04:24.0798 0940 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:04:24.0798 0940 btwaudio - ok
10:04:24.0813 0940 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:04:24.0813 0940 btwavdt - ok
10:04:24.0876 0940 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:04:24.0907 0940 btwdins - ok
10:04:24.0923 0940 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:04:24.0923 0940 btwl2cap - ok
10:04:24.0923 0940 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:04:24.0923 0940 btwrchid - ok
10:04:24.0954 0940 catchme - ok
10:04:24.0969 0940 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:04:24.0985 0940 cdfs - ok
10:04:25.0016 0940 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:04:25.0016 0940 cdrom - ok
10:04:25.0063 0940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:04:25.0063 0940 CertPropSvc - ok
10:04:25.0063 0940 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:04:25.0079 0940 circlass - ok
10:04:25.0094 0940 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:04:25.0110 0940 CLFS - ok
10:04:25.0157 0940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:04:25.0172 0940 clr_optimization_v2.0.50727_32 - ok
10:04:25.0188 0940 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:04:25.0203 0940 clr_optimization_v2.0.50727_64 - ok
10:04:25.0266 0940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:04:25.0453 0940 clr_optimization_v4.0.30319_32 - ok
10:04:25.0515 0940 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:04:25.0578 0940 clr_optimization_v4.0.30319_64 - ok
10:04:25.0593 0940 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:04:25.0593 0940 CmBatt - ok
10:04:25.0625 0940 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:04:25.0625 0940 cmdide - ok
10:04:25.0703 0940 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:04:25.0718 0940 CNG - ok
10:04:25.0734 0940 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:04:25.0734 0940 Compbatt - ok
10:04:25.0765 0940 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:04:25.0765 0940 CompositeBus - ok
10:04:25.0765 0940 COMSysApp - ok
10:04:25.0796 0940 [ 71879A4AB90D21BCCF9E3CFCF0BB5F4A ] copperhd C:\Windows\system32\drivers\copperhd.sys
10:04:25.0796 0940 copperhd - ok
10:04:25.0812 0940 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:04:25.0812 0940 crcdisk - ok
10:04:25.0874 0940 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:04:25.0874 0940 CryptSvc - ok
10:04:25.0921 0940 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:04:25.0921 0940 CSC - ok
10:04:25.0968 0940 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:04:25.0999 0940 CscService - ok
10:04:26.0030 0940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:04:26.0061 0940 DcomLaunch - ok
10:04:26.0093 0940 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:04:26.0093 0940 defragsvc - ok
10:04:26.0108 0940 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:04:26.0108 0940 DfsC - ok
10:04:26.0139 0940 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:04:26.0155 0940 Dhcp - ok
10:04:26.0264 0940 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
10:04:26.0280 0940 DirMngr - ok
10:04:26.0295 0940 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:04:26.0295 0940 discache - ok
10:04:26.0327 0940 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:04:26.0327 0940 Disk - ok
10:04:26.0358 0940 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:04:26.0358 0940 dmvsc - ok
10:04:26.0405 0940 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:04:26.0405 0940 Dnscache - ok
10:04:26.0420 0940 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:04:26.0436 0940 dot3svc - ok
10:04:26.0451 0940 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:04:26.0451 0940 DPS - ok
10:04:26.0483 0940 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:04:26.0483 0940 drmkaud - ok
10:04:26.0529 0940 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:04:26.0529 0940 DXGKrnl - ok
10:04:26.0576 0940 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:04:26.0576 0940 EapHost - ok
10:04:26.0732 0940 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:04:26.0826 0940 ebdrv - ok
10:04:26.0873 0940 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:04:26.0873 0940 EFS - ok
10:04:26.0935 0940 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:04:26.0951 0940 ehRecvr - ok
10:04:26.0982 0940 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:04:26.0982 0940 ehSched - ok
10:04:27.0029 0940 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:04:27.0044 0940 elxstor - ok
10:04:27.0060 0940 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:04:27.0060 0940 ErrDev - ok
10:04:27.0107 0940 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:04:27.0107 0940 EventSystem - ok
10:04:27.0122 0940 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:04:27.0122 0940 exfat - ok
10:04:27.0138 0940 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:04:27.0153 0940 fastfat - ok
10:04:27.0169 0940 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:04:27.0185 0940 Fax - ok
10:04:27.0200 0940 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:04:27.0200 0940 fdc - ok
10:04:27.0216 0940 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:04:27.0216 0940 fdPHost - ok
10:04:27.0231 0940 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:04:27.0231 0940 FDResPub - ok
10:04:27.0247 0940 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:04:27.0247 0940 FileInfo - ok
10:04:27.0263 0940 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:04:27.0263 0940 Filetrace - ok
10:04:27.0278 0940 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:04:27.0278 0940 flpydisk - ok
10:04:27.0309 0940 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:04:27.0309 0940 FltMgr - ok
10:04:27.0372 0940 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:04:27.0403 0940 FontCache - ok
10:04:27.0434 0940 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:04:27.0450 0940 FontCache3.0.0.0 - ok
10:04:27.0465 0940 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:04:27.0465 0940 FsDepends - ok
10:04:27.0497 0940 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:04:27.0497 0940 Fs_Rec - ok
10:04:27.0512 0940 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:04:27.0512 0940 fvevol - ok
10:04:27.0528 0940 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:04:27.0528 0940 gagp30kx - ok
10:04:27.0575 0940 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:04:27.0575 0940 GEARAspiWDM - ok
10:04:27.0621 0940 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:04:27.0637 0940 gpsvc - ok
10:04:27.0684 0940 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
10:04:27.0684 0940 hamachi - ok
10:04:27.0855 0940 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
10:04:27.0918 0940 Hamachi2Svc - ok
10:04:27.0933 0940 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:04:27.0933 0940 hcw85cir - ok
10:04:27.0980 0940 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:04:27.0996 0940 HdAudAddService - ok
10:04:28.0027 0940 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:04:28.0027 0940 HDAudBus - ok
10:04:28.0058 0940 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:04:28.0058 0940 HidBatt - ok
10:04:28.0074 0940 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:04:28.0074 0940 HidBth - ok
10:04:28.0105 0940 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:04:28.0105 0940 HidIr - ok
10:04:28.0121 0940 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:04:28.0121 0940 hidserv - ok
10:04:28.0152 0940 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:04:28.0152 0940 HidUsb - ok
10:04:28.0183 0940 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:04:28.0183 0940 hkmsvc - ok
10:04:28.0214 0940 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:04:28.0214 0940 HomeGroupListener - ok
10:04:28.0245 0940 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:04:28.0261 0940 HomeGroupProvider - ok
10:04:28.0277 0940 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:04:28.0277 0940 HpSAMD - ok
10:04:28.0323 0940 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:04:28.0339 0940 HTTP - ok
10:04:28.0370 0940 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:04:28.0370 0940 hwpolicy - ok
10:04:28.0417 0940 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:04:28.0417 0940 i8042prt - ok
10:04:28.0448 0940 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:04:28.0464 0940 iaStorV - ok
10:04:28.0511 0940 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:04:28.0542 0940 idsvc - ok
10:04:28.0557 0940 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:04:28.0557 0940 iirsp - ok
10:04:28.0589 0940 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:04:28.0620 0940 IKEEXT - ok
10:04:28.0713 0940 [ A9638FA0FB0C5B86229C3FD809CE8CFF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:04:28.0745 0940 IntcAzAudAddService - ok
10:04:28.0760 0940 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:04:28.0760 0940 intelide - ok
10:04:28.0791 0940 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:04:28.0791 0940 intelppm - ok
10:04:28.0807 0940 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:04:28.0823 0940 IPBusEnum - ok
10:04:28.0838 0940 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:04:28.0838 0940 IpFilterDriver - ok
10:04:28.0885 0940 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:04:28.0916 0940 iphlpsvc - ok
10:04:28.0916 0940 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:04:28.0916 0940 IPMIDRV - ok
10:04:28.0947 0940 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:04:28.0947 0940 IPNAT - ok
10:04:29.0010 0940 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:04:29.0041 0940 iPod Service - ok
10:04:29.0057 0940 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:04:29.0057 0940 IRENUM - ok
10:04:29.0072 0940 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:04:29.0072 0940 isapnp - ok
10:04:29.0103 0940 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:04:29.0103 0940 iScsiPrt - ok
10:04:29.0119 0940 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:04:29.0119 0940 kbdclass - ok
10:04:29.0135 0940 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:04:29.0150 0940 kbdhid - ok
10:04:29.0166 0940 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:04:29.0166 0940 KeyIso - ok
10:04:29.0197 0940 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:04:29.0197 0940 KSecDD - ok
10:04:29.0213 0940 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:04:29.0213 0940 KSecPkg - ok
10:04:29.0244 0940 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:04:29.0244 0940 ksthunk - ok
10:04:29.0259 0940 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:04:29.0275 0940 KtmRm - ok
10:04:29.0306 0940 [ 01C711667ABEDF8148998F3AC91991DB ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
10:04:29.0306 0940 L1C - ok
10:04:29.0369 0940 [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
10:04:29.0369 0940 LADF_CaptureOnly - ok
10:04:29.0431 0940 [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
10:04:29.0447 0940 LADF_RenderOnly - ok
10:04:29.0478 0940 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:04:29.0493 0940 LanmanServer - ok
10:04:29.0509 0940 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:04:29.0525 0940 LanmanWorkstation - ok
10:04:29.0556 0940 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
10:04:29.0556 0940 LGBusEnum - ok
10:04:29.0587 0940 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
10:04:29.0587 0940 LGVirHid - ok
10:04:29.0634 0940 [ 285954C6C6EF43B78AB84034750FAC6A ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
10:04:29.0634 0940 libusb0 - ok
10:04:29.0665 0940 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:04:29.0665 0940 lltdio - ok
10:04:29.0696 0940 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:04:29.0712 0940 lltdsvc - ok
10:04:29.0727 0940 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:04:29.0727 0940 lmhosts - ok
10:04:29.0759 0940 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:04:29.0759 0940 LSI_FC - ok
10:04:29.0774 0940 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:04:29.0790 0940 LSI_SAS - ok
10:04:29.0805 0940 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:04:29.0805 0940 LSI_SAS2 - ok
10:04:29.0821 0940 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:04:29.0837 0940 LSI_SCSI - ok
10:04:29.0852 0940 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:04:29.0852 0940 luafv - ok
10:04:29.0946 0940 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
10:04:29.0946 0940 McComponentHostService - ok
10:04:29.0977 0940 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:04:29.0977 0940 Mcx2Svc - ok
10:04:29.0993 0940 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:04:29.0993 0940 megasas - ok
10:04:30.0024 0940 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:04:30.0024 0940 MegaSR - ok
10:04:30.0117 0940 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:04:30.0117 0940 Microsoft Office Groove Audit Service - ok
10:04:30.0133 0940 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:04:30.0149 0940 MMCSS - ok
10:04:30.0164 0940 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:04:30.0164 0940 Modem - ok
10:04:30.0180 0940 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:04:30.0180 0940 monitor - ok
10:04:30.0195 0940 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:04:30.0195 0940 mouclass - ok
10:04:30.0211 0940 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:04:30.0211 0940 mouhid - ok
10:04:30.0242 0940 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:04:30.0242 0940 mountmgr - ok
10:04:30.0305 0940 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:04:30.0305 0940 MozillaMaintenance - ok
10:04:30.0320 0940 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:04:30.0336 0940 mpio - ok
10:04:30.0336 0940 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:04:30.0351 0940 mpsdrv - ok
10:04:30.0414 0940 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:04:30.0445 0940 MpsSvc - ok
10:04:30.0461 0940 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:04:30.0461 0940 MRxDAV - ok
10:04:30.0507 0940 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:04:30.0507 0940 mrxsmb - ok
10:04:30.0523 0940 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:04:30.0539 0940 mrxsmb10 - ok
10:04:30.0539 0940 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:04:30.0554 0940 mrxsmb20 - ok
10:04:30.0554 0940 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:04:30.0570 0940 msahci - ok
10:04:30.0585 0940 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:04:30.0585 0940 msdsm - ok
10:04:30.0601 0940 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:04:30.0601 0940 MSDTC - ok
10:04:30.0632 0940 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:04:30.0632 0940 Msfs - ok
10:04:30.0663 0940 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:04:30.0663 0940 mshidkmdf - ok
10:04:30.0679 0940 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:04:30.0679 0940 msisadrv - ok
10:04:30.0710 0940 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:04:30.0710 0940 MSiSCSI - ok
10:04:30.0710 0940 msiserver - ok
10:04:30.0726 0940 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:04:30.0741 0940 MSKSSRV - ok
10:04:30.0757 0940 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:04:30.0757 0940 MSPCLOCK - ok
10:04:30.0773 0940 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:04:30.0773 0940 MSPQM - ok
10:04:30.0788 0940 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:04:30.0788 0940 MsRPC - ok
10:04:30.0819 0940 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:04:30.0819 0940 mssmbios - ok
10:04:30.0835 0940 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:04:30.0835 0940 MSTEE - ok
10:04:30.0851 0940 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:04:30.0851 0940 MTConfig - ok
10:04:30.0897 0940 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
10:04:30.0897 0940 MTsensor - ok
10:04:30.0913 0940 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:04:30.0913 0940 Mup - ok
10:04:30.0944 0940 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:04:30.0944 0940 napagent - ok
10:04:30.0975 0940 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:04:30.0991 0940 NativeWifiP - ok
10:04:31.0069 0940 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:04:31.0100 0940 NDIS - ok
10:04:31.0116 0940 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:04:31.0131 0940 NdisCap - ok
10:04:31.0147 0940 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:04:31.0147 0940 NdisTapi - ok
10:04:31.0163 0940 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:04:31.0178 0940 Ndisuio - ok
10:04:31.0194 0940 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:04:31.0194 0940 NdisWan - ok
10:04:31.0209 0940 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:04:31.0209 0940 NDProxy - ok
10:04:31.0225 0940 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:04:31.0241 0940 NetBIOS - ok
10:04:31.0256 0940 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:04:31.0256 0940 NetBT - ok
10:04:31.0287 0940 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:04:31.0287 0940 Netlogon - ok
10:04:31.0334 0940 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:04:31.0334 0940 Netman - ok
10:04:31.0381 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:31.0443 0940 NetMsmqActivator - ok
10:04:31.0459 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:31.0459 0940 NetPipeActivator - ok
10:04:31.0490 0940 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:04:31.0506 0940 netprofm - ok
10:04:31.0521 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:31.0521 0940 NetTcpActivator - ok
10:04:31.0521 0940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:31.0521 0940 NetTcpPortSharing - ok
10:04:31.0787 0940 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:04:31.0974 0940 NETwNs64 - ok
10:04:32.0005 0940 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:04:32.0005 0940 nfrd960 - ok
10:04:32.0036 0940 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:04:32.0036 0940 NlaSvc - ok
10:04:32.0052 0940 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:04:32.0052 0940 Npfs - ok
10:04:32.0067 0940 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:04:32.0083 0940 nsi - ok
10:04:32.0099 0940 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:04:32.0099 0940 nsiproxy - ok
10:04:32.0177 0940 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:04:32.0223 0940 Ntfs - ok
10:04:32.0255 0940 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:04:32.0255 0940 Null - ok
10:04:32.0816 0940 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:04:32.0863 0940 nvlddmkm - ok
10:04:32.0879 0940 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:04:32.0894 0940 nvraid - ok
10:04:32.0910 0940 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:04:32.0925 0940 nvstor - ok
10:04:32.0972 0940 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:04:33.0003 0940 nvsvc - ok
10:04:33.0066 0940 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:04:33.0128 0940 nvUpdatusService - ok
10:04:33.0144 0940 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:04:33.0144 0940 nv_agp - ok
10:04:33.0237 0940 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:04:33.0237 0940 odserv - ok
10:04:33.0269 0940 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:04:33.0284 0940 ohci1394 - ok
10:04:33.0331 0940 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:04:33.0331 0940 ose - ok
10:04:33.0378 0940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:04:33.0378 0940 p2pimsvc - ok
10:04:33.0409 0940 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:04:33.0425 0940 p2psvc - ok
10:04:33.0440 0940 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:04:33.0440 0940 Parport - ok
10:04:33.0471 0940 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:04:33.0471 0940 partmgr - ok
10:04:33.0503 0940 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:04:33.0518 0940 PcaSvc - ok
10:04:33.0534 0940 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:04:33.0534 0940 pci - ok
10:04:33.0549 0940 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:04:33.0565 0940 pciide - ok
10:04:33.0581 0940 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:04:33.0581 0940 pcmcia - ok
10:04:33.0596 0940 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:04:33.0596 0940 pcw - ok
10:04:33.0627 0940 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:04:33.0659 0940 PEAUTH - ok
10:04:33.0721 0940 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:04:33.0752 0940 PeerDistSvc - ok
10:04:33.0830 0940 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:04:33.0830 0940 PerfHost - ok
10:04:33.0877 0940 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:04:33.0939 0940 pla - ok
10:04:33.0986 0940 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:04:34.0017 0940 PlugPlay - ok
10:04:34.0033 0940 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:04:34.0033 0940 PNRPAutoReg - ok
10:04:34.0064 0940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:04:34.0064 0940 PNRPsvc - ok
10:04:34.0095 0940 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:04:34.0111 0940 PolicyAgent - ok
10:04:34.0142 0940 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:04:34.0158 0940 Power - ok
10:04:34.0205 0940 [ 610183C42EFB6A9A0E3F31DBCABB6A58 ] PPJoyBus C:\Windows\system32\DRIVERS\PPJoyBus64.sys
10:04:34.0205 0940 PPJoyBus - ok
10:04:34.0251 0940 [ FF42F471562D6ADD62B11A3E0279CDC2 ] PPortJoystick C:\Windows\system32\DRIVERS\PPortJoy64.sys
10:04:34.0251 0940 PPortJoystick - ok
10:04:34.0283 0940 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:04:34.0283 0940 PptpMiniport - ok
10:04:34.0298 0940 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:04:34.0298 0940 Processor - ok
10:04:34.0345 0940 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:04:34.0361 0940 ProfSvc - ok
10:04:34.0376 0940 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:04:34.0376 0940 ProtectedStorage - ok
10:04:34.0392 0940 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:04:34.0392 0940 Psched - ok
10:04:34.0454 0940 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:04:34.0517 0940 ql2300 - ok
10:04:34.0532 0940 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:04:34.0548 0940 ql40xx - ok
10:04:34.0563 0940 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:04:34.0579 0940 QWAVE - ok
10:04:34.0595 0940 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:04:34.0595 0940 QWAVEdrv - ok
10:04:34.0610 0940 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:04:34.0610 0940 RasAcd - ok
10:04:34.0641 0940 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:04:34.0641 0940 RasAgileVpn - ok
10:04:34.0657 0940 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:04:34.0657 0940 RasAuto - ok
10:04:34.0673 0940 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:04:34.0688 0940 Rasl2tp - ok
10:04:34.0719 0940 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:04:34.0735 0940 RasMan - ok
10:04:34.0751 0940 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:04:34.0751 0940 RasPppoe - ok
10:04:34.0766 0940 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:04:34.0766 0940 RasSstp - ok
10:04:34.0782 0940 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:04:34.0797 0940 rdbss - ok
10:04:34.0813 0940 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:04:34.0813 0940 rdpbus - ok
10:04:34.0813 0940 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:04:34.0829 0940 RDPCDD - ok
10:04:34.0860 0940 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:04:34.0860 0940 RDPDR - ok
10:04:34.0891 0940 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:04:34.0891 0940 RDPENCDD - ok
10:04:34.0907 0940 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:04:34.0907 0940 RDPREFMP - ok
10:04:34.0953 0940 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:04:34.0953 0940 RdpVideoMiniport - ok
10:04:34.0985 0940 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:04:35.0000 0940 RDPWD - ok
10:04:35.0031 0940 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:04:35.0031 0940 rdyboost - ok
10:04:35.0063 0940 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:04:35.0063 0940 RemoteAccess - ok
10:04:35.0078 0940 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:04:35.0078 0940 RemoteRegistry - ok
10:04:35.0125 0940 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:04:35.0125 0940 RFCOMM - ok
10:04:35.0141 0940 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:04:35.0156 0940 RpcEptMapper - ok
10:04:35.0172 0940 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:04:35.0172 0940 RpcLocator - ok
10:04:35.0203 0940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:04:35.0203 0940 RpcSs - ok
10:04:35.0234 0940 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:04:35.0234 0940 rspndr - ok
10:04:35.0281 0940 [ EC425B78926F0B5EE79C9E3FB3C49031 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
10:04:35.0281 0940 rzudd - ok
10:04:35.0312 0940 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:04:35.0312 0940 s3cap - ok
10:04:35.0328 0940 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:04:35.0328 0940 SamSs - ok
10:04:35.0343 0940 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:04:35.0343 0940 sbp2port - ok
10:04:35.0359 0940 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:04:35.0375 0940 SCardSvr - ok
10:04:35.0421 0940 [ 7FB7A7448D6D3609724C3E5BD7A90F8E ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
10:04:35.0421 0940 SCDEmu - ok
10:04:35.0437 0940 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:04:35.0453 0940 scfilter - ok
10:04:35.0484 0940 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:04:35.0515 0940 Schedule - ok
10:04:35.0546 0940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:04:35.0546 0940 SCPolicySvc - ok
10:04:35.0577 0940 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:04:35.0577 0940 sdbus - ok
10:04:35.0593 0940 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:04:35.0609 0940 SDRSVC - ok
10:04:35.0624 0940 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:04:35.0640 0940 secdrv - ok
10:04:35.0655 0940 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:04:35.0655 0940 seclogon - ok
10:04:35.0687 0940 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:04:35.0687 0940 SENS - ok
10:04:35.0702 0940 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:04:35.0702 0940 SensrSvc - ok
10:04:35.0718 0940 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
10:04:35.0733 0940 Serenum - ok
10:04:35.0749 0940 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
10:04:35.0765 0940 Serial - ok
10:04:35.0780 0940 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:04:35.0780 0940 sermouse - ok
10:04:35.0811 0940 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:04:35.0811 0940 SessionEnv - ok
10:04:35.0827 0940 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:04:35.0827 0940 sffdisk - ok
10:04:35.0843 0940 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:04:35.0843 0940 sffp_mmc - ok
10:04:35.0858 0940 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:04:35.0858 0940 sffp_sd - ok
10:04:35.0874 0940 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:04:35.0874 0940 sfloppy - ok
10:04:35.0905 0940 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:04:35.0921 0940 SharedAccess - ok
10:04:35.0936 0940 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:04:35.0952 0940 ShellHWDetection - ok
10:04:35.0967 0940 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:04:35.0967 0940 SiSRaid2 - ok
10:04:35.0983 0940 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:04:35.0983 0940 SiSRaid4 - ok
10:04:36.0264 0940 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:04:36.0404 0940 Skype C2C Service - ok
10:04:36.0451 0940 [ D0C0B700152B1F610F10B356483B3401 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:04:36.0451 0940 SkypeUpdate - ok
10:04:36.0591 0940 [ BA8B51F09A17A14D11A26289AE2858B6 ] SliceDisk5 C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys
10:04:36.0607 0940 SliceDisk5 - ok
10:04:36.0638 0940 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:04:36.0638 0940 Smb - ok
10:04:36.0669 0940 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:04:36.0685 0940 SNMPTRAP - ok
10:04:36.0701 0940 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:04:36.0701 0940 spldr - ok
10:04:36.0747 0940 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:04:36.0763 0940 Spooler - ok
10:04:36.0872 0940 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:04:36.0935 0940 sppsvc - ok
10:04:36.0966 0940 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:04:36.0966 0940 sppuinotify - ok
10:04:37.0013 0940 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:04:37.0028 0940 srv - ok
10:04:37.0044 0940 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:04:37.0059 0940 srv2 - ok
10:04:37.0075 0940 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:04:37.0075 0940 srvnet - ok
10:04:37.0106 0940 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:04:37.0106 0940 SSDPSRV - ok
10:04:37.0137 0940 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:04:37.0137 0940 SstpSvc - ok
10:04:37.0153 0940 Steam Client Service - ok
10:04:37.0200 0940 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:04:37.0200 0940 Stereo Service - ok
10:04:37.0215 0940 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:04:37.0231 0940 stexstor - ok
10:04:37.0262 0940 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:04:37.0293 0940 stisvc - ok
10:04:37.0309 0940 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:04:37.0309 0940 storflt - ok
10:04:37.0340 0940 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:04:37.0340 0940 storvsc - ok
10:04:37.0356 0940 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:04:37.0356 0940 swenum - ok
10:04:37.0387 0940 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:04:37.0403 0940 swprv - ok
10:04:37.0434 0940 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
10:04:37.0449 0940 Synth3dVsc - ok
10:04:37.0496 0940 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:04:37.0559 0940 SysMain - ok
10:04:37.0590 0940 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:04:37.0590 0940 TabletInputService - ok
10:04:37.0621 0940 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:04:37.0621 0940 TapiSrv - ok
10:04:37.0652 0940 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:04:37.0652 0940 TBS - ok
10:04:37.0746 0940 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:04:37.0777 0940 Tcpip - ok
10:04:37.0839 0940 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:04:37.0855 0940 TCPIP6 - ok
10:04:37.0886 0940 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:04:37.0902 0940 tcpipreg - ok
10:04:37.0933 0940 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:04:37.0933 0940 TDPIPE - ok
10:04:37.0980 0940 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:04:37.0980 0940 TDTCP - ok
10:04:38.0011 0940 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:04:38.0027 0940 tdx - ok
10:04:38.0073 0940 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:04:38.0073 0940 TermDD - ok
10:04:38.0105 0940 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
10:04:38.0105 0940 terminpt - ok
10:04:38.0198 0940 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:04:38.0214 0940 TermService - ok
10:04:38.0229 0940 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:04:38.0229 0940 Themes - ok
10:04:38.0261 0940 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:04:38.0261 0940 THREADORDER - ok
10:04:38.0276 0940 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:04:38.0276 0940 TrkWks - ok
10:04:38.0323 0940 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:04:38.0323 0940 TrustedInstaller - ok
10:04:38.0354 0940 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:04:38.0354 0940 tssecsrv - ok
10:04:38.0370 0940 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:04:38.0370 0940 TsUsbFlt - ok
10:04:38.0401 0940 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:04:38.0401 0940 TsUsbGD - ok
10:04:38.0417 0940 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
10:04:38.0417 0940 tsusbhub - ok
10:04:38.0463 0940 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:04:38.0463 0940 tunnel - ok
10:04:38.0479 0940 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:04:38.0479 0940 uagp35 - ok
10:04:38.0510 0940 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:04:38.0510 0940 udfs - ok
10:04:38.0557 0940 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:04:38.0557 0940 UI0Detect - ok
10:04:38.0588 0940 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:04:38.0588 0940 uliagpkx - ok
10:04:38.0619 0940 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:04:38.0619 0940 umbus - ok
10:04:38.0651 0940 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:04:38.0651 0940 UmPass - ok
10:04:38.0666 0940 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:04:38.0682 0940 UmRdpService - ok
10:04:38.0713 0940 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:04:38.0713 0940 upnphost - ok
10:04:38.0760 0940 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:04:38.0760 0940 USBAAPL64 - ok
10:04:38.0822 0940 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:04:38.0822 0940 usbaudio - ok
10:04:38.0853 0940 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:04:38.0853 0940 usbccgp - ok
10:04:38.0885 0940 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:04:38.0885 0940 usbcir - ok
10:04:38.0900 0940 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:04:38.0916 0940 usbehci - ok
10:04:38.0947 0940 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:04:38.0963 0940 usbhub - ok
10:04:38.0978 0940 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:04:38.0978 0940 usbohci - ok
10:04:38.0994 0940 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:04:38.0994 0940 usbprint - ok
10:04:39.0009 0940 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:04:39.0009 0940 USBSTOR - ok
10:04:39.0041 0940 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:04:39.0041 0940 usbuhci - ok
10:04:39.0087 0940 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:04:39.0087 0940 usbvideo - ok
10:04:39.0197 0940 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
10:04:39.0212 0940 usb_rndisx - ok
10:04:39.0259 0940 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:04:39.0275 0940 UxSms - ok
10:04:39.0275 0940 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:04:39.0275 0940 VaultSvc - ok
10:04:39.0384 0940 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:04:39.0384 0940 vdrvroot - ok
10:04:39.0540 0940 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:04:39.0602 0940 vds - ok
10:04:39.0618 0940 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:04:39.0618 0940 vga - ok
10:04:39.0633 0940 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:04:39.0649 0940 VgaSave - ok
10:04:39.0649 0940 VGPU - ok
10:04:39.0727 0940 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:04:39.0727 0940 vhdmp - ok
10:04:39.0774 0940 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:04:39.0774 0940 viaide - ok
10:04:39.0899 0940 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:04:39.0914 0940 vmbus - ok
10:04:39.0992 0940 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:04:39.0992 0940 VMBusHID - ok
10:04:40.0055 0940 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:04:40.0055 0940 volmgr - ok
10:04:40.0086 0940 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:04:40.0101 0940 volmgrx - ok
10:04:40.0179 0940 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:04:40.0179 0940 volsnap - ok
10:04:40.0242 0940 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:04:40.0242 0940 vsmraid - ok
10:04:40.0398 0940 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:04:40.0460 0940 VSS - ok
10:04:40.0538 0940 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:04:40.0538 0940 vwifibus - ok
10:04:40.0554 0940 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:04:40.0554 0940 vwififlt - ok
10:04:40.0601 0940 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:04:40.0601 0940 vwifimp - ok
10:04:40.0741 0940 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:04:40.0772 0940 W32Time - ok
10:04:40.0803 0940 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:04:40.0803 0940 WacomPen - ok
10:04:40.0959 0940 [ 5CF6E9A685199445FEE02FE8C191C9BA ] wampapache c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
10:04:40.0959 0940 wampapache - ok
10:04:40.0991 0940 wampmysqld - ok
10:04:41.0022 0940 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:04:41.0037 0940 WANARP - ok
10:04:41.0037 0940 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:04:41.0037 0940 Wanarpv6 - ok
10:04:41.0256 0940 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:04:41.0287 0940 WatAdminSvc - ok
10:04:41.0334 0940 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:04:41.0365 0940 wbengine - ok
10:04:41.0381 0940 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:04:41.0396 0940 WbioSrvc - ok
10:04:41.0412 0940 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:04:41.0427 0940 wcncsvc - ok
10:04:41.0443 0940 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:04:41.0443 0940 WcsPlugInService - ok
10:04:41.0459 0940 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:04:41.0459 0940 Wd - ok
10:04:41.0490 0940 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:04:41.0505 0940 Wdf01000 - ok
10:04:41.0521 0940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:04:41.0521 0940 WdiServiceHost - ok
10:04:41.0521 0940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:04:41.0521 0940 WdiSystemHost - ok
10:04:41.0537 0940 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:04:41.0537 0940 WebClient - ok
10:04:41.0552 0940 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:04:41.0552 0940 Wecsvc - ok
10:04:41.0568 0940 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:04:41.0568 0940 wercplsupport - ok
10:04:41.0599 0940 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:04:41.0599 0940 WerSvc - ok
10:04:41.0615 0940 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:04:41.0615 0940 WfpLwf - ok
10:04:41.0630 0940 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:04:41.0630 0940 WIMMount - ok
10:04:41.0661 0940 WinDefend - ok
10:04:41.0708 0940 [ 4032F1D329FBB5E3662DDD8EF2343E3B ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
10:04:41.0708 0940 WinDriver6 - ok
10:04:41.0724 0940 WinHttpAutoProxySvc - ok
10:04:41.0771 0940 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:04:41.0786 0940 Winmgmt - ok
10:04:41.0849 0940 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:04:41.0880 0940 WinRM - ok
10:04:41.0958 0940 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:04:41.0958 0940 WinUsb - ok
10:04:41.0989 0940 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:04:42.0020 0940 Wlansvc - ok
10:04:42.0036 0940 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:04:42.0036 0940 WmiAcpi - ok
10:04:42.0067 0940 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:04:42.0067 0940 wmiApSrv - ok
10:04:42.0098 0940 WMPNetworkSvc - ok
10:04:42.0114 0940 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:04:42.0114 0940 WPCSvc - ok
10:04:42.0129 0940 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:04:42.0145 0940 WPDBusEnum - ok
10:04:42.0145 0940 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:04:42.0161 0940 ws2ifsl - ok
10:04:42.0192 0940 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:04:42.0192 0940 wscsvc - ok
10:04:42.0192 0940 WSearch - ok
10:04:42.0301 0940 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:04:42.0363 0940 wuauserv - ok
10:04:42.0410 0940 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:04:42.0410 0940 WudfPf - ok
10:04:42.0441 0940 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:04:42.0457 0940 WUDFRd - ok
10:04:42.0488 0940 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:04:42.0488 0940 wudfsvc - ok
10:04:42.0519 0940 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:04:42.0519 0940 WwanSvc - ok
10:04:42.0582 0940 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:04:42.0582 0940 xusb21 - ok
10:04:42.0629 0940 ================ Scan global ===============================
10:04:42.0660 0940 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:04:42.0691 0940 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:04:42.0707 0940 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:04:42.0738 0940 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:04:42.0753 0940 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:04:42.0769 0940 [Global] - ok
10:04:42.0769 0940 ================ Scan MBR ==================================
10:04:42.0769 0940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:04:43.0362 0940 \Device\Harddisk1\DR1 - ok
10:04:43.0393 0940 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
10:04:43.0455 0940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:04:43.0455 0940 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:04:43.0565 0940 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:04:43.0565 0940 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:04:43.0565 0940 ================ Scan VBR ==================================
10:04:43.0596 0940 [ 1818FD22B8D92D53AE9A99E158C26992 ] \Device\Harddisk1\DR1\Partition1
10:04:43.0596 0940 \Device\Harddisk1\DR1\Partition1 - ok
10:04:43.0596 0940 [ 0DC24AB5FE5F4AD1809EBC4EA5A33B77 ] \Device\Harddisk1\DR1\Partition2
10:04:43.0596 0940 \Device\Harddisk1\DR1\Partition2 - ok
10:04:43.0596 0940 [ D4D84DDB88A1571B18738693647AE3D6 ] \Device\Harddisk0\DR0\Partition1
10:04:43.0596 0940 \Device\Harddisk0\DR0\Partition1 - ok
10:04:43.0596 0940 ============================================================
10:04:43.0596 0940 Scan finished
10:04:43.0596 0940 ============================================================
10:04:43.0611 1484 Detected object count: 2
10:04:43.0611 1484 Actual detected object count: 2
10:04:49.0009 1484 \Device\Harddisk0\DR0\# - copied to quarantine
10:04:49.0009 1484 \Device\Harddisk0\DR0 - copied to quarantine
10:04:49.0149 1484 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:04:49.0149 1484 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:04:49.0181 1484 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:04:49.0212 1484 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:04:49.0212 1484 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:04:49.0212 1484 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:04:49.0212 1484 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:04:49.0212 1484 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:04:49.0227 1484 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:04:49.0227 1484 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:04:49.0227 1484 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:04:49.0305 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0305 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0305 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0321 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0321 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0321 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0337 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0337 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0337 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0352 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0352 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0352 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0368 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0368 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0368 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0383 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0383 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0399 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0399 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0399 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:04:49.0399 1484 \Device\Harddisk0\DR0 - processing error
10:04:50.0725 1484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:04:50.0725 1484 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:04:50.0725 1484 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:17 AM

Posted 08 December 2012 - 11:15 AM

did you reboot the computer?
do you have the latest ComboFix log? (C:\ComboFix.txt)

Please run the following:


  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 whinis

whinis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 08 December 2012 - 11:59 AM

I did reboot

Combofix
ComboFix 12-12-07.01 - John 12/08/2012 9:43.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4085.2570 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll"
"c:\program files (x86)\Vuze\bunndle.zip"
"c:\users\John\Desktop\Old Firefox Data\extensions\dsnbnzksns@dsnbnzksns.org.xpi"
"c:\users\John\Documents\ubcd511.iso"
"c:\users\John\Documents\uscb\ubcd\images\konboot.img.gz"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll
c:\program files (x86)\Vuze\bunndle.zip
c:\users\John\Desktop\Old Firefox Data\extensions\dsnbnzksns@dsnbnzksns.org.xpi
c:\users\John\Documents\ubcd511.iso
c:\users\John\Documents\uscb\ubcd\images\konboot.img.gz
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 14:48 . 2012-12-08 14:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-08 14:48 . 2012-12-08 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 04:15 . 2012-12-08 04:15 -------- d-----w- c:\program files (x86)\ESET
2012-12-08 03:51 . 2012-12-08 03:51 -------- d-----w- c:\windows\ERUNT
2012-12-08 03:51 . 2012-12-08 03:51 -------- d-----w- C:\JRT
2012-12-08 02:53 . 2012-12-08 02:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-07 11:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28617A9D-1058-43BB-B997-D7B1AAC8E15A}\mpengine.dll
2012-12-07 03:13 . 2012-12-07 03:13 -------- d-----w- C:\FRST
2012-12-06 23:58 . 2012-12-08 02:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-06 23:55 . 2012-12-06 23:55 -------- d-----w- c:\users\John\AppData\Local\PDF Writer
2012-12-06 23:54 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\users\John\AppData\Roaming\PDF Writer
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\programdata\PDF Writer
2012-12-06 23:54 . 2012-12-06 23:54 -------- d-----w- c:\program files\Common Files\Bullzip
2012-12-06 23:54 . 2012-12-05 06:14 139264 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-12-06 23:54 . 2008-10-30 06:14 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-12-06 23:54 . 2008-07-09 06:14 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-12-06 23:54 . 2012-12-05 06:14 218624 ----a-w- c:\windows\system32\bzpdf.dll
2012-12-06 23:53 . 2012-12-06 23:53 -------- d-----w- c:\program files\Bullzip
2012-12-06 23:53 . 1999-05-06 22:00 140288 ----a-w- c:\windows\SysWow64\comdlg32.OCX
2012-12-06 23:53 . 2012-12-06 23:53 -------- d-----w- c:\users\John\AppData\Local\Programs
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 21:59 . 2012-12-05 21:59 -------- d-----w- c:\programdata\Malwarebytes
2012-12-05 21:59 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 22:55 . 2012-11-30 18:00 -------- d-----w- C:\Jumpshot
2012-11-30 22:55 . 2012-11-30 22:55 -------- d-----w- c:\windows\jumpshot.com
2012-11-29 03:05 . 2012-11-29 03:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-24 03:34 . 2012-11-24 03:34 -------- d-----w- c:\users\John\AppData\Roaming\Microsoft Corporation
2012-11-23 23:51 . 2012-11-23 23:51 -------- d-----w- c:\users\John\AppData\Local\IsolatedStorage
2012-11-23 23:51 . 2012-11-25 19:39 -------- d-----w- c:\users\John\AppData\Roaming\VisualAssist
2012-11-23 23:51 . 2012-11-25 19:39 -------- d-----w- c:\users\John\AppData\Local\VisualAssist
2012-11-23 23:38 . 2012-11-23 23:38 -------- d-----w- c:\users\John\AppData\Roaming\Atmel
2012-11-23 23:38 . 2012-11-23 23:38 -------- d-----w- c:\users\John\AppData\Local\Atmel
2012-11-23 23:36 . 2012-11-23 23:36 -------- d-----w- c:\program files\DIFX
2012-11-23 23:36 . 2012-11-23 23:36 -------- d-----w- c:\program files\Seggger
2012-11-23 23:35 . 2009-07-14 15:07 143360 ----a-w- c:\windows\SysWow64\wdapi1002.dll
2012-11-23 23:35 . 2009-05-14 18:21 157184 ----a-w- c:\windows\SysWow64\wdapi1001.dll
2012-11-23 23:35 . 2008-07-04 14:51 110592 ----a-w- c:\windows\SysWow64\wdapi921.dll
2012-11-23 23:35 . 2006-10-18 20:39 141824 ----a-w- c:\windows\SysWow64\wdapi811.dll
2012-11-23 23:35 . 2012-02-27 19:46 260608 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-11-23 23:35 . 2010-01-18 01:13 110592 ----a-w- c:\windows\SysWow64\wdapi1011.dll
2012-11-23 23:35 . 2009-09-02 16:48 143360 ----a-w- c:\windows\SysWow64\wdapi1010.dll
2012-11-23 23:34 . 2012-11-23 23:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-11-23 23:33 . 2012-11-23 23:33 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-11-23 23:33 . 2012-11-25 15:07 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\windows\SysWow64\1033
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-11-23 23:32 . 2012-11-23 23:32 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-11-21 19:34 . 2012-11-21 19:34 -------- d-----w- c:\users\John\AppData\Local\Macromedia
2012-11-21 15:39 . 2012-12-06 20:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-20 18:32 . 2012-11-21 02:27 -------- d-----w- c:\program files\Nightly
2012-11-17 16:47 . 2012-11-17 16:47 -------- d-----w- c:\users\John\AppData\Roaming\Unity
2012-11-17 14:50 . 2012-11-17 14:50 -------- d-----w- c:\users\John\AppData\Local\Unity
2012-11-16 00:32 . 2012-11-16 00:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-15 08:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-13 00:34 . 2012-11-13 00:35 -------- d-----w- c:\program files (x86)\FTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 17:37 . 2012-11-04 16:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 17:37 . 2011-11-11 01:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 17:37 . 2012-11-04 17:37 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-16 08:38 . 2012-11-28 11:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-14 19:19 . 2012-10-10 11:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 11:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A90A078-4BB9-4568-9557-CDEEFCAE68A0}]
2010-12-29 18:20 14432 ----a-w- c:\program files (x86)\Shop to Win 22\Shop to Win 22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-11-18 968592]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-07 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-01-30 315272]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
R3 libusb0;Atmel - LibUsb Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-01-25 43456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2011-12-19 74240]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [2011-02-26 31824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-10 1255736]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-11-10 35104]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-30 58368]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2009-11-04 20032]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2009-11-04 39488]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:37]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529369-3746976906-3756048341-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 03:19]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529369-3746976906-3756048341-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 03:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\klmmpe4s.default-1353589593860\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-CouponBar5.0.0.5 - c:\program files (x86)\Coupons.com CouponBar\uninstall.exe
AddRemove-{92A196AE-9B4D-499C-94D4-18FA2061B3CE}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\0f\15$7?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-08 09:50:30
ComboFix-quarantined-files.txt 2012-12-08 14:50
ComboFix2.txt 2012-12-08 03:44
ComboFix3.txt 2012-12-08 03:11
ComboFix4.txt 2012-12-07 01:44
.
Pre-Run: 230,475,448,320 bytes free
Post-Run: 230,179,250,176 bytes free
.
- - End Of File - - F74D31546E7C6500088AABA61CD83B9C

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Scan -- Date : 12/08/2012 11:33:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][Rans.Gendarm] HKUS\S-1-5-21-2105529369-3746976906-3756048341-1003[...]\Run : Update (rundll32.exe "C:\Users\John\AppData\Roaming\Apple Computer\Apple Computer\ulbzyvwiq.dll",DllRegisterServer) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS ATA Device +++++
--- User ---
[MBR] 56d9a3f8255c650221afda6e3e306fc4
[BSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305244 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST9320423AS ATA Device +++++
--- User ---
[MBR] 907ec3499a71e6db8c9a823301777fdf
[BSP] e1cad57204df9c6d19132e0bdc98aa66 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305142 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SD Memory Card +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12082012_02d1133.txt >>
RKreport[1]_S_12082012_02d1133.txt


RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Remove -- Date : 12/08/2012 11:33:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][Rans.Gendarm] HKUS\S-1-5-21-2105529369-3746976906-3756048341-1003[...]\Run : Update (rundll32.exe "C:\Users\John\AppData\Roaming\Apple Computer\Apple Computer\ulbzyvwiq.dll",DllRegisterServer) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS ATA Device +++++
--- User ---
[MBR] 56d9a3f8255c650221afda6e3e306fc4
[BSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305244 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST9320423AS ATA Device +++++
--- User ---
[MBR] 907ec3499a71e6db8c9a823301777fdf
[BSP] e1cad57204df9c6d19132e0bdc98aa66 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305142 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SD Memory Card +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12082012_02d1133.txt >>
RKreport[1]_S_12082012_02d1133.txt ; RKreport[2]_D_12082012_02d1133.txt


RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/08/2012 11:35:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 79 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 88 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped
[G:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\SCDEmu\SCDEmuCd1 -- 0x5 --> Skipped
[I:] \Device\SCDEmu\SCDEmuCd2 -- 0x5 --> Skipped
[J:] \Device\SCDEmu\SCDEmuCd3 -- 0x5 --> Skipped
[K:] \Device\SCDEmu\SCDEmuCd4 -- 0x5 --> Skipped
[L:] \Device\SCDEmu\SCDEmuCd5 -- 0x5 --> Skipped
[M:] \Device\HarddiskVolume4 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_12082012_02d1135.txt >>
RKreport[1]_S_12082012_02d1133.txt ; RKreport[2]_D_12082012_02d1133.txt ; RKreport[3]_SC_12082012_02d1135.txt

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:17 AM

Posted 08 December 2012 - 12:28 PM

looks better,

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 whinis

whinis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 08 December 2012 - 03:26 PM

Both tdss and maleware anti-rootkit are showing pihar is still there.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.9.6 (12.07.2012:1)
OS: Windows 7 Ultimate x64
Ran by John on Sat 12/08/2012 at 12:59:01.72
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/08/2012 at 13:03:58.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: ASUSLAPTOP [administrator]

12/8/2012 1:15:13 PM
mbam-log-2012-12-08 (13-15-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229759
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


# AdwCleaner v2.011 - Logfile created 12/08/2012 at 13:11:41
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : John - ASUSLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfhhcpdkkfaconddfjbielfdiloadbpg

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfhhcpdkkfaconddfjbielfdiloadbpg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfhhcpdkkfaconddfjbielfdiloadbpg

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default-1353589593860 [Profil par défaut]
File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\klmmpe4s.default-1353589593860\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9990 octets] - [07/12/2012 22:59:27]
AdwCleaner[S2].txt - [1244 octets] - [08/12/2012 13:11:41]

########## EOF - C:\AdwCleaner[S2].txt - [1304 octets] ##########


C:\Qoobox\Quarantine\C\Program Files (x86)\Vuze\bunndle.zip.vir a variant of Win32/Bunndle application
C:\Qoobox\Quarantine\C\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll.vir a variant of Win32/Bunndle application
C:\Qoobox\Quarantine\C\Users\John\Desktop\Old Firefox Data\extensions\dsnbnzksns@dsnbnzksns.org.xpi.vir JS/Redirector.NBX trojan
C:\Qoobox\Quarantine\C\Users\John\Documents\uscb\ubcd\images\konboot.img.gz.vir Win32/PSWTool.KonBoot.A application
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_18.57.52\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.19.59\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_19.24.43\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.02.10\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_20.08.52\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.12.2012_21.20.54\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\07.12.2012_07.44.47\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\07.12.2012_21.25.24\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\08.12.2012_09.59.33\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\08.12.2012_09.59.33\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\08.12.2012_09.59.33\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\08.12.2012_09.59.33\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\08.12.2012_09.59.33\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\08.12.2012_09.59.33\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\08.12.2012_10.04.08\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\08.12.2012_10.04.08\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\08.12.2012_10.04.08\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\08.12.2012_10.04.08\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AI trojan
C:\TDSSKiller_Quarantine\08.12.2012_10.04.08\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\08.12.2012_10.04.08\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users