Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Bifrose.NTA trojan and Win32/TrojanDownloader.Agent.RIJ trojan


  • This topic is locked This topic is locked
8 replies to this topic

#1 CarlTol

CarlTol

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 08 December 2012 - 04:57 PM

eSets found and removed several Trojans. Just wanted to make sure the system is actually clean. The eSet log is below as well as the DDS scan. Thanks for your help. Carl

eSet Log:

C:\Users\Carl\AppData\Local\cjcwyim.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined
C:\Users\Carl\AppData\Local\qjsngankgyvd.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined
F:\Users\Carl\Downloads\03_Audio_W7NP7220.exe Win32/Bifrose.NTA trojan cleaned by deleting - quarantined
F:\Users\Carl\Downloads\Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
H:\Users\Carl\AppData\Local\cjcwyim.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined
H:\Users\Carl\AppData\Local\qjsngankgyvd.exe probably a variant of Win32/TrojanDownloader.Agent.RIJ trojan cleaned by deleting - quarantined

DDS Scan:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Carl at 13:22:57 on 2012-12-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.4093 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\PGP Corporation\PGP Universal\PGPUniv.exe
C:\Program Files (x86)\JustCloud\JustCloud.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\JustCloud\BackupStack.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe
C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking12\x64\dgnuiasvr_x64.exe
C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dnsspserver.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = Preserve
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [2C03C154482FF4289814467522F2BE0E7F60963C._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
StartupFolder: C:\Users\Carl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JUSTCL~1.LNK - C:\Program Files (x86)\JustCloud\JustCloud.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPUNI~1.LNK - C:\Windows\Installer\{90ECC126-5C95-47D0-81C6-B79B4C7F2179}\Icon18054454.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm
IE: Send page to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\PGPlsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1288904828919
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 172.27.35.1
TCP: Interfaces\{65B62C55-2F3A-4D6C-9A86-10947A28EC52} : DHCPNameServer = 172.27.35.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
AppInit_DLLs= PGPmapih.dll
SSODL: WebCheck - <orphaned>
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2011-7-4 13936]
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2011-11-7 58952]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2011-11-7 48200]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-10-29 21544]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2011-11-7 18504]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2011-11-7 189000]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 BackupStack;Computer Backup (JustCloud);C:\Program Files (x86)\JustCloud\BackupStack.exe [2012-10-25 34344]
R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-11-3 69192]
R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-11-3 23624]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2848168]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2011-7-4 206960]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [1999-12-31 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [1999-12-31 181248]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\Windows\System32\drivers\RtkBtfilter.sys [2012-11-23 545384]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-24 685672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys [2011-4-10 17408]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-11-5 15712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-16 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-4 203776]
S4 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-4-10 9663848]
.
=============== Created Last 30 ================
.
2012-12-08 02:29:40 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AF44EB3-DB8A-4D73-A84D-CE8053154241}\mpengine.dll
2012-12-07 01:49:40 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-07 00:05:00 -------- d-----w- C:\Program Files (x86)\Belarc
2012-12-05 20:03:32 -------- d-----w- C:\Users\Carl\AppData\Roaming\SUPERAntiSpyware.com
2012-12-05 20:03:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-12-05 20:03:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-12-05 18:42:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-05 18:42:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-05 16:40:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-12-03 00:31:44 -------- d-----w- C:\Program Files (x86)\SlimDrivers
2012-11-29 22:23:58 -------- d-----w- C:\Program Files\CPUID
2012-11-28 07:54:27 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEFABAEF-6CB7-4D20-A692-9C9B11B0737B}\gapaengine.dll
2012-11-26 05:47:59 -------- d-----w- C:\System backup 11-4-2012 8-56 AM
2012-11-25 16:27:30 -------- d-----w- C:\Program Files\CCleaner
2012-11-24 18:32:38 664448 ----a-r- C:\Users\Carl\AppData\Roaming\Microsoft\Installer\{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}\Icon.exe
2012-11-24 18:32:31 -------- d-----w- C:\Users\Carl\AppData\Local\Amazon
2012-11-24 18:08:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-24 18:08:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-24 18:08:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-24 18:08:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-24 18:08:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-24 18:08:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-24 18:08:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-24 18:06:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-24 18:06:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-24 18:06:31 -------- d-----w- C:\Program Files\iTunes
2012-11-24 18:06:31 -------- d-----w- C:\Program Files\iPod
2012-11-24 18:06:31 -------- d-----w- C:\Program Files (x86)\iTunes
2012-11-24 18:05:32 -------- d-----w- C:\Program Files\Bonjour
2012-11-24 18:05:32 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-11-24 18:04:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 17:45:00 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-11-24 17:42:40 -------- d-----w- C:\Intel
2012-11-24 17:32:02 -------- d-----w- C:\Program Files\Realtek
2012-11-24 17:32:01 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-11-24 17:24:09 -------- d--h--w- C:\Program Files (x86)\Temp
2012-11-24 17:24:08 1706640 ----a-w- C:\Windows\RtlExUpd.dll
2012-11-24 17:24:06 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-11-24 17:24:06 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-11-24 17:24:06 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-24 17:24:06 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-11-24 17:24:06 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-11-24 17:24:06 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-11-24 17:24:05 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-11-24 17:24:05 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-11-24 17:07:04 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-11-24 17:07:04 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-11-24 17:07:04 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-11-24 17:04:19 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-11-24 17:04:19 685672 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-11-24 06:39:10 545384 ----a-w- C:\Windows\System32\drivers\RtkBtfilter.sys
2012-11-24 06:38:56 -------- d-----w- C:\Program Files (x86)\Cisco
2012-11-24 06:38:43 584704 ----a-w- C:\Windows\System32\Rtlihvs.dll
2012-11-24 06:38:39 -------- d-----w- C:\Program Files (x86)\REALTEK PCIE Wireless LAN and Bluetooth Driver
2012-11-24 06:38:38 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2012-11-23 08:32:54 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2012-11-23 08:32:53 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2012-11-23 08:32:53 -------- d-----w- C:\Program Files (x86)\PDFCreator
2012-11-23 08:32:38 -------- d-----w- C:\Users\Carl\AppData\Local\Shopping Sidekick
2012-11-22 03:19:56 -------- d-----w- C:\Program Files\PGP Corporation
2012-11-15 18:09:17 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 18:09:17 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 18:09:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 18:09:16 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 18:09:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 18:09:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 18:09:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-10 22:30:53 -------- d--h--w- C:\SkyDriveTemp
.
==================== Find3M ====================
.
2012-12-03 08:04:44 488960 --sha-w- C:\EUMONBMP.SYS
2012-12-03 00:31:47 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-11-24 18:04:09 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-11-24 18:04:09 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-22 03:20:00 135198 ----a-w- C:\Windows\SysWow64\PGPlspRollback.reg
2012-11-16 16:22:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-16 16:22:02 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-20 06:02:22 24136 ----a-w- C:\Windows\System32\fbnative.exe
2012-10-20 06:02:16 189000 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys
2012-10-20 06:02:12 48200 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys
2012-10-20 06:02:06 18504 ----a-w- C:\Windows\System32\drivers\eudskacs.sys
2012-10-20 06:02:04 58952 ----a-w- C:\Windows\System32\drivers\eubakup.sys
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 04:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 04:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 04:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 04:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 04:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 04:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 04:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 04:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-10 03:31:14 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 21:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-29 05:32:08 2177688 ----a-w- C:\Windows\System32\coin92.dll
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 13:23:04.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 08 December 2012 - 05:09 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CarlTol

CarlTol
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 08 December 2012 - 06:38 PM

Here it is.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012
Ran by SYSTEM at 08-12-2012 15:30:15
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini" [367 2012-12-08] ()
HKLM-x32\...\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [70728 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [1315400 2012-10-30] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\Carl\...\Run: [2C03C154482FF4289814467522F2BE0E7F60963C._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [1242728 2012-11-27] (Google Inc.)
HKU\Carl\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-11-26] (Siber Systems)
HKU\Carl\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
HKU\Carl\...\Policies\system: [DisableCMD] 0
Tcpip\Parameters: [DhcpNameServer] 172.27.35.1
AppInit_DLLs: PGPmapih.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PGPUniversal.exe.lnk
ShortcutTarget: PGPUniversal.exe.lnk -> C:\Windows\Installer\{90ECC126-5C95-47D0-81C6-B79B4C7F2179}\Icon18054454.exe ()
Startup: C:\Users\Carl\Start Menu\Programs\Startup\JustCloud.lnk
ShortcutTarget: JustCloud.lnk -> C:\Program Files (x86)\JustCloud\JustCloud.exe (JustCloud.com)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 BackupStack; C:\Program Files (x86)\JustCloud\BackupStack.exe [34344 2012-10-25] (Just Develop It)
2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
4 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [9663848 2011-04-10] (DisplayLink Corp.)
2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [69192 2012-10-30] (CHENGDU YIWO Tech Development Co., Ltd)
2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
3 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1328736 2012-09-24] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [656480 2012-09-24] (Secunia)

==================== Drivers (Whitelisted) =====================

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21544 2010-04-27] ()
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [17408 2011-04-10] (http://libusb-win32.sourceforge.net)
0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [48200 2012-10-19] ()
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 RtkBtFilter; C:\Windows\System32\Drivers\RtkBtFilter.sys [545384 1999-12-31] (Realtek Semiconductor Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SWDUMon; C:\Windows\System32\Drivers\SWDUMon.sys [15712 2012-12-08] ()
3 ALSysIO; [x]
3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [x]
3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [x]
3 EUFDDISK0; \??\C:\Windows\system32\drivers\EUFDDISK0.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 TCCrystalCpuInfo; [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-08 15:29 - 2012-12-08 15:29 - 00000000 ____D C:\FRST
2012-12-08 14:16 - 2012-12-08 15:25 - 00000163 ____A C:\Windows\setupact.log
2012-12-08 14:16 - 2012-12-08 14:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-06 16:05 - 2012-12-06 16:05 - 00000000 ____D C:\Program Files (x86)\Belarc
2012-12-05 12:22 - 2012-12-05 12:22 - 00000000 ____D C:\Windows\ERDNT
2012-12-05 12:21 - 2012-12-05 12:21 - 00000928 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000928 ____A C:\Users\Carl\Desktop\NTREGOPT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000909 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000909 ____A C:\Users\Carl\Desktop\ERUNT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000000 ____D C:\Program Files (x86)\ERUNT
2012-12-05 12:03 - 2012-12-05 12:03 - 00000000 ____D C:\Users\Carl\AppData\Roaming\SUPERAntiSpyware.com
2012-12-05 12:03 - 2012-12-05 12:03 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-12-05 12:03 - 2012-12-05 12:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-12-05 10:42 - 2012-12-05 10:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-05 10:42 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-05 10:18 - 2012-12-05 14:05 - 00002120 ____A C:\scu.dat
2012-12-05 08:40 - 2012-12-05 08:40 - 00000000 ____D C:\Program Files (x86)\ESET
2012-12-04 23:16 - 2012-12-04 23:16 - 00000000 ____D C:\Program Files\HijackThis
2012-12-03 16:38 - 2012-12-03 16:38 - 00000000 ____D C:\Program Files\7-Zip
2012-12-03 00:28 - 2012-12-03 00:28 - 00004096 __ASH C:\{B72C3CAF-C4E9-45E1-BCB9-6E832776AB53}.CBM
2012-11-29 14:23 - 2012-11-29 14:23 - 00000000 ____D C:\Program Files\CPUID
2012-11-28 12:07 - 2012-11-28 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-28 12:07 - 2012-11-28 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-11-25 21:47 - 2012-11-25 21:48 - 00000000 ____D C:\System backup 11-4-2012 8-56 AM
2012-11-25 17:51 - 2012-11-25 17:51 - 00015360 _____ C:\bootex.log
2012-11-25 17:51 - 2012-11-25 17:51 - 00003272 _____ C:\bootsqm.dat
2012-11-25 13:49 - 2012-12-08 15:25 - 00947610 ____A C:\Windows\WindowsUpdate.log
2012-11-25 08:27 - 2012-12-05 10:33 - 00000000 ____D C:\Program Files\CCleaner
2012-11-24 10:32 - 2012-11-24 10:32 - 00000000 ____D C:\Users\Carl\AppData\Local\Amazon
2012-11-24 10:08 - 2012-11-24 10:08 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-11-24 10:08 - 2012-11-24 10:08 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Program Files\iTunes
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Program Files\iPod
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-24 10:06 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files\Bonjour
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-11-24 10:04 - 2012-11-24 10:04 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-11-24 10:04 - 2012-11-24 10:04 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-24 10:04 - 2012-11-24 10:04 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-24 10:04 - 2012-11-24 10:04 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-24 09:45 - 2012-11-24 09:45 - 00000000 ____D C:\Program Files (x86)\Intel
2012-11-24 09:45 - 1999-12-31 16:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2012-11-24 09:42 - 2012-11-24 09:42 - 00000000 ____D C:\Intel
2012-11-24 09:32 - 2012-11-24 09:32 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-11-24 09:32 - 2012-11-24 09:32 - 00000000 ____D C:\Program Files\Realtek
2012-11-24 09:31 - 1999-12-31 16:00 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2012-11-24 09:31 - 1999-12-31 16:00 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-11-24 09:31 - 1999-12-31 16:00 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2012-11-24 09:31 - 1999-12-31 16:00 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-11-24 09:31 - 1999-12-31 16:00 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2012-11-24 09:31 - 1999-12-31 16:00 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2012-11-24 09:24 - 1999-12-31 16:00 - 01706640 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2012-11-24 09:07 - 1999-12-31 16:00 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-11-24 09:07 - 1999-12-31 16:00 - 00189288 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-11-24 09:07 - 1999-12-31 16:00 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-11-24 09:04 - 1999-12-31 16:00 - 00685672 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2012-11-24 09:04 - 1999-12-31 16:00 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2012-11-24 00:18 - 2012-11-25 12:35 - 00019168 ____A C:\Users\Carl\AppData\Local\BTServer.log
2012-11-23 22:39 - 1999-12-31 16:00 - 00545384 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\Drivers\RtkBtfilter.sys
2012-11-23 22:38 - 2012-11-23 22:39 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN and Bluetooth Driver
2012-11-23 22:38 - 2012-11-23 22:39 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-11-23 22:38 - 2011-11-28 19:30 - 00584704 ____A (Realtek Semiconductor Corp. ) C:\Windows\System32\Rtlihvs.dll
2012-11-23 22:38 - 2010-12-01 09:31 - 00451072 ____A C:\Windows\SysWOW64\ISSRemoveSP.exe
2012-11-23 00:32 - 2012-11-23 00:41 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2012-11-23 00:32 - 2012-11-23 00:32 - 00000000 ____D C:\Users\Carl\AppData\Local\Shopping Sidekick
2012-11-23 00:32 - 2005-03-12 00:07 - 00087040 ____A C:\Windows\System32\pdfcmnnt.dll
2012-11-23 00:32 - 1998-07-06 00:00 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2012-11-21 19:19 - 2012-11-21 19:19 - 00000000 ____D C:\Program Files\PGP Corporation
2012-11-15 10:11 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 10:11 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 10:11 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 10:11 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 10:11 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 10:11 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 10:11 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 10:11 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 10:11 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 10:11 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 10:11 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 10:11 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 10:11 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 10:11 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 10:11 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 10:11 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 10:11 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 10:11 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 10:11 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 10:11 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 10:11 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 10:11 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 10:11 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 10:11 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 10:11 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 10:11 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 10:11 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 10:11 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 10:11 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 10:11 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 10:11 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 10:11 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 10:09 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 10:09 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 10:09 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 10:09 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 10:09 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 10:09 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 10:09 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 10:09 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-15 10:07 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-15 10:07 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-15 10:07 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-15 10:07 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-15 10:07 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-15 10:07 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-15 10:07 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-15 10:07 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-15 10:07 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-15 10:07 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-15 10:07 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-15 10:07 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-15 10:07 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-15 10:07 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-15 10:07 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-15 10:07 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-15 10:07 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-15 10:07 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-15 10:07 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-08 08:23 - 2012-11-08 08:23 - 00000000 ____D C:\Users\Carl\AppData\Roaming\j2 Global
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____D C:\Users\Carl\AppData\Roaming\eFax Messenger
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____D C:\Users\All Users\eFax Messenger 4.4 Output
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____D C:\Program Files (x86)\eFax Messenger 4.4
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____A C:\Windows\System32\eFax_4_4_Port

==================== One Month Modified Files and Folders =======

2012-12-08 15:29 - 2012-12-08 15:29 - 00000000 ____D C:\FRST
2012-12-08 15:25 - 2012-12-08 14:16 - 00000163 ____A C:\Windows\setupact.log
2012-12-08 15:25 - 2012-11-25 13:49 - 00947610 ____A C:\Windows\WindowsUpdate.log
2012-12-08 15:25 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-08 15:25 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-08 15:24 - 2011-01-06 09:56 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-08 15:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-12-08 14:16 - 2012-12-08 14:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-08 14:14 - 2011-11-20 08:50 - 00000000 ____D C:\Users\All Users\firebird
2012-12-08 13:27 - 2012-11-05 08:19 - 00015712 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2012-12-08 10:46 - 2010-10-26 18:36 - 00001155 ____A C:\Users\Carl\AppData\Roaming\SAS7_000.DAT
2012-12-06 16:05 - 2012-12-06 16:05 - 00000000 ____D C:\Program Files (x86)\Belarc
2012-12-05 15:19 - 2010-10-31 07:22 - 00007671 ____A C:\Users\Carl\AppData\Local\Resmon.ResmonCfg
2012-12-05 14:05 - 2012-12-05 10:18 - 00002120 ____A C:\scu.dat
2012-12-05 12:22 - 2012-12-05 12:22 - 00000000 ____D C:\Windows\ERDNT
2012-12-05 12:21 - 2012-12-05 12:21 - 00000928 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000928 ____A C:\Users\Carl\Desktop\NTREGOPT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000909 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000909 ____A C:\Users\Carl\Desktop\ERUNT.lnk
2012-12-05 12:21 - 2012-12-05 12:21 - 00000000 ____D C:\Program Files (x86)\ERUNT
2012-12-05 12:03 - 2012-12-05 12:03 - 00000000 ____D C:\Users\Carl\AppData\Roaming\SUPERAntiSpyware.com
2012-12-05 12:03 - 2012-12-05 12:03 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-12-05 12:03 - 2012-12-05 12:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-12-05 10:42 - 2012-12-05 10:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-05 10:33 - 2012-11-25 08:27 - 00000000 ____D C:\Program Files\CCleaner
2012-12-05 08:40 - 2012-12-05 08:40 - 00000000 ____D C:\Program Files (x86)\ESET
2012-12-04 23:16 - 2012-12-04 23:16 - 00000000 ____D C:\Program Files\HijackThis
2012-12-03 16:38 - 2012-12-03 16:38 - 00000000 ____D C:\Program Files\7-Zip
2012-12-03 00:28 - 2012-12-03 00:28 - 00004096 __ASH C:\{B72C3CAF-C4E9-45E1-BCB9-6E832776AB53}.CBM
2012-12-03 00:04 - 2011-11-07 14:01 - 00488960 __ASH C:\EUMONBMP.SYS
2012-12-02 23:39 - 2010-10-23 09:48 - 00000164 ____A C:\Windows\Spell Catcher.INI
2012-12-02 23:39 - 2010-10-23 09:34 - 00000000 ____D C:\Program Files (x86)\Spell Catcher Plus
2012-12-01 15:37 - 2011-01-12 16:19 - 00000000 ____D C:\Users\Carl\AppData\Roaming\TeamViewer
2012-11-29 14:23 - 2012-11-29 14:23 - 00000000 ____D C:\Program Files\CPUID
2012-11-28 12:07 - 2012-11-28 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-28 12:07 - 2012-11-28 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-11-25 21:48 - 2012-11-25 21:47 - 00000000 ____D C:\System backup 11-4-2012 8-56 AM
2012-11-25 19:14 - 2010-10-16 08:08 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1
2012-11-25 17:51 - 2012-11-25 17:51 - 00015360 _____ C:\bootex.log
2012-11-25 17:51 - 2012-11-25 17:51 - 00003272 _____ C:\bootsqm.dat
2012-11-25 12:42 - 2011-03-15 22:36 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-25 12:35 - 2012-11-24 00:18 - 00019168 ____A C:\Users\Carl\AppData\Local\BTServer.log
2012-11-25 12:30 - 2010-10-16 07:17 - 00000000 ____D C:\Users\Carl\AppData\Local\Google
2012-11-25 08:32 - 2010-10-16 11:23 - 00000000 ___DC C:\Users\Carl\AppData\Local\MigWiz
2012-11-25 08:32 - 2010-10-15 20:46 - 00000000 ____D C:\Windows\Panther
2012-11-24 14:54 - 2009-07-13 21:13 - 00783374 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-24 10:35 - 2010-10-15 19:50 - 00000000 ____D C:\users\Carl
2012-11-24 10:32 - 2012-11-24 10:32 - 00000000 ____D C:\Users\Carl\AppData\Local\Amazon
2012-11-24 10:08 - 2012-11-24 10:08 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-11-24 10:08 - 2012-11-24 10:08 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Program Files\iTunes
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Program Files\iPod
2012-11-24 10:06 - 2012-11-24 10:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-24 10:06 - 2012-06-29 07:50 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files\Bonjour
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-11-24 10:05 - 2012-11-24 10:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-11-24 10:04 - 2012-11-24 10:04 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-11-24 10:04 - 2012-11-24 10:04 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-24 10:04 - 2012-11-24 10:04 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-24 10:04 - 2012-11-24 10:04 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-24 10:04 - 2012-06-29 07:40 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-11-24 10:04 - 2010-10-15 20:18 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-11-24 10:04 - 2010-10-15 20:18 - 00000000 ____D C:\Program Files (x86)\Java
2012-11-24 09:45 - 2012-11-24 09:45 - 00000000 ____D C:\Program Files (x86)\Intel
2012-11-24 09:42 - 2012-11-24 09:42 - 00000000 ____D C:\Intel
2012-11-24 09:32 - 2012-11-24 09:32 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-11-24 09:32 - 2012-11-24 09:32 - 00000000 ____D C:\Program Files\Realtek
2012-11-24 09:31 - 2010-10-15 19:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-24 09:31 - 2010-10-15 19:55 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-11-24 09:20 - 2011-07-16 11:11 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-11-24 09:16 - 2010-11-03 14:16 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-11-24 09:08 - 2011-02-17 18:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-23 22:39 - 2012-11-23 22:38 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN and Bluetooth Driver
2012-11-23 22:39 - 2012-11-23 22:38 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-11-23 00:41 - 2012-11-23 00:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2012-11-23 00:32 - 2012-11-23 00:32 - 00000000 ____D C:\Users\Carl\AppData\Local\Shopping Sidekick
2012-11-21 19:20 - 2011-12-01 23:57 - 00135198 ____A C:\Windows\SysWOW64\PGPlspRollback.reg
2012-11-21 19:19 - 2012-11-21 19:19 - 00000000 ____D C:\Program Files\PGP Corporation
2012-11-16 08:22 - 2012-04-12 07:23 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-16 08:22 - 2012-04-12 07:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-16 08:22 - 2011-05-15 19:11 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-16 08:22 - 2011-02-18 12:09 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-16 00:17 - 2012-09-01 11:36 - 00000000 ___RD C:\Users\Carl\SkyDrive
2012-11-15 23:46 - 2010-11-19 05:09 - 00000000 ____D C:\Users\Carl\AppData\Roaming\PrimoPDF
2012-11-15 10:28 - 2010-10-15 20:28 - 00109672 ____A C:\Users\Carl\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 10:27 - 2009-07-13 20:45 - 00418584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 10:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-15 10:17 - 2010-10-15 20:00 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-15 10:10 - 2010-10-16 10:07 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-15 10:08 - 2009-07-13 18:34 - 00000478 ____N C:\Windows\win.ini
2012-11-15 08:27 - 2011-03-13 19:18 - 00000000 ____D C:\Windows\pss
2012-11-08 08:23 - 2012-11-08 08:23 - 00000000 ____D C:\Users\Carl\AppData\Roaming\j2 Global
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____D C:\Users\Carl\AppData\Roaming\eFax Messenger
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____D C:\Users\All Users\eFax Messenger 4.4 Output
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____D C:\Program Files (x86)\eFax Messenger 4.4
2012-11-08 08:22 - 2012-11-08 08:22 - 00000000 ____A C:\Windows\System32\eFax_4_4_Port


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-07 18:29:39
Restore point made on: 2012-12-07 20:00:52

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8183.42 MB
Available physical RAM: 7371.45 MB
Total Pagefile: 8181.57 MB
Available Pagefile: 7363.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:119.14 GB) (Free:51.07 GB) NTFS
3 Drive f: (Elements) (Fixed) (Total:596.17 GB) (Free:280.07 GB) NTFS
4 Drive g: () (Removable) (Total:3.89 GB) (Free:3.36 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 1024 KB
Disk 1 Online 596 GB 0 B
Disk 2 Online 3990 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 99 MB 4096 B
Partition 2 Primary 119 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 99 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 119 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Elements NTFS Partition 596 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3989 MB 132 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3989 MB Healthy

=========================================================

Last Boot: 2012-06-27 23:17

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 08 December 2012 - 07:03 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CarlTol

CarlTol
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 08 December 2012 - 08:24 PM

Here are the scan logs.

ComboFix 12-12-07.01 - Carl 12/08/2012 16:59:16.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6396 [GMT -8:00]
Running from: f:\users\Carl\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PGPUniversal.exe.lnk
c:\users\Carl\AppData\Local\assembly\tmp
c:\users\Carl\AppData\Local\assembly\tmp\5ZC3GEFM\__AssemblyInfo__.ini
c:\users\Carl\AppData\Local\assembly\tmp\5ZC3GEFM\ReminderAlertsAddIn.DLL
c:\users\Carl\AppData\Local\assembly\tmp\L1XS0CMO\__AssemblyInfo__.ini
c:\users\Carl\AppData\Local\assembly\tmp\L1XS0CMO\ReminderAlertsAddIn.DLL
c:\users\Carl\AppData\Local\assembly\tmp\L5APCOR7\__AssemblyInfo__.ini
c:\users\Carl\AppData\Local\assembly\tmp\L5APCOR7\DevExpress.Utils.v10.2.DLL
c:\users\Carl\g2mdlhlpx.exe
c:\users\Carl\GoToAssistDownloadHelper.exe
c:\windows\jestertb.dll
c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll
I:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 00:35 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A458311-58C2-4044-958C-84683223AA20}\mpengine.dll
2012-12-08 23:29 . 2012-12-08 23:29 -------- d-----w- C:\FRST
2012-12-08 02:29 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-07 00:05 . 2012-12-07 00:05 -------- d-----w- c:\program files (x86)\Belarc
2012-12-05 20:21 . 2012-12-05 20:21 -------- d-----w- c:\program files (x86)\ERUNT
2012-12-05 20:03 . 2012-12-05 20:03 -------- d-----w- c:\users\Carl\AppData\Roaming\SUPERAntiSpyware.com
2012-12-05 20:03 . 2012-12-05 20:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-05 20:03 . 2012-12-05 20:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-05 18:42 . 2012-12-05 18:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 18:42 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-05 16:40 . 2012-12-05 16:40 -------- d-----w- c:\program files (x86)\ESET
2012-12-05 07:16 . 2012-12-05 07:16 -------- d-----w- c:\program files\HijackThis
2012-12-04 00:38 . 2012-12-04 00:38 -------- d-----w- c:\program files\7-Zip
2012-12-03 00:31 . 2012-12-03 00:31 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-11-29 22:23 . 2012-11-29 22:23 -------- d-----w- c:\program files\CPUID
2012-11-28 20:07 . 2012-11-28 20:07 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-11-28 07:54 . 2012-11-28 07:54 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEFABAEF-6CB7-4D20-A692-9C9B11B0737B}\gapaengine.dll
2012-11-26 05:47 . 2012-11-26 05:48 -------- d-----w- C:\System backup 11-4-2012 8-56 AM
2012-11-25 16:27 . 2012-12-05 18:33 -------- d-----w- c:\program files\CCleaner
2012-11-24 18:32 . 2012-11-24 18:32 664448 ----a-r- c:\users\Carl\AppData\Roaming\Microsoft\Installer\{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}\Icon.exe
2012-11-24 18:32 . 2012-11-24 18:32 -------- d-----w- c:\users\Carl\AppData\Local\Amazon
2012-11-24 18:08 . 2012-11-24 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-24 18:08 . 2012-11-24 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-24 18:08 . 2012-11-24 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-24 18:08 . 2012-11-24 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-24 18:08 . 2012-11-24 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-24 18:08 . 2012-11-24 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-24 18:08 . 2012-11-24 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-24 18:08 . 2012-11-24 18:08 -------- d-----w- c:\program files (x86)\QuickTime
2012-11-24 18:06 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-24 18:06 . 2012-11-24 18:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-24 18:06 . 2012-11-24 18:06 -------- d-----w- c:\program files\iTunes
2012-11-24 18:06 . 2012-11-24 18:06 -------- d-----w- c:\program files (x86)\iTunes
2012-11-24 18:06 . 2012-11-24 18:06 -------- d-----w- c:\program files\iPod
2012-11-24 18:05 . 2012-11-24 18:05 -------- d-----w- c:\program files\Bonjour
2012-11-24 18:05 . 2012-11-24 18:05 -------- d-----w- c:\program files (x86)\Bonjour
2012-11-24 18:05 . 2012-11-24 18:05 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-11-24 18:05 . 2012-11-24 18:05 -------- d-----w- c:\program files\Common Files\Apple
2012-11-24 18:04 . 2012-11-24 18:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 17:45 . 2012-11-24 17:45 -------- d-----w- c:\program files (x86)\Intel
2012-11-24 17:45 . 2000-01-01 00:00 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-11-24 17:42 . 2012-11-24 17:42 -------- d-----w- C:\Intel
2012-11-24 17:32 . 2012-11-24 17:32 -------- d-----w- c:\program files\Realtek
2012-11-24 17:32 . 2012-11-24 17:32 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-11-24 17:24 . 2012-11-24 17:32 -------- d--h--w- c:\program files (x86)\Temp
2012-11-24 17:24 . 2000-01-01 00:00 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-11-24 17:24 . 2006-02-07 23:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-11-24 17:24 . 2006-02-07 23:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-24 17:24 . 2006-02-07 23:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-11-24 17:24 . 2006-02-07 23:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-11-24 17:24 . 2006-02-07 23:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-11-24 17:24 . 2005-11-14 07:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-11-24 17:24 . 2012-11-24 17:24 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-11-24 17:24 . 2012-11-24 17:24 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-11-24 17:07 . 2000-01-01 00:00 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2012-11-24 17:07 . 2000-01-01 00:00 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-11-24 17:07 . 2000-01-01 00:00 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-11-24 17:04 . 2000-01-01 00:00 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-24 17:04 . 2000-01-01 00:00 685672 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-24 06:39 . 2000-01-01 00:00 545384 ----a-w- c:\windows\system32\drivers\RtkBtfilter.sys
2012-11-24 06:38 . 2012-11-24 06:39 -------- d-----w- c:\program files (x86)\Cisco
2012-11-24 06:38 . 2011-11-29 03:30 584704 ----a-w- c:\windows\system32\Rtlihvs.dll
2012-11-24 06:38 . 2012-11-24 06:39 -------- d-----w- c:\program files (x86)\REALTEK PCIE Wireless LAN and Bluetooth Driver
2012-11-24 06:38 . 2010-12-01 17:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2012-11-23 08:32 . 2005-03-12 08:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-11-23 08:32 . 2012-11-23 08:41 -------- d-----w- c:\program files (x86)\PDFCreator
2012-11-23 08:32 . 1998-07-06 08:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-11-23 08:32 . 2012-11-23 08:32 -------- d-----w- c:\users\Carl\AppData\Local\Shopping Sidekick
2012-11-22 03:19 . 2012-11-22 03:19 -------- d-----w- c:\program files\PGP Corporation
2012-11-15 18:09 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 18:09 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 18:09 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 18:09 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 18:09 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 18:09 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 18:09 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-10 22:30 . 2012-11-10 22:30 -------- d-----w- C:\SkyDriveTemp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-08 21:27 . 2012-11-05 16:19 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-11-24 18:04 . 2012-06-29 15:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-24 18:04 . 2010-10-16 04:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-22 03:20 . 2011-12-02 07:57 135198 ----a-w- c:\windows\SysWow64\PGPlspRollback.reg
2012-11-16 16:22 . 2012-04-12 15:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-16 16:22 . 2011-05-16 03:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 18:10 . 2010-10-16 18:07 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-20 06:02 . 2012-11-04 04:03 24136 ----a-w- c:\windows\system32\fbnative.exe
2012-10-20 06:02 . 2011-11-07 20:46 189000 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-10-20 06:02 . 2011-11-07 20:46 48200 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-10-20 06:02 . 2011-11-07 20:46 18504 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-10-20 06:02 . 2011-11-07 20:46 58952 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-10-16 08:38 . 2012-11-28 07:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 04:23 . 2012-10-11 04:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 04:23 . 2012-10-11 04:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 04:23 . 2012-10-11 04:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 04:23 . 2012-10-11 04:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 04:23 . 2012-10-11 04:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 04:23 . 2012-10-11 04:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 04:23 . 2012-10-11 04:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 04:23 . 2012-10-11 04:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 04:23 . 2012-10-11 04:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 04:23 . 2012-10-11 04:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 04:23 . 2012-10-11 04:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 04:23 . 2012-10-11 04:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 04:23 . 2012-10-11 04:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 04:23 . 2012-10-11 04:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 04:23 . 2012-10-11 04:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 04:23 . 2012-10-11 04:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 04:23 . 2012-10-11 04:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 04:22 . 2012-10-11 04:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 04:22 . 2012-10-11 04:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 04:22 . 2012-02-10 05:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 04:22 . 2012-10-11 04:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 04:22 . 2012-10-11 04:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 04:22 . 2012-10-11 04:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 04:22 . 2012-10-11 04:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 04:22 . 2012-10-11 04:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-10 03:31 . 2012-10-10 03:31 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-02 21:15 . 2012-10-02 21:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 19:51 . 2012-10-25 00:30 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-01-08 03:49 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-01-08 03:49 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-01-08 03:48 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-01-08 03:48 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2010-07-31 16:52 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2010-07-31 16:52 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-09-29 05:32 . 2012-09-29 05:32 2177688 ----a-w- c:\windows\system32\coin92.dll
2012-09-28 15:36 . 2012-09-28 15:37 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 19:19 . 2012-10-10 06:57 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 06:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}]
2012-07-19 05:12 195448 ----a-w- c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 01:46 222712 ----a-w- c:\users\Carl\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 01:46 222712 ----a-w- c:\users\Carl\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 01:46 222712 ----a-w- c:\users\Carl\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2C03C154482FF4289814467522F2BE0E7F60963C._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-11-28 1242728]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-11-27 109336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-10-20 70728]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-10-30 1315400]
.
c:\users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
JustCloud.lnk - c:\program files (x86)\JustCloud\JustCloud.exe [2012-10-25 1978920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BackupStack;Computer Backup (JustCloud);c:\program files (x86)\JustCloud\BackupStack.exe [2012-10-25 34344]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO; [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-11 17408]
R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x]
R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x]
R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-12-08 15712]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TCCrystalCpuInfo;TCCrystalCpuInfo; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
R4 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 13936]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-20 58952]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-20 48200]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-20 18504]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-20 189000]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-10-31 69192]
S2 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-10-20 23624]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2000-01-01 75928]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 206960]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2000-01-01 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2000-01-01 181248]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2000-01-01 50856]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys [2000-01-01 545384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 685672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 16:22]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd93b71ff27dd1.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 15:17]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 15:17]
.
2012-10-08 c:\windows\Tasks\LaunchApp.job
- c:\program files (x86)\JustCloud\JustCloud.exe [2012-10-25 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 01:46 261624 ----a-w- c:\users\Carl\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 01:46 261624 ----a-w- c:\users\Carl\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 01:46 261624 ----a-w- c:\users\Carl\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to Bluetooth Device - c:\program files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm
IE: Send page to Bluetooth Device - c:\program files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: roundpointmortgage.com\xenapp
TCP: DhcpNameServer = 172.27.35.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a7,c0,85,d6,bc,06,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,ce,35,63,b0,10,b8,48,b5,3b,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,ce,35,63,b0,10,b8,48,b5,3b,93,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\windows\SysWOW64\brss01a.exe
.
**************************************************************************
.
Completion time: 2012-12-08 17:03:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-09 01:03
.
Pre-Run: 54,660,218,880 bytes free
Post-Run: 54,541,971,456 bytes free
.
- - End Of File - - B2895F0C5A7CECDACE9130646A1EDDF9



17:20:24.0164 5244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:20:24.0554 5244 ============================================================
17:20:24.0554 5244 Current date / time: 2012/12/08 17:20:24.0554
17:20:24.0554 5244 SystemInfo:
17:20:24.0554 5244
17:20:24.0554 5244 OS Version: 6.1.7601 ServicePack: 1.0
17:20:24.0554 5244 Product type: Workstation
17:20:24.0554 5244 ComputerName: BADBOY
17:20:24.0570 5244 UserName: Carl
17:20:24.0570 5244 Windows directory: C:\Windows
17:20:24.0570 5244 System windows directory: C:\Windows
17:20:24.0570 5244 Running under WOW64
17:20:24.0570 5244 Processor architecture: Intel x64
17:20:24.0570 5244 Number of processors: 4
17:20:24.0570 5244 Page size: 0x1000
17:20:24.0570 5244 Boot type: Normal boot
17:20:24.0570 5244 ============================================================
17:20:25.0069 5244 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8000000 (698.63 Gb), SectorSize: 0x200, Cylinders: 0x1643F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:20:25.0069 5244 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x631C5, SectorsPerTrack: 0xE, TracksPerCylinder: 0x2C, Type 'K0', Flags 0x00000040
17:20:25.0069 5244 Drive \Device\Harddisk2\DR2 - Size: 0xF9600000 (3.90 Gb), SectorSize: 0x200, Cylinders: 0x1FC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:20:25.0085 5244 Drive \Device\Harddisk3\DR3 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:20:25.0085 5244 ============================================================
17:20:25.0085 5244 \Device\Harddisk0\DR0:
17:20:25.0085 5244 MBR partitions:
17:20:25.0085 5244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:20:25.0085 5244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xB37E000
17:20:25.0085 5244 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB3B0800, BlocksNum 0x4C18E800
17:20:25.0085 5244 \Device\Harddisk1\DR1:
17:20:25.0085 5244 MBR partitions:
17:20:25.0085 5244 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x8, BlocksNum 0x31BF8
17:20:25.0085 5244 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49800
17:20:25.0085 5244 \Device\Harddisk2\DR2:
17:20:25.0085 5244 MBR partitions:
17:20:25.0085 5244 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x108, BlocksNum 0x7CAEF8
17:20:25.0085 5244 \Device\Harddisk3\DR3:
17:20:25.0085 5244 MBR partitions:
17:20:25.0085 5244 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A858270
17:20:25.0085 5244 ============================================================
17:20:25.0085 5244 C: <-> \Device\Harddisk1\DR1\Partition2
17:20:25.0100 5244 F: <-> \Device\Harddisk0\DR0\Partition3
17:20:25.0131 5244 E: <-> \Device\Harddisk0\DR0\Partition1
17:20:25.0131 5244 G: <-> \Device\Harddisk1\DR1\Partition1
17:20:25.0163 5244 H: <-> \Device\Harddisk0\DR0\Partition2
17:20:25.0568 5244 I: <-> \Device\Harddisk3\DR3\Partition1
17:20:25.0568 5244 ============================================================
17:20:25.0568 5244 Initialize success
17:20:25.0568 5244 ============================================================
17:21:18.0889 5556 ============================================================
17:21:18.0889 5556 Scan started
17:21:18.0889 5556 Mode: Manual; TDLFS;
17:21:18.0889 5556 ============================================================
17:21:18.0967 5556 ================ Scan system memory ========================
17:21:18.0967 5556 System memory - ok
17:21:18.0967 5556 ================ Scan services =============================
17:21:18.0967 5556 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:21:18.0967 5556 !SASCORE - ok
17:21:18.0998 5556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:21:18.0998 5556 1394ohci - ok
17:21:18.0998 5556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:21:18.0998 5556 ACPI - ok
17:21:19.0014 5556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:21:19.0014 5556 AcpiPmi - ok
17:21:19.0014 5556 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:21:19.0029 5556 AdobeFlashPlayerUpdateSvc - ok
17:21:19.0029 5556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:19.0029 5556 adp94xx - ok
17:21:19.0045 5556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:21:19.0045 5556 adpahci - ok
17:21:19.0045 5556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:21:19.0045 5556 adpu320 - ok
17:21:19.0045 5556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:21:19.0045 5556 AeLookupSvc - ok
17:21:19.0061 5556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:21:19.0061 5556 AFD - ok
17:21:19.0061 5556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:21:19.0061 5556 agp440 - ok
17:21:19.0061 5556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:21:19.0076 5556 ALG - ok
17:21:19.0076 5556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:21:19.0076 5556 aliide - ok
17:21:19.0076 5556 ALSysIO - ok
17:21:19.0076 5556 [ 54716D9BB43733578A5647E9B121141F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:21:19.0076 5556 AMD External Events Utility - ok
17:21:19.0076 5556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:21:19.0076 5556 amdide - ok
17:21:19.0092 5556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:21:19.0092 5556 AmdK8 - ok
17:21:19.0139 5556 [ 522A8BD1414CC7517FAEC907F138DB9C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:19.0201 5556 amdkmdag - ok
17:21:19.0201 5556 [ F712C26D40BF3CD2C020BB518E8150B1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:21:19.0201 5556 amdkmdap - ok
17:21:19.0217 5556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:21:19.0217 5556 AmdPPM - ok
17:21:19.0217 5556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:21:19.0217 5556 amdsata - ok
17:21:19.0217 5556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:19.0217 5556 amdsbs - ok
17:21:19.0217 5556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:21:19.0217 5556 amdxata - ok
17:21:19.0232 5556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:21:19.0232 5556 AppID - ok
17:21:19.0232 5556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:21:19.0232 5556 AppIDSvc - ok
17:21:19.0232 5556 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:21:19.0232 5556 Appinfo - ok
17:21:19.0232 5556 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:21:19.0232 5556 Apple Mobile Device - ok
17:21:19.0248 5556 [ 301AA64F9643BC453D90A66C4C0E7204 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
17:21:19.0248 5556 AppleCharger - ok
17:21:19.0248 5556 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
17:21:19.0279 5556 AppleChargerSrv - ok
17:21:19.0279 5556 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:21:19.0279 5556 AppMgmt - ok
17:21:19.0279 5556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:21:19.0279 5556 arc - ok
17:21:19.0295 5556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:21:19.0295 5556 arcsas - ok
17:21:19.0295 5556 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:21:19.0295 5556 aspnet_state - ok
17:21:19.0295 5556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:19.0295 5556 AsyncMac - ok
17:21:19.0310 5556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:21:19.0310 5556 atapi - ok
17:21:19.0357 5556 [ 522A8BD1414CC7517FAEC907F138DB9C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:19.0388 5556 atikmdag - ok
17:21:19.0404 5556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:21:19.0404 5556 AudioEndpointBuilder - ok
17:21:19.0404 5556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:21:19.0419 5556 AudioSrv - ok
17:21:19.0419 5556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:21:19.0419 5556 AxInstSV - ok
17:21:19.0419 5556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:21:19.0435 5556 b06bdrv - ok
17:21:19.0435 5556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:21:19.0435 5556 b57nd60a - ok
17:21:19.0435 5556 [ 9EB52958B3CCF0F826EE31E69D3EC437 ] BackupStack C:\Program Files (x86)\JustCloud\BackupStack.exe
17:21:19.0451 5556 BackupStack - ok
17:21:19.0451 5556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:21:19.0451 5556 BDESVC - ok
17:21:19.0451 5556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:21:19.0451 5556 Beep - ok
17:21:19.0466 5556 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:21:19.0466 5556 BFE - ok
17:21:19.0482 5556 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:21:19.0482 5556 BITS - ok
17:21:19.0482 5556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:19.0482 5556 blbdrive - ok
17:21:19.0497 5556 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:21:19.0497 5556 Bonjour Service - ok
17:21:19.0497 5556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:21:19.0497 5556 bowser - ok
17:21:19.0497 5556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:19.0497 5556 BrFiltLo - ok
17:21:19.0497 5556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:19.0513 5556 BrFiltUp - ok
17:21:19.0513 5556 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:21:19.0513 5556 BridgeMP - ok
17:21:19.0513 5556 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
17:21:19.0513 5556 Brother XP spl Service - ok
17:21:19.0513 5556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:21:19.0513 5556 Browser - ok
17:21:19.0529 5556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
17:21:19.0529 5556 Brserid - ok
17:21:19.0529 5556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:19.0529 5556 BrSerWdm - ok
17:21:19.0529 5556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:19.0529 5556 BrUsbMdm - ok
17:21:19.0529 5556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
17:21:19.0529 5556 BrUsbSer - ok
17:21:19.0529 5556 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:21:19.0529 5556 BthEnum - ok
17:21:19.0544 5556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:19.0544 5556 BTHMODEM - ok
17:21:19.0544 5556 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:21:19.0544 5556 BthPan - ok
17:21:19.0544 5556 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:21:19.0560 5556 BTHPORT - ok
17:21:19.0560 5556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:21:19.0560 5556 bthserv - ok
17:21:19.0560 5556 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:21:19.0560 5556 BTHUSB - ok
17:21:19.0560 5556 catchme - ok
17:21:19.0560 5556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:21:19.0575 5556 cdfs - ok
17:21:19.0575 5556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:21:19.0575 5556 cdrom - ok
17:21:19.0575 5556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:21:19.0575 5556 CertPropSvc - ok
17:21:19.0575 5556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:21:19.0575 5556 circlass - ok
17:21:19.0591 5556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:21:19.0591 5556 CLFS - ok
17:21:19.0591 5556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:19.0591 5556 clr_optimization_v2.0.50727_32 - ok
17:21:19.0591 5556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:21:19.0607 5556 clr_optimization_v2.0.50727_64 - ok
17:21:19.0607 5556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:19.0607 5556 clr_optimization_v4.0.30319_32 - ok
17:21:19.0622 5556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:21:19.0622 5556 clr_optimization_v4.0.30319_64 - ok
17:21:19.0622 5556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:19.0622 5556 CmBatt - ok
17:21:19.0622 5556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:21:19.0622 5556 cmdide - ok
17:21:19.0638 5556 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
17:21:19.0638 5556 CNG - ok
17:21:19.0638 5556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:21:19.0638 5556 Compbatt - ok
17:21:19.0638 5556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:21:19.0638 5556 CompositeBus - ok
17:21:19.0653 5556 COMSysApp - ok
17:21:19.0653 5556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:19.0653 5556 crcdisk - ok
17:21:19.0653 5556 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:21:19.0653 5556 CryptSvc - ok
17:21:19.0669 5556 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:21:19.0669 5556 CSC - ok
17:21:19.0669 5556 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:21:19.0685 5556 CscService - ok
17:21:19.0685 5556 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:21:19.0685 5556 dc3d - ok
17:21:19.0685 5556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:21:19.0700 5556 DcomLaunch - ok
17:21:19.0700 5556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:21:19.0700 5556 defragsvc - ok
17:21:19.0700 5556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:21:19.0716 5556 DfsC - ok
17:21:19.0716 5556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:21:19.0716 5556 Dhcp - ok
17:21:19.0716 5556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:21:19.0716 5556 discache - ok
17:21:19.0716 5556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:21:19.0716 5556 Disk - ok
17:21:19.0794 5556 [ 214CF29D013B96B8AAA0C31682349D92 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
17:21:19.0856 5556 DisplayLinkService - ok
17:21:19.0872 5556 [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
17:21:19.0872 5556 DisplayLinkUsbPort - ok
17:21:19.0872 5556 [ 5D5B9E1E45B1EB727EFEAB0F44C7E4EF ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
17:21:19.0872 5556 dlkmd - ok
17:21:19.0872 5556 [ B701A03D4C256A288D89D615E139CB7C ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
17:21:19.0872 5556 dlkmdldr - ok
17:21:19.0872 5556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:21:19.0872 5556 Dnscache - ok
17:21:19.0887 5556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:21:19.0887 5556 dot3svc - ok
17:21:19.0887 5556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:21:19.0887 5556 DPS - ok
17:21:19.0887 5556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:21:19.0887 5556 drmkaud - ok
17:21:19.0903 5556 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:21:19.0903 5556 DXGKrnl - ok
17:21:19.0919 5556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:21:19.0919 5556 EapHost - ok
17:21:19.0919 5556 [ 3C6EA21E43BE313A9AEAF0E26E2A90AD ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
17:21:19.0965 5556 EaseUS Agent - ok
17:21:19.0997 5556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:21:20.0012 5556 ebdrv - ok
17:21:20.0012 5556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:21:20.0012 5556 EFS - ok
17:21:20.0028 5556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:21:20.0028 5556 ehRecvr - ok
17:21:20.0028 5556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:21:20.0028 5556 ehSched - ok
17:21:20.0043 5556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:21:20.0043 5556 elxstor - ok
17:21:20.0043 5556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:21:20.0043 5556 ErrDev - ok
17:21:20.0059 5556 [ E1D1F8DB5E7F5929D46C141AE813F906 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys
17:21:20.0059 5556 EUBAKUP - ok
17:21:20.0059 5556 EUBAKUP0 - ok
17:21:20.0059 5556 [ C9F49D916763B5F3A5B0AAFD3248344B ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys
17:21:20.0075 5556 EUBKMON - ok
17:21:20.0075 5556 EUBKMON0 - ok
17:21:20.0075 5556 [ 4BE34EB63BA2CE6D9F4122DA4E9E23BD ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys
17:21:20.0075 5556 EUDSKACS - ok
17:21:20.0090 5556 [ 8F1968EB9419E56ADE365362E8B43713 ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys
17:21:20.0090 5556 EUFDDISK - ok
17:21:20.0090 5556 EUFDDISK0 - ok
17:21:20.0106 5556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:21:20.0106 5556 EventSystem - ok
17:21:20.0106 5556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:21:20.0121 5556 exfat - ok
17:21:20.0121 5556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:21:20.0121 5556 fastfat - ok
17:21:20.0121 5556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:21:20.0137 5556 Fax - ok
17:21:20.0137 5556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:21:20.0137 5556 fdc - ok
17:21:20.0137 5556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:21:20.0137 5556 fdPHost - ok
17:21:20.0137 5556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:21:20.0137 5556 FDResPub - ok
17:21:20.0153 5556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:21:20.0153 5556 FileInfo - ok
17:21:20.0153 5556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:21:20.0153 5556 Filetrace - ok
17:21:20.0153 5556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:20.0153 5556 flpydisk - ok
17:21:20.0153 5556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:21:20.0168 5556 FltMgr - ok
17:21:20.0168 5556 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:21:20.0184 5556 FontCache - ok
17:21:20.0184 5556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:21:20.0184 5556 FontCache3.0.0.0 - ok
17:21:20.0184 5556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:21:20.0184 5556 FsDepends - ok
17:21:20.0199 5556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:21:20.0199 5556 Fs_Rec - ok
17:21:20.0199 5556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:21:20.0199 5556 fvevol - ok
17:21:20.0199 5556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:21:20.0199 5556 gagp30kx - ok
17:21:20.0215 5556 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:21:20.0215 5556 GEARAspiWDM - ok
17:21:20.0215 5556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:21:20.0231 5556 gpsvc - ok
17:21:20.0231 5556 [ 72230BF2F36924051B52F26DF74504D0 ] Guard Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
17:21:20.0246 5556 Guard Agent - ok
17:21:20.0246 5556 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:21:20.0246 5556 gupdate - ok
17:21:20.0246 5556 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:21:20.0246 5556 gupdatem - ok
17:21:20.0262 5556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:21:20.0262 5556 hcw85cir - ok
17:21:20.0262 5556 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:21:20.0262 5556 HdAudAddService - ok
17:21:20.0262 5556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:21:20.0277 5556 HDAudBus - ok
17:21:20.0277 5556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:21:20.0277 5556 HidBatt - ok
17:21:20.0277 5556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:21:20.0277 5556 HidBth - ok
17:21:20.0277 5556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:21:20.0277 5556 HidIr - ok
17:21:20.0293 5556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:21:20.0293 5556 hidserv - ok
17:21:20.0293 5556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:21:20.0293 5556 HidUsb - ok
17:21:20.0293 5556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:21:20.0309 5556 hkmsvc - ok
17:21:20.0309 5556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:21:20.0309 5556 HomeGroupListener - ok
17:21:20.0309 5556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:21:20.0309 5556 HomeGroupProvider - ok
17:21:20.0324 5556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:21:20.0324 5556 HpSAMD - ok
17:21:20.0324 5556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:21:20.0340 5556 HTTP - ok
17:21:20.0340 5556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:21:20.0340 5556 hwpolicy - ok
17:21:20.0340 5556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:21:20.0340 5556 i8042prt - ok
17:21:20.0355 5556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:21:20.0355 5556 iaStorV - ok
17:21:20.0371 5556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:21:20.0371 5556 idsvc - ok
17:21:20.0371 5556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:21:20.0371 5556 iirsp - ok
17:21:20.0387 5556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:21:20.0387 5556 IKEEXT - ok
17:21:20.0418 5556 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:21:20.0433 5556 IntcAzAudAddService - ok
17:21:20.0433 5556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:21:20.0449 5556 intelide - ok
17:21:20.0449 5556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:21:20.0449 5556 intelppm - ok
17:21:20.0449 5556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:21:20.0449 5556 IPBusEnum - ok
17:21:20.0449 5556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:21:20.0449 5556 IpFilterDriver - ok
17:21:20.0465 5556 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:21:20.0465 5556 iphlpsvc - ok
17:21:20.0465 5556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:21:20.0480 5556 IPMIDRV - ok
17:21:20.0480 5556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:21:20.0480 5556 IPNAT - ok
17:21:20.0496 5556 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:21:20.0496 5556 iPod Service - ok
17:21:20.0496 5556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:21:20.0496 5556 IRENUM - ok
17:21:20.0496 5556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:21:20.0496 5556 isapnp - ok
17:21:20.0511 5556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:21:20.0511 5556 iScsiPrt - ok
17:21:20.0511 5556 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
17:21:20.0511 5556 JRAID - ok
17:21:20.0511 5556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:21:20.0511 5556 kbdclass - ok
17:21:20.0527 5556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:21:20.0527 5556 kbdhid - ok
17:21:20.0527 5556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:21:20.0527 5556 KeyIso - ok
17:21:20.0543 5556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:21:20.0543 5556 KSecDD - ok
17:21:20.0543 5556 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:21:20.0543 5556 KSecPkg - ok
17:21:20.0543 5556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:21:20.0543 5556 ksthunk - ok
17:21:20.0558 5556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:21:20.0558 5556 KtmRm - ok
17:21:20.0558 5556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:21:20.0558 5556 LanmanServer - ok
17:21:20.0574 5556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:21:20.0574 5556 LanmanWorkstation - ok
17:21:20.0574 5556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:21:20.0574 5556 lltdio - ok
17:21:20.0589 5556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:21:20.0589 5556 lltdsvc - ok
17:21:20.0589 5556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:21:20.0589 5556 lmhosts - ok
17:21:20.0589 5556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:21:20.0605 5556 LSI_FC - ok
17:21:20.0605 5556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:21:20.0605 5556 LSI_SAS - ok
17:21:20.0605 5556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:21:20.0605 5556 LSI_SAS2 - ok
17:21:20.0605 5556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:21:20.0605 5556 LSI_SCSI - ok
17:21:20.0621 5556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:21:20.0621 5556 luafv - ok
17:21:20.0621 5556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:21:20.0621 5556 Mcx2Svc - ok
17:21:20.0621 5556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:21:20.0621 5556 megasas - ok
17:21:20.0636 5556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:21:20.0636 5556 MegaSR - ok
17:21:20.0636 5556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:21:20.0636 5556 MMCSS - ok
17:21:20.0636 5556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:21:20.0652 5556 Modem - ok
17:21:20.0652 5556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:21:20.0652 5556 monitor - ok
17:21:20.0652 5556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:21:20.0652 5556 mouclass - ok
17:21:20.0652 5556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:21:20.0652 5556 mouhid - ok
17:21:20.0652 5556 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:21:20.0667 5556 mountmgr - ok
17:21:20.0667 5556 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:21:20.0667 5556 MpFilter - ok
17:21:20.0667 5556 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:21:20.0667 5556 mpio - ok
17:21:20.0683 5556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:21:20.0683 5556 mpsdrv - ok
17:21:20.0683 5556 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:21:20.0699 5556 MpsSvc - ok
17:21:20.0699 5556 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:21:20.0699 5556 MRxDAV - ok
17:21:20.0714 5556 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:21:20.0714 5556 mrxsmb - ok
17:21:20.0714 5556 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:21:20.0714 5556 mrxsmb10 - ok
17:21:20.0714 5556 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:21:20.0730 5556 mrxsmb20 - ok
17:21:20.0730 5556 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:21:20.0730 5556 msahci - ok
17:21:20.0730 5556 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:21:20.0730 5556 msdsm - ok
17:21:20.0730 5556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:21:20.0745 5556 MSDTC - ok
17:21:20.0745 5556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:21:20.0745 5556 Msfs - ok
17:21:20.0745 5556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:21:20.0745 5556 mshidkmdf - ok
17:21:20.0761 5556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:21:20.0761 5556 msisadrv - ok
17:21:20.0761 5556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:21:20.0761 5556 MSiSCSI - ok
17:21:20.0761 5556 msiserver - ok
17:21:20.0761 5556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:21:20.0761 5556 MSKSSRV - ok
17:21:20.0777 5556 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:21:20.0777 5556 MsMpSvc - ok
17:21:20.0777 5556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:21:20.0777 5556 MSPCLOCK - ok
17:21:20.0777 5556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:21:20.0777 5556 MSPQM - ok
17:21:20.0792 5556 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:21:20.0792 5556 MsRPC - ok
17:21:20.0792 5556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:21:20.0792 5556 mssmbios - ok
17:21:20.0792 5556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:21:20.0808 5556 MSTEE - ok
17:21:20.0808 5556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:21:20.0808 5556 MTConfig - ok
17:21:20.0808 5556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:21:20.0808 5556 Mup - ok
17:21:20.0823 5556 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:21:20.0823 5556 napagent - ok
17:21:20.0823 5556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:21:20.0823 5556 NativeWifiP - ok
17:21:20.0839 5556 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:21:20.0855 5556 NDIS - ok
17:21:20.0855 5556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:21:20.0855 5556 NdisCap - ok
17:21:20.0855 5556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:21:20.0855 5556 NdisTapi - ok
17:21:20.0855 5556 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:21:20.0855 5556 Ndisuio - ok
17:21:20.0870 5556 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:21:20.0870 5556 NdisWan - ok
17:21:20.0870 5556 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:21:20.0870 5556 NDProxy - ok
17:21:20.0886 5556 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:21:20.0886 5556 Nero BackItUp Scheduler 4.0 - ok
17:21:20.0901 5556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:21:20.0901 5556 NetBIOS - ok
17:21:20.0901 5556 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:21:20.0901 5556 NetBT - ok
17:21:20.0917 5556 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:21:20.0917 5556 Netlogon - ok
17:21:20.0917 5556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:21:20.0917 5556 Netman - ok
17:21:20.0917 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:20.0933 5556 NetMsmqActivator - ok
17:21:20.0933 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:20.0933 5556 NetPipeActivator - ok
17:21:20.0933 5556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:21:20.0948 5556 netprofm - ok
17:21:20.0948 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:20.0948 5556 NetTcpActivator - ok
17:21:20.0948 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:20.0948 5556 NetTcpPortSharing - ok
17:21:20.0964 5556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:21:20.0964 5556 nfrd960 - ok
17:21:20.0964 5556 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:21:20.0964 5556 NisDrv - ok
17:21:20.0964 5556 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
17:21:20.0979 5556 NisSrv - ok
17:21:20.0979 5556 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:21:20.0979 5556 NlaSvc - ok
17:21:20.0979 5556 [ 13350DDD0976CEB5F125396C7BFB05B4 ] nmraapache C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
17:21:20.0979 5556 nmraapache - ok
17:21:20.0995 5556 [ 82C5A813E8EA7E94DC1AFA24CD803B80 ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
17:21:20.0995 5556 nmservice - ok
17:21:21.0011 5556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:21:21.0011 5556 Npfs - ok
17:21:21.0011 5556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:21:21.0011 5556 nsi - ok
17:21:21.0011 5556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:21:21.0011 5556 nsiproxy - ok
17:21:21.0042 5556 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:21:21.0042 5556 Ntfs - ok
17:21:21.0057 5556 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
17:21:21.0057 5556 NuidFltr - ok
17:21:21.0057 5556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:21:21.0057 5556 Null - ok
17:21:21.0057 5556 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:21:21.0057 5556 nusb3hub - ok
17:21:21.0073 5556 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:21:21.0073 5556 nusb3xhc - ok
17:21:21.0073 5556 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:21:21.0073 5556 NVHDA - ok
17:21:21.0167 5556 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:21:21.0213 5556 nvlddmkm - ok
17:21:21.0213 5556 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:21:21.0229 5556 nvraid - ok
17:21:21.0229 5556 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:21:21.0229 5556 nvstor - ok
17:21:21.0245 5556 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
17:21:21.0245 5556 nvsvc - ok
17:21:21.0260 5556 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:21:21.0276 5556 nvUpdatusService - ok
17:21:21.0276 5556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:21:21.0276 5556 nv_agp - ok
17:21:21.0276 5556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:21:21.0276 5556 ohci1394 - ok
17:21:21.0291 5556 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:21:21.0291 5556 ose64 - ok
17:21:21.0323 5556 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:21:21.0354 5556 osppsvc - ok
17:21:21.0369 5556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:21:21.0369 5556 p2pimsvc - ok
17:21:21.0385 5556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:21:21.0385 5556 p2psvc - ok
17:21:21.0385 5556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:21:21.0385 5556 Parport - ok
17:21:21.0401 5556 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:21:21.0401 5556 partmgr - ok
17:21:21.0401 5556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:21:21.0401 5556 PcaSvc - ok
17:21:21.0416 5556 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:21:21.0416 5556 pci - ok
17:21:21.0416 5556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:21:21.0416 5556 pciide - ok
17:21:21.0416 5556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:21:21.0432 5556 pcmcia - ok
17:21:21.0432 5556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:21:21.0432 5556 pcw - ok
17:21:21.0432 5556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:21:21.0447 5556 PEAUTH - ok
17:21:21.0463 5556 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:21:21.0463 5556 PeerDistSvc - ok
17:21:21.0479 5556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:21:21.0479 5556 PerfHost - ok
17:21:21.0510 5556 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:21:21.0525 5556 pla - ok
17:21:21.0525 5556 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:21:21.0525 5556 PlugPlay - ok
17:21:21.0541 5556 [ 328B99E25901D314FDFB31F18A7E302E ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys
17:21:21.0541 5556 pnarp - ok
17:21:21.0541 5556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:21:21.0541 5556 PNRPAutoReg - ok
17:21:21.0541 5556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:21:21.0557 5556 PNRPsvc - ok
17:21:21.0557 5556 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:21:21.0557 5556 Point64 - ok
17:21:21.0557 5556 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:21:21.0572 5556 PolicyAgent - ok
17:21:21.0572 5556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:21:21.0572 5556 Power - ok
17:21:21.0588 5556 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:21:21.0588 5556 PptpMiniport - ok
17:21:21.0588 5556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:21:21.0588 5556 Processor - ok
17:21:21.0588 5556 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:21:21.0603 5556 ProfSvc - ok
17:21:21.0603 5556 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:21:21.0603 5556 ProtectedStorage - ok
17:21:21.0603 5556 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:21:21.0603 5556 Psched - ok
17:21:21.0619 5556 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
17:21:21.0619 5556 PSI - ok
17:21:21.0619 5556 [ E33AE01D03EBE68CD6A934BF52702BFD ] purendis C:\Windows\system32\DRIVERS\purendis.sys
17:21:21.0619 5556 purendis - ok
17:21:21.0635 5556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:21:21.0650 5556 ql2300 - ok
17:21:21.0650 5556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:21:21.0666 5556 ql40xx - ok
17:21:21.0666 5556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:21:21.0666 5556 QWAVE - ok
17:21:21.0666 5556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:21:21.0681 5556 QWAVEdrv - ok
17:21:21.0681 5556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:21:21.0681 5556 RasAcd - ok
17:21:21.0681 5556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:21:21.0681 5556 RasAgileVpn - ok
17:21:21.0681 5556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:21:21.0697 5556 RasAuto - ok
17:21:21.0697 5556 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:21.0697 5556 Rasl2tp - ok
17:21:21.0697 5556 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:21:21.0713 5556 RasMan - ok
17:21:21.0713 5556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:21.0713 5556 RasPppoe - ok
17:21:21.0713 5556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:21:21.0713 5556 RasSstp - ok
17:21:21.0728 5556 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:21:21.0728 5556 rdbss - ok
17:21:21.0728 5556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:21:21.0744 5556 rdpbus - ok
17:21:21.0744 5556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:21.0744 5556 RDPCDD - ok
17:21:21.0760 5556 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:21:21.0760 5556 RDPDR - ok
17:21:21.0760 5556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:21:21.0760 5556 RDPENCDD - ok
17:21:21.0775 5556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:21:21.0775 5556 RDPREFMP - ok
17:21:21.0791 5556 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:21:21.0791 5556 RdpVideoMiniport - ok
17:21:21.0791 5556 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:21:21.0806 5556 RDPWD - ok
17:21:21.0806 5556 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:21:21.0822 5556 rdyboost - ok
17:21:21.0822 5556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:21:21.0822 5556 RemoteAccess - ok
17:21:21.0838 5556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:21:21.0838 5556 RemoteRegistry - ok
17:21:21.0838 5556 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:21:21.0838 5556 RFCOMM - ok
17:21:21.0853 5556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:21:21.0853 5556 RpcEptMapper - ok
17:21:21.0853 5556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:21:21.0853 5556 RpcLocator - ok
17:21:21.0869 5556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:21:21.0869 5556 RpcSs - ok
17:21:21.0869 5556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:21:21.0869 5556 rspndr - ok
17:21:21.0884 5556 [ EDCD6BAD7863E7A1CDAE266A1CDC6610 ] RtkBtFilter C:\Windows\system32\DRIVERS\RtkBtfilter.sys
17:21:21.0884 5556 RtkBtFilter - ok
17:21:21.0900 5556 [ F307F1C796C0886490839FDE5ED5728C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:21:21.0900 5556 RTL8167 - ok
17:21:21.0900 5556 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:21:21.0900 5556 s3cap - ok
17:21:21.0900 5556 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:21:21.0916 5556 SamSs - ok
17:21:21.0916 5556 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:21:21.0916 5556 SASDIFSV - ok
17:21:21.0916 5556 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:21:21.0916 5556 SASKUTIL - ok
17:21:21.0931 5556 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:21:21.0931 5556 sbp2port - ok
17:21:21.0931 5556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:21:21.0931 5556 SCardSvr - ok
17:21:21.0931 5556 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:21:21.0947 5556 scfilter - ok
17:21:21.0947 5556 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:21:21.0962 5556 Schedule - ok
17:21:21.0962 5556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:21:21.0962 5556 SCPolicySvc - ok
17:21:21.0978 5556 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:21:21.0978 5556 SDRSVC - ok
17:21:21.0978 5556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:21:21.0978 5556 secdrv - ok
17:21:21.0994 5556 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:21:21.0994 5556 seclogon - ok
17:21:22.0009 5556 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:21:22.0103 5556 Secunia PSI Agent - ok
17:21:22.0103 5556 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
17:21:22.0165 5556 Secunia Update Agent - ok
17:21:22.0181 5556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:21:22.0181 5556 SENS - ok
17:21:22.0181 5556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:21:22.0181 5556 SensrSvc - ok
17:21:22.0196 5556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:21:22.0196 5556 Serenum - ok
17:21:22.0196 5556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:21:22.0196 5556 Serial - ok
17:21:22.0196 5556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:21:22.0196 5556 sermouse - ok
17:21:22.0212 5556 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:21:22.0212 5556 SessionEnv - ok
17:21:22.0228 5556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:21:22.0228 5556 sffdisk - ok
17:21:22.0228 5556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:21:22.0228 5556 sffp_mmc - ok
17:21:22.0228 5556 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:21:22.0228 5556 sffp_sd - ok
17:21:22.0243 5556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:21:22.0243 5556 sfloppy - ok
17:21:22.0243 5556 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:21:22.0243 5556 SharedAccess - ok
17:21:22.0259 5556 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:21:22.0259 5556 ShellHWDetection - ok
17:21:22.0274 5556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:21:22.0274 5556 SiSRaid2 - ok
17:21:22.0274 5556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:21:22.0274 5556 SiSRaid4 - ok
17:21:22.0274 5556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:21:22.0290 5556 Smb - ok
17:21:22.0290 5556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:21:22.0290 5556 SNMPTRAP - ok
17:21:22.0306 5556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:21:22.0306 5556 spldr - ok
17:21:22.0306 5556 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:21:22.0321 5556 Spooler - ok
17:21:22.0352 5556 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:21:22.0368 5556 sppsvc - ok
17:21:22.0384 5556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:21:22.0384 5556 sppuinotify - ok
17:21:22.0384 5556 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:21:22.0399 5556 srv - ok
17:21:22.0399 5556 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:21:22.0399 5556 srv2 - ok
17:21:22.0415 5556 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:21:22.0415 5556 srvnet - ok
17:21:22.0415 5556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:21:22.0415 5556 SSDPSRV - ok
17:21:22.0430 5556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:21:22.0430 5556 SstpSvc - ok
17:21:22.0430 5556 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:21:22.0446 5556 Stereo Service - ok
17:21:22.0446 5556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:21:22.0446 5556 stexstor - ok
17:21:22.0462 5556 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:21:22.0462 5556 stisvc - ok
17:21:22.0462 5556 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:21:22.0462 5556 storflt - ok
17:21:22.0477 5556 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:21:22.0477 5556 storvsc - ok
17:21:22.0477 5556 [ 5B8E5218A1649E66859DB52A83673DCD ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
17:21:22.0477 5556 SWDUMon - ok
17:21:22.0493 5556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:21:22.0493 5556 swenum - ok
17:21:22.0493 5556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:21:22.0508 5556 swprv - ok
17:21:22.0508 5556 Synth3dVsc - ok
17:21:22.0524 5556 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:21:22.0540 5556 SysMain - ok
17:21:22.0540 5556 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:21:22.0540 5556 TabletInputService - ok
17:21:22.0555 5556 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:21:22.0555 5556 TapiSrv - ok
17:21:22.0571 5556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:21:22.0571 5556 TBS - ok
17:21:22.0571 5556 TCCrystalCpuInfo - ok
17:21:22.0586 5556 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:21:22.0602 5556 Tcpip - ok
17:21:22.0618 5556 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:21:22.0633 5556 TCPIP6 - ok
17:21:22.0633 5556 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:21:22.0633 5556 tcpipreg - ok
17:21:22.0649 5556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:21:22.0649 5556 TDPIPE - ok
17:21:22.0649 5556 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:21:22.0649 5556 TDTCP - ok
17:21:22.0664 5556 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:21:22.0664 5556 tdx - ok
17:21:22.0696 5556 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
17:21:22.0711 5556 TeamViewer7 - ok
17:21:22.0711 5556 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:21:22.0711 5556 TermDD - ok
17:21:22.0727 5556 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:21:22.0727 5556 TermService - ok
17:21:22.0727 5556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:21:22.0742 5556 Themes - ok
17:21:22.0742 5556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:21:22.0742 5556 THREADORDER - ok
17:21:22.0742 5556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:21:22.0742 5556 TrkWks - ok
17:21:22.0758 5556 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:21:22.0758 5556 TrustedInstaller - ok
17:21:22.0774 5556 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:22.0774 5556 tssecsrv - ok
17:21:22.0774 5556 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:21:22.0774 5556 TsUsbFlt - ok
17:21:22.0774 5556 tsusbhub - ok
17:21:22.0789 5556 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:21:22.0789 5556 tunnel - ok
17:21:22.0789 5556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:21:22.0789 5556 uagp35 - ok
17:21:22.0805 5556 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:21:22.0805 5556 udfs - ok
17:21:22.0820 5556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:21:22.0820 5556 UI0Detect - ok
17:21:22.0820 5556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:21:22.0820 5556 uliagpkx - ok
17:21:22.0836 5556 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:21:22.0836 5556 umbus - ok
17:21:22.0836 5556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:21:22.0836 5556 UmPass - ok
17:21:22.0852 5556 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:21:22.0852 5556 UmRdpService - ok
17:21:22.0852 5556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:21:22.0852 5556 upnphost - ok
17:21:22.0867 5556 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:21:22.0883 5556 USBAAPL64 - ok
17:21:22.0883 5556 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:21:22.0883 5556 usbaudio - ok
17:21:22.0883 5556 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:22.0898 5556 usbccgp - ok
17:21:22.0898 5556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:21:22.0898 5556 usbcir - ok
17:21:22.0898 5556 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:21:22.0898 5556 usbehci - ok
17:21:22.0914 5556 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
17:21:22.0914 5556 UsbFltr - ok
17:21:22.0914 5556 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:21:22.0914 5556 usbhub - ok
17:21:22.0930 5556 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:21:22.0930 5556 usbohci - ok
17:21:22.0930 5556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:21:22.0930 5556 usbprint - ok
17:21:22.0945 5556 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:21:22.0945 5556 usbscan - ok
17:21:22.0945 5556 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:22.0945 5556 USBSTOR - ok
17:21:22.0945 5556 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:22.0961 5556 usbuhci - ok
17:21:22.0961 5556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:21:22.0961 5556 UxSms - ok
17:21:22.0961 5556 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:21:22.0961 5556 VaultSvc - ok
17:21:22.0976 5556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:21:22.0976 5556 vdrvroot - ok
17:21:22.0976 5556 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:21:22.0992 5556 vds - ok
17:21:22.0992 5556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:22.0992 5556 vga - ok
17:21:22.0992 5556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:21:22.0992 5556 VgaSave - ok
17:21:23.0008 5556 VGPU - ok
17:21:23.0008 5556 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:21:23.0008 5556 vhdmp - ok
17:21:23.0023 5556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:21:23.0023 5556 viaide - ok
17:21:23.0023 5556 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:21:23.0023 5556 vmbus - ok
17:21:23.0039 5556 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:21:23.0039 5556 VMBusHID - ok
17:21:23.0039 5556 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:21:23.0039 5556 volmgr - ok
17:21:23.0054 5556 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:21:23.0054 5556 volmgrx - ok
17:21:23.0054 5556 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:21:23.0070 5556 volsnap - ok
17:21:23.0070 5556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:21:23.0070 5556 vsmraid - ok
17:21:23.0086 5556 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:21:23.0101 5556 VSS - ok
17:21:23.0101 5556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:21:23.0117 5556 vwifibus - ok
17:21:23.0117 5556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:21:23.0117 5556 W32Time - ok
17:21:23.0132 5556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:21:23.0132 5556 WacomPen - ok
17:21:23.0132 5556 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:21:23.0132 5556 WANARP - ok
17:21:23.0148 5556 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:21:23.0148 5556 Wanarpv6 - ok
17:21:23.0164 5556 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:21:23.0164 5556 WatAdminSvc - ok
17:21:23.0195 5556 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:21:23.0195 5556 wbengine - ok
17:21:23.0210 5556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:21:23.0210 5556 WbioSrvc - ok
17:21:23.0210 5556 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:21:23.0226 5556 wcncsvc - ok
17:21:23.0226 5556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:21:23.0226 5556 WcsPlugInService - ok
17:21:23.0242 5556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:21:23.0242 5556 Wd - ok
17:21:23.0242 5556 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:21:23.0257 5556 Wdf01000 - ok
17:21:23.0257 5556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:21:23.0257 5556 WdiServiceHost - ok
17:21:23.0273 5556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:21:23.0273 5556 WdiSystemHost - ok
17:21:23.0273 5556 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:21:23.0273 5556 WebClient - ok
17:21:23.0288 5556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:21:23.0288 5556 Wecsvc - ok
17:21:23.0288 5556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:21:23.0304 5556 wercplsupport - ok
17:21:23.0304 5556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:21:23.0304 5556 WerSvc - ok
17:21:23.0304 5556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:23.0304 5556 WfpLwf - ok
17:21:23.0320 5556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:21:23.0320 5556 WIMMount - ok
17:21:23.0320 5556 WinDefend - ok
17:21:23.0335 5556 WinHttpAutoProxySvc - ok
17:21:23.0351 5556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:21:23.0351 5556 Winmgmt - ok
17:21:23.0366 5556 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:21:23.0382 5556 WinRM - ok
17:21:23.0398 5556 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:21:23.0398 5556 WinUsb - ok
17:21:23.0413 5556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:21:23.0429 5556 Wlansvc - ok
17:21:23.0429 5556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:21:23.0429 5556 WmiAcpi - ok
17:21:23.0444 5556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:21:23.0444 5556 wmiApSrv - ok
17:21:23.0444 5556 WMPNetworkSvc - ok
17:21:23.0460 5556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:21:23.0460 5556 WPCSvc - ok
17:21:23.0460 5556 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:21:23.0460 5556 WPDBusEnum - ok
17:21:23.0476 5556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:21:23.0476 5556 ws2ifsl - ok
17:21:23.0476 5556 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:21:23.0476 5556 wscsvc - ok
17:21:23.0476 5556 WSearch - ok
17:21:23.0507 5556 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:21:23.0522 5556 wuauserv - ok
17:21:23.0538 5556 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:21:23.0538 5556 WudfPf - ok
17:21:23.0538 5556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:23.0554 5556 WUDFRd - ok
17:21:23.0554 5556 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:21:23.0554 5556 wudfsvc - ok
17:21:23.0569 5556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:21:23.0569 5556 WwanSvc - ok
17:21:23.0585 5556 ================ Scan global ===============================
17:21:23.0585 5556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:21:23.0585 5556 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:21:23.0600 5556 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:21:23.0600 5556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:21:23.0600 5556 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:21:23.0600 5556 [Global] - ok
17:21:23.0600 5556 ================ Scan MBR ==================================
17:21:23.0616 5556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:21:23.0741 5556 \Device\Harddisk0\DR0 - ok
17:21:23.0741 5556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:21:23.0788 5556 \Device\Harddisk1\DR1 - ok
17:21:23.0803 5556 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk2\DR2
17:21:24.0380 5556 \Device\Harddisk2\DR2 - ok
17:21:24.0380 5556 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
17:21:24.0755 5556 \Device\Harddisk3\DR3 - ok
17:21:24.0755 5556 ================ Scan VBR ==================================
17:21:24.0755 5556 [ 9A3A96889696F53A087C5E62C31159FF ] \Device\Harddisk0\DR0\Partition1
17:21:24.0755 5556 \Device\Harddisk0\DR0\Partition1 - ok
17:21:24.0755 5556 [ 5046CFA0BCB27552BCEB855279DAE8DE ] \Device\Harddisk0\DR0\Partition2
17:21:24.0755 5556 \Device\Harddisk0\DR0\Partition2 - ok
17:21:24.0770 5556 [ 10AED70E5E25B68A1277DA10EDF409A3 ] \Device\Harddisk0\DR0\Partition3
17:21:24.0770 5556 \Device\Harddisk0\DR0\Partition3 - ok
17:21:24.0786 5556 [ 79B9A5D9AE219E1962E301CABF20EACB ] \Device\Harddisk1\DR1\Partition1
17:21:24.0786 5556 \Device\Harddisk1\DR1\Partition1 - ok
17:21:24.0786 5556 [ 9BA120705CD86EE924B02EFEFB8F7BD7 ] \Device\Harddisk1\DR1\Partition2
17:21:24.0786 5556 \Device\Harddisk1\DR1\Partition2 - ok
17:21:24.0786 5556 [ 47CBB7F32A2E166DA48313152AA07480 ] \Device\Harddisk2\DR2\Partition1
17:21:24.0786 5556 \Device\Harddisk2\DR2\Partition1 - ok
17:21:24.0786 5556 [ 98F0411A889ED936DB5DEBAF36268D47 ] \Device\Harddisk3\DR3\Partition1
17:21:24.0786 5556 \Device\Harddisk3\DR3\Partition1 - ok
17:21:24.0786 5556 ============================================================
17:21:24.0786 5556 Scan finished
17:21:24.0786 5556 ============================================================
17:21:24.0802 5896 Detected object count: 0
17:21:24.0802 5896 Actual detected object count: 0

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 08 December 2012 - 08:52 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CarlTol

CarlTol
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 09 December 2012 - 12:30 PM

Here you go. This is looking good.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.0.0 (12.08.2012:4)
OS: Windows 7 Ultimate x64
Ran by Carl on Sat 12/08/2012 at 18:05:16.42
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/08/2012 at 18:08:02.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.011 - Logfile created 12/08/2012 at 19:03:54
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Carl - BADBOY
# Boot Mode : Normal
# Running from : F:\Users\Carl\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [774 octets] - [08/12/2012 19:01:36]
AdwCleaner[R2].txt - [833 octets] - [08/12/2012 19:02:43]
AdwCleaner[R3].txt - [892 octets] - [08/12/2012 19:03:45]
AdwCleaner[S2].txt - [824 octets] - [08/12/2012 19:03:54]

########## EOF - C:\AdwCleaner[S2].txt - [883 octets] ##########


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Carl :: BADBOY [administrator]

12/8/2012 7:07:17 PM
mbam-log-2012-12-08 (19-07-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235045
Time elapsed: 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET did not find anything wrong so did not produce a report I could find.

Thanks,

Carl

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 09 December 2012 - 12:47 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS, JRT and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 17 December 2012 - 09:44 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users