Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detected Win64/Patched.A and LuheSirefef.A


  • This topic is locked This topic is locked
4 replies to this topic

#1 Drak_k

Drak_k

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 11 December 2012 - 07:47 AM

Hello,

I have a windows 7 64bits and AVG notified me that services.exe was infected with Win64/Patched.A (TDSSKiller call it Virus.Win64.ZAccess.A though). Upon running full scan, it detected LuheSirefef.A infection on chrome.exe as well. And the program can't remove both trojan/malwares.

Per instructions given at the Preparation Guide topic, I've run the DDS tool. Here is its log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Sno_opy at 21:55:12 on 2012-12-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.902 [GMT -2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\explorer.exe
C:\Users\Sno_opy\Desktop\solution\mbam-setup-1.65.1.1000.exe
C:\Users\Sno_opy\AppData\Local\Temp\is-80QO2.tmp\mbam-setup-1.65.1.1000.tmp
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
mURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AF-HSS Toolbar: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
uRun: [EPSON T24 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFAB.EXE /FU "C:\Windows\TEMP\E_S1A86.tmp" /EF "HKCU"
uRun: [AdobeBridge] <no file>
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001A-0416-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-00A1-0416-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-006E-0416-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Sno_opy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sno_opy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sno_opy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Baixar com Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AEDB2575-1CA6-4818-A113-462AB6532359} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Users\Sno_opy\AppData\Local\Temp\Windows\taskhost.exe
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\
FF - component: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: C:\Program Files\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files\Opera\program\plugins\NPSWF32.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Users\Sno_opy\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Sno_opy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Sno_opy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sno_opy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\plugins\npgbfnc_abn.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\npdsplay.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\npJoostPlugin.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\nppl3260.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\nprpjplug.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\npwmsdrm.dll
FF - plugin: F:\Arquivos de programas\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: F:\Arquivos de programas\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: F:\Arquivos de programas\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-24 56208]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-23 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-9-25 131912]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-4-23 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-4-23 9096]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208]
S3 PGR1394b;PGR IEEE 1394 Bus host controllers;C:\Windows\System32\drivers\PGR1394.sys [2012-4-23 88064]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-4-12 117040]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-12-10 23:45:04 -------- d-----w- C:\Users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 23:44:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-10 23:44:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-10 23:44:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 22:59:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-08 15:21:31 -------- d-----w- C:\Program Files (x86)\coverXP
2012-11-22 23:51:28 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-22 23:51:28 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-16 14:40:50 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-11-16 13:04:48 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 13:04:48 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 13:04:48 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 13:04:48 2560 ----a-w- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui
2012-11-16 12:53:08 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 12:53:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 12:53:08 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 12:53:08 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 12:53:08 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 12:53:08 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 12:53:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 11:24:09 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 11:24:09 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-16 11:24:09 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-16 11:24:09 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-16 11:24:04 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 02:52:05 -------- d-----w- C:\Users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 22:58:04 -------- d-----w- C:\Program Files (x86)\BOSS Userlist Manager
2012-11-13 13:44:41 -------- d-----w- C:\Program Files (x86)\Resource Hacker
2012-11-11 21:57:39 -------- d-----w- C:\Program Files (x86)\GameSave Manager v3
2012-11-11 21:56:34 -------- d-----w- C:\Users\Sno_opy\AppData\Roaming\GameSave Manager 3
2012-11-11 21:54:11 -------- d-----w- C:\Program Files\LinkShellExtension
2012-11-11 21:44:44 -------- d-----w- C:\Program Files (x86)\Tiggit
2012-11-11 21:06:42 -------- d-----w- C:\Users\Sno_opy\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-11-08 16:26:43 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-11-08 16:26:43 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-07 19:22:10 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-28 20:45:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-10 23:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-10 23:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-10 23:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-10 23:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-10 23:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-10 23:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-10 23:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-10 23:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 15:08:41 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 15:08:41 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 15:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-01 19:44:17 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 01:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 22:00:38,39 ===============





Since I have some tools with me, I also ran TDSSKiller. Here its log:

21:09:35.0420 1492 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:09:35.0569 1492 ============================================================
21:09:35.0569 1492 Current date / time: 2012/12/10 21:09:35.0569
21:09:35.0569 1492 SystemInfo:
21:09:35.0569 1492
21:09:35.0569 1492 OS Version: 6.1.7601 ServicePack: 1.0
21:09:35.0569 1492 Product type: Workstation
21:09:35.0569 1492 ComputerName: NATARAJA
21:09:35.0570 1492 UserName: Sno_opy
21:09:35.0570 1492 Windows directory: C:\Windows
21:09:35.0570 1492 System windows directory: C:\Windows
21:09:35.0570 1492 Running under WOW64
21:09:35.0570 1492 Processor architecture: Intel x64
21:09:35.0570 1492 Number of processors: 2
21:09:35.0570 1492 Page size: 0x1000
21:09:35.0570 1492 Boot type: Safe boot
21:09:35.0570 1492 ============================================================
21:09:42.0493 1492 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:09:42.0509 1492 ============================================================
21:09:42.0509 1492 \Device\Harddisk0\DR0:
21:09:42.0571 1492 MBR partitions:
21:09:42.0571 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:09:42.0571 1492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1913A800
21:09:42.0618 1492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1916D800, BlocksNum 0x23050000
21:09:42.0649 1492 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3C1BE000, BlocksNum 0x38547800
21:09:42.0649 1492 ============================================================
21:09:42.0852 1492 F: <-> \Device\Harddisk0\DR0\Partition4
21:09:43.0039 1492 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:43.0164 1492 E: <-> \Device\Harddisk0\DR0\Partition3
21:09:43.0164 1492 ============================================================
21:09:43.0164 1492 Initialize success
21:09:43.0164 1492 ============================================================
21:09:49.0616 1612 ============================================================
21:09:49.0616 1612 Scan started
21:09:49.0616 1612 Mode: Manual;
21:09:49.0616 1612 ============================================================
21:10:03.0125 1612 ================ Scan system memory ========================
21:10:03.0125 1612 System memory - ok
21:10:03.0125 1612 ================ Scan services =============================
21:10:05.0153 1612 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:10:05.0168 1612 1394ohci - ok
21:10:05.0231 1612 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:10:05.0231 1612 ACPI - ok
21:10:05.0277 1612 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:10:05.0293 1612 AcpiPmi - ok
21:10:05.0371 1612 [ 1C090E86AFD15231377AD37436C3C719 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:10:05.0371 1612 ADIHdAudAddService - ok
21:10:05.0667 1612 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:10:05.0667 1612 AdobeARMservice - ok
21:10:06.0463 1612 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:06.0479 1612 AdobeFlashPlayerUpdateSvc - ok
21:10:06.0806 1612 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:10:06.0822 1612 adp94xx - ok
21:10:07.0321 1612 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:10:07.0337 1612 adpahci - ok
21:10:07.0664 1612 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:10:07.0664 1612 adpu320 - ok
21:10:07.0961 1612 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
21:10:07.0961 1612 AEADIFilters - ok
21:10:08.0117 1612 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:10:08.0117 1612 AeLookupSvc - ok
21:10:08.0507 1612 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:10:08.0507 1612 AFD - ok
21:10:08.0647 1612 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:10:08.0678 1612 agp440 - ok
21:10:09.0006 1612 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:10:09.0021 1612 ALG - ok
21:10:09.0193 1612 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:10:09.0209 1612 aliide - ok
21:10:09.0396 1612 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:10:09.0396 1612 amdide - ok
21:10:09.0864 1612 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:10:09.0864 1612 AmdK8 - ok
21:10:09.0895 1612 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:10:10.0145 1612 AmdPPM - ok
21:10:10.0324 1612 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:10:10.0337 1612 amdsata - ok
21:10:10.0671 1612 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:10:10.0687 1612 amdsbs - ok
21:10:10.0983 1612 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:10:10.0983 1612 amdxata - ok
21:10:11.0311 1612 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
21:10:11.0499 1612 androidusb - ok
21:10:11.0793 1612 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:10:11.0808 1612 AppID - ok
21:10:11.0949 1612 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:10:11.0964 1612 AppIDSvc - ok
21:10:12.0105 1612 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:10:12.0136 1612 Appinfo - ok
21:10:12.0557 1612 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:10:12.0587 1612 AppMgmt - ok
21:10:12.0732 1612 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:10:12.0740 1612 arc - ok
21:10:12.0884 1612 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:10:12.0884 1612 arcsas - ok
21:10:13.0258 1612 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
21:10:13.0258 1612 AsIO - ok
21:10:14.0285 1612 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:10:14.0740 1612 aspnet_state - ok
21:10:14.0935 1612 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:14.0936 1612 AsyncMac - ok
21:10:15.0098 1612 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:10:15.0099 1612 atapi - ok
21:10:15.0419 1612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:10:15.0425 1612 AudioEndpointBuilder - ok
21:10:15.0437 1612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:10:15.0441 1612 AudioSrv - ok
21:10:17.0471 1612 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:10:17.0677 1612 AVGIDSAgent - ok
21:10:17.0854 1612 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:10:17.0855 1612 AVGIDSDriver - ok
21:10:18.0173 1612 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:10:18.0173 1612 AVGIDSFilter - ok
21:10:18.0345 1612 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:10:18.0345 1612 AVGIDSHA - ok
21:10:18.0813 1612 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:10:18.0813 1612 Avgldx64 - ok
21:10:19.0113 1612 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:10:19.0114 1612 Avgmfx64 - ok
21:10:19.0546 1612 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:10:19.0546 1612 Avgrkx64 - ok
21:10:19.0984 1612 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:10:19.0984 1612 Avgtdia - ok
21:10:20.0062 1612 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:10:20.0062 1612 avgwd - ok
21:10:20.0140 1612 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:10:20.0156 1612 AxInstSV - ok
21:10:20.0265 1612 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:10:20.0327 1612 b06bdrv - ok
21:10:20.0436 1612 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:20.0436 1612 b57nd60a - ok
21:10:20.0640 1612 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:10:20.0656 1612 BDESVC - ok
21:10:20.0831 1612 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:10:20.0831 1612 Beep - ok
21:10:21.0434 1612 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:10:21.0590 1612 BFE - ok
21:10:21.0777 1612 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:21.0777 1612 blbdrive - ok
21:10:21.0948 1612 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:10:21.0948 1612 bowser - ok
21:10:22.0112 1612 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:10:22.0121 1612 BrFiltLo - ok
21:10:22.0137 1612 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:10:22.0144 1612 BrFiltUp - ok
21:10:22.0305 1612 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:10:22.0306 1612 Browser - ok
21:10:22.0481 1612 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:10:22.0617 1612 Brserid - ok
21:10:22.0753 1612 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:22.0764 1612 BrSerWdm - ok
21:10:22.0916 1612 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:22.0924 1612 BrUsbMdm - ok
21:10:23.0081 1612 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:23.0094 1612 BrUsbSer - ok
21:10:23.0137 1612 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:10:23.0145 1612 BTHMODEM - ok
21:10:23.0337 1612 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:10:23.0339 1612 bthserv - ok
21:10:23.0545 1612 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:10:23.0548 1612 cdfs - ok
21:10:23.0589 1612 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:10:23.0591 1612 cdrom - ok
21:10:23.0633 1612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:10:23.0643 1612 CertPropSvc - ok
21:10:23.0671 1612 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:10:23.0673 1612 circlass - ok
21:10:23.0838 1612 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:10:23.0842 1612 CLFS - ok
21:10:24.0185 1612 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:24.0383 1612 clr_optimization_v2.0.50727_32 - ok
21:10:24.0585 1612 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:24.0785 1612 clr_optimization_v2.0.50727_64 - ok
21:10:25.0210 1612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:27.0535 1612 clr_optimization_v4.0.30319_32 - ok
21:10:27.0847 1612 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:28.0299 1612 clr_optimization_v4.0.30319_64 - ok
21:10:28.0439 1612 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:10:28.0455 1612 CmBatt - ok
21:10:28.0490 1612 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:10:28.0491 1612 cmdide - ok
21:10:28.0781 1612 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:10:28.0781 1612 CNG - ok
21:10:29.0077 1612 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:10:29.0077 1612 Compbatt - ok
21:10:29.0218 1612 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:10:29.0218 1612 CompositeBus - ok
21:10:29.0576 1612 COMSysApp - ok
21:10:29.0748 1612 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:10:29.0764 1612 crcdisk - ok
21:10:29.0921 1612 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:10:29.0922 1612 CryptSvc - ok
21:10:30.0232 1612 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:10:30.0232 1612 CSC - ok
21:10:30.0715 1612 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:10:30.0715 1612 CscService - ok
21:10:31.0027 1612 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:10:31.0027 1612 dc3d - ok
21:10:31.0355 1612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:10:31.0511 1612 DcomLaunch - ok
21:10:31.0854 1612 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:10:32.0010 1612 defragsvc - ok
21:10:32.0525 1612 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
21:10:32.0541 1612 Desura Install Service - ok
21:10:32.0681 1612 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:10:32.0681 1612 DfsC - ok
21:10:32.0962 1612 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:10:32.0977 1612 Dhcp - ok
21:10:33.0118 1612 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:10:33.0118 1612 discache - ok
21:10:33.0274 1612 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:10:33.0274 1612 Disk - ok
21:10:33.0430 1612 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:10:33.0445 1612 dmvsc - ok
21:10:33.0617 1612 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:10:33.0617 1612 Dnscache - ok
21:10:34.0063 1612 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:10:34.0077 1612 dot3svc - ok
21:10:34.0224 1612 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:10:34.0225 1612 DPS - ok
21:10:34.0508 1612 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:10:34.0508 1612 drmkaud - ok
21:10:34.0836 1612 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:10:34.0836 1612 DXGKrnl - ok
21:10:34.0992 1612 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:10:34.0992 1612 EapHost - ok
21:10:36.0053 1612 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:10:36.0349 1612 ebdrv - ok
21:10:36.0536 1612 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:10:36.0536 1612 EFS - ok
21:10:37.0129 1612 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:10:37.0129 1612 ehRecvr - ok
21:10:37.0160 1612 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:10:37.0160 1612 ehSched - ok
21:10:37.0192 1612 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:10:37.0192 1612 elxstor - ok
21:10:37.0223 1612 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
21:10:37.0223 1612 epmntdrv - ok
21:10:37.0316 1612 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
21:10:37.0332 1612 EPSON_EB_RPCV4_01 - ok
21:10:37.0348 1612 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:10:37.0363 1612 EPSON_PM_RPCV4_01 - ok
21:10:37.0363 1612 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:10:37.0363 1612 ErrDev - ok
21:10:37.0379 1612 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
21:10:37.0379 1612 EuGdiDrv - ok
21:10:37.0410 1612 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:10:37.0426 1612 EventSystem - ok
21:10:37.0441 1612 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:10:37.0441 1612 exfat - ok
21:10:37.0472 1612 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:10:37.0472 1612 fastfat - ok
21:10:37.0519 1612 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:10:37.0519 1612 Fax - ok
21:10:37.0550 1612 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:10:37.0550 1612 fdc - ok
21:10:37.0566 1612 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:10:37.0566 1612 fdPHost - ok
21:10:37.0582 1612 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:10:37.0582 1612 FDResPub - ok
21:10:37.0582 1612 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:10:37.0582 1612 FileInfo - ok
21:10:37.0597 1612 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:10:37.0597 1612 Filetrace - ok
21:10:37.0613 1612 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:37.0613 1612 flpydisk - ok
21:10:37.0644 1612 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:10:37.0644 1612 FltMgr - ok
21:10:37.0675 1612 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:10:37.0691 1612 FontCache - ok
21:10:37.0738 1612 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:10:37.0738 1612 FontCache3.0.0.0 - ok
21:10:37.0769 1612 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:10:37.0769 1612 FsDepends - ok
21:10:37.0784 1612 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:10:37.0784 1612 Fs_Rec - ok
21:10:37.0800 1612 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:10:37.0800 1612 fvevol - ok
21:10:37.0816 1612 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:10:37.0816 1612 gagp30kx - ok
21:10:37.0847 1612 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:10:37.0847 1612 gpsvc - ok
21:10:37.0878 1612 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:10:37.0878 1612 gusvc - ok
21:10:37.0925 1612 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:10:37.0925 1612 hamachi - ok
21:10:37.0956 1612 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:10:37.0956 1612 hcw85cir - ok
21:10:38.0003 1612 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:10:38.0003 1612 HdAudAddService - ok
21:10:38.0018 1612 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:10:38.0018 1612 HDAudBus - ok
21:10:38.0034 1612 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:10:38.0034 1612 HidBatt - ok
21:10:38.0034 1612 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:10:38.0034 1612 HidBth - ok
21:10:38.0050 1612 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:10:38.0050 1612 HidIr - ok
21:10:38.0065 1612 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:10:38.0065 1612 hidserv - ok
21:10:38.0096 1612 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:10:38.0096 1612 HidUsb - ok
21:10:38.0112 1612 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:10:38.0112 1612 hkmsvc - ok
21:10:38.0128 1612 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:10:38.0128 1612 HomeGroupListener - ok
21:10:38.0143 1612 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:10:38.0143 1612 HomeGroupProvider - ok
21:10:38.0159 1612 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:10:38.0159 1612 HpSAMD - ok
21:10:38.0221 1612 [ B7CFE93627E7796624004687125A729F ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
21:10:38.0237 1612 hshld - ok
21:10:38.0268 1612 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
21:10:38.0284 1612 HssDrv - ok
21:10:38.0299 1612 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
21:10:38.0299 1612 HssSrv - ok
21:10:38.0346 1612 [ B3C6EEEFF5C5EA3235B7D84317C1FB3F ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
21:10:38.0346 1612 HssTrayService - ok
21:10:38.0346 1612 HssWd - ok
21:10:38.0393 1612 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:10:38.0408 1612 HTTP - ok
21:10:38.0424 1612 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:10:38.0424 1612 hwpolicy - ok
21:10:38.0440 1612 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:10:38.0440 1612 i8042prt - ok
21:10:38.0486 1612 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:10:38.0486 1612 iaStorV - ok
21:10:38.0549 1612 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:10:38.0564 1612 idsvc - ok
21:10:38.0596 1612 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:10:38.0596 1612 iirsp - ok
21:10:38.0611 1612 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:10:38.0627 1612 IKEEXT - ok
21:10:38.0642 1612 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:10:38.0642 1612 intelide - ok
21:10:38.0658 1612 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
21:10:38.0658 1612 intelppm - ok
21:10:38.0689 1612 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:10:38.0689 1612 IPBusEnum - ok
21:10:38.0705 1612 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:38.0705 1612 IpFilterDriver - ok
21:10:38.0736 1612 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:10:38.0752 1612 iphlpsvc - ok
21:10:38.0752 1612 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:10:38.0752 1612 IPMIDRV - ok
21:10:38.0767 1612 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:10:38.0767 1612 IPNAT - ok
21:10:38.0783 1612 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:10:38.0783 1612 IRENUM - ok
21:10:38.0798 1612 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:10:38.0798 1612 isapnp - ok
21:10:38.0830 1612 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:10:38.0830 1612 iScsiPrt - ok
21:10:38.0845 1612 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:38.0845 1612 kbdclass - ok
21:10:38.0861 1612 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:38.0861 1612 kbdhid - ok
21:10:38.0876 1612 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:10:38.0876 1612 KeyIso - ok
21:10:38.0908 1612 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:10:38.0908 1612 KSecDD - ok
21:10:38.0923 1612 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:10:38.0923 1612 KSecPkg - ok
21:10:38.0954 1612 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:10:38.0954 1612 ksthunk - ok
21:10:38.0970 1612 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:10:38.0970 1612 KtmRm - ok
21:10:39.0001 1612 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:10:39.0001 1612 LanmanServer - ok
21:10:39.0017 1612 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:10:39.0017 1612 LanmanWorkstation - ok
21:10:39.0032 1612 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:10:39.0032 1612 lltdio - ok
21:10:39.0048 1612 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:10:39.0048 1612 lltdsvc - ok
21:10:39.0064 1612 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:10:39.0064 1612 lmhosts - ok
21:10:39.0079 1612 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
21:10:39.0079 1612 LPCFilter - ok
21:10:39.0095 1612 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:10:39.0095 1612 LSI_FC - ok
21:10:39.0110 1612 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:10:39.0110 1612 LSI_SAS - ok
21:10:39.0126 1612 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:10:39.0126 1612 LSI_SAS2 - ok
21:10:39.0126 1612 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:10:39.0126 1612 LSI_SCSI - ok
21:10:39.0142 1612 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:10:39.0157 1612 luafv - ok
21:10:39.0188 1612 [ 4CB64D7458ABD8396BCD389A69C8FC80 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
21:10:39.0188 1612 lvpepf64 - ok
21:10:39.0204 1612 [ 0034F69D0007D3F77F6B96FA51228E85 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
21:10:39.0204 1612 LVUSBS64 - ok
21:10:39.0251 1612 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
21:10:39.0251 1612 mcdbus - ok
21:10:39.0282 1612 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:10:39.0282 1612 Mcx2Svc - ok
21:10:39.0298 1612 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:10:39.0298 1612 megasas - ok
21:10:39.0313 1612 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:10:39.0313 1612 MegaSR - ok
21:10:39.0391 1612 Microsoft SharePoint Workspace Audit Service - ok
21:10:39.0422 1612 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:10:39.0422 1612 MMCSS - ok
21:10:39.0422 1612 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:10:39.0422 1612 Modem - ok
21:10:39.0454 1612 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:10:39.0454 1612 monitor - ok
21:10:39.0469 1612 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:10:39.0469 1612 mouclass - ok
21:10:39.0469 1612 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:10:39.0469 1612 mouhid - ok
21:10:39.0485 1612 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:10:39.0485 1612 mountmgr - ok
21:10:39.0532 1612 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:10:39.0532 1612 MozillaMaintenance - ok
21:10:39.0563 1612 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:10:39.0563 1612 mpio - ok
21:10:39.0578 1612 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:10:39.0578 1612 mpsdrv - ok
21:10:39.0610 1612 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:10:39.0625 1612 MpsSvc - ok
21:10:39.0625 1612 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:10:39.0625 1612 MRxDAV - ok
21:10:39.0656 1612 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:39.0672 1612 mrxsmb - ok
21:10:39.0688 1612 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:39.0688 1612 mrxsmb10 - ok
21:10:39.0688 1612 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:39.0703 1612 mrxsmb20 - ok
21:10:39.0719 1612 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:10:39.0719 1612 msahci - ok
21:10:39.0734 1612 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:10:39.0734 1612 msdsm - ok
21:10:39.0750 1612 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:10:39.0750 1612 MSDTC - ok
21:10:39.0797 1612 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:10:39.0797 1612 Msfs - ok
21:10:39.0812 1612 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:10:39.0812 1612 mshidkmdf - ok
21:10:39.0828 1612 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:10:39.0828 1612 msisadrv - ok
21:10:39.0844 1612 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:10:39.0844 1612 MSiSCSI - ok
21:10:39.0859 1612 msiserver - ok
21:10:39.0875 1612 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:10:39.0875 1612 MSKSSRV - ok
21:10:39.0890 1612 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:39.0890 1612 MSPCLOCK - ok
21:10:39.0906 1612 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:10:39.0906 1612 MSPQM - ok
21:10:39.0922 1612 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:10:39.0922 1612 MsRPC - ok
21:10:39.0953 1612 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:39.0953 1612 mssmbios - ok
21:10:39.0968 1612 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:10:39.0968 1612 MSTEE - ok
21:10:39.0984 1612 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:10:39.0984 1612 MTConfig - ok
21:10:40.0000 1612 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:10:40.0000 1612 MTsensor - ok
21:10:40.0015 1612 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:10:40.0015 1612 Mup - ok
21:10:40.0031 1612 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:10:40.0046 1612 napagent - ok
21:10:40.0062 1612 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:10:40.0062 1612 NativeWifiP - ok
21:10:40.0109 1612 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:10:40.0124 1612 NDIS - ok
21:10:40.0156 1612 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:10:40.0156 1612 NdisCap - ok
21:10:40.0156 1612 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:40.0171 1612 NdisTapi - ok
21:10:40.0187 1612 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:40.0187 1612 Ndisuio - ok
21:10:40.0202 1612 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:40.0202 1612 NdisWan - ok
21:10:40.0218 1612 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:10:40.0218 1612 NDProxy - ok
21:10:40.0218 1612 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:10:40.0218 1612 NetBIOS - ok
21:10:40.0234 1612 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:10:40.0249 1612 NetBT - ok
21:10:40.0265 1612 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:10:40.0265 1612 Netlogon - ok
21:10:40.0280 1612 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:10:40.0296 1612 Netman - ok
21:10:40.0312 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:40.0358 1612 NetMsmqActivator - ok
21:10:40.0358 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:40.0374 1612 NetPipeActivator - ok
21:10:40.0390 1612 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:10:40.0390 1612 netprofm - ok
21:10:40.0405 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:40.0405 1612 NetTcpActivator - ok
21:10:40.0405 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:40.0405 1612 NetTcpPortSharing - ok
21:10:40.0421 1612 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:10:40.0421 1612 nfrd960 - ok
21:10:40.0436 1612 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:10:40.0436 1612 NlaSvc - ok
21:10:40.0468 1612 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
21:10:40.0468 1612 nmwcd - ok
21:10:40.0530 1612 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
21:10:40.0530 1612 nmwcdc - ok
21:10:40.0546 1612 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:10:40.0546 1612 Npfs - ok
21:10:40.0546 1612 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:10:40.0561 1612 nsi - ok
21:10:40.0561 1612 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:10:40.0561 1612 nsiproxy - ok
21:10:40.0624 1612 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:10:40.0655 1612 Ntfs - ok
21:10:40.0702 1612 nTuneService - ok
21:10:40.0733 1612 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
21:10:40.0733 1612 NuidFltr - ok
21:10:40.0748 1612 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:10:40.0748 1612 Null - ok
21:10:40.0780 1612 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
21:10:40.0780 1612 NVENETFD - ok
21:10:40.0811 1612 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:10:40.0811 1612 NVHDA - ok
21:10:41.0060 1612 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:10:41.0263 1612 nvlddmkm - ok
21:10:41.0310 1612 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
21:10:41.0310 1612 nvoclk64 - ok
21:10:41.0326 1612 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:10:41.0326 1612 nvraid - ok
21:10:41.0341 1612 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:10:41.0341 1612 nvstor - ok
21:10:41.0372 1612 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
21:10:41.0388 1612 nvsvc - ok
21:10:41.0419 1612 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:10:41.0435 1612 nvUpdatusService - ok
21:10:41.0466 1612 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:10:41.0466 1612 nv_agp - ok
21:10:41.0482 1612 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:10:41.0482 1612 ohci1394 - ok
21:10:41.0544 1612 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:41.0544 1612 ose - ok
21:10:41.0684 1612 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:10:41.0778 1612 osppsvc - ok
21:10:41.0809 1612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:10:41.0809 1612 p2pimsvc - ok
21:10:41.0825 1612 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:10:41.0840 1612 p2psvc - ok
21:10:41.0856 1612 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:10:41.0856 1612 Parport - ok
21:10:41.0872 1612 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:10:41.0872 1612 partmgr - ok
21:10:41.0887 1612 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:10:41.0903 1612 PcaSvc - ok
21:10:41.0934 1612 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:10:41.0934 1612 pccsmcfd - ok
21:10:41.0950 1612 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:10:41.0965 1612 pci - ok
21:10:41.0965 1612 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:10:41.0965 1612 pciide - ok
21:10:41.0981 1612 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:10:41.0981 1612 pcmcia - ok
21:10:42.0012 1612 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:10:42.0012 1612 pcw - ok
21:10:42.0028 1612 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:10:42.0043 1612 PEAUTH - ok
21:10:42.0090 1612 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:10:42.0106 1612 PeerDistSvc - ok
21:10:42.0184 1612 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:10:42.0230 1612 PerfHost - ok
21:10:42.0277 1612 [ 9CE52A8D939A5ED0526AE7D7E5DB9755 ] PGR1394b C:\Windows\system32\DRIVERS\PGR1394.sys
21:10:42.0277 1612 PGR1394b - ok
21:10:42.0308 1612 [ 37EA62238E17AE88E4713D9246CA1C1C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
21:10:42.0324 1612 PID_PEPI - ok
21:10:42.0355 1612 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:10:42.0371 1612 pla - ok
21:10:42.0402 1612 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:10:42.0402 1612 PlugPlay - ok
21:10:42.0433 1612 PnkBstrA - ok
21:10:42.0449 1612 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:10:42.0449 1612 PNRPAutoReg - ok
21:10:42.0464 1612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:10:42.0464 1612 PNRPsvc - ok
21:10:42.0496 1612 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:10:42.0496 1612 Point64 - ok
21:10:42.0527 1612 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:10:42.0527 1612 PolicyAgent - ok
21:10:42.0558 1612 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:10:42.0574 1612 Power - ok
21:10:42.0589 1612 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:10:42.0589 1612 PptpMiniport - ok
21:10:42.0605 1612 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:10:42.0605 1612 Processor - ok
21:10:42.0636 1612 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:10:42.0636 1612 ProfSvc - ok
21:10:42.0652 1612 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:10:42.0652 1612 ProtectedStorage - ok
21:10:42.0667 1612 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:10:42.0667 1612 Psched - ok
21:10:42.0714 1612 [ 0B6DEA0A1662CAB8F2BF339DC0752EF4 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:10:42.0714 1612 PSI_SVC_2 - ok
21:10:42.0776 1612 [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:10:42.0776 1612 PSI_SVC_2_x64 - ok
21:10:42.0808 1612 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:10:42.0808 1612 PxHlpa64 - ok
21:10:42.0839 1612 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:10:42.0854 1612 ql2300 - ok
21:10:42.0870 1612 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:10:42.0886 1612 ql40xx - ok
21:10:42.0901 1612 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:10:42.0901 1612 QWAVE - ok
21:10:42.0901 1612 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:10:42.0901 1612 QWAVEdrv - ok
21:10:42.0917 1612 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:10:42.0917 1612 RasAcd - ok
21:10:42.0932 1612 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:10:42.0932 1612 RasAgileVpn - ok
21:10:42.0932 1612 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:10:42.0932 1612 RasAuto - ok
21:10:42.0964 1612 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:42.0964 1612 Rasl2tp - ok
21:10:42.0979 1612 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:10:42.0979 1612 RasMan - ok
21:10:42.0995 1612 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:42.0995 1612 RasPppoe - ok
21:10:43.0010 1612 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:10:43.0010 1612 RasSstp - ok
21:10:43.0042 1612 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:10:43.0042 1612 rdbss - ok
21:10:43.0057 1612 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:10:43.0057 1612 rdpbus - ok
21:10:43.0088 1612 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:43.0088 1612 RDPCDD - ok
21:10:43.0104 1612 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:10:43.0104 1612 RDPDR - ok
21:10:43.0135 1612 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:10:43.0135 1612 RDPENCDD - ok
21:10:43.0151 1612 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:10:43.0151 1612 RDPREFMP - ok
21:10:43.0198 1612 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:10:43.0198 1612 RdpVideoMiniport - ok
21:10:43.0229 1612 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:10:43.0229 1612 RDPWD - ok
21:10:43.0244 1612 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:10:43.0244 1612 rdyboost - ok
21:10:43.0260 1612 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:10:43.0276 1612 RemoteAccess - ok
21:10:43.0276 1612 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:10:43.0291 1612 RemoteRegistry - ok
21:10:43.0291 1612 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:10:43.0291 1612 RpcEptMapper - ok
21:10:43.0307 1612 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:10:43.0307 1612 RpcLocator - ok
21:10:43.0322 1612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:10:43.0322 1612 RpcSs - ok
21:10:43.0338 1612 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:10:43.0338 1612 rspndr - ok
21:10:43.0369 1612 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
21:10:43.0369 1612 RTL8187 - ok
21:10:43.0416 1612 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:10:43.0432 1612 s3cap - ok
21:10:43.0432 1612 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:10:43.0432 1612 SamSs - ok
21:10:43.0451 1612 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:10:43.0453 1612 sbp2port - ok
21:10:43.0505 1612 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:10:43.0517 1612 SBSDWSCService - ok
21:10:43.0529 1612 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:10:43.0532 1612 SCardSvr - ok
21:10:43.0551 1612 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:10:43.0552 1612 scfilter - ok
21:10:43.0581 1612 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:10:43.0592 1612 Schedule - ok
21:10:43.0611 1612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:10:43.0612 1612 SCPolicySvc - ok
21:10:43.0629 1612 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:10:43.0633 1612 SDRSVC - ok
21:10:43.0639 1612 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:10:43.0640 1612 secdrv - ok
21:10:43.0653 1612 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:10:43.0655 1612 seclogon - ok
21:10:43.0674 1612 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:10:43.0677 1612 SENS - ok
21:10:43.0682 1612 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:10:43.0684 1612 SensrSvc - ok
21:10:43.0712 1612 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:10:43.0713 1612 Serenum - ok
21:10:43.0731 1612 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:10:43.0733 1612 Serial - ok
21:10:43.0749 1612 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:10:43.0750 1612 sermouse - ok
21:10:43.0827 1612 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:10:43.0835 1612 ServiceLayer - ok
21:10:43.0861 1612 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:10:43.0864 1612 SessionEnv - ok
21:10:43.0872 1612 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:10:43.0874 1612 sffdisk - ok
21:10:43.0888 1612 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:10:43.0889 1612 sffp_mmc - ok
21:10:43.0906 1612 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:10:43.0907 1612 sffp_sd - ok
21:10:43.0924 1612 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:10:43.0925 1612 sfloppy - ok
21:10:43.0945 1612 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:10:43.0951 1612 ShellHWDetection - ok
21:10:43.0975 1612 [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys
21:10:43.0977 1612 SI3132 - ok
21:10:43.0982 1612 [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
21:10:43.0983 1612 SiFilter - ok
21:10:43.0995 1612 [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
21:10:43.0996 1612 SiRemFil - ok
21:10:44.0007 1612 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:10:44.0009 1612 SiSRaid2 - ok
21:10:44.0024 1612 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:10:44.0026 1612 SiSRaid4 - ok
21:10:44.0061 1612 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:10:44.0063 1612 SkypeUpdate - ok
21:10:44.0084 1612 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:10:44.0084 1612 Smb - ok
21:10:44.0131 1612 [ 32CDE417100C530964E79C53B4E994CA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
21:10:44.0147 1612 snapman - ok
21:10:44.0162 1612 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:10:44.0162 1612 SNMPTRAP - ok
21:10:44.0178 1612 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:10:44.0178 1612 spldr - ok
21:10:44.0225 1612 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:10:44.0225 1612 Spooler - ok
21:10:44.0287 1612 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:10:44.0349 1612 sppsvc - ok
21:10:44.0365 1612 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:10:44.0365 1612 sppuinotify - ok
21:10:44.0396 1612 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:10:44.0396 1612 srv - ok
21:10:44.0412 1612 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:10:44.0427 1612 srv2 - ok
21:10:44.0443 1612 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:10:44.0443 1612 srvnet - ok
21:10:44.0490 1612 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
21:10:44.0490 1612 ssadbus - ok
21:10:44.0521 1612 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:10:44.0521 1612 ssadmdfl - ok
21:10:44.0552 1612 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
21:10:44.0568 1612 ssadmdm - ok
21:10:44.0615 1612 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
21:10:44.0615 1612 ssadserd - ok
21:10:44.0630 1612 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:10:44.0646 1612 SSDPSRV - ok
21:10:44.0646 1612 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:10:44.0646 1612 SstpSvc - ok
21:10:44.0661 1612 Steam Client Service - ok
21:10:44.0739 1612 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:10:44.0755 1612 Stereo Service - ok
21:10:44.0786 1612 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:10:44.0786 1612 stexstor - ok
21:10:44.0817 1612 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:10:44.0833 1612 stisvc - ok
21:10:44.0864 1612 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:10:44.0864 1612 storflt - ok
21:10:44.0895 1612 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:10:44.0895 1612 storvsc - ok
21:10:44.0927 1612 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:10:44.0927 1612 swenum - ok
21:10:45.0020 1612 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:10:45.0020 1612 SwitchBoard - ok
21:10:45.0051 1612 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:10:45.0051 1612 swprv - ok
21:10:45.0083 1612 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
21:10:45.0083 1612 Synth3dVsc - ok
21:10:45.0114 1612 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:10:45.0145 1612 SysMain - ok
21:10:45.0161 1612 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:10:45.0176 1612 TabletInputService - ok
21:10:45.0192 1612 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
21:10:45.0192 1612 tap0901 - ok
21:10:45.0239 1612 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
21:10:45.0239 1612 taphss - ok
21:10:45.0254 1612 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:10:45.0254 1612 TapiSrv - ok
21:10:45.0270 1612 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:10:45.0270 1612 TBS - ok
21:10:45.0348 1612 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:10:45.0379 1612 Tcpip - ok
21:10:45.0410 1612 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:10:45.0410 1612 TCPIP6 - ok
21:10:45.0441 1612 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:10:45.0457 1612 tcpipreg - ok
21:10:45.0473 1612 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:10:45.0473 1612 TDPIPE - ok
21:10:45.0488 1612 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:10:45.0488 1612 TDTCP - ok
21:10:45.0519 1612 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:10:45.0519 1612 tdx - ok
21:10:45.0535 1612 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:10:45.0535 1612 TermDD - ok
21:10:45.0535 1612 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
21:10:45.0551 1612 terminpt - ok
21:10:45.0582 1612 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:10:45.0597 1612 TermService - ok
21:10:45.0613 1612 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:10:45.0613 1612 Themes - ok
21:10:45.0629 1612 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:10:45.0629 1612 THREADORDER - ok
21:10:45.0644 1612 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:10:45.0644 1612 TrkWks - ok
21:10:45.0691 1612 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:10:45.0691 1612 TrustedInstaller - ok
21:10:45.0707 1612 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:45.0707 1612 tssecsrv - ok
21:10:45.0722 1612 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:10:45.0722 1612 TsUsbFlt - ok
21:10:45.0738 1612 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:10:45.0738 1612 TsUsbGD - ok
21:10:45.0753 1612 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
21:10:45.0769 1612 tsusbhub - ok
21:10:45.0769 1612 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:10:45.0785 1612 tunnel - ok
21:10:45.0785 1612 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:10:45.0785 1612 uagp35 - ok
21:10:45.0816 1612 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:10:45.0816 1612 udfs - ok
21:10:45.0831 1612 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:10:45.0831 1612 UI0Detect - ok
21:10:45.0863 1612 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:10:45.0863 1612 uliagpkx - ok
21:10:45.0878 1612 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:10:45.0878 1612 umbus - ok
21:10:45.0894 1612 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:10:45.0894 1612 UmPass - ok
21:10:45.0925 1612 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:10:45.0925 1612 UmRdpService - ok
21:10:45.0987 1612 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
21:10:45.0987 1612 UnlockerDriver5 - ok
21:10:46.0003 1612 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:10:46.0019 1612 upnphost - ok
21:10:46.0050 1612 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:10:46.0050 1612 upperdev - ok
21:10:46.0081 1612 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:10:46.0081 1612 usbaudio - ok
21:10:46.0112 1612 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:46.0112 1612 usbccgp - ok
21:10:46.0143 1612 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:10:46.0143 1612 usbcir - ok
21:10:46.0175 1612 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:10:46.0175 1612 usbehci - ok
21:10:46.0206 1612 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:10:46.0206 1612 usbhub - ok
21:10:46.0221 1612 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:10:46.0221 1612 usbohci - ok
21:10:46.0253 1612 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:10:46.0253 1612 usbprint - ok
21:10:46.0284 1612 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
21:10:46.0284 1612 usbser - ok
21:10:46.0299 1612 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
21:10:46.0299 1612 UsbserFilt - ok
21:10:46.0331 1612 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:46.0346 1612 USBSTOR - ok
21:10:46.0377 1612 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:10:46.0377 1612 usbuhci - ok
21:10:46.0377 1612 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:10:46.0393 1612 UxSms - ok
21:10:46.0393 1612 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:10:46.0393 1612 VaultSvc - ok
21:10:46.0424 1612 [ 780B472A8392771EF31031BA6238BF9E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:10:46.0440 1612 VBoxDrv - ok
21:10:46.0455 1612 [ E705A3A384E7569FA2F1A3A29BDC5240 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:10:46.0455 1612 VBoxNetAdp - ok
21:10:46.0487 1612 [ D00756D69EFCFBF90F759D338E4B16EB ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:10:46.0487 1612 VBoxNetFlt - ok
21:10:46.0518 1612 [ 815E54E21908488BC545659A76D57D2F ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
21:10:46.0518 1612 VBoxUSB - ok
21:10:46.0549 1612 [ 508CFD271CFDD2B686A0FC5D370070E6 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:10:46.0549 1612 VBoxUSBMon - ok
21:10:46.0565 1612 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:10:46.0565 1612 vdrvroot - ok
21:10:46.0596 1612 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:10:46.0596 1612 vds - ok
21:10:46.0627 1612 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:46.0627 1612 vga - ok
21:10:46.0643 1612 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:10:46.0643 1612 VgaSave - ok
21:10:46.0658 1612 VGPU - ok
21:10:46.0689 1612 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:10:46.0689 1612 vhdmp - ok
21:10:46.0705 1612 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:10:46.0705 1612 viaide - ok
21:10:46.0721 1612 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:10:46.0736 1612 vmbus - ok
21:10:46.0736 1612 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:10:46.0752 1612 VMBusHID - ok
21:10:46.0752 1612 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:10:46.0752 1612 volmgr - ok
21:10:46.0767 1612 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:10:46.0767 1612 volmgrx - ok
21:10:46.0830 1612 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:10:46.0830 1612 volsnap - ok
21:10:46.0861 1612 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:10:46.0861 1612 vsmraid - ok
21:10:46.0908 1612 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:10:46.0939 1612 VSS - ok
21:10:46.0955 1612 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:10:46.0955 1612 vwifibus - ok
21:10:46.0955 1612 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:10:46.0955 1612 vwififlt - ok
21:10:46.0986 1612 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:10:46.0986 1612 vwifimp - ok
21:10:47.0001 1612 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:10:47.0001 1612 W32Time - ok
21:10:47.0017 1612 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:10:47.0017 1612 WacomPen - ok
21:10:47.0048 1612 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:10:47.0048 1612 WANARP - ok
21:10:47.0064 1612 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:10:47.0064 1612 Wanarpv6 - ok
21:10:47.0126 1612 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:10:47.0142 1612 WatAdminSvc - ok
21:10:47.0173 1612 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:10:47.0189 1612 wbengine - ok
21:10:47.0220 1612 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:10:47.0220 1612 WbioSrvc - ok
21:10:47.0235 1612 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:10:47.0235 1612 wcncsvc - ok
21:10:47.0251 1612 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:10:47.0251 1612 WcsPlugInService - ok
21:10:47.0267 1612 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:10:47.0267 1612 Wd - ok
21:10:47.0313 1612 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:10:47.0313 1612 Wdf01000 - ok
21:10:47.0345 1612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:10:47.0345 1612 WdiServiceHost - ok
21:10:47.0345 1612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:10:47.0345 1612 WdiSystemHost - ok
21:10:47.0360 1612 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:10:47.0376 1612 WebClient - ok
21:10:47.0376 1612 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:10:47.0391 1612 Wecsvc - ok
21:10:47.0391 1612 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:10:47.0391 1612 wercplsupport - ok
21:10:47.0407 1612 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:10:47.0423 1612 WerSvc - ok
21:10:47.0423 1612 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:47.0423 1612 WfpLwf - ok
21:10:47.0438 1612 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:10:47.0438 1612 WIMMount - ok
21:10:47.0454 1612 WinHttpAutoProxySvc - ok
21:10:47.0485 1612 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:10:47.0485 1612 Winmgmt - ok
21:10:47.0532 1612 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:10:47.0579 1612 WinRM - ok
21:10:47.0625 1612 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:10:47.0625 1612 WinUsb - ok
21:10:47.0657 1612 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:10:47.0657 1612 Wlansvc - ok
21:10:47.0735 1612 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:10:47.0735 1612 wlcrasvc - ok
21:10:47.0797 1612 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:10:47.0844 1612 wlidsvc - ok
21:10:47.0859 1612 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:10:47.0859 1612 WmiAcpi - ok
21:10:47.0875 1612 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:10:47.0875 1612 wmiApSrv - ok
21:10:47.0891 1612 WMPNetworkSvc - ok
21:10:47.0891 1612 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:10:47.0906 1612 WPCSvc - ok
21:10:47.0922 1612 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:10:47.0922 1612 WPDBusEnum - ok
21:10:47.0937 1612 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:10:47.0937 1612 ws2ifsl - ok
21:10:47.0953 1612 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:10:47.0953 1612 wscsvc - ok
21:10:47.0969 1612 WSearch - ok
21:10:48.0015 1612 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:10:48.0015 1612 WudfPf - ok
21:10:48.0047 1612 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:48.0047 1612 WUDFRd - ok
21:10:48.0078 1612 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:10:48.0078 1612 wudfsvc - ok
21:10:48.0109 1612 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:10:48.0140 1612 WwanSvc - ok
21:10:48.0203 1612 ================ Scan global ===============================
21:10:48.0218 1612 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:10:48.0234 1612 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:10:48.0249 1612 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:10:48.0281 1612 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:10:48.0312 1612 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
21:10:48.0327 1612 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
21:10:48.0327 1612 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
21:10:48.0327 1612 ================ Scan MBR ==================================
21:10:48.0343 1612 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:10:48.0499 1612 \Device\Harddisk0\DR0 - ok
21:10:48.0499 1612 ================ Scan VBR ==================================
21:10:48.0515 1612 [ F16EA6A7538BBC8BB193A3534BA3D598 ] \Device\Harddisk0\DR0\Partition1
21:10:48.0515 1612 \Device\Harddisk0\DR0\Partition1 - ok
21:10:48.0530 1612 [ 87F916EEF76A94598CC94CE6525C4016 ] \Device\Harddisk0\DR0\Partition2
21:10:48.0530 1612 \Device\Harddisk0\DR0\Partition2 - ok
21:10:48.0546 1612 [ 03B4257DDA97D1B1F49138FFB509238E ] \Device\Harddisk0\DR0\Partition3
21:10:48.0546 1612 \Device\Harddisk0\DR0\Partition3 - ok
21:10:48.0561 1612 [ 30B1CAC8E760630136A3A09B8B34495C ] \Device\Harddisk0\DR0\Partition4
21:10:48.0561 1612 \Device\Harddisk0\DR0\Partition4 - ok
21:10:48.0561 1612 ============================================================
21:10:48.0561 1612 Scan finished
21:10:48.0561 1612 ============================================================
21:10:48.0577 1604 Detected object count: 1
21:10:48.0577 1604 Actual detected object count: 1
21:10:55.0956 1604 C:\Windows\system32\services.exe - copied to quarantine
21:10:56.0471 1604 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
21:10:56.0471 1604 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
21:10:56.0689 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\@ - copied to quarantine
21:10:56.0689 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\00000004.@ - copied to quarantine
21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\201d3dde - copied to quarantine
21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000004.@ - copied to quarantine
21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000008.@ - copied to quarantine
21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\000000cb.@ - copied to quarantine
21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000000.@ - copied to quarantine
21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000032.@ - copied to quarantine
21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000064.@ - copied to quarantine
21:11:31.0509 1604 Backup copy not found, trying to cure infected file..
21:11:31.0509 1604 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
21:11:31.0509 1604 C:\Windows\system32\services.exe - processing error
21:11:31.0509 1604 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
21:12:49.0761 1488 Deinitialize success




Also ran the ESET Online Tool. Here is the log:


C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0003.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0004.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0006.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0007.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0008.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0010.dta a variant of Win64/Sirefef.AN trojan
C:\Users\Sno_opy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\56fed00a-32869c70 Java/TrojanDownloader.Agent.JX trojan
C:\Users\Public\Documentos Publicos\Corel Draw X5 Keygen [2010] - www.GuruFuel.com.rar a variant of Win32/Keygen.AF application
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000004.@ Win64/Conedex.C trojan
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000008.@ Win64/Agent.BA trojan
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\000000cb.@ Win64/Conedex.B trojan
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000000.@ Win64/Sirefef.AW trojan
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000064.@ a variant of Win64/Sirefef.AN trojan
Operating memory a variant of Win32/Sirefef.EZ trojan




I did a run with aswMBR but it crashes everytime the program scan a certain file. See the image below.
Posted Image




AND I did a run with FRST64 tool at startup/recovery mode. Here is the log:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012
Ran by SISTEMA at 11-12-2012 09:58:52
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Portuguese Brazilian
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)
HKU\Administrador\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-21] (Microsoft Corporation)
HKU\Administrador\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\Administrador\...\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]
HKU\Administrador\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [x]
HKU\Administrador\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x]
HKU\Administrador\...\Run: [Steam] "E:\Rlyeh\Games\Steam\Steam.exe" -silent [x]
HKU\Administrador\...\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet [x]
HKU\Administrador\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Administrador\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [x]
HKU\Administrador\...\Run: [AdobeBridge] [x]
HKU\Administrador\...\Run: [] [x]
HKU\Administrador\...\Policies\system: [LogonHoursAction] 2
HKU\Administrador\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sno_opy\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\Sno_opy\...\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART [9532824 2012-03-26] (Innovative Solutions)
HKU\Sno_opy\...\Run: [EPSON T24 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAB.EXE /FU "C:\Windows\TEMP\E_S1A86.tmp" /EF "HKCU" [223232 2008-09-12] (SEIKO EPSON CORPORATION)
HKU\Sno_opy\...\Run: [] [x]
HKU\Sno_opy\...\Run: [AdobeBridge] [x]
HKU\Sno_opy\...\Run: [Facebook Update] "C:\Users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-11-06] (Facebook Inc.)
HKU\Sno_opy\...\Policies\system: [LogonHoursAction] 2
HKU\Sno_opy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Renato\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKU\Renato\...\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [x]
HKU\Renato\...\Run: [EPSON T24 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE /FU "C:\Users\Renato\AppData\Local\Temp\E_S974F.tmp" /EF "HKCU" [x]
HKU\Renato\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\Renato\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [x]
HKU\Renato\...\Run: [AdobeBridge] [x]
HKU\Renato\...\Run: [] [x]
HKU\Renato\...\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]
HKU\Renato\...\Policies\system: [LogonHoursAction] 2
HKU\Renato\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Renato.Nataraja.001\...\Policies\system: [LogonHoursAction] 2
HKU\Renato.Nataraja.001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\UpdatusUser\...\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART [9532824 2012-03-26] (Innovative Solutions)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Users\Sno_opy\AppData\Local\Temp\Windows\taskhost.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Todos os Usuários\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ===================

2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [278336 2011-09-19] (NVIDIA)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-28] ()
2 PSI_SVC_2_x64; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [336824 2010-11-30] (arvato digital services llc)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) =====================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-06] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [88064 2008-03-14] (Point Grey Research)
0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-12] (Oracle Corporation)
4 bdselfpr; [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
4 vsserv; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-11 09:58 - 2012-12-11 09:58 - 00000000 ____D C:\FRST
2012-12-10 20:45 - 2012-12-10 20:45 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 20:44 - 2012-09-29 18:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-10 19:59 - 2012-12-10 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-10 19:49 - 2012-12-10 20:53 - 00000000 ____D C:\Users\Sno_opy\Desktop\solution
2012-12-08 12:21 - 2012-12-08 12:21 - 00000000 ____D C:\Program Files (x86)\coverXP
2012-12-03 17:50 - 2012-12-03 17:50 - 00291752 ____A C:\Windows\Minidump\120312-38937-01.dmp
2012-11-27 22:20 - 2012-11-27 22:20 - 00000214 ____A C:\Users\Sno_opy\Desktop\Sid Meier's Civilization V (DirectX 11).url
2012-11-23 16:54 - 2012-11-23 16:54 - 00001761 ____A C:\Users\Sno_opy\Desktop\TESVSnip.lnk
2012-11-23 14:10 - 2012-11-23 14:10 - 00001136 ____A C:\Users\Sno_opy\Desktop\Wrye Bash - Skyrim.lnk
2012-11-21 13:28 - 2012-11-21 13:29 - 00001668 ____A C:\Users\Sno_opy\Desktop\TSEV - SKSE.lnk
2012-11-16 11:40 - 2009-03-18 15:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
2012-11-16 10:04 - 2012-07-26 01:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-16 10:04 - 2012-07-26 01:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-16 10:04 - 2012-07-25 23:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-16 10:04 - 2012-06-02 11:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-16 09:59 - 2012-10-08 09:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-16 09:59 - 2012-10-08 08:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-16 09:59 - 2012-10-08 08:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 09:59 - 2012-10-08 08:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-16 09:59 - 2012-10-08 08:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-16 09:59 - 2012-10-08 08:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-16 09:59 - 2012-10-08 08:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-16 09:59 - 2012-10-08 08:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-16 09:59 - 2012-10-08 08:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-16 09:59 - 2012-10-08 08:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-16 09:59 - 2012-10-08 08:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-16 09:59 - 2012-10-08 08:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-16 09:59 - 2012-10-08 08:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-16 09:59 - 2012-10-08 08:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-16 09:59 - 2012-10-08 08:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-16 09:59 - 2012-10-08 08:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-16 09:59 - 2012-10-08 05:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-16 09:59 - 2012-10-08 05:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-16 09:59 - 2012-10-08 04:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-16 09:59 - 2012-10-08 04:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-16 09:59 - 2012-10-08 04:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-16 09:59 - 2012-10-08 04:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-16 09:59 - 2012-10-08 04:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-16 09:59 - 2012-10-08 04:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-16 09:59 - 2012-10-08 04:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-16 09:59 - 2012-10-08 04:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-16 09:59 - 2012-10-08 04:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-16 09:59 - 2012-10-08 04:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-16 09:59 - 2012-10-08 04:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-16 09:59 - 2012-10-08 04:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-16 09:59 - 2012-10-08 04:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-16 09:59 - 2012-10-08 04:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-16 09:53 - 2012-07-26 00:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 09:53 - 2012-07-25 23:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-16 09:53 - 2012-07-25 23:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-16 09:53 - 2012-06-02 11:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 08:24 - 2012-10-18 15:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-16 08:24 - 2012-10-09 15:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-16 08:24 - 2012-10-09 15:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 08:24 - 2012-10-09 14:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-16 08:24 - 2012-10-09 14:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-16 08:23 - 2012-10-03 14:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-16 08:23 - 2012-10-03 14:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-16 08:23 - 2012-10-03 14:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-16 08:23 - 2012-10-03 13:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-16 08:23 - 2012-10-03 13:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-16 08:23 - 2012-10-03 13:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-16 08:23 - 2012-10-03 13:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-16 08:23 - 2012-09-25 19:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-16 08:23 - 2012-09-25 19:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-16 08:23 - 2012-01-13 04:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 00:01 - 2012-11-14 00:01 - 00000208 ____A C:\Users\Sno_opy\Desktop\Creation Kit.url
2012-11-13 23:52 - 2012-11-13 23:52 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 19:58 - 2012-11-13 19:58 - 00003067 ____A C:\Users\Sno_opy\Desktop\BOSS Userlist Manager.lnk
2012-11-13 19:58 - 2012-11-13 19:58 - 00000000 ____D C:\Program Files (x86)\BOSS Userlist Manager
2012-11-13 12:42 - 2012-11-13 12:42 - 00001510 ____A C:\Users\Sno_opy\Desktop\SBW.lnk
2012-11-13 11:07 - 2012-11-13 11:07 - 00000207 ____A C:\Users\Sno_opy\Desktop\The Elder Scrolls V Skyrim.url
2012-11-13 10:44 - 2012-11-13 10:44 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2012-11-12 16:27 - 2012-11-12 16:27 - 00000899 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-11-11 18:57 - 2012-11-11 18:57 - 00000000 ____D C:\Program Files (x86)\GameSave Manager v3
2012-11-11 18:56 - 2012-11-11 21:13 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\GameSave Manager 3
2012-11-11 18:54 - 2012-11-11 18:54 - 00000000 ____D C:\Program Files\LinkShellExtension
2012-11-11 18:44 - 2012-11-11 18:44 - 00000000 ____D C:\Program Files (x86)\Tiggit
2012-11-11 18:06 - 2012-12-10 14:36 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Dropbox

==================== One Month Modified Files and Folders =======

2012-12-10 20:53 - 2012-12-10 19:49 - 00000000 ____D C:\Users\Sno_opy\Desktop\solution
2012-12-10 20:45 - 2012-12-10 20:45 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 20:35 - 2012-05-03 15:55 - 00256500 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-12-10 20:22 - 2011-04-12 10:40 - 00703370 ____A C:\Windows\System32\prfh0416.dat
2012-12-10 20:22 - 2011-04-12 10:40 - 00146156 ____A C:\Windows\System32\prfc0416.dat
2012-12-10 20:22 - 2009-07-14 02:13 - 01628050 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-10 20:20 - 2012-05-03 15:55 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Apple Computer
2012-12-10 20:10 - 2012-12-10 19:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-10 20:04 - 2009-07-14 01:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-10 20:04 - 2009-07-14 01:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-10 19:58 - 2012-11-06 13:08 - 00012997 ____A C:\Windows\SysWOW64\debug.log
2012-12-10 19:42 - 2012-11-06 13:07 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
2012-12-10 19:42 - 2012-11-06 13:07 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
2012-12-10 19:38 - 2012-04-22 23:19 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
2012-12-10 19:34 - 2012-04-22 22:16 - 01161048 ____A C:\Windows\WindowsUpdate.log
2012-12-10 19:08 - 2012-05-03 20:46 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-10 17:43 - 2012-07-12 18:11 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-12-10 17:43 - 2012-07-12 18:02 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2012-12-10 17:43 - 2012-07-12 18:02 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-10 14:36 - 2012-11-11 18:06 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Dropbox
2012-12-10 14:34 - 2012-04-22 22:29 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2012-12-10 14:34 - 2012-04-22 22:29 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-10 14:34 - 2009-07-14 02:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-10 14:34 - 2009-07-14 01:51 - 00087202 ____A C:\Windows\setupact.log
2012-12-10 07:06 - 2012-04-24 11:26 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\Adobe
2012-12-08 12:33 - 2012-07-12 18:11 - 00000000 ____D C:\Users\Todos os Usuários\AVG2012
2012-12-08 12:33 - 2012-07-12 18:11 - 00000000 ____D C:\Users\All Users\AVG2012
2012-12-08 12:32 - 2010-11-21 00:47 - 01446314 ____A C:\Windows\PFRO.log
2012-12-08 12:21 - 2012-12-08 12:21 - 00000000 ____D C:\Program Files (x86)\coverXP
2012-12-08 01:37 - 2012-04-22 23:19 - 00001038 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
2012-12-07 18:30 - 2012-04-23 10:35 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Skype
2012-12-07 10:22 - 2012-04-22 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-07 00:20 - 2012-10-02 09:57 - 00007546 ____A C:\Users\Sno_opy\.pia_manager_crash.log
2012-12-05 16:57 - 2012-04-23 11:04 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\vlc
2012-12-04 10:14 - 2012-04-24 11:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-12-04 10:00 - 2012-04-24 12:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-12-03 17:50 - 2012-12-03 17:50 - 00291752 ____A C:\Windows\Minidump\120312-38937-01.dmp
2012-12-03 17:50 - 2012-04-23 16:01 - 270892091 ____A C:\Windows\MEMORY.DMP
2012-12-03 17:50 - 2012-04-23 16:01 - 00000000 ____D C:\Windows\Minidump
2012-12-03 15:22 - 2012-04-24 11:27 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2012-12-03 15:22 - 2012-04-24 11:27 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-29 08:49 - 2012-10-01 17:44 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\LogMeIn Hamachi
2012-11-29 01:06 - 2012-04-23 12:01 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\uTorrent
2012-11-28 13:52 - 2012-04-25 19:07 - 00347177 ____A C:\Windows\DirectX.log
2012-11-27 22:20 - 2012-11-27 22:20 - 00000214 ____A C:\Users\Sno_opy\Desktop\Sid Meier's Civilization V (DirectX 11).url
2012-11-27 21:25 - 2009-07-13 23:34 - 00000550 ____A C:\Windows\win.ini
2012-11-26 19:45 - 2012-04-25 13:16 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\Skyrim
2012-11-25 07:24 - 2012-04-23 12:05 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-11-23 16:54 - 2012-11-23 16:54 - 00001761 ____A C:\Users\Sno_opy\Desktop\TESVSnip.lnk
2012-11-23 14:10 - 2012-11-23 14:10 - 00001136 ____A C:\Users\Sno_opy\Desktop\Wrye Bash - Skyrim.lnk
2012-11-22 20:51 - 2012-05-15 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-21 13:29 - 2012-11-21 13:28 - 00001668 ____A C:\Users\Sno_opy\Desktop\TSEV - SKSE.lnk
2012-11-20 18:49 - 2012-04-23 10:39 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Notepad++
2012-11-18 23:13 - 2012-04-22 22:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-18 23:09 - 2012-04-22 22:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-11-16 11:41 - 2012-04-23 15:48 - 00171616 ____A C:\Users\Sno_opy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-16 11:40 - 2009-07-14 01:45 - 10092696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-16 11:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-16 10:10 - 2012-04-23 15:42 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2012-11-16 10:10 - 2012-04-23 15:42 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-16 09:53 - 2012-04-22 22:33 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 00:01 - 2012-11-14 00:01 - 00000208 ____A C:\Users\Sno_opy\Desktop\Creation Kit.url
2012-11-13 23:52 - 2012-11-13 23:52 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 19:59 - 2012-07-27 17:02 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\Surazal
2012-11-13 19:58 - 2012-11-13 19:58 - 00003067 ____A C:\Users\Sno_opy\Desktop\BOSS Userlist Manager.lnk
2012-11-13 19:58 - 2012-11-13 19:58 - 00000000 ____D C:\Program Files (x86)\BOSS Userlist Manager
2012-11-13 12:42 - 2012-11-13 12:42 - 00001510 ____A C:\Users\Sno_opy\Desktop\SBW.lnk
2012-11-13 11:07 - 2012-11-13 11:07 - 00000207 ____A C:\Users\Sno_opy\Desktop\The Elder Scrolls V Skyrim.url
2012-11-13 10:44 - 2012-11-13 10:44 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2012-11-12 16:27 - 2012-11-12 16:27 - 00000899 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-11-12 16:27 - 2012-07-12 21:59 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-11-11 21:13 - 2012-11-11 18:56 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\GameSave Manager 3
2012-11-11 18:57 - 2012-11-11 18:57 - 00000000 ____D C:\Program Files (x86)\GameSave Manager v3
2012-11-11 18:54 - 2012-11-11 18:54 - 00000000 ____D C:\Program Files\LinkShellExtension
2012-11-11 18:44 - 2012-11-11 18:44 - 00000000 ____D C:\Program Files (x86)\Tiggit
2012-11-11 10:01 - 2012-04-24 22:04 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\.minecraft


ZeroAccess:
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\00000004.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\201d3dde
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000004.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000008.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\000000cb.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000000.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000032.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-13 19:57:08
Restore point made on: 2012-11-16 09:51:43
Restore point made on: 2012-11-18 23:07:10
Restore point made on: 2012-11-28 13:51:29
Restore point made on: 2012-11-29 01:11:54
Restore point made on: 2012-11-29 08:50:25
Restore point made on: 2012-12-10 19:56:12

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 2046.49 MB
Available physical RAM: 1485.46 MB
Total Pagefile: 2046.49 MB
Available Pagefile: 1469.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

2 Drive c: (SAHASRARA) (Fixed) (Total:200.61 GB) (Free:123.64 GB) NTFS
3 Drive d: (ANAHATA) (Fixed) (Total:280.16 GB) (Free:130.75 GB) NTFS
4 Drive e: (AJNA) (Fixed) (Total:450.64 GB) (Free:135.31 GB) NTFS
6 Drive h: (20101212) (Removable) (Total:1.87 GB) (Free:0.42 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N§ Disco Status Tam. Livre Din. GPT
-------- ------------- ------- ------- --- ---
Disco 0 Online 931 GB 3072 KB
Disco 1 Online 1913 MB 0 B
Disco 2 Nenhuma m¡dia 0 B 0 B

Partitions of Disk 0:
===============

O disco 0 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 Prim rio 100 MB 1024 KB
Parti‡Æo 2 Prim rio 200 GB 101 MB
Parti‡Æo 0 Estendido 730 GB 200 GB
Parti‡Æo 3 L¢gico 280 GB 200 GB
Parti‡Æo 4 L¢gico 450 GB 480 GB

==================================================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 07
Oculto: NÆo
Ativo : Sim
Desloc. em Bytes: 1048576

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Reservado p NTFS Parti‡Æo 100 MB Öntegro

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

2 ‚ a parti‡Æo selecionada.

Parti‡Æo 2
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 105906176

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SAHASRARA NTFS Parti‡Æo 200 GB Öntegro

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

3 ‚ a parti‡Æo selecionada.

Parti‡Æo 3
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 215514873856

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D ANAHATA NTFS Parti‡Æo 280 GB Öntegro

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

4 ‚ a parti‡Æo selecionada.

Parti‡Æo 4
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 516331405312

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E AJNA NTFS Parti‡Æo 450 GB Öntegro

=========================================================

Partitions of Disk 1:
===============

O disco 1 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 Prim rio 1912 MB 252 KB

==================================================================================

Disk: 1
O disco 1 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 06
Oculto: NÆo
Ativo : Sim
Desloc. em Bytes: 258048

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H 20101212 FAT Remov¡vel 1912 MB Öntegro

=========================================================

Last Boot: 2012-10-21 06:55

==================== End Of Log =============================


Thanks for the help!

Edit: Yes I realized (too late) that this is the wrong forum. I didn't do this intentionally though, I had both forums (this and the right one) opened in tabs but I guess I got confused. Sorry. Hopefully someone might move this to the right forum, thanks!

Edited by Drak_k, 11 December 2012 - 02:43 PM.


BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:01:47 PM

Posted 11 December 2012 - 02:22 PM

Welcome to BC! You are well on your way to providing what is needed for someone to help you remove this infection, however ZeroAccess can be a nasty little bugger. Therefore someone who is trained in malware removal may be your best bet.


Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

#3 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 11 December 2012 - 04:10 PM

Thanks for the reply.

Here is the new post in the right forum.
http://www.bleepingcomputer.com/forums/topic478138.html

#4 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:01:47 PM

Posted 11 December 2012 - 04:27 PM

Good luck! You are in good hands now. :thumbup2:

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:47 PM

Posted 11 December 2012 - 08:19 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users