Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect after Zeroaccess rootkit


  • This topic is locked This topic is locked
30 replies to this topic

#1 harry81

harry81

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 December 2012 - 01:59 PM

My PC was impacted by zeroaccess and ran almost all antivirus softwares and was able to fix most of the issue. Now running malwarebyte, Macfee, tdskiller, roorkitremovar, etc... but not seeing any virus or malware infections but can clearly see my PC is still impacted as google redirect is happening, and once in a while mcAfee On-Access will find some malware hit my PC.

So I think this is something related to rootkit which is why no antivirus is able to find malware/trojan.

Please help !!!

Attaching DDS log.

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 AM

Posted 15 December 2012 - 02:15 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

NEXT


  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:\listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 harry81

harry81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 December 2012 - 02:50 PM

FRST logs ===============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
Ran by SYSTEM at 15-12-2012 14:32:54
Running from C:\Users\harjeets\Downloads
(X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

ATTENTION: Unable to load Software hive.

HKU\Administrator\...\Winlogon: [Userinit]
HKU\Administrator\...\Winlogon: [Shell]
HKU\Default\...\Run: [Sidebar] [x]
HKU\Default\...\Winlogon: [Userinit]
HKU\Default\...\Winlogon: [Shell]
HKU\Default User\...\Run: [Sidebar] [x]
HKU\Default User\...\Winlogon: [Userinit]
HKU\Default User\...\Winlogon: [Shell]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

3 AeXAgentSrvHost; "C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe" [265048 2012-04-16] (Symantec Corporation)
2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2117464 2012-04-16] (Symantec Corporation)
3 AltirisAgentProvider; "C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe" [408408 2012-04-16] (Symantec Corporation)
2 Cisco WebEx Connect Upgrade Service; C:\Program Files (x86)\WebEx\Connect\apUpdate.exe [856888 2011-10-27] (WebEx Communications Inc.)
2 CMGShield; C:\Windows\System32\CmgShieldSvc.exe [2855016 2012-02-16] (CREDANT Technologies, Inc.)
2 CSAgent; "C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe" -t c [365224 2010-05-26] (Cisco Systems, Inc.)
2 CSAgentMon; "C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe" -t C [365224 2010-05-26] (Cisco Systems, Inc.)
3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
4 EMS; EMSService.exe [1624680 2012-02-16] (CREDANT Technologies, Inc.)
2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [349184 2009-07-13] (Microsoft Corporation)
3 iPassConnectEngine; C:\Program Files (x86)\iPass\iPassConnect\iPassConnectEngine.exe [1740800 2009-11-25] (iPass, Inc.)
3 iPassPeriodicUpdateApp; "C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe" [167936 2009-11-25] (iPass, Inc.)
2 iPassPeriodicUpdateService; "C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe" [114688 2009-11-25] (iPass, Inc.)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [132672 2011-11-15] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199008 2012-12-10] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe" [209760 2011-09-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [158832 2012-12-10] (McAfee, Inc.)
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [6237800 2010-04-30] ()
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
2 simptcp; C:\Windows\SysWow64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [32681 2012-11-03] ()
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-13] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

2 CdpPacket; C:\Windows\SysWow64\Drivers\CdpPacket.sys [35692 2007-09-06] (Cisco Systems)
0 CmgHiber; C:\Windows\System32\Drivers\CmgHiber.sys [92520 2012-02-10] (CREDANT Technologies, Inc.)
0 CmgPassThrough; C:\Windows\System32\DRIVERS\CmgShPT.sys [16744 2012-02-10] (CREDANT Technologies, Inc.)
0 CmgPCS; C:\Windows\System32\Drivers\CmgPCS.sys [122728 2012-02-16] (CREDANT Technologies, Inc.)
0 CmgShieldCEF; C:\Windows\System32\DRIVERS\CMGShCEF.sys [373608 2012-02-10] (CREDANT Technologies, Inc.)
0 CMGShieldReg; C:\Windows\System32\DRIVERS\CmgShREG.sys [24424 2012-02-10] (CREDANT Technologies, Inc.)
0 csacenter; C:\Windows\System32\drivers\csacentr.sys [335432 2010-05-26] (Cisco Systems, Inc.)
0 csafile; C:\Windows\System32\Drivers\csafile.sys [155208 2010-05-26] (Cisco Systems, Inc.)
1 csafilt; C:\Windows\System32\Drivers\csafilt.sys [564296 2010-05-26] (Cisco Systems, Inc.)
0 csareg; C:\Windows\System32\Drivers\csareg.sys [61000 2010-05-26] (Cisco Systems, Inc.)
3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
3 kqemu; C:\Windows\SysWow64\Drivers\kqemu.sys [144622 2010-03-15] ()
2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2009-12-18] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [158712 2012-12-10] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [228752 2012-12-10] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [642952 2012-12-10] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100904 2012-12-10] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283744 2012-12-10] (McAfee, Inc.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
0 SMR311; C:\Windows\System32\Drivers\SMR311.sys [95392 2012-12-15] (Symantec Corporation)
3 swmsflt; C:\Windows\System32\Drivers\swmsflt.sys [47104 2010-12-15] ()
3 SWNC5E00; C:\Windows\System32\Drivers\SWNC5E00.sys [285696 2010-12-15] (Sierra Wireless Inc.)
3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-03-23] (The OpenVPN Project)
0 vsock; C:\Windows\System32\Drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
3 aswArKrn; \??\C:\Users\harjeets\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 CCDevice; [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]
3 mfeavfk01; [x]
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
2 vstor2; \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-15 14:32 - 2012-12-15 14:32 - 00000000 ____D C:\FRST
2012-12-15 11:17 - 2012-12-15 11:17 - 01461033 ____A (Farbar) C:\Users\harjeets\Downloads\FRST64.exe
2012-12-15 10:37 - 2012-12-15 10:38 - 00044071 ____A C:\Users\harjeets\Desktop\Result.txt
2012-12-15 10:08 - 2012-12-15 10:08 - 00095392 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR311.SYS
2012-12-15 10:08 - 2012-12-15 10:08 - 00000020 ____A C:\Windows\System32\Drivers\SMR311.dat
2012-12-15 10:06 - 2012-12-15 10:06 - 00000274 ____A C:\Users\harjeets\Downloads\RootkitRemover20121215130627.txt
2012-12-15 07:47 - 2012-12-15 07:47 - 00083074 ____A C:\Users\harjeets\Downloads\Extras.Txt
2012-12-15 07:44 - 2012-12-15 07:44 - 00417152 ____A C:\Users\harjeets\Downloads\OTL.Txt
2012-12-15 05:42 - 2012-12-15 05:43 - 00602112 ____A (OldTimer Tools) C:\Users\harjeets\Downloads\OTL.scr
2012-12-15 05:42 - 2012-12-15 05:42 - 00755712 ____A C:\Users\harjeets\Downloads\RogueKiller (1).exe
2012-12-15 05:30 - 2012-12-15 05:55 - 00033735 ____A C:\Users\harjeets\Desktop\attach.txt
2012-12-15 05:30 - 2012-12-15 05:54 - 00029586 ____A C:\Users\harjeets\Desktop\dds.txt
2012-12-15 05:28 - 2012-12-15 05:28 - 07364768 ____A (Adobe Systems Inc.) C:\Users\harjeets\Downloads\Shockwave_Installer_Slim.exe
2012-12-15 05:11 - 2012-12-15 05:11 - 00688992 ____R (Swearware) C:\Users\harjeets\Downloads\dds.com
2012-12-14 16:52 - 2012-12-14 16:52 - 00089088 ____A C:\Users\harjeets\Downloads\mbr.exe
2012-12-14 16:52 - 2012-12-14 16:52 - 00000227 ____A C:\Users\harjeets\Downloads\mbr.log
2012-12-14 16:46 - 2012-12-14 16:46 - 00302592 ____A C:\Users\harjeets\Downloads\vyl2r46s.exe
2012-12-14 16:44 - 2012-12-14 16:44 - 00231390 ____A C:\Users\harjeets\Downloads\RootkitRevealer.zip
2012-12-14 16:43 - 2012-12-14 16:43 - 08656400 ____A (Trend Micro Inc.) C:\Users\harjeets\Downloads\RootkitBuster_v5_1061.exe
2012-12-14 16:40 - 2012-12-14 16:40 - 08070704 ____A (Trend Micro Inc.) C:\Users\harjeets\Downloads\RootkitBusterV5.0-1102.exe
2012-12-14 16:40 - 2012-12-14 16:40 - 00000000 ____D C:\Users\harjeets\Downloads\TMRBLog
2012-12-14 16:25 - 2012-12-14 16:30 - 285050880 ____A C:\Users\harjeets\Downloads\kav_rescue_10 (1).iso
2012-12-14 16:16 - 2012-12-14 16:23 - 285050880 ____A C:\Users\harjeets\Downloads\kav_rescue_10(1).iso
2012-12-14 15:17 - 2012-12-14 16:31 - 00000000 ____D C:\Users\harjeets\Downloads\Kaspersky Rescue2Usb
2012-12-14 15:15 - 2012-12-14 15:15 - 00387584 ____A C:\Users\harjeets\Downloads\rescue2usb.exe
2012-12-14 14:48 - 2012-12-14 17:26 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-14 14:48 - 2012-12-14 14:48 - 00002183 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-12-14 14:48 - 2012-12-14 14:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-14 14:48 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-12-14 14:45 - 2012-12-14 14:47 - 55454464 ____A (Safer-Networking Ltd. ) C:\Users\harjeets\Downloads\SpybotSD2.exe
2012-12-14 14:26 - 2012-12-14 14:26 - 04009167 ____A C:\Users\harjeets\Downloads\ServicesRepair.exe
2012-12-14 14:26 - 2012-12-14 14:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-12-14 14:25 - 2012-12-14 14:25 - 00138120 ____A (ESET) C:\Users\harjeets\Downloads\ESETSirefefRemover.exe
2012-12-14 14:23 - 2012-12-14 14:23 - 01859808 ____A (ESET) C:\Users\harjeets\Downloads\ESETSirefefEVCleaner.exe
2012-12-14 14:23 - 2012-12-14 14:23 - 00000000 ____D C:\Users\harjeets\Desktop\CC Support
2012-12-14 05:24 - 2012-12-14 05:26 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2012-12-14 04:41 - 2012-12-14 04:41 - 04734113 ____A (LinuxLive USB Creator) C:\Users\harjeets\Downloads\LinuxLive USB Creator 2.8.18.exe
2012-12-14 04:38 - 2012-12-14 05:09 - 800063488 ____A C:\Users\harjeets\Downloads\ubuntu-12.10-desktop-amd64.iso
2012-12-13 20:34 - 2012-12-13 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-13 14:15 - 2012-12-13 14:15 - 00000044 ___RH C:\Users\harjeets\Downloads\stinger(1).opt
2012-12-13 13:54 - 2012-12-13 13:54 - 10551480 ____A (McAfee Inc.) C:\Users\harjeets\Downloads\stinger(1).exe
2012-12-13 07:57 - 2012-12-13 07:57 - 01152000 ____A C:\Users\harjeets\Downloads\GSR-RED-Parameters
2012-12-13 03:43 - 2012-12-13 03:43 - 00014337 ____A C:\Users\harjeets\Downloads\20090410_Security lock and cable for mac book pro.html.htm
2012-12-12 12:40 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-12 12:37 - 2012-12-12 12:37 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\harjeets\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-12-12 12:36 - 2012-12-12 12:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-12-12 12:36 - 2012-12-12 12:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 12:36 - 2012-12-12 12:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 12:36 - 2012-12-12 12:36 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 12:36 - 2012-12-12 12:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 12:36 - 2012-12-12 12:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-12-12 12:36 - 2012-12-12 12:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-12-12 12:36 - 2012-12-12 12:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-12-12 12:36 - 2012-12-12 12:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-12-12 12:36 - 2012-12-12 12:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-12-12 12:34 - 2012-12-12 12:46 - 00003889 ____A C:\Windows\IE9_main.log
2012-12-12 12:29 - 2012-12-12 12:29 - 36380976 ____A (Microsoft Corporation) C:\Users\harjeets\Downloads\IE9-Windows7-x64-enu.exe
2012-12-12 11:55 - 2012-12-12 11:55 - 02195061 ____A C:\Users\harjeets\Downloads\tdsskiller.zip
2012-12-12 10:49 - 2012-12-12 10:52 - 00000000 ___SD C:\32788R22FWJFW
2012-12-12 10:26 - 2012-12-12 10:26 - 00036165 ____A C:\ComboFix.txt
2012-12-12 09:48 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-12 09:48 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-12 09:48 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-12 09:48 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-12 09:48 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-12 09:48 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-12 09:48 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-12 09:48 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-12 09:34 - 2012-12-12 10:27 - 00000000 ____D C:\Qoobox
2012-12-12 09:32 - 2012-12-12 10:23 - 00000000 ____D C:\Windows\erdnt
2012-12-12 09:29 - 2012-12-12 09:29 - 00000055 ____A C:\Users\harjeets\Desktop\zeroaccess.txt
2012-12-12 09:10 - 2012-12-12 09:10 - 00755712 ____A C:\Users\harjeets\Downloads\RogueKiller.exe
2012-12-12 08:10 - 2012-12-12 08:10 - 00000000 ____D C:\Program Files\HitmanPro
2012-12-12 08:04 - 2012-12-15 10:09 - 09618208 ____A (SurfRight B.V.) C:\Users\harjeets\Downloads\HitmanPro_x64.exe
2012-12-12 07:46 - 2012-12-12 07:46 - 01805736 ____A (Symantec Corporation) C:\Users\harjeets\Downloads\FixZeroAccess(1).exe
2012-12-12 05:38 - 2012-12-12 05:38 - 00000044 ___RH C:\Users\harjeets\Downloads\stinger.opt
2012-12-12 05:18 - 2012-12-12 10:40 - 00425898 ____A C:\Users\harjeets\Downloads\aswar.log
2012-12-12 05:14 - 2012-12-12 05:14 - 00003181 ____A C:\Users\harjeets\Desktop\Sophos Virus Removal Tool.lnk
2012-12-12 05:14 - 2012-12-12 05:14 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-12 05:13 - 2012-12-12 05:13 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-12 05:03 - 2012-12-12 05:03 - 80928144 ____A (Sophos Limited) C:\Users\harjeets\Downloads\Sophos Virus Removal Tool.exe
2012-12-12 05:00 - 2012-12-12 05:01 - 00864120 ____A (ALWIL Software) C:\Users\harjeets\Downloads\aswar.exe
2012-12-12 04:49 - 2012-12-13 14:15 - 00000000 ____D C:\Program Files (x86)\stinger
2012-12-12 04:49 - 2012-12-13 13:55 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-12-12 04:49 - 2012-12-12 04:49 - 10554040 ____A (McAfee Inc.) C:\Users\harjeets\Downloads\stinger.exe
2012-12-12 04:20 - 2012-12-12 04:20 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-12-12 04:19 - 2012-12-11 12:16 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\60527378.sys
2012-12-12 04:16 - 2012-12-12 04:16 - 00448816 ____A (Kaspersky Lab ZAO) C:\Users\harjeets\Downloads\rannohdecryptor.exe
2012-12-12 04:15 - 2012-12-12 04:16 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\harjeets\Downloads\tdsskiller(1).exe
2012-12-12 04:14 - 2012-12-12 04:17 - 147430088 ____A C:\Users\harjeets\Downloads\setup_11.0.0.1245.x01_2012_12_11_15_16.exe
2012-12-12 03:55 - 2012-12-12 03:55 - 02957840 ____A (Symantec Corporation) C:\Users\harjeets\Downloads\NPE.exe
2012-12-12 03:46 - 2012-12-12 03:50 - 285050880 ____A C:\Users\harjeets\Downloads\kav_rescue_10.iso
2012-12-11 16:37 - 2012-12-11 16:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-11 16:37 - 2012-12-11 16:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-11 16:37 - 2012-12-11 16:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-11 16:37 - 2012-12-11 16:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-11 16:37 - 2012-12-11 16:37 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-11 16:18 - 2012-12-11 16:18 - 28008448 ____A C:\Users\harjeets\Downloads\JavaJRE_7u9_32-bit_SPS.exe
2012-12-11 13:18 - 2012-12-11 13:18 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\QuickScan
2012-12-11 12:32 - 2012-12-11 12:32 - 00879206 ____A C:\Users\harjeets\AppData\Local\census.cache
2012-12-11 12:31 - 2012-12-11 12:31 - 00129664 ____A C:\Users\harjeets\AppData\Local\ars.cache
2012-12-11 12:11 - 2012-12-11 12:11 - 00000036 ____A C:\Users\harjeets\AppData\Local\housecall.guid.cache
2012-12-11 12:10 - 2012-12-11 12:10 - 02406064 ____A (Trend Micro Inc.) C:\Users\harjeets\Downloads\HousecallLauncher64.exe
2012-12-11 09:59 - 2012-12-11 09:59 - 00001729 ____A C:\logPanda.txt.gz
2012-12-11 09:59 - 2012-12-11 09:59 - 00000000 ___AD C:\panda_poli_utility_samples
2012-12-11 05:17 - 2012-12-11 05:18 - 00000274 ____A C:\Users\harjeets\Downloads\RootkitRemover20121211081738.txt
2012-12-11 04:02 - 2012-12-11 04:46 - 00000000 ____D C:\12f9e43cbc3faec4d5a399
2012-12-11 04:01 - 2012-12-11 04:02 - 00000000 ___HD C:\Windows\AxInstSV
2012-12-10 19:53 - 2012-12-10 19:53 - 01805736 ____A (Symantec Corporation) C:\Users\harjeets\Downloads\FixZeroAccess.exe
2012-12-10 14:27 - 2012-12-10 19:57 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-12-10 13:16 - 2012-12-10 13:42 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-10 13:07 - 2012-12-15 05:54 - 00000000 ____D C:\Users\harjeets\Desktop\RK_Quarantine
2012-12-10 12:42 - 2012-12-10 12:42 - 02075184 ____A (Kaspersky Lab ZAO) C:\Users\harjeets\Downloads\TDSSKiller.exe
2012-12-10 12:32 - 2012-12-10 12:32 - 00544360 ____A (McAfee, Inc.) C:\Users\harjeets\Downloads\rootkitremover.exe
2012-12-10 12:27 - 2012-12-10 12:26 - 00642952 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-12-10 12:27 - 2012-12-10 12:26 - 00283744 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-12-10 12:27 - 2012-12-10 12:26 - 00228752 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-12-10 12:27 - 2012-12-10 12:26 - 00158832 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-12-10 12:27 - 2012-12-10 12:26 - 00158712 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-12-10 12:27 - 2012-12-10 12:26 - 00100904 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-12-10 12:27 - 2012-12-10 12:26 - 00009984 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-12-10 12:21 - 2012-12-10 13:05 - 00006523 ____A C:\Users\harjeets\AppData\Local\bc6823e8-de67-4545-8e62-7fef75245391.crx
2012-12-10 10:23 - 2012-12-10 10:23 - 00003288 ____N C:\bootsqm.dat
2012-12-10 10:21 - 2012-12-10 10:21 - 00000000 ____D C:\found.001
2012-12-10 08:48 - 2012-12-10 08:48 - 00065536 ___AH C:\Windows\System32\AvTresvr64.dll
2012-12-10 02:24 - 2012-12-10 02:24 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-10 02:22 - 2012-12-10 02:23 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-10 02:22 - 2012-12-10 02:23 - 00000000 ____D C:\Program Files\iTunes
2012-12-10 02:22 - 2012-12-10 02:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-10 02:22 - 2012-12-10 02:22 - 00000000 ____D C:\Program Files\iPod
2012-12-08 01:12 - 2012-12-08 04:23 - 00000000 ____D C:\f06d6114848389a1f8
2012-12-08 01:12 - 2012-12-08 01:12 - 17969696 ____A (Microsoft Corporation) C:\Users\harjeets\Downloads\Windows-KB890830-x64-V4.14.exe
2012-12-08 01:10 - 2012-12-08 01:10 - 17260040 ____A (Microsoft Corporation) C:\Users\harjeets\Downloads\Windows-KB890830-V4.14.exe
2012-12-08 01:10 - 2012-10-29 18:32 - 64010424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-12-07 17:31 - 2012-12-07 17:31 - 00000049 ____A C:\Users\harjeets\Desktop\trojan.txt
2012-12-07 14:18 - 2012-12-07 17:44 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\Zapa
2012-12-07 05:20 - 2012-12-10 18:40 - 00000000 ____D C:\Users\harjeets\Desktop\print
2012-12-05 05:14 - 2012-12-05 05:14 - 00413696 ____A C:\Users\harjeets\Downloads\LPTS.ppt
2012-12-05 05:13 - 2012-12-05 05:13 - 00208554 ____A C:\Users\harjeets\Downloads\IOS-XR LPTS Overview.pptx
2012-12-05 05:07 - 2012-12-05 05:07 - 04853961 ____A C:\Users\harjeets\Downloads\CRS-3-Deep_Dive.pptx
2012-12-05 04:58 - 2012-12-05 04:58 - 02046389 ____A C:\Users\harjeets\Downloads\CRS_SW_Licensing_Overview.pptx
2012-12-04 10:22 - 2012-12-04 16:31 - 00012050 ____A C:\Users\harjeets\Desktop\Behaviour differences notes.txt
2012-12-03 21:16 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-12-03 21:16 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-12-03 21:16 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-11-29 15:41 - 2012-11-29 15:52 - 509957447 ____A C:\Users\harjeets\Downloads\46695.2012-11-29.testcompanion.tgz
2012-11-29 15:21 - 2012-11-29 15:21 - 00028967 ____A C:\Users\harjeets\Downloads\SITT_02
2012-11-29 14:49 - 2012-11-29 14:49 - 00061440 ____A C:\Users\harjeets\Desktop\RE NSF on our IP Network.msg
2012-11-29 11:25 - 2012-11-29 11:25 - 00002453 ____A C:\Users\Public\Desktop\SeaTools for Windows.lnk
2012-11-29 11:25 - 2012-11-29 11:25 - 00000000 ____D C:\Program Files (x86)\Seagate
2012-11-29 11:22 - 2012-11-29 11:22 - 21476536 ____A C:\Users\harjeets\Downloads\SeaToolsforWindowsSetup-1206.exe
2012-11-29 10:25 - 2012-11-29 10:25 - 00239551 ____A C:\Users\harjeets\Downloads\SITT-Flareforcustomer(1).pptx
2012-11-29 10:00 - 2012-11-29 10:00 - 00368128 ____A C:\Users\harjeets\Downloads\FLARE(2).ppt
2012-11-29 09:01 - 2012-11-29 09:01 - 00419840 ____A C:\Users\harjeets\Downloads\SITTEnhancements.ppt
2012-11-29 09:00 - 2012-11-29 09:00 - 00036352 ____A C:\Users\harjeets\Downloads\SITT-SGSN_software_License_info.xls
2012-11-29 08:58 - 2012-11-29 08:58 - 00065024 ____A C:\Users\harjeets\Downloads\Copy_of_SITT_Daily_sheet.xls
2012-11-29 05:08 - 2012-11-29 05:08 - 00000000 ____D C:\Program Files\Arellia
2012-11-29 05:08 - 2012-11-29 05:08 - 00000000 ____D C:\Program Files (x86)\Arellia
2012-11-29 00:09 - 2012-11-29 00:09 - 45168640 ____A C:\Users\harjeets\Desktop\sitt.tar
2012-11-28 18:51 - 2012-11-28 18:52 - 00368128 ____A C:\Users\harjeets\Downloads\FLARE(1).ppt
2012-11-28 12:43 - 2012-11-28 12:44 - 48234496 ____A C:\Users\harjeets\Downloads\debian-6.0.6-i386-businesscard.iso
2012-11-28 11:52 - 2012-11-28 11:52 - 00000000 ____D C:\Program Files\Common Files\Altiris
2012-11-28 11:51 - 2012-11-30 04:36 - 00000000 ____D C:\Users\All Users\Symantec
2012-11-28 11:50 - 2012-11-28 11:50 - 00001560 ____A C:\Windows\SysWOW64\aexclean.log
2012-11-28 09:02 - 2012-11-28 09:02 - 00000000 ____D C:\Users\harjeets\Documents\20121128-GMP Power Hr_ EPC – Node Selection & QoS(207487333)
2012-11-28 05:36 - 2012-11-28 05:36 - 01501040 ____A C:\Users\harjeets\Downloads\StarOS_simulation_environment(1).pptx
2012-11-28 04:33 - 2012-11-23 19:59 - 00011888 ____A C:\Users\harjeets\Documents\mobility lab_backup_backup.dat
2012-11-26 14:32 - 2012-11-26 14:33 - 32699368 ____A (Oracle Corporation) C:\Users\harjeets\Downloads\jre-7u9-windows-x64.exe
2012-11-26 10:58 - 2012-11-26 10:58 - 00044558 ____A C:\Users\harjeets\Downloads\ggsn-basic-xt2-12.0-120426(1).cfg
2012-11-23 20:01 - 2012-11-23 20:05 - 283027488 ____A C:\Users\harjeets\Downloads\46611.2012-11-23.testcompanion.tgz
2012-11-23 19:33 - 2012-11-23 19:33 - 00239551 ____A C:\Users\harjeets\Downloads\SITT-Flareforcustomer.pptx
2012-11-23 12:43 - 2012-11-23 12:43 - 00368128 ____A C:\Users\harjeets\Downloads\FLARE.ppt
2012-11-23 12:30 - 2012-11-23 12:30 - 01501040 ____A C:\Users\harjeets\Downloads\StarOS_simulation_environment.pptx
2012-11-23 11:40 - 2012-11-23 11:40 - 00005678 ____A C:\Users\harjeets\Downloads\Client VM configuration files.gz
2012-11-23 11:39 - 2012-11-23 11:39 - 00000528 ____A C:\Users\harjeets\Downloads\CallgenScript.txt
2012-11-19 08:49 - 2012-11-19 09:41 - 00257806 ____A C:\Users\harjeets\Desktop\sl-gw2-stlab-ios-xr-11192012.txt
2012-11-19 05:22 - 2012-11-19 05:22 - 00175277 ____A C:\Users\harjeets\Downloads\sox-sl-gw35-stlab.iox
2012-11-19 05:21 - 2012-11-19 05:21 - 00104843 ____A C:\Users\harjeets\Downloads\sox-sl-gw35-stlab.txt
2012-11-19 05:19 - 2012-11-19 05:19 - 00104843 ____A C:\Users\harjeets\Desktop\sox-sl-gw35-stlab.txt
2012-11-19 04:27 - 2012-11-19 04:27 - 00012541 ____A C:\Users\harjeets\Desktop\show diag sl-gw2-stlab.txt
2012-11-19 04:25 - 2012-11-19 04:22 - 00077119 ____A C:\Users\harjeets\Desktop\sh_diag_sl_gw2_stlab
2012-11-17 06:37 - 2012-11-17 06:37 - 00000000 ____D C:\found.000
2012-11-17 06:32 - 2012-11-17 06:32 - 00003375 ____A C:\Users\harjeets\Desktop\snmp vrf mroute.txt
2012-11-17 06:13 - 2012-11-17 06:16 - 00005427 ____A C:\Users\harjeets\Downloads\indiaDepositSlipCiti.html
2012-11-17 06:13 - 2012-11-17 06:13 - 00000000 ____D C:\Users\harjeets\Downloads\indiaDepositSlipCiti_files
2012-11-16 04:15 - 2012-11-16 04:15 - 00000000 ____A C:\Users\harjeets\Downloads\electionUpdate.jsp
2012-11-15 08:28 - 2012-11-15 08:28 - 00456696 ___AT C:\Users\harjeets\Desktop\sl-gw2-stlab-IOS-config-11152012.txt
2012-11-15 08:27 - 2012-11-15 08:27 - 00701215 ___AT C:\Users\harjeets\Desktop\sl-gw2-stlab-ios-xr-112911.txt

==================== One Month Modified Files and Folders =======

2012-12-15 14:32 - 2012-12-15 14:32 - 00000000 ____D C:\FRST
2012-12-15 11:26 - 2011-02-08 09:21 - 01915299 ____A C:\Windows\WindowsUpdate.log
2012-12-15 11:26 - 2009-07-13 20:45 - 00012272 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-15 11:26 - 2009-07-13 20:45 - 00012272 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-15 11:19 - 2011-02-09 07:44 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1303643608-725345543-233527UA.job
2012-12-15 11:17 - 2012-12-15 11:17 - 01461033 ____A (Farbar) C:\Users\harjeets\Downloads\FRST64.exe
2012-12-15 10:43 - 2012-09-02 15:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-15 10:38 - 2012-12-15 10:37 - 00044071 ____A C:\Users\harjeets\Desktop\Result.txt
2012-12-15 10:38 - 2011-02-08 11:27 - 00047692 ____A C:\Users\harjeets\Desktop\CredDB.CEF
2012-12-15 10:11 - 2012-07-09 03:33 - 00000000 ____D C:\Users\harjeets\AppData\Local\NPE
2012-12-15 10:09 - 2012-12-12 08:04 - 09618208 ____A (SurfRight B.V.) C:\Users\harjeets\Downloads\HitmanPro_x64.exe
2012-12-15 10:08 - 2012-12-15 10:08 - 00095392 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR311.SYS
2012-12-15 10:08 - 2012-12-15 10:08 - 00000020 ____A C:\Windows\System32\Drivers\SMR311.dat
2012-12-15 10:06 - 2012-12-15 10:06 - 00000274 ____A C:\Users\harjeets\Downloads\RootkitRemover20121215130627.txt
2012-12-15 07:47 - 2012-12-15 07:47 - 00083074 ____A C:\Users\harjeets\Downloads\Extras.Txt
2012-12-15 07:44 - 2012-12-15 07:44 - 00417152 ____A C:\Users\harjeets\Downloads\OTL.Txt
2012-12-15 07:00 - 2011-02-08 11:21 - 00006512 ____A C:\Windows\System32\config\CredDB.CEF
2012-12-15 07:00 - 2011-02-08 09:26 - 00000000 ____D C:\Program Files\Altiris
2012-12-15 06:53 - 2011-06-16 06:42 - 00000000 ____D C:\Users\Public\Downloads\WebEx Connect
2012-12-15 05:55 - 2012-12-15 05:30 - 00033735 ____A C:\Users\harjeets\Desktop\attach.txt
2012-12-15 05:54 - 2012-12-15 05:30 - 00029586 ____A C:\Users\harjeets\Desktop\dds.txt
2012-12-15 05:54 - 2012-12-10 13:07 - 00000000 ____D C:\Users\harjeets\Desktop\RK_Quarantine
2012-12-15 05:43 - 2012-12-15 05:42 - 00602112 ____A (OldTimer Tools) C:\Users\harjeets\Downloads\OTL.scr
2012-12-15 05:42 - 2012-12-15 05:42 - 00755712 ____A C:\Users\harjeets\Downloads\RogueKiller (1).exe
2012-12-15 05:28 - 2012-12-15 05:28 - 07364768 ____A (Adobe Systems Inc.) C:\Users\harjeets\Downloads\Shockwave_Installer_Slim.exe
2012-12-15 05:11 - 2012-12-15 05:11 - 00688992 ____R (Swearware) C:\Users\harjeets\Downloads\dds.com
2012-12-15 04:46 - 2011-02-09 07:44 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1303643608-725345543-233527Core.job
2012-12-15 04:39 - 2011-02-08 11:18 - 00000320 ____A C:\CMG3301d.DAT
2012-12-14 19:33 - 2011-02-08 09:55 - 00001208 ____A C:\Windows\System32\config\netlogon.ftl
2012-12-14 17:26 - 2012-12-14 14:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-14 16:52 - 2012-12-14 16:52 - 00089088 ____A C:\Users\harjeets\Downloads\mbr.exe
2012-12-14 16:52 - 2012-12-14 16:52 - 00000227 ____A C:\Users\harjeets\Downloads\mbr.log
2012-12-14 16:46 - 2012-12-14 16:46 - 00302592 ____A C:\Users\harjeets\Downloads\vyl2r46s.exe
2012-12-14 16:45 - 2009-07-13 21:13 - 00842600 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-14 16:44 - 2012-12-14 16:44 - 00231390 ____A C:\Users\harjeets\Downloads\RootkitRevealer.zip
2012-12-14 16:44 - 2012-07-17 05:53 - 00000000 ____D C:\Users\harjeets\AppData\Local\CrashDumps
2012-12-14 16:44 - 2011-02-18 10:11 - 00139472 ____A C:\Users\harjeets\Downloads\CredDB.CEF
2012-12-14 16:43 - 2012-12-14 16:43 - 08656400 ____A (Trend Micro Inc.) C:\Users\harjeets\Downloads\RootkitBuster_v5_1061.exe
2012-12-14 16:40 - 2012-12-14 16:40 - 08070704 ____A (Trend Micro Inc.) C:\Users\harjeets\Downloads\RootkitBusterV5.0-1102.exe
2012-12-14 16:40 - 2012-12-14 16:40 - 00000000 ____D C:\Users\harjeets\Downloads\TMRBLog
2012-12-14 16:36 - 2012-10-10 21:24 - 00005910 ____A C:\Windows\setupact.log
2012-12-14 16:36 - 2011-05-16 04:33 - 00000000 ____D C:\Users\All Users\VMware
2012-12-14 16:36 - 2011-02-08 11:18 - 00001016 ___AS C:\CMGb2ce9.DAT
2012-12-14 16:36 - 2011-02-08 09:23 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-14 16:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-14 16:31 - 2012-12-14 15:17 - 00000000 ____D C:\Users\harjeets\Downloads\Kaspersky Rescue2Usb
2012-12-14 16:30 - 2012-12-14 16:25 - 285050880 ____A C:\Users\harjeets\Downloads\kav_rescue_10 (1).iso
2012-12-14 16:23 - 2012-12-14 16:16 - 285050880 ____A C:\Users\harjeets\Downloads\kav_rescue_10(1).iso
2012-12-14 15:51 - 2011-02-08 11:18 - 00001016 ___AS C:\CMGb2ce9.ALT
2012-12-14 15:34 - 2011-02-08 11:18 - 00001016 ___AS C:\CMGb2ce9.BCK
2012-12-14 15:15 - 2012-12-14 15:15 - 00387584 ____A C:\Users\harjeets\Downloads\rescue2usb.exe
2012-12-14 14:48 - 2012-12-14 14:48 - 00002183 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-12-14 14:48 - 2012-12-14 14:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-14 14:47 - 2012-12-14 14:45 - 55454464 ____A (Safer-Networking Ltd. ) C:\Users\harjeets\Downloads\SpybotSD2.exe
2012-12-14 14:27 - 2011-12-16 05:15 - 3542393856 ____A C:\Personal Folders - Inbox.pst
2012-12-14 14:27 - 2011-07-31 06:01 - 3494650880 ____A C:\new personal folder - 3.pst
2012-12-14 14:27 - 2011-02-09 03:26 - 876405760 ____A C:\New Personal Folders-2.pst
2012-12-14 14:27 - 2011-02-09 03:26 - 625370112 ____A C:\newpersonal(1).pst
2012-12-14 14:27 - 2011-02-09 03:26 - 347423744 ____A C:\archive.pst
2012-12-14 14:26 - 2012-12-14 14:26 - 04009167 ____A C:\Users\harjeets\Downloads\ServicesRepair.exe
2012-12-14 14:26 - 2012-12-14 14:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-12-14 14:25 - 2012-12-14 14:25 - 00138120 ____A (ESET) C:\Users\harjeets\Downloads\ESETSirefefRemover.exe
2012-12-14 14:23 - 2012-12-14 14:23 - 01859808 ____A (ESET) C:\Users\harjeets\Downloads\ESETSirefefEVCleaner.exe
2012-12-14 14:23 - 2012-12-14 14:23 - 00000000 ____D C:\Users\harjeets\Desktop\CC Support
2012-12-14 10:28 - 2011-02-10 07:12 - 00000000 ____D C:\Users\harjeets\AppData\Local\WebEx Connect
2012-12-14 10:28 - 2011-02-10 07:11 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\WebEx Connect
2012-12-14 08:04 - 2011-02-08 09:21 - 00105716 ____A C:\Windows\PFRO.log
2012-12-14 05:26 - 2012-12-14 05:24 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2012-12-14 05:09 - 2012-12-14 04:38 - 800063488 ____A C:\Users\harjeets\Downloads\ubuntu-12.10-desktop-amd64.iso
2012-12-14 04:41 - 2012-12-14 04:41 - 04734113 ____A (LinuxLive USB Creator) C:\Users\harjeets\Downloads\LinuxLive USB Creator 2.8.18.exe
2012-12-13 20:34 - 2012-12-13 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-13 20:34 - 2011-02-10 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-13 14:15 - 2012-12-13 14:15 - 00000044 ___RH C:\Users\harjeets\Downloads\stinger(1).opt
2012-12-13 14:15 - 2012-12-12 04:49 - 00000000 ____D C:\Program Files (x86)\stinger
2012-12-13 13:55 - 2012-12-12 04:49 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-12-13 13:54 - 2012-12-13 13:54 - 10551480 ____A (McAfee Inc.) C:\Users\harjeets\Downloads\stinger(1).exe
2012-12-13 07:57 - 2012-12-13 07:57 - 01152000 ____A C:\Users\harjeets\Downloads\GSR-RED-Parameters
2012-12-13 06:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 03:43 - 2012-12-13 03:43 - 00014337 ____A C:\Users\harjeets\Downloads\20090410_Security lock and cable for mac book pro.html.htm
2012-12-12 19:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-12 12:46 - 2012-12-12 12:34 - 00003889 ____A C:\Windows\IE9_main.log
2012-12-12 12:40 - 2011-05-21 13:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-12 12:37 - 2012-12-12 12:37 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\harjeets\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-12-12 12:36 - 2012-12-12 12:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-12-12 12:36 - 2012-12-12 12:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 12:36 - 2012-12-12 12:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 12:36 - 2012-12-12 12:36 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 12:36 - 2012-12-12 12:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 12:36 - 2012-12-12 12:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-12-12 12:36 - 2012-12-12 12:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-12-12 12:36 - 2012-12-12 12:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-12-12 12:36 - 2012-12-12 12:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-12-12 12:36 - 2012-12-12 12:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-12-12 12:36 - 2012-12-12 12:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-12-12 12:36 - 2012-12-12 12:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-12-12 12:29 - 2012-12-12 12:29 - 36380976 ____A (Microsoft Corporation) C:\Users\harjeets\Downloads\IE9-Windows7-x64-enu.exe
2012-12-12 11:55 - 2012-12-12 11:55 - 02195061 ____A C:\Users\harjeets\Downloads\tdsskiller.zip
2012-12-12 10:52 - 2012-12-12 10:49 - 00000000 ___SD C:\32788R22FWJFW
2012-12-12 10:40 - 2012-12-12 05:18 - 00425898 ____A C:\Users\harjeets\Downloads\aswar.log
2012-12-12 10:27 - 2012-12-12 09:34 - 00000000 ____D C:\Qoobox
2012-12-12 10:27 - 2009-07-13 19:20 - 00000000 ___RD C:\users\Default
2012-12-12 10:26 - 2012-12-12 10:26 - 00036165 ____A C:\ComboFix.txt
2012-12-12 10:23 - 2012-12-12 09:32 - 00000000 ____D C:\Windows\erdnt
2012-12-12 10:21 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-12 10:12 - 2011-02-08 11:27 - 00072662 ____A C:\Users\harjeets\Documents\CredDB.CEF
2012-12-12 09:29 - 2012-12-12 09:29 - 00000055 ____A C:\Users\harjeets\Desktop\zeroaccess.txt
2012-12-12 09:10 - 2012-12-12 09:10 - 00755712 ____A C:\Users\harjeets\Downloads\RogueKiller.exe
2012-12-12 08:10 - 2012-12-12 08:10 - 00000000 ____D C:\Program Files\HitmanPro
2012-12-12 07:46 - 2012-12-12 07:46 - 01805736 ____A (Symantec Corporation) C:\Users\harjeets\Downloads\FixZeroAccess(1).exe
2012-12-12 05:38 - 2012-12-12 05:38 - 00000044 ___RH C:\Users\harjeets\Downloads\stinger.opt
2012-12-12 05:14 - 2012-12-12 05:14 - 00003181 ____A C:\Users\harjeets\Desktop\Sophos Virus Removal Tool.lnk
2012-12-12 05:14 - 2012-12-12 05:14 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-12 05:13 - 2012-12-12 05:13 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-12 05:03 - 2012-12-12 05:03 - 80928144 ____A (Sophos Limited) C:\Users\harjeets\Downloads\Sophos Virus Removal Tool.exe
2012-12-12 05:01 - 2012-12-12 05:00 - 00864120 ____A (ALWIL Software) C:\Users\harjeets\Downloads\aswar.exe
2012-12-12 04:49 - 2012-12-12 04:49 - 10554040 ____A (McAfee Inc.) C:\Users\harjeets\Downloads\stinger.exe
2012-12-12 04:20 - 2012-12-12 04:20 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-12-12 04:17 - 2012-12-12 04:14 - 147430088 ____A C:\Users\harjeets\Downloads\setup_11.0.0.1245.x01_2012_12_11_15_16.exe
2012-12-12 04:16 - 2012-12-12 04:16 - 00448816 ____A (Kaspersky Lab ZAO) C:\Users\harjeets\Downloads\rannohdecryptor.exe
2012-12-12 04:16 - 2012-12-12 04:15 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\harjeets\Downloads\tdsskiller(1).exe
2012-12-12 03:55 - 2012-12-12 03:55 - 02957840 ____A (Symantec Corporation) C:\Users\harjeets\Downloads\NPE.exe
2012-12-12 03:50 - 2012-12-12 03:46 - 285050880 ____A C:\Users\harjeets\Downloads\kav_rescue_10.iso
2012-12-11 16:37 - 2012-12-11 16:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-11 16:37 - 2012-12-11 16:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-11 16:37 - 2012-12-11 16:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-11 16:37 - 2012-12-11 16:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-11 16:37 - 2012-12-11 16:37 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-11 16:37 - 2012-06-16 11:42 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-12-11 16:37 - 2011-02-10 16:42 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-11 16:18 - 2012-12-11 16:18 - 28008448 ____A C:\Users\harjeets\Downloads\JavaJRE_7u9_32-bit_SPS.exe
2012-12-11 15:43 - 2012-09-02 15:46 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 15:43 - 2011-07-23 07:45 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-11 13:18 - 2012-12-11 13:18 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\QuickScan
2012-12-11 12:32 - 2012-12-11 12:32 - 00879206 ____A C:\Users\harjeets\AppData\Local\census.cache
2012-12-11 12:31 - 2012-12-11 12:31 - 00129664 ____A C:\Users\harjeets\AppData\Local\ars.cache
2012-12-11 12:16 - 2012-12-12 04:19 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\60527378.sys
2012-12-11 12:11 - 2012-12-11 12:11 - 00000036 ____A C:\Users\harjeets\AppData\Local\housecall.guid.cache
2012-12-11 12:10 - 2012-12-11 12:10 - 02406064 ____A (Trend Micro Inc.) C:\Users\harjeets\Downloads\HousecallLauncher64.exe
2012-12-11 09:59 - 2012-12-11 09:59 - 00001729 ____A C:\logPanda.txt.gz
2012-12-11 09:59 - 2012-12-11 09:59 - 00000000 ___AD C:\panda_poli_utility_samples
2012-12-11 05:18 - 2012-12-11 05:17 - 00000274 ____A C:\Users\harjeets\Downloads\RootkitRemover20121211081738.txt
2012-12-11 04:46 - 2012-12-11 04:02 - 00000000 ____D C:\12f9e43cbc3faec4d5a399
2012-12-11 04:02 - 2012-12-11 04:01 - 00000000 ___HD C:\Windows\AxInstSV
2012-12-11 02:29 - 2012-10-10 21:29 - 00000416 ____A C:\Windows\Tasks\At1.job
2012-12-10 19:57 - 2012-12-10 14:27 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-12-10 19:53 - 2012-12-10 19:53 - 01805736 ____A (Symantec Corporation) C:\Users\harjeets\Downloads\FixZeroAccess.exe
2012-12-10 18:40 - 2012-12-07 05:20 - 00000000 ____D C:\Users\harjeets\Desktop\print
2012-12-10 13:42 - 2012-12-10 13:16 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-10 13:05 - 2012-12-10 12:21 - 00006523 ____A C:\Users\harjeets\AppData\Local\bc6823e8-de67-4545-8e62-7fef75245391.crx
2012-12-10 12:42 - 2012-12-10 12:42 - 02075184 ____A (Kaspersky Lab ZAO) C:\Users\harjeets\Downloads\TDSSKiller.exe
2012-12-10 12:32 - 2012-12-10 12:32 - 00544360 ____A (McAfee, Inc.) C:\Users\harjeets\Downloads\rootkitremover.exe
2012-12-10 12:26 - 2012-12-10 12:27 - 00642952 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-12-10 12:26 - 2012-12-10 12:27 - 00283744 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-12-10 12:26 - 2012-12-10 12:27 - 00228752 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-12-10 12:26 - 2012-12-10 12:27 - 00158832 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-12-10 12:26 - 2012-12-10 12:27 - 00158712 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-12-10 12:26 - 2012-12-10 12:27 - 00100904 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-12-10 12:26 - 2012-12-10 12:27 - 00009984 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-12-10 12:26 - 2012-06-11 10:21 - 00099056 ____A (McAfee, Inc.) C:\Windows\System32\MfeOtlkAddin.dll
2012-12-10 12:26 - 2012-06-11 10:21 - 00074848 ____A (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2012-12-10 12:26 - 2011-02-08 09:27 - 00000000 ____D C:\Users\All Users\McAfee
2012-12-10 12:26 - 2011-02-08 09:27 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-12-10 12:26 - 2009-04-29 20:07 - 00022816 ____A (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2012-12-10 12:24 - 2011-02-08 12:22 - 00000000 ____D C:\Windows\cisco_it
2012-12-10 10:23 - 2012-12-10 10:23 - 00003288 ____N C:\bootsqm.dat
2012-12-10 10:21 - 2012-12-10 10:21 - 00000000 ____D C:\found.001
2012-12-10 08:48 - 2012-12-10 08:48 - 00065536 ___AH C:\Windows\System32\AvTresvr64.dll
2012-12-10 06:01 - 2011-02-11 07:32 - 00000000 ____D C:\Users\All Users\WebEx
2012-12-10 02:24 - 2012-12-10 02:24 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-10 02:23 - 2012-12-10 02:22 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-10 02:23 - 2012-12-10 02:22 - 00000000 ____D C:\Program Files\iTunes
2012-12-10 02:23 - 2012-12-10 02:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-10 02:22 - 2012-12-10 02:22 - 00000000 ____D C:\Program Files\iPod
2012-12-08 19:45 - 2011-02-15 14:28 - 00013257 ____A C:\CalInstall.log
2012-12-08 19:45 - 2011-02-08 12:35 - 00000000 ____D C:\Users\harjeets\AppData\Local\Downloaded Installations
2012-12-08 19:45 - 2011-02-08 09:23 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2012-12-08 09:43 - 2011-02-08 09:43 - 00000000 ____D C:\Users\All Users\CREDANT
2012-12-08 04:23 - 2012-12-08 01:12 - 00000000 ____D C:\f06d6114848389a1f8
2012-12-08 01:12 - 2012-12-08 01:12 - 17969696 ____A (Microsoft Corporation) C:\Users\harjeets\Downloads\Windows-KB890830-x64-V4.14.exe
2012-12-08 01:10 - 2012-12-08 01:10 - 17260040 ____A (Microsoft Corporation) C:\Users\harjeets\Downloads\Windows-KB890830-V4.14.exe
2012-12-07 17:44 - 2012-12-07 14:18 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\Zapa
2012-12-07 17:31 - 2012-12-07 17:31 - 00000049 ____A C:\Users\harjeets\Desktop\trojan.txt
2012-12-07 17:15 - 2011-05-22 07:38 - 00007609 ____A C:\Users\harjeets\AppData\Local\Resmon.ResmonCfg
2012-12-05 05:14 - 2012-12-05 05:14 - 00413696 ____A C:\Users\harjeets\Downloads\LPTS.ppt
2012-12-05 05:13 - 2012-12-05 05:13 - 00208554 ____A C:\Users\harjeets\Downloads\IOS-XR LPTS Overview.pptx
2012-12-05 05:07 - 2012-12-05 05:07 - 04853961 ____A C:\Users\harjeets\Downloads\CRS-3-Deep_Dive.pptx
2012-12-05 04:58 - 2012-12-05 04:58 - 02046389 ____A C:\Users\harjeets\Downloads\CRS_SW_Licensing_Overview.pptx
2012-12-04 16:31 - 2012-12-04 10:22 - 00012050 ____A C:\Users\harjeets\Desktop\Behaviour differences notes.txt
2012-12-04 13:17 - 2011-02-11 07:32 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\webex
2012-12-03 21:14 - 2011-02-08 11:27 - 00836816 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-12-03 13:32 - 2012-11-03 05:15 - 00000000 ____D C:\Users\harjeets\AppData\Local\VMware
2012-12-03 13:32 - 2011-05-16 04:49 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\VMware
2012-12-03 13:28 - 2012-11-06 10:36 - 00014172 ____A C:\Users\harjeets\Documents\mobility lab.dat
2012-12-03 13:28 - 2011-03-02 14:12 - 00000600 ____A C:\Users\harjeets\AppData\Local\PUTTY.RND
2012-12-03 13:28 - 2011-02-23 09:33 - 00046182 ____A C:\Users\harjeets\Documents\Sprint Lab Putty CM database_backup.dat
2012-12-03 13:28 - 2011-02-23 08:34 - 00046182 ____A C:\Users\harjeets\Documents\Sprint Lab Putty CM database.dat
2012-12-01 08:34 - 2012-11-01 14:38 - 00006322 ____A C:\Users\harjeets\Desktop\alxen appartement.txt
2012-11-30 04:37 - 2011-02-08 09:26 - 00000000 ____D C:\Program Files (x86)\Altiris
2012-11-30 04:36 - 2012-11-28 11:51 - 00000000 ____D C:\Users\All Users\Symantec
2012-11-29 15:52 - 2012-11-29 15:41 - 509957447 ____A C:\Users\harjeets\Downloads\46695.2012-11-29.testcompanion.tgz
2012-11-29 15:21 - 2012-11-29 15:21 - 00028967 ____A C:\Users\harjeets\Downloads\SITT_02
2012-11-29 14:49 - 2012-11-29 14:49 - 00061440 ____A C:\Users\harjeets\Desktop\RE NSF on our IP Network.msg
2012-11-29 11:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv
2012-11-29 11:26 - 2012-11-07 05:45 - 00012060 ____A C:\Users\harjeets\Documents\mobility lab_backup.dat
2012-11-29 11:25 - 2012-11-29 11:25 - 00002453 ____A C:\Users\Public\Desktop\SeaTools for Windows.lnk
2012-11-29 11:25 - 2012-11-29 11:25 - 00000000 ____D C:\Program Files (x86)\Seagate
2012-11-29 11:22 - 2012-11-29 11:22 - 21476536 ____A C:\Users\harjeets\Downloads\SeaToolsforWindowsSetup-1206.exe
2012-11-29 10:25 - 2012-11-29 10:25 - 00239551 ____A C:\Users\harjeets\Downloads\SITT-Flareforcustomer(1).pptx
2012-11-29 10:00 - 2012-11-29 10:00 - 00368128 ____A C:\Users\harjeets\Downloads\FLARE(2).ppt
2012-11-29 09:01 - 2012-11-29 09:01 - 00419840 ____A C:\Users\harjeets\Downloads\SITTEnhancements.ppt
2012-11-29 09:00 - 2012-11-29 09:00 - 00036352 ____A C:\Users\harjeets\Downloads\SITT-SGSN_software_License_info.xls
2012-11-29 08:58 - 2012-11-29 08:58 - 00065024 ____A C:\Users\harjeets\Downloads\Copy_of_SITT_Daily_sheet.xls
2012-11-29 05:08 - 2012-11-29 05:08 - 00000000 ____D C:\Program Files\Arellia
2012-11-29 05:08 - 2012-11-29 05:08 - 00000000 ____D C:\Program Files (x86)\Arellia
2012-11-29 00:09 - 2012-11-29 00:09 - 45168640 ____A C:\Users\harjeets\Desktop\sitt.tar
2012-11-28 18:52 - 2012-11-28 18:51 - 00368128 ____A C:\Users\harjeets\Downloads\FLARE(1).ppt
2012-11-28 12:44 - 2012-11-28 12:43 - 48234496 ____A C:\Users\harjeets\Downloads\debian-6.0.6-i386-businesscard.iso
2012-11-28 11:52 - 2012-11-28 11:52 - 00000000 ____D C:\Program Files\Common Files\Altiris
2012-11-28 11:50 - 2012-11-28 11:50 - 00001560 ____A C:\Windows\SysWOW64\aexclean.log
2012-11-28 09:02 - 2012-11-28 09:02 - 00000000 ____D C:\Users\harjeets\Documents\20121128-GMP Power Hr_ EPC – Node Selection & QoS(207487333)
2012-11-28 05:36 - 2012-11-28 05:36 - 01501040 ____A C:\Users\harjeets\Downloads\StarOS_simulation_environment(1).pptx
2012-11-26 14:33 - 2012-11-26 14:32 - 32699368 ____A (Oracle Corporation) C:\Users\harjeets\Downloads\jre-7u9-windows-x64.exe
2012-11-26 10:58 - 2012-11-26 10:58 - 00044558 ____A C:\Users\harjeets\Downloads\ggsn-basic-xt2-12.0-120426(1).cfg
2012-11-23 20:05 - 2012-11-23 20:01 - 283027488 ____A C:\Users\harjeets\Downloads\46611.2012-11-23.testcompanion.tgz
2012-11-23 19:59 - 2012-11-28 04:33 - 00011888 ____A C:\Users\harjeets\Documents\mobility lab_backup_backup.dat
2012-11-23 19:33 - 2012-11-23 19:33 - 00239551 ____A C:\Users\harjeets\Downloads\SITT-Flareforcustomer.pptx
2012-11-23 12:43 - 2012-11-23 12:43 - 00368128 ____A C:\Users\harjeets\Downloads\FLARE.ppt
2012-11-23 12:30 - 2012-11-23 12:30 - 01501040 ____A C:\Users\harjeets\Downloads\StarOS_simulation_environment.pptx
2012-11-23 11:40 - 2012-11-23 11:40 - 00005678 ____A C:\Users\harjeets\Downloads\Client VM configuration files.gz
2012-11-23 11:39 - 2012-11-23 11:39 - 00000528 ____A C:\Users\harjeets\Downloads\CallgenScript.txt
2012-11-23 10:19 - 2012-11-08 08:55 - 00000000 ____D C:\Users\harjeets\AppData\Roaming\Seagate
2012-11-23 10:19 - 2012-11-08 08:55 - 00000000 ____D C:\Users\All Users\Seagate
2012-11-19 09:41 - 2012-11-19 08:49 - 00257806 ____A C:\Users\harjeets\Desktop\sl-gw2-stlab-ios-xr-11192012.txt
2012-11-19 05:22 - 2012-11-19 05:22 - 00175277 ____A C:\Users\harjeets\Downloads\sox-sl-gw35-stlab.iox
2012-11-19 05:21 - 2012-11-19 05:21 - 00104843 ____A C:\Users\harjeets\Downloads\sox-sl-gw35-stlab.txt
2012-11-19 05:19 - 2012-11-19 05:19 - 00104843 ____A C:\Users\harjeets\Desktop\sox-sl-gw35-stlab.txt
2012-11-19 04:27 - 2012-11-19 04:27 - 00012541 ____A C:\Users\harjeets\Desktop\show diag sl-gw2-stlab.txt
2012-11-19 04:22 - 2012-11-19 04:25 - 00077119 ____A C:\Users\harjeets\Desktop\sh_diag_sl_gw2_stlab
2012-11-17 07:43 - 2011-02-08 09:38 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-17 06:37 - 2012-11-17 06:37 - 00000000 ____D C:\found.000
2012-11-17 06:32 - 2012-11-17 06:32 - 00003375 ____A C:\Users\harjeets\Desktop\snmp vrf mroute.txt
2012-11-17 06:16 - 2012-11-17 06:13 - 00005427 ____A C:\Users\harjeets\Downloads\indiaDepositSlipCiti.html
2012-11-17 06:13 - 2012-11-17 06:13 - 00000000 ____D C:\Users\harjeets\Downloads\indiaDepositSlipCiti_files
2012-11-16 04:15 - 2012-11-16 04:15 - 00000000 ____A C:\Users\harjeets\Downloads\electionUpdate.jsp
2012-11-15 08:28 - 2012-11-15 08:28 - 00456696 ___AT C:\Users\harjeets\Desktop\sl-gw2-stlab-IOS-config-11152012.txt
2012-11-15 08:27 - 2012-11-15 08:27 - 00701215 ___AT C:\Users\harjeets\Desktop\sl-gw2-stlab-ios-xr-112911.txt

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-10-10 21:05] - [2011-03-01 00:09] - 0027648 ____A (Microsoft Corporation) DFDF1E4AEE12E9021BD72F29B6877A8D

C:\Windows\SysWOW64\svchost.exe
[2012-10-10 21:05] - [2011-03-01 00:09] - 0021504 ____A (Microsoft Corporation) 8C81307975B3EA558946BA96D63AF904

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-10-10 21:04] - [2011-02-24 22:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 12219.52 MB
Available physical RAM: 11252.57 MB
Total Pagefile: 12217.67 MB
Available Pagefile: 11271.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (System) (Fixed) (Total:119.24 GB) (Free:13.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 119 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System NTFS Partition 119 GB Healthy

=========================================================

Last Boot: 2012-12-15 09:49

==================== End Of Log =============================
















=========listpart logs============================

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 15-12-2012 at 14:43:43
Windows 7 (X64)
Running From: C:\Users\harjeets\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 6%
Total physical RAM: 12219.52 MB
Available physical RAM: 11401.37 MB
Total Pagefile: 12217.67 MB
Available Pagefile: 11381.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:119.24 GB) (Free:13.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 119 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System NTFS Partition 119 GB Healthy

======================================================================================================

****** End Of Log ******

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 AM

Posted 15 December 2012 - 03:19 PM

we have a couple of issues here

C:\Windows\System32\svchost.exe this appears to be a forged file, however, FRST is having difficulty loading the software hive for some reason

ATTENTION: Unable to load Software hive.

let's see if MBAR can do anything with this first, if not we can look for a replacement and replace it manually

please run the following:


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 harry81

harry81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 December 2012 - 05:10 PM

I did run Malwarebytes Anti-Rootkit and it did find following three :-

Infected: c:\program files\shared\_lib.dll --> [Adware.Deepdive]
Infected: c:\program files\shared\lib.dll --> [Adware.Deepdive]
Infected: c:\winnt\web\printers\images\navdb.dbx --> [Malware.Trace]

After restart did run it again and this time there was no infection found.

I am not sure if any of these are related to svchost.exe issue.

Really appreciate your help on this.

Following are the required logs :-



Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.15.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
harjeets :: HARJEETS-WS01 [administrator]

12/15/2012 4:13:06 PM
mbar-log-2012-12-15 (16-13-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32474
Time elapsed: 44 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\program files\shared\_lib.dll (Adware.Deepdive) -> Delete on reboot.
c:\program files\shared\lib.dll (Adware.Deepdive) -> Delete on reboot.
c:\winnt\web\printers\images\navdb.dbx (Malware.Trace) -> Delete on reboot.

(end)







Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.15.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
harjeets :: HARJEETS-WS01 [administrator]

12/15/2012 4:58:41 PM
mbar-log-2012-12-15 (16-58-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32296
Time elapsed: 36 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)






=======================================================




---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10028961792

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10034495488

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10034913280

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10035712000

------------ Kernel report ------------
12/15/2012 15:28:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\CmgHiber.sys
\SystemRoot\system32\DRIVERS\CmgCrypt.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pavboot64.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\CMGShCEF.sys
\SystemRoot\system32\DRIVERS\CmgShPT.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\DRIVERS\CmgShREG.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\csacentr.sys
\SystemRoot\system32\drivers\csafile.sys
\SystemRoot\system32\drivers\csareg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\CmgPCS.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\csafilt.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\bridge.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\LV_Tracker64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\CVirtA64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\drivers\mfeavfk.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800f3fb790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000b3\
Lower Device Object: 0xfffffa800f2ff350
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800d5ea060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800ab9a050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.15.07
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d5ea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d4fea00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa800d4fcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d4f8910, DeviceName: Unknown, DriverName: \Driver\CmgHiber\
DevicePointer: 0xfffffa800d5ea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ab90e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ab9a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a013b0aba0, 0xfffffa800d5ea060, 0xfffffa8012c8b790
Lower DeviceData: 0xfffff8a0143fc060, 0xfffffa800ab9a050, 0xfffffa801282ce40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5964B6D4

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 250064896
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800f3fb790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800f303380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f4501d0, DeviceName: Unknown, DriverName: \Driver\CmgHiber\
DevicePointer: 0xfffffa800f3fb790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800f2ff350, DeviceName: \Device\000000b3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a0137f6960, 0xfffffa800f3fb790, 0xfffffa80125e5090
Lower DeviceData: 0xfffff8a0137ddfe0, 0xfffffa800f2ff350, 0xfffffa80125db220
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1952685
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 999817216 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: c:\program files\shared\_lib.dll --> [Adware.Deepdive]
Infected: c:\program files\shared\lib.dll --> [Adware.Deepdive]
Infected: c:\winnt\web\printers\images\navdb.dbx --> [Malware.Trace]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10790690816

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10400145408

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10634170368

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10672947200

------------ Kernel report ------------
12/15/2012 16:20:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\CmgHiber.sys
\SystemRoot\system32\DRIVERS\CmgCrypt.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pavboot64.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\CMGShCEF.sys
\SystemRoot\system32\DRIVERS\CmgShPT.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\DRIVERS\CmgShREG.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\csacentr.sys
\SystemRoot\system32\drivers\csafile.sys
\SystemRoot\system32\drivers\csareg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\CmgPCS.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\csafilt.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\bridge.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\LV_Tracker64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\drivers\mfeavfk.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ffc6790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000b4\
Lower Device Object: 0xfffffa800fd4f350
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800d5f1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800ab92050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d5f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d501a00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa800d4ff9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d4bb9a0, DeviceName: Unknown, DriverName: \Driver\CmgHiber\
DevicePointer: 0xfffffa800d5f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ab8fe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ab92050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0100c0120, 0xfffffa800d5f1060, 0xfffffa800a6ef090
Lower DeviceData: 0xfffff8a00f8e6790, 0xfffffa800ab92050, 0xfffffa800a6db890
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5964B6D4

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 250064896
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ffc6790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800f04c690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f2425e0, DeviceName: Unknown, DriverName: \Driver\CmgHiber\
DevicePointer: 0xfffffa800ffc6790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800fd4f350, DeviceName: \Device\000000b4\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00f7db4e0, 0xfffffa800ffc6790, 0xfffffa800dfb6090
Lower DeviceData: 0xfffff8a00f9cef90, 0xfffffa800fd4f350, 0xfffffa800d4c88a0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1952685
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 999817216 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 12813099008, free: 10746691584

------------ Kernel report ------------
12/15/2012 17:04:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\CmgHiber.sys
\SystemRoot\system32\DRIVERS\CmgCrypt.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pavboot64.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\CMGShCEF.sys
\SystemRoot\system32\DRIVERS\CmgShPT.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\DRIVERS\CmgShREG.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\csacentr.sys
\SystemRoot\system32\drivers\csafile.sys
\SystemRoot\system32\drivers\csareg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\CmgPCS.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\csafilt.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\bridge.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\LV_Tracker64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\drivers\mfeavfk.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ffc6790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000b4\
Lower Device Object: 0xfffffa800fd4f350
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800d4c88a0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800d5f1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800ab92050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800a6db890
Initializing...
Scan Interrupted
=======================================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 AM

Posted 15 December 2012 - 06:18 PM

let's see what TDSSKiller can find:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 harry81

harry81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 December 2012 - 10:31 PM

Ran TDS killer but no threat found :-

22:27:56.0453 5388 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:27:56.0531 5388 ============================================================
22:27:56.0531 5388 Current date / time: 2012/12/15 22:27:56.0531
22:27:56.0531 5388 SystemInfo:
22:27:56.0531 5388
22:27:56.0531 5388 OS Version: 6.1.7600 ServicePack: 0.0
22:27:56.0531 5388 Product type: Workstation
22:27:56.0531 5388 ComputerName: HARJEETS-WS01
22:27:56.0531 5388 UserName: harjeets
22:27:56.0531 5388 Windows directory: C:\Windows
22:27:56.0531 5388 System windows directory: C:\Windows
22:27:56.0531 5388 Running under WOW64
22:27:56.0531 5388 Processor architecture: Intel x64
22:27:56.0531 5388 Number of processors: 8
22:27:56.0531 5388 Page size: 0x1000
22:27:56.0531 5388 Boot type: Normal boot
22:27:56.0531 5388 ============================================================
22:27:57.0108 5388 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:27:57.0124 5388 Drive \Device\Harddisk1\DR1 - Size: 0x3B980000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:27:57.0139 5388 ============================================================
22:27:57.0139 5388 \Device\Harddisk0\DR0:
22:27:57.0139 5388 MBR partitions:
22:27:57.0139 5388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
22:27:57.0139 5388 \Device\Harddisk1\DR1:
22:27:57.0139 5388 MBR partitions:
22:27:57.0139 5388 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1DCBAD
22:27:57.0139 5388 ============================================================
22:27:57.0139 5388 C: <-> \Device\Harddisk0\DR0\Partition1
22:27:57.0139 5388 ============================================================
22:27:57.0139 5388 Initialize success
22:27:57.0139 5388 ============================================================
22:28:43.0332 5244 ============================================================
22:28:43.0332 5244 Scan started
22:28:43.0332 5244 Mode: Manual; TDLFS;
22:28:43.0332 5244 ============================================================
22:28:43.0816 5244 ================ Scan system memory ========================
22:28:43.0816 5244 System memory - ok
22:28:43.0816 5244 ================ Scan services =============================
22:28:43.0862 5244 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:28:43.0878 5244 1394ohci - ok
22:28:43.0878 5244 [ DF986D28A45ACF98A51FACCDD39D8D9F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
22:28:43.0940 5244 5U877 - ok
22:28:43.0940 5244 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:28:43.0956 5244 ACPI - ok
22:28:43.0956 5244 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:28:43.0972 5244 AcpiPmi - ok
22:28:43.0972 5244 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:28:44.0034 5244 AdobeARMservice - ok
22:28:44.0065 5244 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:28:44.0128 5244 AdobeFlashPlayerUpdateSvc - ok
22:28:44.0143 5244 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:28:44.0159 5244 adp94xx - ok
22:28:44.0174 5244 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:28:44.0190 5244 adpahci - ok
22:28:44.0190 5244 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:28:44.0206 5244 adpu320 - ok
22:28:44.0206 5244 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:28:44.0221 5244 AeLookupSvc - ok
22:28:44.0221 5244 [ CA4CDD81922434AE3A1A792B6BCF9E78 ] AeXAgentSrvHost C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
22:28:44.0237 5244 AeXAgentSrvHost - ok
22:28:44.0252 5244 [ CDDAD1EEF9903E1323E7500926D8B7AC ] AeXNSClient C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
22:28:44.0284 5244 AeXNSClient - ok
22:28:44.0284 5244 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:28:44.0299 5244 AFD - ok
22:28:44.0299 5244 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:28:44.0315 5244 agp440 - ok
22:28:44.0315 5244 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:28:44.0315 5244 ALG - ok
22:28:44.0330 5244 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:28:44.0330 5244 aliide - ok
22:28:44.0346 5244 [ 019B2883A84BD8FF904B5C547DD4C4A1 ] AltirisAgentProvider C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe
22:28:44.0455 5244 AltirisAgentProvider - ok
22:28:44.0455 5244 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:28:44.0471 5244 amdide - ok
22:28:44.0471 5244 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:28:44.0486 5244 AmdK8 - ok
22:28:44.0486 5244 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:28:44.0502 5244 AmdPPM - ok
22:28:44.0502 5244 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:28:44.0564 5244 amdsata - ok
22:28:44.0580 5244 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:28:44.0580 5244 amdsbs - ok
22:28:44.0596 5244 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:28:44.0658 5244 amdxata - ok
22:28:44.0658 5244 [ 03FBB7C5EA4EF153F10282614B9771CB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
22:28:44.0674 5244 AppHostSvc - ok
22:28:44.0674 5244 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:28:44.0689 5244 AppID - ok
22:28:44.0689 5244 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:28:44.0705 5244 AppIDSvc - ok
22:28:44.0705 5244 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:28:44.0705 5244 Appinfo - ok
22:28:44.0720 5244 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:28:44.0783 5244 Apple Mobile Device - ok
22:28:44.0798 5244 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:28:44.0798 5244 AppMgmt - ok
22:28:44.0814 5244 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:28:44.0814 5244 arc - ok
22:28:44.0830 5244 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:28:44.0830 5244 arcsas - ok
22:28:44.0845 5244 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:28:44.0908 5244 aspnet_state - ok
22:28:44.0939 5244 aswArKrn - ok
22:28:44.0954 5244 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:28:44.0954 5244 AsyncMac - ok
22:28:44.0970 5244 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:28:44.0970 5244 atapi - ok
22:28:44.0986 5244 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:28:45.0001 5244 AudioEndpointBuilder - ok
22:28:45.0001 5244 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:28:45.0017 5244 AudioSrv - ok
22:28:45.0032 5244 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:28:45.0032 5244 AxInstSV - ok
22:28:45.0048 5244 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:28:45.0064 5244 b06bdrv - ok
22:28:45.0064 5244 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:28:45.0079 5244 b57nd60a - ok
22:28:45.0095 5244 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:28:45.0095 5244 BDESVC - ok
22:28:45.0110 5244 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:28:45.0110 5244 Beep - ok
22:28:45.0126 5244 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:28:45.0142 5244 BFE - ok
22:28:45.0157 5244 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
22:28:45.0188 5244 BITS - ok
22:28:45.0188 5244 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:28:45.0204 5244 blbdrive - ok
22:28:45.0204 5244 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:28:45.0220 5244 Bonjour Service - ok
22:28:45.0220 5244 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:28:45.0220 5244 bowser - ok
22:28:45.0235 5244 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:28:45.0235 5244 BrFiltLo - ok
22:28:45.0251 5244 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:28:45.0251 5244 BrFiltUp - ok
22:28:45.0266 5244 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
22:28:45.0266 5244 Bridge - ok
22:28:45.0266 5244 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:28:45.0282 5244 BridgeMP - ok
22:28:45.0282 5244 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:28:45.0282 5244 Browser - ok
22:28:45.0298 5244 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:28:45.0313 5244 Brserid - ok
22:28:45.0313 5244 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:28:45.0329 5244 BrSerWdm - ok
22:28:45.0329 5244 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:28:45.0329 5244 BrUsbMdm - ok
22:28:45.0344 5244 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:28:45.0344 5244 BrUsbSer - ok
22:28:45.0360 5244 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:28:45.0360 5244 BthEnum - ok
22:28:45.0360 5244 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:28:45.0376 5244 BTHMODEM - ok
22:28:45.0376 5244 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:28:45.0391 5244 BthPan - ok
22:28:45.0407 5244 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:28:45.0454 5244 BTHPORT - ok
22:28:45.0454 5244 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:28:45.0469 5244 bthserv - ok
22:28:45.0469 5244 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:28:45.0532 5244 BTHUSB - ok
22:28:45.0532 5244 catchme - ok
22:28:45.0547 5244 CCDevice - ok
22:28:45.0547 5244 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:28:45.0563 5244 cdfs - ok
22:28:45.0563 5244 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:28:45.0578 5244 cdrom - ok
22:28:45.0578 5244 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:28:45.0594 5244 CertPropSvc - ok
22:28:45.0594 5244 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:28:45.0594 5244 circlass - ok
22:28:45.0610 5244 [ 0AF2E4AB0D7672A64B35C80EA2A1F525 ] Cisco WebEx Connect Upgrade Service C:\Program Files (x86)\WebEx\Connect\apUpdate.exe
22:28:45.0625 5244 Cisco WebEx Connect Upgrade Service - ok
22:28:45.0641 5244 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:28:45.0656 5244 CLFS - ok
22:28:45.0656 5244 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:45.0672 5244 clr_optimization_v2.0.50727_32 - ok
22:28:45.0672 5244 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:28:45.0688 5244 clr_optimization_v2.0.50727_64 - ok
22:28:45.0703 5244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:28:45.0719 5244 clr_optimization_v4.0.30319_32 - ok
22:28:45.0719 5244 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:28:45.0734 5244 clr_optimization_v4.0.30319_64 - ok
22:28:45.0734 5244 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:28:45.0734 5244 CmBatt - ok
22:28:45.0750 5244 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:28:45.0750 5244 cmdide - ok
22:28:45.0750 5244 [ 221068E46FC4D928650238F758B3E384 ] CmgHiber C:\Windows\system32\DRIVERS\CmgHiber.sys
22:28:45.0828 5244 CmgHiber - ok
22:28:45.0828 5244 [ 5349C0CECBDB4117072DF31F43277569 ] CmgPassThrough C:\Windows\system32\DRIVERS\CmgShPT.sys
22:28:45.0875 5244 CmgPassThrough - ok
22:28:45.0890 5244 [ 0374DB4D388D0A60F8A180A6B2E53726 ] CmgPCS C:\Windows\system32\DRIVERS\CmgPCS.sys
22:28:45.0937 5244 CmgPCS - ok
22:28:45.0968 5244 [ 4E6D7F92EBF1E4E4ED68ACEE27768B96 ] CMGShield C:\Windows\system32\CmgShieldSvc.exe
22:28:46.0031 5244 CMGShield - ok
22:28:46.0031 5244 [ 435AF3418FF5790C943171B82C658858 ] CmgShieldCEF C:\Windows\system32\DRIVERS\CMGShCEF.sys
22:28:46.0078 5244 CmgShieldCEF - ok
22:28:46.0093 5244 [ 82CD3B57D6CB9D6F192217BB41CA6DCD ] CMGShieldReg C:\Windows\system32\DRIVERS\CmgShREG.sys
22:28:46.0140 5244 CMGShieldReg - ok
22:28:46.0140 5244 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:28:46.0140 5244 CNG - ok
22:28:46.0156 5244 [ 22BC1C27274D1CB1C3A8C14CDBA0CDF2 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:28:46.0202 5244 CnxtHdAudService - ok
22:28:46.0218 5244 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:28:46.0218 5244 Compbatt - ok
22:28:46.0218 5244 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:28:46.0234 5244 CompositeBus - ok
22:28:46.0234 5244 COMSysApp - ok
22:28:46.0234 5244 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:28:46.0249 5244 crcdisk - ok
22:28:46.0249 5244 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:28:46.0265 5244 CryptSvc - ok
22:28:46.0265 5244 [ F37991966B4796F7F174452B87D52D9C ] csacenter C:\Windows\system32\drivers\csacentr.sys
22:28:46.0327 5244 csacenter - ok
22:28:46.0327 5244 [ D1ADEAAF8E3BBC811D5C00ABB23BA90F ] csafile C:\Windows\system32\drivers\csafile.sys
22:28:46.0374 5244 csafile - ok
22:28:46.0390 5244 [ A5CD5CA37AC28161AFBE4EF2FAE97858 ] csafilt C:\Windows\system32\drivers\csafilt.sys
22:28:46.0452 5244 csafilt - ok
22:28:46.0452 5244 [ 25B61F917E66FCC91D4FBF5EF10263F5 ] CSAgent C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe
22:28:46.0468 5244 CSAgent - ok
22:28:46.0468 5244 [ 25B61F917E66FCC91D4FBF5EF10263F5 ] CSAgentMon C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe
22:28:46.0468 5244 CSAgentMon - ok
22:28:46.0483 5244 [ 94EA87BECC86ECF44BC5ABACFAAC4601 ] csareg C:\Windows\system32\drivers\csareg.sys
22:28:46.0530 5244 csareg - ok
22:28:46.0546 5244 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
22:28:46.0561 5244 CSC - ok
22:28:46.0561 5244 [ DC6613A907961FF165F371BFCCA9BF5B ] CscService C:\Windows\System32\cscsvc.dll
22:28:46.0577 5244 CscService - ok
22:28:46.0577 5244 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
22:28:46.0624 5244 CVirtA - ok
22:28:46.0639 5244 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
22:28:46.0733 5244 CVPND - ok
22:28:46.0733 5244 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
22:28:46.0795 5244 CVPNDRVA - ok
22:28:46.0795 5244 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:28:46.0811 5244 DcomLaunch - ok
22:28:46.0826 5244 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:28:46.0842 5244 defragsvc - ok
22:28:46.0842 5244 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:28:46.0842 5244 DfsC - ok
22:28:46.0858 5244 dgderdrv - ok
22:28:46.0858 5244 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:28:46.0873 5244 Dhcp - ok
22:28:46.0873 5244 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:28:46.0889 5244 discache - ok
22:28:46.0889 5244 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:28:46.0904 5244 Disk - ok
22:28:46.0904 5244 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
22:28:46.0967 5244 DNE - ok
22:28:46.0982 5244 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:28:46.0982 5244 Dnscache - ok
22:28:46.0998 5244 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:28:46.0998 5244 dot3svc - ok
22:28:47.0014 5244 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:28:47.0014 5244 dot4 - ok
22:28:47.0029 5244 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:28:47.0029 5244 Dot4Print - ok
22:28:47.0029 5244 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:28:47.0045 5244 dot4usb - ok
22:28:47.0060 5244 [ 9597BCB69286FF017DB1A0FB8144408D ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
22:28:47.0123 5244 DozeSvc - ok
22:28:47.0123 5244 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:28:47.0138 5244 DPS - ok
22:28:47.0138 5244 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:28:47.0154 5244 drmkaud - ok
22:28:47.0170 5244 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:28:47.0170 5244 DXGKrnl - ok
22:28:47.0185 5244 [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
22:28:47.0248 5244 DzHDD64 - ok
22:28:47.0248 5244 [ BF3AF22106627DFF3EF7BAB133C969EA ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
22:28:47.0248 5244 e1kexpress - ok
22:28:47.0263 5244 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:28:47.0263 5244 EapHost - ok
22:28:47.0310 5244 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:28:47.0357 5244 ebdrv - ok
22:28:47.0357 5244 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:28:47.0372 5244 EFS - ok
22:28:47.0388 5244 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:28:47.0388 5244 ehRecvr - ok
22:28:47.0388 5244 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:28:47.0404 5244 ehSched - ok
22:28:47.0419 5244 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:28:47.0435 5244 elxstor - ok
22:28:47.0435 5244 EMS - ok
22:28:47.0435 5244 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:28:47.0450 5244 ErrDev - ok
22:28:47.0466 5244 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:28:47.0466 5244 EventSystem - ok
22:28:47.0482 5244 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:28:47.0497 5244 exfat - ok
22:28:47.0497 5244 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:28:47.0513 5244 fastfat - ok
22:28:47.0528 5244 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:28:47.0528 5244 Fax - ok
22:28:47.0544 5244 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:28:47.0544 5244 fdc - ok
22:28:47.0560 5244 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:28:47.0575 5244 fdPHost - ok
22:28:47.0575 5244 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:28:47.0591 5244 FDResPub - ok
22:28:47.0591 5244 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:28:47.0591 5244 FileInfo - ok
22:28:47.0591 5244 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:28:47.0606 5244 Filetrace - ok
22:28:47.0606 5244 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:28:47.0622 5244 flpydisk - ok
22:28:47.0622 5244 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:28:47.0638 5244 FltMgr - ok
22:28:47.0653 5244 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:28:47.0669 5244 FontCache - ok
22:28:47.0669 5244 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:28:47.0684 5244 FontCache3.0.0.0 - ok
22:28:47.0684 5244 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:28:47.0684 5244 FsDepends - ok
22:28:47.0700 5244 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:28:47.0762 5244 Fs_Rec - ok
22:28:47.0778 5244 [ 67579D0AADA8C78BC0B7D12A1CEA38AC ] ftpsvc C:\Windows\system32\inetsrv\ftpsvc.dll
22:28:47.0778 5244 ftpsvc - ok
22:28:47.0794 5244 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:28:47.0794 5244 fvevol - ok
22:28:47.0794 5244 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:28:47.0809 5244 gagp30kx - ok
22:28:47.0825 5244 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:28:47.0825 5244 gpsvc - ok
22:28:47.0840 5244 [ 49FF998B490B4AEF6C71A669FD10F09B ] hcmon C:\Windows\system32\drivers\hcmon.sys
22:28:47.0903 5244 hcmon - ok
22:28:47.0903 5244 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:28:47.0918 5244 hcw85cir - ok
22:28:47.0918 5244 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:28:47.0934 5244 HdAudAddService - ok
22:28:47.0934 5244 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:28:47.0950 5244 HDAudBus - ok
22:28:47.0950 5244 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:28:47.0965 5244 HECIx64 - ok
22:28:47.0965 5244 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:28:47.0965 5244 HidBatt - ok
22:28:47.0981 5244 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:28:47.0981 5244 HidBth - ok
22:28:47.0996 5244 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:28:47.0996 5244 HidIr - ok
22:28:48.0012 5244 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:28:48.0012 5244 hidserv - ok
22:28:48.0028 5244 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:28:48.0028 5244 HidUsb - ok
22:28:48.0028 5244 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:28:48.0043 5244 hkmsvc - ok
22:28:48.0059 5244 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:28:48.0059 5244 HomeGroupListener - ok
22:28:48.0074 5244 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:28:48.0074 5244 HomeGroupProvider - ok
22:28:48.0090 5244 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:28:48.0090 5244 HpSAMD - ok
22:28:48.0106 5244 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:28:48.0121 5244 HTTP - ok
22:28:48.0121 5244 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:28:48.0137 5244 hwpolicy - ok
22:28:48.0137 5244 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:28:48.0152 5244 i8042prt - ok
22:28:48.0168 5244 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:28:48.0168 5244 iaStor - ok
22:28:48.0184 5244 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:28:48.0246 5244 iaStorV - ok
22:28:48.0246 5244 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:28:48.0308 5244 IBMPMDRV - ok
22:28:48.0308 5244 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
22:28:48.0371 5244 IBMPMSVC - ok
22:28:48.0386 5244 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:28:48.0464 5244 IDriverT - ok
22:28:48.0480 5244 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:28:48.0496 5244 idsvc - ok
22:28:48.0496 5244 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:28:48.0511 5244 iirsp - ok
22:28:48.0527 5244 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:28:48.0542 5244 IKEEXT - ok
22:28:48.0558 5244 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:28:48.0558 5244 intelide - ok
22:28:48.0558 5244 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:28:48.0574 5244 intelppm - ok
22:28:48.0605 5244 [ D2EE48CE5AD3EBC113E38C8B9A527FFA ] iPassConnectEngine C:\Program Files (x86)\iPass\iPassConnect\iPassConnectEngine.exe
22:28:48.0698 5244 iPassConnectEngine - ok
22:28:48.0714 5244 [ 8C915408255714AFC87EEBC63C56BEA3 ] iPassPeriodicUpdateApp C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
22:28:48.0776 5244 iPassPeriodicUpdateApp - ok
22:28:48.0776 5244 [ 21A3BA0615E35B341DD895DA54E6026B ] iPassPeriodicUpdateService C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe
22:28:48.0854 5244 iPassPeriodicUpdateService - ok
22:28:48.0854 5244 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:28:48.0870 5244 IPBusEnum - ok
22:28:48.0870 5244 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:28:48.0886 5244 IpFilterDriver - ok
22:28:48.0901 5244 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:28:48.0917 5244 iphlpsvc - ok
22:28:48.0917 5244 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:28:48.0932 5244 IPMIDRV - ok
22:28:48.0932 5244 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:28:48.0948 5244 IPNAT - ok
22:28:48.0948 5244 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:28:48.0964 5244 iPod Service - ok
22:28:48.0964 5244 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:28:48.0979 5244 IRENUM - ok
22:28:48.0979 5244 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:28:48.0995 5244 isapnp - ok
22:28:48.0995 5244 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:28:49.0010 5244 iScsiPrt - ok
22:28:49.0010 5244 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:28:49.0026 5244 kbdclass - ok
22:28:49.0026 5244 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:28:49.0042 5244 kbdhid - ok
22:28:49.0042 5244 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:28:49.0042 5244 KeyIso - ok
22:28:49.0057 5244 kqemu - ok
22:28:49.0057 5244 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:28:49.0057 5244 KSecDD - ok
22:28:49.0073 5244 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:28:49.0073 5244 KSecPkg - ok
22:28:49.0073 5244 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:28:49.0088 5244 ksthunk - ok
22:28:49.0104 5244 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:28:49.0120 5244 KtmRm - ok
22:28:49.0120 5244 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:28:49.0120 5244 LanmanServer - ok
22:28:49.0135 5244 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:28:49.0151 5244 LanmanWorkstation - ok
22:28:49.0151 5244 [ A4AEFD644CADE44F99CEAFA49004426C ] LENOVO.CAMMUTE C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
22:28:49.0213 5244 LENOVO.CAMMUTE - ok
22:28:49.0229 5244 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
22:28:49.0291 5244 LENOVO.MICMUTE - ok
22:28:49.0307 5244 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
22:28:49.0369 5244 lenovo.smi - ok
22:28:49.0369 5244 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
22:28:49.0447 5244 Lenovo.VIRTSCRLSVC - ok
22:28:49.0463 5244 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:28:49.0463 5244 lltdio - ok
22:28:49.0478 5244 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:28:49.0494 5244 lltdsvc - ok
22:28:49.0494 5244 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:28:49.0510 5244 lmhosts - ok
22:28:49.0510 5244 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:28:49.0525 5244 LSI_FC - ok
22:28:49.0525 5244 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:28:49.0541 5244 LSI_SAS - ok
22:28:49.0541 5244 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:28:49.0572 5244 LSI_SAS2 - ok
22:28:49.0572 5244 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:28:49.0588 5244 LSI_SCSI - ok
22:28:49.0603 5244 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:28:49.0634 5244 luafv - ok
22:28:49.0634 5244 [ 1D12D4D0ABC5BB00A5E8FEB9A9601731 ] LV_Tracker C:\Windows\system32\DRIVERS\LV_Tracker64.sys
22:28:49.0712 5244 LV_Tracker - ok
22:28:49.0712 5244 [ 3EF9511390F9106DD8CF0747BAEB335C ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
22:28:49.0728 5244 McAfeeFramework - ok
22:28:49.0744 5244 [ 3243E462DE3D307B8B1F85707BE0CBFC ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:28:49.0822 5244 McShield - ok
22:28:49.0822 5244 [ 462EB5733C52471DB574727B5D1F77E4 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
22:28:49.0837 5244 McTaskManager - ok
22:28:49.0837 5244 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:28:49.0853 5244 Mcx2Svc - ok
22:28:49.0853 5244 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:28:49.0884 5244 MDM - ok
22:28:49.0884 5244 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:28:49.0900 5244 megasas - ok
22:28:49.0900 5244 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:28:49.0915 5244 MegaSR - ok
22:28:49.0915 5244 [ A8010E2442349DF1EDE61258415406DE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:28:49.0931 5244 mfeapfk - ok
22:28:49.0931 5244 [ 0152DBEF3AC1BFDCFEB67488FECFFBF7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:28:49.0993 5244 mfeavfk - ok
22:28:49.0993 5244 mfeavfk01 - ok
22:28:50.0009 5244 [ DD61B7472629163AC86C73FF5CB8C090 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:28:50.0087 5244 mfehidk - ok
22:28:50.0087 5244 [ 63AF163F785600BE49C35429ADADCEB2 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:28:50.0149 5244 mferkdet - ok
22:28:50.0149 5244 [ 832FF782C16081535956403C488A9391 ] mfevtp C:\Windows\system32\mfevtps.exe
22:28:50.0212 5244 mfevtp - ok
22:28:50.0227 5244 [ A07AE92232E9C1023D8011F5F48723C5 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:28:50.0290 5244 mfewfpk - ok
22:28:50.0305 5244 Microsoft SharePoint Workspace Audit Service - ok
22:28:50.0305 5244 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:28:50.0321 5244 MMCSS - ok
22:28:50.0321 5244 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:28:50.0321 5244 Modem - ok
22:28:50.0336 5244 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:28:50.0336 5244 monitor - ok
22:28:50.0352 5244 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:28:50.0352 5244 mouclass - ok
22:28:50.0352 5244 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:28:50.0368 5244 mouhid - ok
22:28:50.0368 5244 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:28:50.0383 5244 mountmgr - ok
22:28:50.0399 5244 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:28:50.0477 5244 MozillaMaintenance - ok
22:28:50.0477 5244 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:28:50.0477 5244 mpio - ok
22:28:50.0492 5244 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:28:50.0508 5244 mpsdrv - ok
22:28:50.0524 5244 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:28:50.0539 5244 MpsSvc - ok
22:28:50.0555 5244 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:28:50.0570 5244 MRxDAV - ok
22:28:50.0570 5244 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:28:50.0570 5244 mrxsmb - ok
22:28:50.0586 5244 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:28:50.0586 5244 mrxsmb10 - ok
22:28:50.0586 5244 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:28:50.0602 5244 mrxsmb20 - ok
22:28:50.0602 5244 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:28:50.0617 5244 msahci - ok
22:28:50.0617 5244 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:28:50.0633 5244 msdsm - ok
22:28:50.0633 5244 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:28:50.0648 5244 MSDTC - ok
22:28:50.0648 5244 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:28:50.0664 5244 Msfs - ok
22:28:50.0664 5244 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:28:50.0680 5244 mshidkmdf - ok
22:28:50.0680 5244 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:28:50.0680 5244 msisadrv - ok
22:28:50.0695 5244 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:28:50.0695 5244 MSiSCSI - ok
22:28:50.0711 5244 msiserver - ok
22:28:50.0711 5244 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:28:50.0726 5244 MSKSSRV - ok
22:28:50.0726 5244 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:28:50.0742 5244 MSPCLOCK - ok
22:28:50.0742 5244 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:28:50.0742 5244 MSPQM - ok
22:28:50.0758 5244 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:28:50.0773 5244 MsRPC - ok
22:28:50.0773 5244 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:28:50.0773 5244 mssmbios - ok
22:28:50.0789 5244 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:28:50.0789 5244 MSTEE - ok
22:28:50.0804 5244 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:28:50.0804 5244 MTConfig - ok
22:28:50.0804 5244 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:28:50.0820 5244 Mup - ok
22:28:50.0836 5244 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:28:50.0851 5244 napagent - ok
22:28:50.0851 5244 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:28:50.0867 5244 NativeWifiP - ok
22:28:50.0882 5244 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:28:50.0898 5244 NDIS - ok
22:28:50.0898 5244 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:28:50.0914 5244 NdisCap - ok
22:28:50.0914 5244 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:28:50.0929 5244 NdisTapi - ok
22:28:50.0929 5244 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:28:50.0945 5244 Ndisuio - ok
22:28:50.0945 5244 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:28:50.0960 5244 NdisWan - ok
22:28:50.0960 5244 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:28:50.0976 5244 NDProxy - ok
22:28:50.0976 5244 [ 2C723E42FC8D7B0209492828F921FB50 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:28:51.0023 5244 Net Driver HPZ12 - ok
22:28:51.0038 5244 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:28:51.0038 5244 NetBIOS - ok
22:28:51.0054 5244 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:28:51.0070 5244 NetBT - ok
22:28:51.0070 5244 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:28:51.0070 5244 Netlogon - ok
22:28:51.0085 5244 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:28:51.0101 5244 Netman - ok
22:28:51.0101 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:51.0179 5244 NetMsmqActivator - ok
22:28:51.0179 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:51.0194 5244 NetPipeActivator - ok
22:28:51.0194 5244 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:28:51.0210 5244 netprofm - ok
22:28:51.0210 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:51.0226 5244 NetTcpActivator - ok
22:28:51.0226 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:51.0226 5244 NetTcpPortSharing - ok
22:28:51.0304 5244 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
22:28:51.0444 5244 NETw5s64 - ok
22:28:51.0538 5244 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
22:28:51.0694 5244 NETwNs64 - ok
22:28:51.0694 5244 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:28:51.0709 5244 nfrd960 - ok
22:28:51.0709 5244 [ 297946AF6E40A2CB7D5094BB64A558BA ] NlaSvc C:\Windows\System32\nlasvc.dll
22:28:51.0725 5244 NlaSvc - ok
22:28:51.0725 5244 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
22:28:51.0803 5244 NPF - ok
22:28:51.0803 5244 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:28:51.0803 5244 Npfs - ok
22:28:51.0818 5244 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:28:51.0818 5244 nsi - ok
22:28:51.0818 5244 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:28:51.0834 5244 nsiproxy - ok
22:28:51.0865 5244 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:28:51.0881 5244 Ntfs - ok
22:28:51.0881 5244 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:28:51.0896 5244 Null - ok
22:28:51.0896 5244 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:28:51.0959 5244 nusb3hub - ok
22:28:51.0959 5244 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:28:52.0021 5244 nusb3xhc - ok
22:28:52.0037 5244 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:28:52.0084 5244 NVHDA - ok
22:28:52.0146 5244 [ 74F76AF4695E7B183EA43AB41D620F82 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
22:28:52.0240 5244 NVIDIA Performance Driver Service - ok
22:28:52.0364 5244 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:28:52.0458 5244 nvlddmkm - ok
22:28:52.0474 5244 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:28:52.0520 5244 nvraid - ok
22:28:52.0536 5244 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:28:52.0583 5244 nvstor - ok
22:28:52.0598 5244 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:28:52.0614 5244 nvsvc - ok
22:28:52.0630 5244 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:28:52.0630 5244 nv_agp - ok
22:28:52.0645 5244 [ F79633A8B7DB75CB5FAD53B02985A414 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
22:28:52.0692 5244 NWADI - ok
22:28:52.0692 5244 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:28:52.0708 5244 ohci1394 - ok
22:28:52.0708 5244 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:28:52.0770 5244 ose - ok
22:28:52.0817 5244 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:28:52.0926 5244 osppsvc - ok
22:28:52.0926 5244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:28:52.0942 5244 p2pimsvc - ok
22:28:52.0957 5244 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:28:52.0973 5244 p2psvc - ok
22:28:52.0973 5244 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:28:52.0988 5244 Parport - ok
22:28:52.0988 5244 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:28:53.0004 5244 partmgr - ok
22:28:53.0004 5244 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
22:28:53.0066 5244 pavboot - ok
22:28:53.0082 5244 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:28:53.0098 5244 PcaSvc - ok
22:28:53.0098 5244 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:28:53.0113 5244 pci - ok
22:28:53.0113 5244 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:28:53.0129 5244 pciide - ok
22:28:53.0129 5244 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:28:53.0144 5244 pcmcia - ok
22:28:53.0144 5244 PCTINDIS5X64 - ok
22:28:53.0160 5244 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:28:53.0160 5244 pcw - ok
22:28:53.0176 5244 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:28:53.0191 5244 PEAUTH - ok
22:28:53.0207 5244 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:28:53.0222 5244 PeerDistSvc - ok
22:28:53.0254 5244 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:28:53.0254 5244 PerfHost - ok
22:28:53.0285 5244 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:28:53.0316 5244 pla - ok
22:28:53.0316 5244 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:28:53.0332 5244 PlugPlay - ok
22:28:53.0332 5244 [ 171E6D91A20AAC8D02172A64E82CE90B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:28:53.0394 5244 Pml Driver HPZ12 - ok
22:28:53.0394 5244 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:28:53.0410 5244 PNRPAutoReg - ok
22:28:53.0410 5244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:28:53.0425 5244 PNRPsvc - ok
22:28:53.0441 5244 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:28:53.0456 5244 PolicyAgent - ok
22:28:53.0456 5244 [ F74577CB3B8B8940D2CD0FB67E2E4D00 ] Power C:\Windows\system32\umpo.dll
22:28:53.0472 5244 Power - ok
22:28:53.0488 5244 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
22:28:53.0581 5244 Power Manager DBC Service - ok
22:28:53.0597 5244 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:28:53.0597 5244 PptpMiniport - ok
22:28:53.0597 5244 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:28:53.0612 5244 Processor - ok
22:28:53.0612 5244 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:28:53.0628 5244 ProfSvc - ok
22:28:53.0628 5244 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:28:53.0628 5244 ProtectedStorage - ok
22:28:53.0644 5244 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:28:53.0644 5244 Psched - ok
22:28:53.0675 5244 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
22:28:53.0737 5244 PwmEWSvc - ok
22:28:53.0768 5244 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:28:53.0800 5244 ql2300 - ok
22:28:53.0800 5244 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:28:53.0800 5244 ql40xx - ok
22:28:53.0815 5244 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:28:53.0831 5244 QWAVE - ok
22:28:53.0831 5244 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:28:53.0831 5244 QWAVEdrv - ok
22:28:53.0846 5244 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:28:53.0846 5244 RasAcd - ok
22:28:53.0862 5244 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:28:53.0862 5244 RasAgileVpn - ok
22:28:53.0862 5244 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:28:53.0878 5244 RasAuto - ok
22:28:53.0878 5244 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:28:53.0893 5244 Rasl2tp - ok
22:28:53.0909 5244 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:28:53.0909 5244 RasMan - ok
22:28:53.0924 5244 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:28:53.0924 5244 RasPppoe - ok
22:28:53.0940 5244 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:28:53.0940 5244 RasSstp - ok
22:28:53.0940 5244 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:28:53.0956 5244 rdbss - ok
22:28:53.0956 5244 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:28:53.0971 5244 rdpbus - ok
22:28:53.0971 5244 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:28:53.0987 5244 RDPCDD - ok
22:28:53.0987 5244 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:28:54.0002 5244 RDPDR - ok
22:28:54.0002 5244 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:28:54.0018 5244 RDPENCDD - ok
22:28:54.0018 5244 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:28:54.0034 5244 RDPREFMP - ok
22:28:54.0034 5244 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:28:54.0034 5244 RDPWD - ok
22:28:54.0049 5244 [ 50D6EB982D08A400B499EA1EBF344C27 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:28:54.0112 5244 rdyboost - ok
22:28:54.0127 5244 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:28:54.0127 5244 RemoteAccess - ok
22:28:54.0143 5244 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:28:54.0143 5244 RemoteRegistry - ok
22:28:54.0158 5244 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:28:54.0174 5244 RFCOMM - ok
22:28:54.0174 5244 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
22:28:54.0236 5244 rimspci - ok
22:28:54.0252 5244 [ BE42F817597D3049960A54CE280C2493 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
22:28:54.0299 5244 rixdpcie - ok
22:28:54.0299 5244 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
22:28:54.0361 5244 rpcapd - ok
22:28:54.0361 5244 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:28:54.0377 5244 RpcEptMapper - ok
22:28:54.0377 5244 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:28:54.0392 5244 RpcLocator - ok
22:28:54.0408 5244 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:28:54.0408 5244 RpcSs - ok
22:28:54.0408 5244 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:28:54.0424 5244 rspndr - ok
22:28:54.0424 5244 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:28:54.0439 5244 s3cap - ok
22:28:54.0439 5244 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:28:54.0439 5244 SamSs - ok
22:28:54.0455 5244 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:28:54.0455 5244 sbp2port - ok
22:28:54.0470 5244 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:28:54.0470 5244 SCardSvr - ok
22:28:54.0486 5244 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:28:54.0486 5244 scfilter - ok
22:28:54.0502 5244 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:28:54.0517 5244 Schedule - ok
22:28:54.0517 5244 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:28:54.0533 5244 SCPolicySvc - ok
22:28:54.0533 5244 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:28:54.0533 5244 sdbus - ok
22:28:54.0548 5244 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:28:54.0564 5244 SDRSVC - ok
22:28:54.0580 5244 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:28:54.0658 5244 SDScannerService - ok
22:28:54.0673 5244 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:28:54.0751 5244 SDUpdateService - ok
22:28:54.0767 5244 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:28:54.0767 5244 SDWSCService - ok
22:28:54.0767 5244 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:28:54.0783 5244 secdrv - ok
22:28:54.0783 5244 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:28:54.0798 5244 seclogon - ok
22:28:54.0798 5244 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:28:54.0814 5244 SENS - ok
22:28:54.0814 5244 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:28:54.0829 5244 SensrSvc - ok
22:28:54.0829 5244 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:28:54.0829 5244 Serenum - ok
22:28:54.0845 5244 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:28:54.0845 5244 Serial - ok
22:28:54.0861 5244 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:28:54.0861 5244 sermouse - ok
22:28:54.0876 5244 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:28:54.0892 5244 SessionEnv - ok
22:28:54.0892 5244 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:28:54.0892 5244 sffdisk - ok
22:28:54.0907 5244 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:28:54.0907 5244 sffp_mmc - ok
22:28:54.0923 5244 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:28:54.0923 5244 sffp_sd - ok
22:28:54.0939 5244 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:28:54.0939 5244 sfloppy - ok
22:28:54.0954 5244 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:28:54.0970 5244 SharedAccess - ok
22:28:54.0985 5244 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:28:55.0001 5244 ShellHWDetection - ok
22:28:55.0001 5244 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\Windows\System32\tcpsvcs.exe
22:28:55.0017 5244 simptcp - ok
22:28:55.0017 5244 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:28:55.0032 5244 SiSRaid2 - ok
22:28:55.0032 5244 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:28:55.0048 5244 SiSRaid4 - ok
22:28:55.0048 5244 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:28:55.0063 5244 Smb - ok
22:28:55.0079 5244 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:28:55.0095 5244 SNMPTRAP - ok
22:28:55.0095 5244 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:28:55.0095 5244 spldr - ok
22:28:55.0110 5244 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
22:28:55.0126 5244 Spooler - ok
22:28:55.0173 5244 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:28:55.0188 5244 sppsvc - ok
22:28:55.0204 5244 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:28:55.0219 5244 sppuinotify - ok
22:28:55.0219 5244 [ FB8F731CE529DE4AE094E09ABF857556 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:28:55.0235 5244 srv - ok
22:28:55.0251 5244 [ 930113266636C1889B56470A84D8756F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:28:55.0251 5244 srv2 - ok
22:28:55.0251 5244 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:28:55.0266 5244 SrvHsfHDA - ok
22:28:55.0297 5244 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:28:55.0329 5244 SrvHsfV92 - ok
22:28:55.0329 5244 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:28:55.0360 5244 SrvHsfWinac - ok
22:28:55.0360 5244 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:28:55.0360 5244 srvnet - ok
22:28:55.0375 5244 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:28:55.0375 5244 SSDPSRV - ok
22:28:55.0391 5244 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:28:55.0391 5244 SstpSvc - ok
22:28:55.0407 5244 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:28:55.0485 5244 Stereo Service - ok
22:28:55.0485 5244 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:28:55.0500 5244 stexstor - ok
22:28:55.0500 5244 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:28:55.0531 5244 stisvc - ok
22:28:55.0531 5244 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:28:55.0531 5244 storflt - ok
22:28:55.0547 5244 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:28:55.0547 5244 StorSvc - ok
22:28:55.0563 5244 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:28:55.0563 5244 storvsc - ok
22:28:55.0578 5244 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:28:55.0578 5244 swenum - ok
22:28:55.0594 5244 [ 7E6FA3AD57467B3AF471C3E1041E350C ] swmsflt C:\Windows\system32\DRIVERS\swmsflt.sys
22:28:55.0641 5244 swmsflt - ok
22:28:55.0641 5244 [ A8E9E76CC2F342F205273702969C84C9 ] swmx00 C:\Windows\system32\DRIVERS\swmx00.sys
22:28:55.0687 5244 swmx00 - ok
22:28:55.0703 5244 [ B053610BB36D9BD1BFF7102727427600 ] SWNC5E00 C:\Windows\system32\DRIVERS\SWNC5E00.sys
22:28:55.0750 5244 SWNC5E00 - ok
22:28:55.0765 5244 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:28:55.0781 5244 swprv - ok
22:28:55.0781 5244 [ 883D2880144FD3ED9F1C04B5B5B9B562 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:28:55.0843 5244 SynTP - ok
22:28:55.0859 5244 [ FA557C2B50E7F8DB234C69D5B2A313BC ] SysMain C:\Windows\system32\sysmain.dll
22:28:55.0875 5244 SysMain - ok
22:28:55.0875 5244 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:28:55.0890 5244 TabletInputService - ok
22:28:55.0906 5244 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:28:55.0906 5244 TapiSrv - ok
22:28:55.0906 5244 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
22:28:55.0968 5244 tapoas - ok
22:28:55.0968 5244 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:28:55.0968 5244 TBS - ok
22:28:55.0999 5244 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:28:56.0015 5244 Tcpip - ok
22:28:56.0031 5244 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:28:56.0046 5244 TCPIP6 - ok
22:28:56.0062 5244 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:28:56.0062 5244 tcpipreg - ok
22:28:56.0077 5244 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:28:56.0077 5244 TDPIPE - ok
22:28:56.0077 5244 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:28:56.0124 5244 TDTCP - ok
22:28:56.0140 5244 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:28:56.0140 5244 tdx - ok
22:28:56.0155 5244 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:28:56.0155 5244 TermDD - ok
22:28:56.0171 5244 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:28:56.0171 5244 TermService - ok
22:28:56.0187 5244 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:28:56.0187 5244 Themes - ok
22:28:56.0202 5244 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:28:56.0202 5244 THREADORDER - ok
22:28:56.0218 5244 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\Windows\System32\tlntsvr.exe
22:28:56.0218 5244 TlntSvr - ok
22:28:56.0233 5244 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
22:28:56.0296 5244 TPHKLOAD - ok
22:28:56.0296 5244 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
22:28:56.0389 5244 TPHKSVC - ok
22:28:56.0405 5244 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
22:28:56.0405 5244 TPM - ok
22:28:56.0405 5244 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
22:28:56.0483 5244 TPPWRIF - ok
22:28:56.0483 5244 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:28:56.0499 5244 TrkWks - ok
22:28:56.0499 5244 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:28:56.0514 5244 TrustedInstaller - ok
22:28:56.0514 5244 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:28:56.0530 5244 tssecsrv - ok
22:28:56.0530 5244 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:28:56.0530 5244 tunnel - ok
22:28:56.0545 5244 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:28:56.0545 5244 uagp35 - ok
22:28:56.0561 5244 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:28:56.0577 5244 udfs - ok
22:28:56.0577 5244 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:28:56.0592 5244 UI0Detect - ok
22:28:56.0608 5244 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:28:56.0608 5244 uliagpkx - ok
22:28:56.0623 5244 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:28:56.0623 5244 umbus - ok
22:28:56.0639 5244 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:28:56.0639 5244 UmPass - ok
22:28:56.0639 5244 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
22:28:56.0655 5244 UmRdpService - ok
22:28:56.0670 5244 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:28:56.0686 5244 upnphost - ok
22:28:56.0686 5244 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:28:56.0748 5244 USBAAPL64 - ok
22:28:56.0764 5244 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:28:56.0764 5244 usbaudio - ok
22:28:56.0779 5244 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:28:56.0826 5244 usbccgp - ok
22:28:56.0826 5244 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:28:56.0842 5244 usbcir - ok
22:28:56.0842 5244 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:28:56.0904 5244 usbehci - ok
22:28:56.0920 5244 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:28:56.0982 5244 usbhub - ok
22:28:56.0982 5244 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:28:57.0045 5244 usbohci - ok
22:28:57.0045 5244 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:28:57.0060 5244 usbprint - ok
22:28:57.0060 5244 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:28:57.0123 5244 USBSTOR - ok
22:28:57.0123 5244 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:28:57.0201 5244 usbuhci - ok
22:28:57.0201 5244 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:28:57.0201 5244 UxSms - ok
22:28:57.0216 5244 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:28:57.0216 5244 VaultSvc - ok
22:28:57.0216 5244 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:28:57.0232 5244 vdrvroot - ok
22:28:57.0232 5244 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:28:57.0263 5244 vds - ok
22:28:57.0263 5244 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:28:57.0279 5244 vga - ok
22:28:57.0279 5244 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:28:57.0294 5244 VgaSave - ok
22:28:57.0294 5244 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:28:57.0310 5244 vhdmp - ok
22:28:57.0310 5244 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:28:57.0325 5244 viaide - ok
22:28:57.0325 5244 [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
22:28:57.0403 5244 VMAuthdService - ok
22:28:57.0419 5244 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:28:57.0435 5244 vmbus - ok
22:28:57.0435 5244 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:28:57.0450 5244 VMBusHID - ok
22:28:57.0450 5244 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
22:28:57.0466 5244 vmci - ok
22:28:57.0466 5244 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:28:57.0466 5244 VMnetAdapter - ok
22:28:57.0481 5244 [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:28:57.0481 5244 VMnetBridge - ok
22:28:57.0481 5244 VMnetDHCP - ok
22:28:57.0481 5244 [ B19B92D57515D3DE3330ADD34AB6AB05 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
22:28:57.0497 5244 VMnetuserif - ok
22:28:57.0497 5244 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
22:28:57.0544 5244 vmusb - ok
22:28:57.0559 5244 [ 105CC87FF31CB3C911ED6C515EC82F75 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:28:57.0622 5244 VMUSBArbService - ok
22:28:57.0637 5244 VMware NAT Service - ok
22:28:57.0793 5244 [ 5C6121C09B35B01705EEF7B948B92338 ] VMwareHostd C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
22:28:58.0729 5244 VMwareHostd - ok
22:28:58.0745 5244 [ B95C74CB53894249F43A8302E9AF7E23 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
22:28:58.0807 5244 vmx86 - ok
22:28:58.0807 5244 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:28:58.0823 5244 volmgr - ok
22:28:58.0823 5244 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:28:58.0839 5244 volmgrx - ok
22:28:58.0854 5244 [ C9D0EAF58D6BA71E128E715EA43AD87D ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:28:58.0917 5244 volsnap - ok
22:28:58.0932 5244 [ CAAFA2333B428A12BFA97ECD389F59C5 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
22:28:59.0026 5244 vpnagent - ok
22:28:59.0041 5244 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
22:28:59.0104 5244 vpnva - ok
22:28:59.0104 5244 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:28:59.0119 5244 vsmraid - ok
22:28:59.0119 5244 [ 1BD504B8678825B40C515BEF5BFB08E7 ] vsock C:\Windows\system32\drivers\vsock.sys
22:28:59.0197 5244 vsock - ok
22:28:59.0213 5244 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:28:59.0229 5244 VSS - ok
22:28:59.0244 5244 vstor2 - ok
22:28:59.0275 5244 [ 65EFAEC68FA234F36880533A79D7B1C1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
22:28:59.0338 5244 vstor2-mntapi10-shared - ok
22:28:59.0338 5244 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:28:59.0338 5244 vwifibus - ok
22:28:59.0353 5244 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:28:59.0353 5244 vwififlt - ok
22:28:59.0369 5244 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:28:59.0385 5244 vwifimp - ok
22:28:59.0385 5244 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:28:59.0400 5244 W32Time - ok
22:28:59.0416 5244 [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
22:28:59.0431 5244 W3SVC - ok
22:28:59.0447 5244 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:28:59.0463 5244 WacomPen - ok
22:28:59.0463 5244 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:28:59.0463 5244 WANARP - ok
22:28:59.0478 5244 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:28:59.0478 5244 Wanarpv6 - ok
22:28:59.0494 5244 [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
22:28:59.0494 5244 WAS - ok
22:28:59.0525 5244 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:28:59.0587 5244 WatAdminSvc - ok
22:28:59.0603 5244 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:28:59.0634 5244 wbengine - ok
22:28:59.0634 5244 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:28:59.0650 5244 WbioSrvc - ok
22:28:59.0650 5244 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:28:59.0665 5244 wcncsvc - ok
22:28:59.0665 5244 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:28:59.0681 5244 WcsPlugInService - ok
22:28:59.0681 5244 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:28:59.0697 5244 Wd - ok
22:28:59.0697 5244 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:28:59.0712 5244 Wdf01000 - ok
22:28:59.0728 5244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:28:59.0728 5244 WdiServiceHost - ok
22:28:59.0743 5244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:28:59.0743 5244 WdiSystemHost - ok
22:28:59.0759 5244 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:28:59.0759 5244 WebClient - ok
22:28:59.0759 5244 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:28:59.0775 5244 Wecsvc - ok
22:28:59.0790 5244 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:28:59.0790 5244 wercplsupport - ok
22:28:59.0790 5244 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:28:59.0806 5244 WerSvc - ok
22:28:59.0806 5244 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:28:59.0821 5244 WfpLwf - ok
22:28:59.0821 5244 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:28:59.0837 5244 WIMMount - ok
22:28:59.0837 5244 WinDefend - ok
22:28:59.0853 5244 WinHttpAutoProxySvc - ok
22:28:59.0853 5244 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:28:59.0868 5244 Winmgmt - ok
22:28:59.0884 5244 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:28:59.0915 5244 WinRM - ok
22:28:59.0931 5244 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
22:28:59.0946 5244 WinUsb - ok
22:28:59.0946 5244 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:28:59.0962 5244 Wlansvc - ok
22:28:59.0962 5244 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:28:59.0977 5244 WmiAcpi - ok
22:28:59.0977 5244 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:28:59.0993 5244 wmiApSrv - ok
22:28:59.0993 5244 WMPNetworkSvc - ok
22:28:59.0993 5244 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:29:00.0009 5244 WPCSvc - ok
22:29:00.0009 5244 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:29:00.0024 5244 WPDBusEnum - ok
22:29:00.0040 5244 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:29:00.0040 5244 ws2ifsl - ok
22:29:00.0055 5244 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
22:29:00.0055 5244 wscsvc - ok
22:29:00.0071 5244 WSearch - ok
22:29:00.0102 5244 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
22:29:00.0118 5244 wuauserv - ok
22:29:00.0118 5244 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:29:00.0133 5244 WudfPf - ok
22:29:00.0133 5244 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:29:00.0149 5244 WUDFRd - ok
22:29:00.0149 5244 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:29:00.0165 5244 wudfsvc - ok
22:29:00.0165 5244 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:29:00.0180 5244 WwanSvc - ok
22:29:00.0211 5244 ================ Scan global ===============================
22:29:00.0211 5244 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:29:00.0227 5244 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:29:00.0243 5244 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:29:00.0258 5244 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:29:00.0274 5244 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:29:00.0274 5244 [Global] - ok
22:29:00.0274 5244 ================ Scan MBR ==================================
22:29:00.0274 5244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:29:00.0461 5244 \Device\Harddisk0\DR0 - ok
22:29:00.0461 5244 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
22:29:03.0987 5244 \Device\Harddisk1\DR1 - ok
22:29:03.0987 5244 ================ Scan VBR ==================================
22:29:04.0002 5244 [ 1BD61CB46BAB364D793BC0F072724AFB ] \Device\Harddisk0\DR0\Partition1
22:29:04.0002 5244 \Device\Harddisk0\DR0\Partition1 - ok
22:29:04.0002 5244 [ 2824B4C682750BCEA69AD2E8186A3138 ] \Device\Harddisk1\DR1\Partition1
22:29:04.0002 5244 \Device\Harddisk1\DR1\Partition1 - ok
22:29:04.0002 5244 ============================================================
22:29:04.0002 5244 Scan finished
22:29:04.0002 5244 ============================================================
22:29:04.0002 5436 Detected object count: 0
22:29:04.0002 5436 Actual detected object count: 0

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 AM

Posted 15 December 2012 - 10:38 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Link 1
Link 2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *svchost*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 harry81

harry81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 December 2012 - 10:45 PM

Here you Go :-

SystemLook 30.07.11 by jpshortstuff
Log created at 22:42 on 15/12/2012 by harjeets
(Limited User)

========== filefind ==========

Searching for "*svchost*"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 218184 bytes [20:40 12/12/2012] [00:54 30/09/2012] 8846E87210AD131CF71E3E2E49F647B0
C:\Users\harjeets\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX80FQDK\svchost-exe[1].htm --a---- 34128 bytes [17:12 15/12/2012] [17:12 15/12/2012] 16D786A067B7D5A5682BE7BA7871EA6F
C:\Users\harjeets\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1J3BVJC\665425-REPEATLY-ERROR-SVCHOST-EXE-HPZINW12[1].HTML --a---- 102 bytes [17:11 15/12/2012] [17:11 15/12/2012] F7DC750AA31198A8251BE80BC0A4BE71
C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe --a---- 128848 bytes [00:36 14/07/2009] [21:14 10/06/2009] FE2AA5A684B0DD9B1FAE57B7817C198B
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4bc345ee664ca736a30a7fafd8c5a16c\SMSvcHost.ni.exe --a---- 366080 bytes [17:31 04/06/2012] [17:31 04/06/2012] F6CE4F4DFB5A0EFDFE70163CA36BA1EB
C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\510283052ba3df05080787d71eb6fa31\SMSvcHost.ni.exe --a---- 525824 bytes [17:50 04/06/2012] [17:50 04/06/2012] E8B581AC147D1F185CD84308E243A976
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\ea9825a8504d2d21fc1ee84a9e16430e\SMSvcHost.ni.exe --a---- 317952 bytes [13:05 02/06/2012] [13:05 02/06/2012] 28E8E65FD851D7DEAD800FC6624FE370
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\f9e693b4d8dd12d762c74893458353cd\SMSvcHost.ni.exe --a---- 432640 bytes [13:12 02/06/2012] [13:12 02/06/2012] A6C24C673CA1492E4C50E42F25559500
C:\Windows\erdnt\cache64\svchost.exe --a---- 27648 bytes [18:23 12/12/2012] [08:09 01/03/2011] DFDF1E4AEE12E9021BD72F29B6877A8D
C:\Windows\erdnt\cache86\svchost.exe --a---- 21504 bytes [18:23 12/12/2012] [08:09 01/03/2011] 8C81307975B3EA558946BA96D63AF904
C:\Windows\inf\SMSvcHost 3.0.0.0\_SMSvcHostPerfCounters.h --a---- 702 bytes [05:32 14/07/2009] [05:32 14/07/2009] 3CC34148EEA74522DCA93B5EB6AAF3B8
C:\Windows\inf\SMSvcHost 3.0.0.0\_SMSvcHostPerfCounters.ini --a---- 132292 bytes [05:32 14/07/2009] [05:32 14/07/2009] 520B0DCB5E08CA780373C558BE7F336B
C:\Windows\inf\SMSvcHost 3.0.0.0\0000\_SMSvcHostPerfCounters_D.ini --a---- 41 bytes [01:01 14/07/2009] [20:30 10/06/2009] CBDE63C2B8BB1CB6C3F4BF33C9E4DFD1
C:\Windows\inf\SMSvcHost 3.0.0.0\0409\_SMSvcHostPerfCounters_D.ini --a---- 41 bytes [05:35 14/07/2009] [21:30 10/06/2009] CBDE63C2B8BB1CB6C3F4BF33C9E4DFD1
C:\Windows\inf\SMSvcHost 4.0.0.0\_SMSvcHostPerfCounters.h --a---- 702 bytes [00:05 04/07/2012] [05:46 18/03/2010] 3CC34148EEA74522DCA93B5EB6AAF3B8
C:\Windows\inf\SMSvcHost 4.0.0.0\0001\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0005\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0006\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0007\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0008\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0009\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\000A\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\000B\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\000C\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\000D\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\000E\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0010\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0011\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0012\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0013\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0014\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0015\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0019\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\001D\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\001F\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0404\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0416\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0804\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\inf\SMSvcHost 4.0.0.0\0816\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [00:05 04/07/2012] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe --a---- 128848 bytes [00:36 14/07/2009] [21:14 10/06/2009] FE2AA5A684B0DD9B1FAE57B7817C198B
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config --a---- 1951 bytes [05:32 14/07/2009] [05:32 14/07/2009] 757BC33428B870035A16FD96B9DDB7FA
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.reg --a---- 3779 bytes [00:36 14/07/2009] [21:13 10/06/2009] 8A53EE0F775CBFABF1385FB58EF0FFBA
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.vrg --a---- 3777 bytes [05:32 14/07/2009] [05:32 14/07/2009] 0708A95C3252EDD95FCD86D93CE47E76
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe --a---- 124240 bytes [17:16 18/03/2010] [17:16 18/03/2010] D22CD77D4F0D63D1169BB35911BFF12D
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config --a---- 2262 bytes [04:10 18/03/2010] [04:10 18/03/2010] A9E7E2A3A82362D180CEA7EA1EDFA81A
C:\Windows\Microsoft.NET\Framework\v4.0.30319\_SMSvcHostPerfCounters.h --a---- 702 bytes [05:46 18/03/2010] [05:46 18/03/2010] 3CC34148EEA74522DCA93B5EB6AAF3B8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [17:00 18/03/2010] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe --a---- 116560 bytes [01:01 14/07/2009] [20:30 10/06/2009] 3E5A36127E201DDF663176B66828FAFE
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config --a---- 1951 bytes [05:32 14/07/2009] [05:32 14/07/2009] 757BC33428B870035A16FD96B9DDB7FA
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.reg --a---- 3779 bytes [01:01 14/07/2009] [20:30 10/06/2009] 8A53EE0F775CBFABF1385FB58EF0FFBA
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.vrg --a---- 3777 bytes [05:32 14/07/2009] [05:32 14/07/2009] 0708A95C3252EDD95FCD86D93CE47E76
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe --a---- 124240 bytes [17:16 18/03/2010] [17:16 18/03/2010] D22CD77D4F0D63D1169BB35911BFF12D
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config --a---- 2262 bytes [04:10 18/03/2010] [04:10 18/03/2010] A9E7E2A3A82362D180CEA7EA1EDFA81A
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_SMSvcHostPerfCounters.h --a---- 702 bytes [05:46 18/03/2010] [05:46 18/03/2010] 3CC34148EEA74522DCA93B5EB6AAF3B8
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_SMSvcHostPerfCounters.ini --a---- 133910 bytes [17:00 18/03/2010] [17:00 18/03/2010] 49F00E87B984EAD03CE40DC672F0B8E5
C:\Windows\Prefetch\SVCHOST.EXE-18D06B2E.pf --a---- 21298 bytes [22:48 15/12/2012] [03:26 16/12/2012] 926F5461E7A554E2ADDED6A887887FEC
C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf --a---- 20052 bytes [22:47 15/12/2012] [03:26 16/12/2012] 0A0CD96C5B8219971ACF3A8A87CE39E2
C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf --a---- 9912 bytes [04:23 09/10/2012] [22:03 15/12/2012] 84444999FC453FE73E6949E3BC8E77BA
C:\Windows\ServiceProfiles\LocalService\AppData\Local\CrashDumps\svchost.exe.1344.dmp --a---- 3075789 bytes [14:05 31/10/2012] [14:05 31/10/2012] 03518A356E2557B85A6876F4CE01B192
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_ar-sa_149950eb517edf71.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:49 20/11/2010] 1E3F9EE6D0DD055C42864472F0FA31DF
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_cs-cz_6e618eb18e28a17f.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:47 20/11/2010] 97E2F8BD9919FDD2C63ED9A40C66030C
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_da-dk_9c5c8f2babaf13b8.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:47 20/11/2010] 3E1415C5EC905FFD1B77847DB59CCC7F
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_de-de_9ca16fdbab7ad16e.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:29 20/11/2010] C8545E02ADFC92A1E5FE2100F5F5BAE8
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_el-gr_c986bd8bc9cdc5d0.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:47 20/11/2010] 95DB0582A3D4B6815768BB6F319E5A98
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_es-es_c982ebd9c9cf98d4.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:29 20/11/2010] C844E9A31869A2312CBA054B1700EFAF
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_fi-fi_f74fdf07e777617a.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:45 20/11/2010] 28F0AA31D0B666E40629E4D356842203
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_he-il_52011db623730804.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:45 20/11/2010] F9B749659EA9A3FD39B9B684128CD388
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_hu-hu_51afd12423ad9bc6.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:55 20/11/2010] 2652510FE674451CB5AD5CF203AC5156
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_it-it_7f2477a0419643f4.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:55 20/11/2010] 906DC90CFCA2E614293FB9267B24B7F4
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_ja-jp_aca788ac5f76d031.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:29 20/11/2010] E358CE17B0564729D76F7740FFF2224E
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_ko-kr_da0ac3ba7d6a484b.manifest --a---- 1405 bytes [11:01 01/04/2012] [10:45 20/11/2010] 3E610F1CA76F004A3179B55C1D82292B
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_nb-no_625eb44ad72d436f.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:49 20/11/2010] 1969DA516E29FAE991C65D83AF184FB5
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_nl-nl_628926f2d70bed02.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:50 20/11/2010] 475DD6E14A676BAC1EB3D3F7A62541FF
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_pl-pl_bd5ed4a712eba7ee.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:55 20/11/2010] 090A29949BCC0AFFB22849239251569D
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_pt-br_bd25dcdb1315422a.manifest --a---- 1411 bytes [11:01 01/04/2012] [09:56 20/11/2010] 001FAEAF8730B679812D7D0F97951A92
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_ru-ru_17dc35a94f0c4262.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:54 20/11/2010] 74D3EDA5A7FF6F3049983F2D35AF5D93
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_sv-se_45f50b8d6c797a1f.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:55 20/11/2010] 5FB800A15DA8B2591622615A81413A43
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_tr-tr_72cf52438ad65d76.manifest --a---- 1405 bytes [11:01 01/04/2012] [09:57 20/11/2010] 50D656FD94C9AEF3A65CBDA7DEFAA07D
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7601.17514_zh-cn_83716c823e5e628f.manifest --a---- 1413 bytes [11:01 01/04/2012] [10:45 20/11/2010] 0752FFE6DEE552E9DF6D4BFE6FBD914A
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e.manifest --a---- 2635 bytes [11:01 01/04/2012] [09:07 20/11/2010] FDDED68160B310D2218458B6FBAAD58D
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e\SMSvcHost.exe --a---- 128848 bytes [11:07 01/04/2012] [01:52 05/11/2010] F476EC40033CDB91EFBE73EB99B8362D
C:\Windows\System32\svchost.exe --a---- 27648 bytes [05:05 11/10/2012] [08:09 01/03/2011] DFDF1E4AEE12E9021BD72F29B6877A8D
C:\Windows\System32\en-US\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:26 14/07/2009] 712EBAA6DD6DBA7DDEE0A3D03C98E6D1
C:\Windows\SysWOW64\svchost.exe --a---- 21504 bytes [05:05 11/10/2012] [08:09 01/03/2011] 8C81307975B3EA558946BA96D63AF904
C:\Windows\SysWOW64\en-US\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:02 14/07/2009] FBC18BEE67E9179F02E7894EB548F18D
C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:26 14/07/2009] 712EBAA6DD6DBA7DDEE0A3D03C98E6D1
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16770_none_11b6215a1efb1e84\svchost.exe --a---- 27648 bytes [05:05 11/10/2012] [08:09 01/03/2011] DFDF1E4AEE12E9021BD72F29B6877A8D
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.20912_none_1282a02737e6467d\svchost.exe --a---- 27648 bytes [05:05 11/10/2012] [08:08 01/03/2011] 7B38102E474F4FFA6900443D254246B7
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe --a---- 27648 bytes [05:05 11/10/2012] [08:07 01/03/2011] 6F68F63794097E54F36474ED4384B759
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe --a---- 27648 bytes [05:05 11/10/2012] [08:10 01/03/2011] 635455A95EB8EC47AC72142E501465ED
C:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fcbf4f94532a3c60\_SMSvcHostPerfCounters_D.ini --a---- 41 bytes [05:35 14/07/2009] [21:30 10/06/2009] CBDE63C2B8BB1CB6C3F4BF33C9E4DFD1
C:\Windows\winsxs\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_50a8efa432beeea2\SMSvcHost.exe.config --a---- 1951 bytes [01:01 14/07/2009] [20:30 10/06/2009] 757BC33428B870035A16FD96B9DDB7FA
C:\Windows\winsxs\amd64_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.1.7600.16385_none_9f53e08173260b26\_SMSvcHostPerfCounters.h --a---- 702 bytes [01:01 14/07/2009] [20:30 10/06/2009] 3CC34148EEA74522DCA93B5EB6AAF3B8
C:\Windows\winsxs\amd64_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_902b82bc25e07ac6\_SMSvcHostPerfCounters.ini --a---- 132292 bytes [01:01 14/07/2009] [20:30 10/06/2009] 520B0DCB5E08CA780373C558BE7F336B
C:\Windows\winsxs\amd64_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_902b82bc25e07ac6\_SMSvcHostPerfCounters_D.ini --a---- 41 bytes [01:01 14/07/2009] [20:30 10/06/2009] CBDE63C2B8BB1CB6C3F4BF33C9E4DFD1
C:\Windows\winsxs\amd64_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.1.7600.16385_none_8c4294ee286200ce\_SMSvcHostPerfCounters.reg --a---- 3779 bytes [01:01 14/07/2009] [20:30 10/06/2009] 8A53EE0F775CBFABF1385FB58EF0FFBA
C:\Windows\winsxs\amd64_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.1.7600.16385_none_9206172424ada22d\_SMSvcHostPerfCounters.vrg --a---- 3777 bytes [01:01 14/07/2009] [20:30 10/06/2009] 0708A95C3252EDD95FCD86D93CE47E76
C:\Windows\winsxs\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_c7f13af70ac77b22\SMSvcHost.exe --a---- 116560 bytes [01:01 14/07/2009] [20:30 10/06/2009] 3E5A36127E201DDF663176B66828FAFE
C:\Windows\winsxs\FileMaps\$$_inf_smsvchost_3.0.0.0_0000_2d6d90735cb61780.cdf-ms --a---- 604 bytes [05:32 14/07/2009] [05:32 14/07/2009] 4D30ADFCEDFA1BA019303F626249C58D
C:\Windows\winsxs\FileMaps\$$_inf_smsvchost_3.0.0.0_0409_2d6da1915cb5fdbb.cdf-ms --a---- 668 bytes [05:37 14/07/2009] [05:37 14/07/2009] 8BCCDCFC6BB3102D71FF5D52444EE502
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-peertopeersvchostreg_31bf3856ad364e35_6.1.7600.16385_none_2032b51ef12abd20.manifest --a---- 1760 bytes [02:34 14/07/2009] [02:11 14/07/2009] 4E5199541D8DD7B328B41413A59201A5
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17.manifest --a---- 2279 bytes [05:35 14/07/2009] [02:44 14/07/2009] C1101044429EE24122ED94009CAA56A6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c.manifest --a---- 6467 bytes [02:33 14/07/2009] [02:26 14/07/2009] 045411317E00563A2748AEB944EC6E14
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16770_none_11b6215a1efb1e84.manifest ------- 6467 bytes [05:05 11/10/2012] [09:46 01/03/2011] 28D84854323FA0164F3DD03D4E81862D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.20912_none_1282a02737e6467d.manifest ------- 6467 bytes [05:05 11/10/2012] [09:41 01/03/2011] 244C762BC650665108FFA1623F0C7A7C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937.manifest ------- 6467 bytes [05:05 11/10/2012] [09:43 01/03/2011] E56CDC6C15F8847C1FD09BA62AC2DAFE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391.manifest ------- 6467 bytes [05:05 11/10/2012] [09:44 01/03/2011] 517644249855633EDA2C05A5DF4EC940
C:\Windows\winsxs\Manifests\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_50a8efa432beeea2.manifest --a---- 2113 bytes [02:12 14/07/2009] [02:12 14/07/2009] A6FF37F60B321EC86032ADD616313B57
C:\Windows\winsxs\Manifests\amd64_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.1.7600.16385_none_9f53e08173260b26.manifest --a---- 1727 bytes [02:27 14/07/2009] [02:27 14/07/2009] 1CDDB5D0D6F91A488EC2004E043B4390
C:\Windows\winsxs\Manifests\amd64_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_902b82bc25e07ac6.manifest --a---- 3061 bytes [02:13 14/07/2009] [02:13 14/07/2009] 135A7587B00B24DF6202F76734D3F12F
C:\Windows\winsxs\Manifests\amd64_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.1.7600.16385_none_8c4294ee286200ce.manifest --a---- 2082 bytes [02:15 14/07/2009] [02:15 14/07/2009] 3B7E1DE0EA782F07A6009FE1C1D61099
C:\Windows\winsxs\Manifests\amd64_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.1.7600.16385_none_9206172424ada22d.manifest --a---- 1820 bytes [02:16 14/07/2009] [02:16 14/07/2009] 60272E392322AFE717EBD5703E46E655
C:\Windows\winsxs\Manifests\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_c7f13af70ac77b22.manifest --a---- 2153 bytes [02:18 14/07/2009] [02:18 14/07/2009] F5551DA5837C8245A1C501E9F54824B4
C:\Windows\winsxs\Manifests\msil_smsvchost.resources_b03f5f7f11d50a3a_6.1.7600.16385_en-us_c9a8fb43c97ca5db.manifest --a---- 493 bytes [05:35 14/07/2009] [02:42 14/07/2009] 0E96C4B16CB641045D3A9832777327F7
C:\Windows\winsxs\Manifests\msil_smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_e6e1153910bdcce8.manifest --a---- 2635 bytes [01:54 14/07/2009] [01:54 14/07/2009] DF40F6A3D4F4E4F2076A656261765A7A
C:\Windows\winsxs\Manifests\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e.manifest ------- 2635 bytes [09:57 31/03/2012] [09:07 20/11/2010] FDDED68160B310D2218458B6FBAAD58D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1.manifest --a---- 2277 bytes [05:35 14/07/2009] [02:29 14/07/2009] E2C59C875542405817678C39A51906D0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356.manifest --a---- 6333 bytes [02:33 14/07/2009] [01:57 14/07/2009] 7F022A0569EB657173EFCD79865259A0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16770_none_b59785d6669dad4e.manifest ------- 6333 bytes [05:05 11/10/2012] [08:56 01/03/2011] 365226FBFD2EEB72C80174038E1E760E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.20912_none_b66404a37f88d547.manifest ------- 6333 bytes [05:05 11/10/2012] [08:49 01/03/2011] D7350C90C35351D7FE79FDCB293CD492
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801.manifest ------- 6333 bytes [05:05 11/10/2012] [08:44 01/03/2011] E7E218E99C3C6DEB54187BF463414C7B
C:\Windows\winsxs\Manifests\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b.manifest ------- 6333 bytes [05:05 11/10/2012] [08:50 01/03/2011] 9B5D7A5C7451859CCC4A9AD5A4578F1D
C:\Windows\winsxs\Manifests\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_f48a54207a617d6c.manifest --a---- 2109 bytes [01:47 14/07/2009] [01:47 14/07/2009] BEE6F1B0245D57F2421D04E875F291C0
C:\Windows\winsxs\Manifests\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.1.7600.16385_none_3023f96a70048f98.manifest --a---- 2078 bytes [01:49 14/07/2009] [01:49 14/07/2009] 221A96B91BB69D882E7903010B3131EE
C:\Windows\winsxs\Manifests\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.1.7600.16385_none_35e77ba06c5030f7.manifest --a---- 1816 bytes [01:50 14/07/2009] [01:50 14/07/2009] 06AF46ACF73D5D155F5E343D869A6133
C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_e6e1153910bdcce8\SMSvcHost.exe --a---- 128848 bytes [00:36 14/07/2009] [21:14 10/06/2009] FE2AA5A684B0DD9B1FAE57B7817C198B
C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:02 14/07/2009] FBC18BEE67E9179F02E7894EB548F18D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16770_none_b59785d6669dad4e\svchost.exe --a---- 21504 bytes [05:05 11/10/2012] [08:09 01/03/2011] 8C81307975B3EA558946BA96D63AF904
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.20912_none_b66404a37f88d547\svchost.exe --a---- 21504 bytes [05:05 11/10/2012] [08:07 01/03/2011] 90494B53228E2E4D5C8AFB2218BA4F6C
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe --a---- 21504 bytes [05:05 11/10/2012] [08:05 01/03/2011] ECDB182F885292145826C58252B53000
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe --a---- 21504 bytes [05:05 11/10/2012] [08:07 01/03/2011] A91A288C91F9D9F1CFA4FAA9893C4D55
C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_SMSvcHostPerfCounters_D.ini --a---- 41 bytes [05:35 14/07/2009] [22:13 10/06/2009] CBDE63C2B8BB1CB6C3F4BF33C9E4DFD1
C:\Windows\winsxs\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_f48a54207a617d6c\SMSvcHost.exe.config --a---- 1951 bytes [00:36 14/07/2009] [21:14 10/06/2009] 757BC33428B870035A16FD96B9DDB7FA
C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.1.7600.16385_none_3023f96a70048f98\_SMSvcHostPerfCounters.reg --a---- 3779 bytes [00:36 14/07/2009] [21:13 10/06/2009] 8A53EE0F775CBFABF1385FB58EF0FFBA
C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.1.7600.16385_none_35e77ba06c5030f7\_SMSvcHostPerfCounters.vrg --a---- 3777 bytes [00:36 14/07/2009] [21:14 10/06/2009] 0708A95C3252EDD95FCD86D93CE47E76

-= EOF =-

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 AM

Posted 15 December 2012 - 10:59 PM

NOTE: Please allow ComboFix to update if it asks to do so


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe | C:\Windows\System32\svchost.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 harry81

harry81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 December 2012 - 11:05 PM

ComboFix link please ?

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 AM

Posted 15 December 2012 - 11:09 PM

my apologies, I saw from the logs that it had already been run and thought you would have still had it on your desktop

you can download a fresh copy from here:


Link

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 harry81

harry81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 16 December 2012 - 12:03 AM

Combifix run finished. No reboot was required.

Please find logs below :-

ComboFix 12-12-14.01 - harjeets 12/15/2012 23:21:35.2.8 - x64
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.12220.9835 [GMT -5:00]
Running from: c:\users\harjeets\Desktop\ComboFix.exe
Command switches used :: c:\users\harjeets\Desktop\CFScript.txt
AV: Cisco Security Agent V6.0.2.130 *Disabled/Updated* {C0F416B2-FB86-4FC5-A9EB-5026B725D4B0}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Cisco Security Agent V6.0.2.130 *Disabled* {F8CF9797-B1E9-4E9D-82B4-F91349F693CB}
SP: Cisco Security Agent V6.0.2.130 *Disabled/Updated* {7B95F756-DDBC-404B-935B-6B54CCA29E0D}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe --> c:\windows\System32\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 04:49 . 2012-12-16 04:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 04:49 . 2012-12-16 04:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-16 03:51 . 2012-12-16 03:51 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-16 03:40 . 2012-12-16 03:40 -------- d-----w- c:\users\harjeets\AppData\Local\Diagnostics
2012-12-15 22:32 . 2012-12-15 22:32 -------- d-----w- C:\FRST
2012-12-15 20:27 . 2012-12-15 22:49 -------- d-----w- C:\mbar
2012-12-14 22:48 . 2012-12-15 01:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-14 22:48 . 2012-12-16 04:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-14 22:47 . 2012-12-14 22:47 -------- d-----w- c:\users\harjeets\AppData\Local\Programs
2012-12-14 13:24 . 2012-12-14 13:26 -------- d-----w- c:\program files (x86)\LinuxLive USB Creator
2012-12-12 20:40 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 16:10 . 2012-12-12 16:10 -------- d-----w- c:\program files\HitmanPro
2012-12-12 13:14 . 2012-12-12 13:14 -------- d-----w- c:\programdata\Sophos
2012-12-12 13:14 . 2012-12-12 13:14 73728 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-12 13:14 . 2012-12-12 13:14 73728 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-12 13:14 . 2012-12-12 13:14 73728 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-12 13:13 . 2012-12-12 13:13 -------- d-----w- c:\program files (x86)\Sophos
2012-12-12 12:49 . 2012-12-13 21:55 16200 ----a-w- c:\windows\stinger.sys
2012-12-12 12:49 . 2012-12-13 22:15 -------- d-----w- c:\program files (x86)\stinger
2012-12-12 12:20 . 2012-12-12 12:20 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-12 12:19 . 2012-12-11 20:16 460888 ----a-w- c:\windows\system32\drivers\60527378.sys
2012-12-12 00:37 . 2012-12-12 00:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 00:37 . 2012-12-12 00:37 -------- d-----w- c:\program files (x86)\Java
2012-12-11 21:18 . 2012-12-11 21:18 -------- d-----w- c:\users\harjeets\AppData\Roaming\QuickScan
2012-12-11 17:59 . 2012-12-11 17:59 -------- d---a-w- C:\panda_poli_utility_samples
2012-12-11 12:02 . 2012-12-11 12:46 -------- d-----w- C:\12f9e43cbc3faec4d5a399
2012-12-11 12:01 . 2012-12-11 12:02 -------- d--h--w- c:\windows\AxInstSV
2012-12-10 22:27 . 2012-12-11 03:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-12-10 21:16 . 2012-12-10 21:42 -------- d-----w- c:\programdata\HitmanPro
2012-12-10 20:27 . 2012-12-10 20:26 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-12-10 20:27 . 2012-12-10 20:26 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-12-10 20:27 . 2012-12-10 20:26 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-12-10 20:27 . 2012-12-10 20:26 158712 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-10 20:27 . 2012-12-10 20:26 642952 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-10 20:27 . 2012-12-10 20:26 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-12-10 20:27 . 2012-12-10 20:26 158832 ----a-w- c:\windows\system32\mfevtps.exe
2012-12-10 18:21 . 2012-12-10 18:21 -------- d-----w- C:\found.001
2012-12-10 16:48 . 2012-12-10 16:48 65536 ---ha-w- c:\windows\system32\AvTresvr64.dll
2012-12-10 10:22 . 2012-12-10 10:22 -------- d-----w- c:\program files\iPod
2012-12-10 10:22 . 2012-12-10 10:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-10 10:22 . 2012-12-10 10:23 -------- d-----w- c:\program files\iTunes
2012-12-10 10:22 . 2012-12-10 10:23 -------- d-----w- c:\program files (x86)\iTunes
2012-12-08 09:12 . 2012-12-08 12:23 -------- d-----w- C:\f06d6114848389a1f8
2012-12-07 22:18 . 2012-12-08 01:44 -------- d-----w- c:\users\harjeets\AppData\Roaming\Zapa
2012-12-07 22:04 . 2012-12-07 22:04 -------- d-----w- c:\programdata\Local Settings
2012-12-04 05:16 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-12-04 05:16 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-12-04 05:16 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-11-29 19:25 . 2012-11-29 19:25 -------- d-----w- c:\program files (x86)\Seagate
2012-11-29 13:08 . 2012-11-29 13:08 -------- d-----w- c:\program files\Arellia
2012-11-29 13:08 . 2012-11-29 13:08 -------- d-----w- c:\program files (x86)\Arellia
2012-11-28 19:52 . 2012-11-28 19:52 -------- d-----w- c:\program files\Common Files\Altiris
2012-11-28 19:51 . 2012-11-30 12:36 -------- d-----w- c:\programdata\Symantec
2012-11-17 14:37 . 2012-11-17 14:37 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 00:37 . 2012-06-16 19:42 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-12 00:37 . 2011-02-11 00:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-11 23:43 . 2012-09-02 23:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 23:43 . 2011-07-23 15:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-10 20:26 . 2012-06-11 18:21 99056 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-12-10 20:26 . 2012-06-11 18:21 74848 ----a-w- c:\windows\SysWow64\MfeOtlkAddin.dll
2012-12-10 20:26 . 2009-04-30 04:07 22816 ----a-w- c:\windows\SysWow64\MFEOtlk.dll
2012-10-30 02:04 . 2011-03-26 12:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-11 05:22 . 2012-10-11 05:22 53248 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2012-10-11 05:22 . 2012-10-11 05:22 53248 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe
2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-04 16:25 . 2012-04-04 16:20 3993600 ----a-w- c:\program files (x86)\GUT7BF4.tmp
2012-04-04 11:22 . 2012-04-04 11:20 3993600 ----a-w- c:\program files (x86)\GUTF0E.tmp
2012-04-04 00:20 . 2012-04-04 00:20 3993600 ----a-w- c:\program files (x86)\GUTD26F.tmp
2012-04-03 18:45 . 2012-04-03 18:45 3993600 ----a-w- c:\program files (x86)\GUT819B.tmp
2012-04-03 13:20 . 2012-04-03 13:20 3993600 ----a-w- c:\program files (x86)\GUT914E.tmp
2012-04-03 04:20 . 2012-04-03 04:20 3993600 ----a-w- c:\program files (x86)\GUT2F86.tmp
2012-04-02 15:20 . 2012-04-02 15:20 3993600 ----a-w- c:\program files (x86)\GUT3C74.tmp
2012-04-02 10:20 . 2012-04-02 10:20 3993600 ----a-w- c:\program files (x86)\GUT5324.tmp
2012-04-02 01:25 . 2012-04-02 01:20 3993600 ----a-w- c:\program files (x86)\GUTEE02.tmp
2012-04-01 20:25 . 2012-04-01 20:20 3993600 ----a-w- c:\program files (x86)\GUT487A.tmp
2012-04-01 15:25 . 2012-04-01 15:20 3993600 ----a-w- c:\program files (x86)\GUTA534.tmp
2012-04-01 10:25 . 2012-04-01 10:20 3993600 ----a-w- c:\program files (x86)\GUTFFCC.tmp
2012-03-31 17:25 . 2012-03-31 17:20 3993600 ----a-w- c:\program files (x86)\GUT2256.tmp
2012-03-31 12:23 . 2012-03-31 12:23 3993600 ----a-w- c:\program files (x86)\GUT2DF4.tmp
2012-03-31 01:25 . 2012-03-31 01:20 3993600 ----a-w- c:\program files (x86)\GUT35C4.tmp
2012-03-30 20:25 . 2012-03-30 20:20 3993600 ----a-w- c:\program files (x86)\GUT9A8A.tmp
2012-03-30 15:20 . 2012-03-30 15:20 3993600 ----a-w- c:\program files (x86)\GUTE73D.tmp
2012-03-30 10:11 . 2012-03-30 10:11 3993600 ----a-w- c:\program files (x86)\GUT55D0.tmp
2012-03-29 17:22 . 2012-03-29 17:20 3993600 ----a-w- c:\program files (x86)\GUT6C4A.tmp
2012-03-29 12:20 . 2012-03-29 12:20 3993600 ----a-w- c:\program files (x86)\GUTD2A4.tmp
2012-03-28 18:20 . 2012-03-28 18:20 3993600 ----a-w- c:\program files (x86)\GUT505.tmp
2012-03-28 13:22 . 2012-03-28 13:21 3993600 ----a-w- c:\program files (x86)\GUT9A2.tmp
2012-03-27 16:20 . 2012-03-27 16:20 3993600 ----a-w- c:\program files (x86)\GUTF9F.tmp
2012-03-27 11:07 . 2012-03-27 11:07 3993600 ----a-w- c:\program files (x86)\GUTFE12.tmp
2012-03-26 10:20 . 2012-03-26 10:20 3993600 ----a-w- c:\program files (x86)\GUT23DD.tmp
2012-03-25 10:16 . 2012-03-25 10:16 3993600 ----a-w- c:\program files (x86)\GUTC6C5.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"AgentUiRunKey"="c:\program files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" [2011-06-27 239104]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-15 215360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Cisco Security Agent.lnk - c:\program files (x86)\Cisco\CSAgent\bin\okclient.exe [2011-2-10 671744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 CCDevice;CCDevice; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2011-03-01 27648]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
R3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [2012-04-16 408408]
R3 aswArKrn;aswArKrn;c:\users\harjeets\AppData\Local\Temp\aswArKrn.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 kqemu;KQEMU virtualisation module for QEMU;c:\windows\system32\DRIVERS\kqemu.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-10 100904]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-10-05 6952960]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 30720]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-21 1255736]
R4 EMS;EMS;EMSService.exe [x]
S0 CmgHiber;CmgHiber;c:\windows\system32\DRIVERS\CmgHiber.sys [2012-02-10 92520]
S0 CmgPassThrough;CmgPassThrough;c:\windows\system32\DRIVERS\CmgShPT.sys [2012-02-10 16744]
S0 CmgPCS;Credant PCS;c:\windows\system32\DRIVERS\CmgPCS.sys [2012-02-16 122728]
S0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\DRIVERS\CMGShCEF.sys [2012-02-10 373608]
S0 CMGShieldReg;CMGShieldReg;c:\windows\system32\DRIVERS\CmgShREG.sys [2012-02-10 24424]
S0 csacenter;Cisco Security Agent Rule Engine;c:\windows\system32\drivers\csacentr.sys [2010-05-26 335432]
S0 csafile;Cisco Security Agent File Access Controller;c:\windows\system32\drivers\csafile.sys [2010-05-26 155208]
S0 csareg;Cisco Security Agent Registry Access Controller;c:\windows\system32\drivers\csareg.sys [2010-05-26 61000]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-10 283744]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 csafilt;Cisco Security Agent Network Access Controller and Packet Verifier;c:\windows\system32\drivers\csafilt.sys [2010-05-26 564296]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;c:\program files (x86)\WebEx\Connect\apUpdate.exe [2011-10-28 856888]
S2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2012-02-16 2855016]
S2 CSAgent;Cisco Security Agent;c:\program files (x86)\Cisco\CSAgent\bin\CSAControl.exe [2010-05-26 365224]
S2 CSAgentMon;Cisco Security Agent Monitor;c:\program files (x86)\Cisco\CSAgent\bin\CSAControl.exe [2010-05-26 365224]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys [2009-12-18 54824]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-10 158832]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-26 161664]
S3 AeXAgentSrvHost;AeXAgentSrvHost;c:\program files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [2012-04-16 265048]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-12-16 36680]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12368672
*NewlyCreated* - MBAMCHAMELEON
*Deregistered* - 12368672
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 23:43]
.
2012-12-11 c:\windows\Tasks\At1.job
- c:\program files (x86)\Cisco\CSAgent\bin\csacontrol.exe [2011-02-10 15:07]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1303643608-725345543-233527Core.job
- c:\users\harjeets\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 15:44]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1303643608-725345543-233527UA.job
- c:\users\harjeets\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 15:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2012-02-16 360040]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-15 1694016]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: cisco.com\www
Trusted Zone: cisco.com\wwwin
Trusted Zone: cisco.com\wwwin-asiapac
Trusted Zone: cisco.com\wwwin-emea
Trusted Zone: nextel.com
Trusted Zone: santsuite.com\cisco
Trusted Zone: sprint.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} - hxxp://voicemail.cisco.com/MediaMasENU.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://lnvpn2.sprint.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7744FCA0-88A3-41AE-9068-3B5DF966CF2F} - hxxp://cdetsweb-prd.cisco.com/ermhi_enu/19221/applets/SiebelAx_Smartscript.cab
DPF: {E4D02E3D-8094-4DF0-A2C2-2FB301DF4788} - hxxp://cdetsweb-prd.cisco.com/ermhi_enu/19221/applets/SiebelAx_HI_Client.cab
FF - ProfilePath - c:\users\harjeets\AppData\Roaming\Mozilla\Firefox\Profiles\zui9itng.default\
FF - ExtSQL: 2012-12-10 15:45; {bc6823e8-de67-4545-8e62-7fef75245391}; c:\users\harjeets\AppData\Roaming\Mozilla\Firefox\Profiles\zui9itng.default\extensions\{bc6823e8-de67-4545-8e62-7fef75245391}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
SafeBoot-92037856.sys
AddRemove-Connected - c:\program files\Connected\CBUninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Altiris\Altiris Agent]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Altiris\Communications]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Altiris\eXpress\NS Client]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-15 23:59:54
ComboFix-quarantined-files.txt 2012-12-16 04:59
ComboFix2.txt 2012-12-12 18:26
.
Pre-Run: 13,899,587,584 bytes free
Post-Run: 14,309,638,144 bytes free
.
- - End Of File - - 9F13C01827DB0560B36B5E631F69B58D

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 AM

Posted 16 December 2012 - 08:27 AM

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
2012-04-04 16:25 . 2012-04-04 16:20 3993600 ----a-w- c:\program files (x86)\GUT7BF4.tmp
2012-04-04 11:22 . 2012-04-04 11:20 3993600 ----a-w- c:\program files (x86)\GUTF0E.tmp
2012-04-04 00:20 . 2012-04-04 00:20 3993600 ----a-w- c:\program files (x86)\GUTD26F.tmp
2012-04-03 18:45 . 2012-04-03 18:45 3993600 ----a-w- c:\program files (x86)\GUT819B.tmp
2012-04-03 13:20 . 2012-04-03 13:20 3993600 ----a-w- c:\program files (x86)\GUT914E.tmp
2012-04-03 04:20 . 2012-04-03 04:20 3993600 ----a-w- c:\program files (x86)\GUT2F86.tmp
2012-04-02 15:20 . 2012-04-02 15:20 3993600 ----a-w- c:\program files (x86)\GUT3C74.tmp
2012-04-02 10:20 . 2012-04-02 10:20 3993600 ----a-w- c:\program files (x86)\GUT5324.tmp
2012-04-02 01:25 . 2012-04-02 01:20 3993600 ----a-w- c:\program files (x86)\GUTEE02.tmp
2012-04-01 20:25 . 2012-04-01 20:20 3993600 ----a-w- c:\program files (x86)\GUT487A.tmp
2012-04-01 15:25 . 2012-04-01 15:20 3993600 ----a-w- c:\program files (x86)\GUTA534.tmp
2012-04-01 10:25 . 2012-04-01 10:20 3993600 ----a-w- c:\program files (x86)\GUTFFCC.tmp
2012-03-31 17:25 . 2012-03-31 17:20 3993600 ----a-w- c:\program files (x86)\GUT2256.tmp
2012-03-31 12:23 . 2012-03-31 12:23 3993600 ----a-w- c:\program files (x86)\GUT2DF4.tmp
2012-03-31 01:25 . 2012-03-31 01:20 3993600 ----a-w- c:\program files (x86)\GUT35C4.tmp
2012-03-30 20:25 . 2012-03-30 20:20 3993600 ----a-w- c:\program files (x86)\GUT9A8A.tmp
2012-03-30 15:20 . 2012-03-30 15:20 3993600 ----a-w- c:\program files (x86)\GUTE73D.tmp
2012-03-30 10:11 . 2012-03-30 10:11 3993600 ----a-w- c:\program files (x86)\GUT55D0.tmp
2012-03-29 17:22 . 2012-03-29 17:20 3993600 ----a-w- c:\program files (x86)\GUT6C4A.tmp
2012-03-29 12:20 . 2012-03-29 12:20 3993600 ----a-w- c:\program files (x86)\GUTD2A4.tmp
2012-03-28 18:20 . 2012-03-28 18:20 3993600 ----a-w- c:\program files (x86)\GUT505.tmp
2012-03-28 13:22 . 2012-03-28 13:21 3993600 ----a-w- c:\program files (x86)\GUT9A2.tmp
2012-03-27 16:20 . 2012-03-27 16:20 3993600 ----a-w- c:\program files (x86)\GUTF9F.tmp
2012-03-27 11:07 . 2012-03-27 11:07 3993600 ----a-w- c:\program files (x86)\GUTFE12.tmp
2012-03-26 10:20 . 2012-03-26 10:20 3993600 ----a-w- c:\program files (x86)\GUT23DD.tmp
2012-03-25 10:16 . 2012-03-25 10:16 3993600 ----a-w- c:\program files (x86)\GUTC6C5.tmp

AtJob::

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 harry81

harry81
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 16 December 2012 - 09:00 AM

Here you go :-

ComboFix 12-12-14.01 - harjeets 12/16/2012 8:37.3.8 - x64
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.12220.10200 [GMT -5:00]
Running from: c:\users\harjeets\Desktop\ComboFix.exe
Command switches used :: c:\users\harjeets\Desktop\CFScript.txt
AV: Cisco Security Agent V6.0.2.130 *Disabled/Updated* {C0F416B2-FB86-4FC5-A9EB-5026B725D4B0}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Cisco Security Agent V6.0.2.130 *Disabled* {F8CF9797-B1E9-4E9D-82B4-F91349F693CB}
SP: Cisco Security Agent V6.0.2.130 *Disabled/Updated* {7B95F756-DDBC-404B-935B-6B54CCA29E0D}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 13:50 . 2012-12-16 13:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 13:50 . 2012-12-16 13:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-16 03:51 . 2012-12-16 03:51 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-16 03:40 . 2012-12-16 03:40 -------- d-----w- c:\users\harjeets\AppData\Local\Diagnostics
2012-12-15 22:32 . 2012-12-15 22:32 -------- d-----w- C:\FRST
2012-12-15 20:27 . 2012-12-15 22:49 -------- d-----w- C:\mbar
2012-12-14 22:48 . 2012-12-15 01:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-14 22:48 . 2012-12-16 12:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-14 22:47 . 2012-12-14 22:47 -------- d-----w- c:\users\harjeets\AppData\Local\Programs
2012-12-14 13:24 . 2012-12-14 13:26 -------- d-----w- c:\program files (x86)\LinuxLive USB Creator
2012-12-12 20:40 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 16:10 . 2012-12-12 16:10 -------- d-----w- c:\program files\HitmanPro
2012-12-12 13:14 . 2012-12-12 13:14 -------- d-----w- c:\programdata\Sophos
2012-12-12 13:14 . 2012-12-12 13:14 73728 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-12 13:14 . 2012-12-12 13:14 73728 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-12 13:14 . 2012-12-12 13:14 73728 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-12 13:13 . 2012-12-12 13:13 -------- d-----w- c:\program files (x86)\Sophos
2012-12-12 12:49 . 2012-12-13 21:55 16200 ----a-w- c:\windows\stinger.sys
2012-12-12 12:49 . 2012-12-13 22:15 -------- d-----w- c:\program files (x86)\stinger
2012-12-12 12:20 . 2012-12-12 12:20 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-12 12:19 . 2012-12-11 20:16 460888 ----a-w- c:\windows\system32\drivers\60527378.sys
2012-12-12 00:37 . 2012-12-12 00:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 00:37 . 2012-12-12 00:37 -------- d-----w- c:\program files (x86)\Java
2012-12-11 21:18 . 2012-12-11 21:18 -------- d-----w- c:\users\harjeets\AppData\Roaming\QuickScan
2012-12-11 17:59 . 2012-12-11 17:59 -------- d---a-w- C:\panda_poli_utility_samples
2012-12-11 12:02 . 2012-12-11 12:46 -------- d-----w- C:\12f9e43cbc3faec4d5a399
2012-12-11 12:01 . 2012-12-11 12:02 -------- d--h--w- c:\windows\AxInstSV
2012-12-10 22:27 . 2012-12-11 03:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-12-10 21:16 . 2012-12-10 21:42 -------- d-----w- c:\programdata\HitmanPro
2012-12-10 20:27 . 2012-12-10 20:26 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-12-10 20:27 . 2012-12-10 20:26 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-12-10 20:27 . 2012-12-10 20:26 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-12-10 20:27 . 2012-12-10 20:26 158712 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-10 20:27 . 2012-12-10 20:26 642952 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-10 20:27 . 2012-12-10 20:26 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-12-10 20:27 . 2012-12-10 20:26 158832 ----a-w- c:\windows\system32\mfevtps.exe
2012-12-10 18:21 . 2012-12-10 18:21 -------- d-----w- C:\found.001
2012-12-10 16:48 . 2012-12-10 16:48 65536 ---ha-w- c:\windows\system32\AvTresvr64.dll
2012-12-10 10:22 . 2012-12-10 10:22 -------- d-----w- c:\program files\iPod
2012-12-10 10:22 . 2012-12-10 10:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-10 10:22 . 2012-12-10 10:23 -------- d-----w- c:\program files\iTunes
2012-12-10 10:22 . 2012-12-10 10:23 -------- d-----w- c:\program files (x86)\iTunes
2012-12-08 09:12 . 2012-12-08 12:23 -------- d-----w- C:\f06d6114848389a1f8
2012-12-07 22:18 . 2012-12-08 01:44 -------- d-----w- c:\users\harjeets\AppData\Roaming\Zapa
2012-12-07 22:04 . 2012-12-07 22:04 -------- d-----w- c:\programdata\Local Settings
2012-12-04 05:16 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-12-04 05:16 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-12-04 05:16 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-11-29 19:25 . 2012-11-29 19:25 -------- d-----w- c:\program files (x86)\Seagate
2012-11-29 13:08 . 2012-11-29 13:08 -------- d-----w- c:\program files\Arellia
2012-11-29 13:08 . 2012-11-29 13:08 -------- d-----w- c:\program files (x86)\Arellia
2012-11-28 19:52 . 2012-11-28 19:52 -------- d-----w- c:\program files\Common Files\Altiris
2012-11-28 19:51 . 2012-11-30 12:36 -------- d-----w- c:\programdata\Symantec
2012-11-17 14:37 . 2012-11-17 14:37 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 00:37 . 2012-06-16 19:42 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-12 00:37 . 2011-02-11 00:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-11 23:43 . 2012-09-02 23:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 23:43 . 2011-07-23 15:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-10 20:26 . 2012-06-11 18:21 99056 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-12-10 20:26 . 2012-06-11 18:21 74848 ----a-w- c:\windows\SysWow64\MfeOtlkAddin.dll
2012-12-10 20:26 . 2009-04-30 04:07 22816 ----a-w- c:\windows\SysWow64\MFEOtlk.dll
2012-10-30 02:04 . 2011-03-26 12:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-11 05:22 . 2012-10-11 05:22 53248 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2012-10-11 05:22 . 2012-10-11 05:22 53248 ----a-r- c:\users\harjeets\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe
2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-04 16:25 . 2012-04-04 16:20 3993600 ----a-w- c:\program files (x86)\GUT7BF4.tmp
2012-04-04 11:22 . 2012-04-04 11:20 3993600 ----a-w- c:\program files (x86)\GUTF0E.tmp
2012-04-04 00:20 . 2012-04-04 00:20 3993600 ----a-w- c:\program files (x86)\GUTD26F.tmp
2012-04-03 18:45 . 2012-04-03 18:45 3993600 ----a-w- c:\program files (x86)\GUT819B.tmp
2012-04-03 13:20 . 2012-04-03 13:20 3993600 ----a-w- c:\program files (x86)\GUT914E.tmp
2012-04-03 04:20 . 2012-04-03 04:20 3993600 ----a-w- c:\program files (x86)\GUT2F86.tmp
2012-04-02 15:20 . 2012-04-02 15:20 3993600 ----a-w- c:\program files (x86)\GUT3C74.tmp
2012-04-02 10:20 . 2012-04-02 10:20 3993600 ----a-w- c:\program files (x86)\GUT5324.tmp
2012-04-02 01:25 . 2012-04-02 01:20 3993600 ----a-w- c:\program files (x86)\GUTEE02.tmp
2012-04-01 20:25 . 2012-04-01 20:20 3993600 ----a-w- c:\program files (x86)\GUT487A.tmp
2012-04-01 15:25 . 2012-04-01 15:20 3993600 ----a-w- c:\program files (x86)\GUTA534.tmp
2012-04-01 10:25 . 2012-04-01 10:20 3993600 ----a-w- c:\program files (x86)\GUTFFCC.tmp
2012-03-31 17:25 . 2012-03-31 17:20 3993600 ----a-w- c:\program files (x86)\GUT2256.tmp
2012-03-31 12:23 . 2012-03-31 12:23 3993600 ----a-w- c:\program files (x86)\GUT2DF4.tmp
2012-03-31 01:25 . 2012-03-31 01:20 3993600 ----a-w- c:\program files (x86)\GUT35C4.tmp
2012-03-30 20:25 . 2012-03-30 20:20 3993600 ----a-w- c:\program files (x86)\GUT9A8A.tmp
2012-03-30 15:20 . 2012-03-30 15:20 3993600 ----a-w- c:\program files (x86)\GUTE73D.tmp
2012-03-30 10:11 . 2012-03-30 10:11 3993600 ----a-w- c:\program files (x86)\GUT55D0.tmp
2012-03-29 17:22 . 2012-03-29 17:20 3993600 ----a-w- c:\program files (x86)\GUT6C4A.tmp
2012-03-29 12:20 . 2012-03-29 12:20 3993600 ----a-w- c:\program files (x86)\GUTD2A4.tmp
2012-03-28 18:20 . 2012-03-28 18:20 3993600 ----a-w- c:\program files (x86)\GUT505.tmp
2012-03-28 13:22 . 2012-03-28 13:21 3993600 ----a-w- c:\program files (x86)\GUT9A2.tmp
2012-03-27 16:20 . 2012-03-27 16:20 3993600 ----a-w- c:\program files (x86)\GUTF9F.tmp
2012-03-27 11:07 . 2012-03-27 11:07 3993600 ----a-w- c:\program files (x86)\GUTFE12.tmp
2012-03-26 10:20 . 2012-03-26 10:20 3993600 ----a-w- c:\program files (x86)\GUT23DD.tmp
2012-03-25 10:16 . 2012-03-25 10:16 3993600 ----a-w- c:\program files (x86)\GUTC6C5.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"AgentUiRunKey"="c:\program files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" [2011-06-27 239104]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-15 215360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Cisco Security Agent.lnk - c:\program files (x86)\Cisco\CSAgent\bin\okclient.exe [2011-2-10 671744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 CCDevice;CCDevice; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2011-03-01 27648]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
R3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [2012-04-16 408408]
R3 aswArKrn;aswArKrn;c:\users\harjeets\AppData\Local\Temp\aswArKrn.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 kqemu;KQEMU virtualisation module for QEMU;c:\windows\system32\DRIVERS\kqemu.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-12-16 36680]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-10 100904]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-10-05 6952960]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 30720]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-21 1255736]
R4 EMS;EMS;EMSService.exe [x]
S0 CmgHiber;CmgHiber;c:\windows\system32\DRIVERS\CmgHiber.sys [2012-02-10 92520]
S0 CmgPassThrough;CmgPassThrough;c:\windows\system32\DRIVERS\CmgShPT.sys [2012-02-10 16744]
S0 CmgPCS;Credant PCS;c:\windows\system32\DRIVERS\CmgPCS.sys [2012-02-16 122728]
S0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\DRIVERS\CMGShCEF.sys [2012-02-10 373608]
S0 CMGShieldReg;CMGShieldReg;c:\windows\system32\DRIVERS\CmgShREG.sys [2012-02-10 24424]
S0 csacenter;Cisco Security Agent Rule Engine;c:\windows\system32\drivers\csacentr.sys [2010-05-26 335432]
S0 csafile;Cisco Security Agent File Access Controller;c:\windows\system32\drivers\csafile.sys [2010-05-26 155208]
S0 csareg;Cisco Security Agent Registry Access Controller;c:\windows\system32\drivers\csareg.sys [2010-05-26 61000]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-10 283744]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 csafilt;Cisco Security Agent Network Access Controller and Packet Verifier;c:\windows\system32\drivers\csafilt.sys [2010-05-26 564296]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;c:\program files (x86)\WebEx\Connect\apUpdate.exe [2011-10-28 856888]
S2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2012-02-16 2855016]
S2 CSAgent;Cisco Security Agent;c:\program files (x86)\Cisco\CSAgent\bin\CSAControl.exe [2010-05-26 365224]
S2 CSAgentMon;Cisco Security Agent Monitor;c:\program files (x86)\Cisco\CSAgent\bin\CSAControl.exe [2010-05-26 365224]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys [2009-12-18 54824]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-10 158832]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-26 161664]
S3 AeXAgentSrvHost;AeXAgentSrvHost;c:\program files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [2012-04-16 265048]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 23:43]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1303643608-725345543-233527Core.job
- c:\users\harjeets\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 15:44]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1303643608-725345543-233527UA.job
- c:\users\harjeets\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 15:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2012-02-16 360040]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-15 1694016]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: cisco.com\www
Trusted Zone: cisco.com\wwwin
Trusted Zone: cisco.com\wwwin-asiapac
Trusted Zone: cisco.com\wwwin-emea
Trusted Zone: nextel.com
Trusted Zone: santsuite.com\cisco
Trusted Zone: sprint.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} - hxxp://voicemail.cisco.com/MediaMasENU.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://lnvpn2.sprint.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7744FCA0-88A3-41AE-9068-3B5DF966CF2F} - hxxp://cdetsweb-prd.cisco.com/ermhi_enu/19221/applets/SiebelAx_Smartscript.cab
DPF: {E4D02E3D-8094-4DF0-A2C2-2FB301DF4788} - hxxp://cdetsweb-prd.cisco.com/ermhi_enu/19221/applets/SiebelAx_HI_Client.cab
FF - ProfilePath - c:\users\harjeets\AppData\Roaming\Mozilla\Firefox\Profiles\zui9itng.default\
FF - ExtSQL: 2012-12-10 15:45; {bc6823e8-de67-4545-8e62-7fef75245391}; c:\users\harjeets\AppData\Roaming\Mozilla\Firefox\Profiles\zui9itng.default\extensions\{bc6823e8-de67-4545-8e62-7fef75245391}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
AddRemove-Connected - c:\program files\Connected\CBUninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Altiris\Altiris Agent]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Altiris\Communications]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Altiris\eXpress\NS Client]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-16 08:55:12
ComboFix-quarantined-files.txt 2012-12-16 13:55
ComboFix2.txt 2012-12-16 04:59
ComboFix3.txt 2012-12-12 18:26
.
Pre-Run: 14,373,675,008 bytes free
Post-Run: 14,076,719,104 bytes free
.
- - End Of File - - 8CDBD008AECFF2778B24F48E3EDE94D2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users