Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winrscmde Trojan


  • This topic is locked This topic is locked
14 replies to this topic

#1 lordsigurd

lordsigurd

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 27 December 2012 - 02:56 PM

Mod Edit:MOVED to Virus, Trojan, Spyware, and Malware Removal Logs ~~boopme


I checked my performance for my PC and it showed that an SVCHost.exe 32 was taking up more than half of my system resources. Upon further research; apparently I am infected with Winrscmde (along with several other things it seems). I went to other threads dealing with the same issue and followed the first few steps (Downloaded TDSS Killer, ESET Online Scanner, and aswMBR) and here are my logs. Can anyone help me out?

TDSS Killer LOG:

12:22:38.0047 4680 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:22:38.0462 4680 ============================================================
12:22:38.0462 4680 Current date / time: 2012/12/27 12:22:38.0462
12:22:38.0462 4680 SystemInfo:
12:22:38.0462 4680
12:22:38.0462 4680 OS Version: 6.1.7601 ServicePack: 1.0
12:22:38.0462 4680 Product type: Workstation
12:22:38.0462 4680 ComputerName: JUSTINDCARROLL
12:22:38.0462 4680 UserName: Justin D Carroll
12:22:38.0462 4680 Windows directory: C:\Windows
12:22:38.0462 4680 System windows directory: C:\Windows
12:22:38.0462 4680 Running under WOW64
12:22:38.0462 4680 Processor architecture: Intel x64
12:22:38.0462 4680 Number of processors: 4
12:22:38.0462 4680 Page size: 0x1000
12:22:38.0462 4680 Boot type: Normal boot
12:22:38.0462 4680 ============================================================
12:22:39.0498 4680 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:22:39.0541 4680 ============================================================
12:22:39.0541 4680 \Device\Harddisk0\DR0:
12:22:39.0541 4680 MBR partitions:
12:22:39.0541 4680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
12:22:39.0541 4680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x23612800
12:22:39.0541 4680 ============================================================
12:22:39.0557 4680 C: <-> \Device\Harddisk0\DR0\Partition2
12:22:39.0577 4680 D: <-> \Device\Harddisk0\DR0\Partition1
12:22:39.0577 4680 ============================================================
12:22:39.0577 4680 Initialize success
12:22:39.0577 4680 ============================================================
12:22:48.0507 0732 ============================================================
12:22:48.0507 0732 Scan started
12:22:48.0507 0732 Mode: Manual;
12:22:48.0507 0732 ============================================================
12:22:48.0939 0732 ================ Scan system memory ========================
12:22:48.0939 0732 System memory - ok
12:22:48.0940 0732 ================ Scan services =============================
12:22:49.0026 0732 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:22:49.0029 0732 !SASCORE - ok
12:22:49.0227 0732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:22:49.0230 0732 1394ohci - ok
12:22:49.0243 0732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:22:49.0247 0732 ACPI - ok
12:22:49.0261 0732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:22:49.0262 0732 AcpiPmi - ok
12:22:49.0371 0732 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:22:49.0373 0732 AdobeARMservice - ok
12:22:49.0470 0732 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:49.0473 0732 AdobeFlashPlayerUpdateSvc - ok
12:22:49.0490 0732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:22:49.0496 0732 adp94xx - ok
12:22:49.0512 0732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:22:49.0517 0732 adpahci - ok
12:22:49.0532 0732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:22:49.0536 0732 adpu320 - ok
12:22:49.0576 0732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:22:49.0577 0732 AeLookupSvc - ok
12:22:49.0644 0732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:22:49.0650 0732 AFD - ok
12:22:49.0664 0732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:22:49.0666 0732 agp440 - ok
12:22:49.0673 0732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:22:49.0675 0732 ALG - ok
12:22:49.0693 0732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:22:49.0694 0732 aliide - ok
12:22:49.0708 0732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:22:49.0709 0732 amdide - ok
12:22:49.0729 0732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:22:49.0730 0732 AmdK8 - ok
12:22:49.0746 0732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:22:49.0748 0732 AmdPPM - ok
12:22:49.0793 0732 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:22:49.0795 0732 amdsata - ok
12:22:49.0806 0732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:22:49.0810 0732 amdsbs - ok
12:22:49.0814 0732 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:22:49.0816 0732 amdxata - ok
12:22:49.0823 0732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:22:49.0824 0732 AppID - ok
12:22:49.0866 0732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:22:49.0867 0732 AppIDSvc - ok
12:22:49.0884 0732 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:22:49.0885 0732 Appinfo - ok
12:22:49.0949 0732 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:22:49.0952 0732 AppMgmt - ok
12:22:49.0960 0732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:22:49.0962 0732 arc - ok
12:22:49.0977 0732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:22:49.0979 0732 arcsas - ok
12:22:50.0002 0732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:22:50.0003 0732 AsyncMac - ok
12:22:50.0023 0732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:22:50.0024 0732 atapi - ok
12:22:50.0046 0732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:22:50.0058 0732 AudioEndpointBuilder - ok
12:22:50.0068 0732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:22:50.0072 0732 AudioSrv - ok
12:22:50.0096 0732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:22:50.0099 0732 AxInstSV - ok
12:22:50.0122 0732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:22:50.0127 0732 b06bdrv - ok
12:22:50.0188 0732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:22:50.0192 0732 b57nd60a - ok
12:22:50.0236 0732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:22:50.0238 0732 BDESVC - ok
12:22:50.0242 0732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:22:50.0243 0732 Beep - ok
12:22:50.0279 0732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:22:50.0291 0732 BFE - ok
12:22:50.0349 0732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:22:50.0374 0732 BITS - ok
12:22:50.0391 0732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:22:50.0392 0732 blbdrive - ok
12:22:50.0442 0732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:22:50.0444 0732 bowser - ok
12:22:50.0450 0732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:22:50.0451 0732 BrFiltLo - ok
12:22:50.0461 0732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:22:50.0462 0732 BrFiltUp - ok
12:22:50.0505 0732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:22:50.0507 0732 Browser - ok
12:22:50.0518 0732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:22:50.0523 0732 Brserid - ok
12:22:50.0532 0732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:22:50.0533 0732 BrSerWdm - ok
12:22:50.0540 0732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:22:50.0541 0732 BrUsbMdm - ok
12:22:50.0549 0732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:22:50.0551 0732 BrUsbSer - ok
12:22:50.0611 0732 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:22:50.0612 0732 BthEnum - ok
12:22:50.0628 0732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:22:50.0630 0732 BTHMODEM - ok
12:22:50.0676 0732 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:22:50.0678 0732 BthPan - ok
12:22:50.0738 0732 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:22:50.0745 0732 BTHPORT - ok
12:22:50.0768 0732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:22:50.0770 0732 bthserv - ok
12:22:50.0809 0732 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:22:50.0810 0732 BTHUSB - ok
12:22:50.0816 0732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:22:50.0818 0732 cdfs - ok
12:22:50.0865 0732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:22:50.0867 0732 cdrom - ok
12:22:50.0929 0732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:22:50.0931 0732 CertPropSvc - ok
12:22:50.0946 0732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:22:50.0947 0732 circlass - ok
12:22:50.0966 0732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:22:50.0972 0732 CLFS - ok
12:22:51.0159 0732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:22:51.0162 0732 clr_optimization_v2.0.50727_32 - ok
12:22:51.0244 0732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:22:51.0247 0732 clr_optimization_v2.0.50727_64 - ok
12:22:51.0354 0732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:22:51.0357 0732 clr_optimization_v4.0.30319_32 - ok
12:22:51.0411 0732 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:22:51.0414 0732 clr_optimization_v4.0.30319_64 - ok
12:22:51.0424 0732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:22:51.0426 0732 CmBatt - ok
12:22:51.0434 0732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:22:51.0435 0732 cmdide - ok
12:22:51.0484 0732 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:22:51.0490 0732 CNG - ok
12:22:51.0551 0732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:22:51.0553 0732 Compbatt - ok
12:22:51.0568 0732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:22:51.0569 0732 CompositeBus - ok
12:22:51.0582 0732 COMSysApp - ok
12:22:51.0622 0732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:22:51.0623 0732 crcdisk - ok
12:22:51.0741 0732 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:22:51.0744 0732 CryptSvc - ok
12:22:51.0805 0732 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:22:51.0819 0732 CSC - ok
12:22:51.0897 0732 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:22:51.0909 0732 CscService - ok
12:22:51.0975 0732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:22:51.0982 0732 DcomLaunch - ok
12:22:52.0446 0732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:22:52.0450 0732 defragsvc - ok
12:22:52.0516 0732 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
12:22:52.0518 0732 Desura Install Service - ok
12:22:52.0532 0732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:22:52.0535 0732 DfsC - ok
12:22:52.0563 0732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:22:52.0568 0732 Dhcp - ok
12:22:52.0610 0732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:22:52.0611 0732 discache - ok
12:22:52.0641 0732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:22:52.0643 0732 Disk - ok
12:22:52.0762 0732 [ AE39BAFDDDB0B27F1CFE3639423594B5 ] DiskDoctorService C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
12:22:52.0787 0732 DiskDoctorService - ok
12:22:52.0897 0732 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
12:22:52.0899 0732 dmvsc - ok
12:22:52.0939 0732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:22:52.0942 0732 Dnscache - ok
12:22:52.0960 0732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:22:52.0964 0732 dot3svc - ok
12:22:52.0980 0732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:22:52.0983 0732 DPS - ok
12:22:53.0036 0732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:22:53.0036 0732 drmkaud - ok
12:22:53.0112 0732 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:22:53.0116 0732 dtsoftbus01 - ok
12:22:53.0145 0732 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:22:53.0170 0732 DXGKrnl - ok
12:22:53.0243 0732 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
12:22:53.0247 0732 e1express - ok
12:22:53.0278 0732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:22:53.0280 0732 EapHost - ok
12:22:53.0353 0732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:22:53.0454 0732 ebdrv - ok
12:22:53.0525 0732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:22:53.0527 0732 EFS - ok
12:22:53.0622 0732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:22:53.0636 0732 ehRecvr - ok
12:22:53.0694 0732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:22:53.0696 0732 ehSched - ok
12:22:53.0724 0732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:22:53.0730 0732 elxstor - ok
12:22:53.0739 0732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:22:53.0740 0732 ErrDev - ok
12:22:53.0770 0732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:22:53.0775 0732 EventSystem - ok
12:22:53.0792 0732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:22:53.0795 0732 exfat - ok
12:22:53.0808 0732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:22:53.0811 0732 fastfat - ok
12:22:53.0837 0732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:22:53.0849 0732 Fax - ok
12:22:53.0865 0732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:22:53.0866 0732 fdc - ok
12:22:53.0878 0732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:22:53.0880 0732 fdPHost - ok
12:22:53.0889 0732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:22:53.0890 0732 FDResPub - ok
12:22:53.0906 0732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:22:53.0908 0732 FileInfo - ok
12:22:53.0920 0732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:22:53.0921 0732 Filetrace - ok
12:22:53.0930 0732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:22:53.0931 0732 flpydisk - ok
12:22:53.0949 0732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:22:53.0953 0732 FltMgr - ok
12:22:54.0018 0732 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:22:54.0049 0732 FontCache - ok
12:22:54.0151 0732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:22:54.0153 0732 FontCache3.0.0.0 - ok
12:22:54.0177 0732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:22:54.0179 0732 FsDepends - ok
12:22:54.0223 0732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:22:54.0225 0732 Fs_Rec - ok
12:22:54.0240 0732 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:22:54.0243 0732 fvevol - ok
12:22:54.0252 0732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:22:54.0254 0732 gagp30kx - ok
12:22:54.0279 0732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:22:54.0293 0732 gpsvc - ok
12:22:54.0364 0732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:54.0366 0732 gupdate - ok
12:22:54.0370 0732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:54.0371 0732 gupdatem - ok
12:22:54.0377 0732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:22:54.0378 0732 hcw85cir - ok
12:22:54.0434 0732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:22:54.0438 0732 HdAudAddService - ok
12:22:54.0476 0732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:22:54.0477 0732 HDAudBus - ok
12:22:54.0490 0732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:22:54.0491 0732 HidBatt - ok
12:22:54.0504 0732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:22:54.0506 0732 HidBth - ok
12:22:54.0519 0732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:22:54.0520 0732 HidIr - ok
12:22:54.0531 0732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:22:54.0532 0732 hidserv - ok
12:22:54.0566 0732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:22:54.0567 0732 HidUsb - ok
12:22:54.0615 0732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:22:54.0617 0732 hkmsvc - ok
12:22:54.0631 0732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:22:54.0635 0732 HomeGroupListener - ok
12:22:54.0680 0732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:22:54.0684 0732 HomeGroupProvider - ok
12:22:54.0727 0732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:22:54.0729 0732 HpSAMD - ok
12:22:54.0760 0732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:22:54.0773 0732 HTTP - ok
12:22:54.0814 0732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:22:54.0815 0732 hwpolicy - ok
12:22:54.0830 0732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:22:54.0832 0732 i8042prt - ok
12:22:54.0852 0732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:22:54.0855 0732 iaStorV - ok
12:22:54.0945 0732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:22:54.0971 0732 idsvc - ok
12:22:55.0009 0732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:22:55.0010 0732 iirsp - ok
12:22:55.0037 0732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:22:55.0062 0732 IKEEXT - ok
12:22:55.0104 0732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:22:55.0105 0732 intelide - ok
12:22:55.0143 0732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:22:55.0144 0732 intelppm - ok
12:22:55.0159 0732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:22:55.0161 0732 IPBusEnum - ok
12:22:55.0172 0732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:22:55.0174 0732 IpFilterDriver - ok
12:22:55.0222 0732 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:22:55.0233 0732 iphlpsvc - ok
12:22:55.0273 0732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:22:55.0274 0732 IPMIDRV - ok
12:22:55.0286 0732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:22:55.0288 0732 IPNAT - ok
12:22:55.0304 0732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:22:55.0305 0732 IRENUM - ok
12:22:55.0317 0732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:22:55.0319 0732 isapnp - ok
12:22:55.0370 0732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:22:55.0374 0732 iScsiPrt - ok
12:22:55.0399 0732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:22:55.0401 0732 kbdclass - ok
12:22:55.0416 0732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:22:55.0417 0732 kbdhid - ok
12:22:55.0434 0732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:22:55.0435 0732 KeyIso - ok
12:22:55.0475 0732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:22:55.0477 0732 KSecDD - ok
12:22:55.0492 0732 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:22:55.0495 0732 KSecPkg - ok
12:22:55.0540 0732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:22:55.0541 0732 ksthunk - ok
12:22:55.0592 0732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:22:55.0597 0732 KtmRm - ok
12:22:55.0658 0732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:22:55.0663 0732 LanmanServer - ok
12:22:55.0703 0732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:22:55.0706 0732 LanmanWorkstation - ok
12:22:55.0723 0732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:22:55.0725 0732 lltdio - ok
12:22:55.0773 0732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:22:55.0778 0732 lltdsvc - ok
12:22:55.0800 0732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:22:55.0801 0732 lmhosts - ok
12:22:55.0830 0732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:22:55.0833 0732 LSI_FC - ok
12:22:55.0844 0732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:22:55.0846 0732 LSI_SAS - ok
12:22:55.0861 0732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:22:55.0863 0732 LSI_SAS2 - ok
12:22:55.0878 0732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:22:55.0880 0732 LSI_SCSI - ok
12:22:55.0901 0732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:22:55.0903 0732 luafv - ok
12:22:55.0968 0732 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
12:22:55.0972 0732 McComponentHostService - ok
12:22:56.0005 0732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:22:56.0008 0732 Mcx2Svc - ok
12:22:56.0033 0732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:22:56.0034 0732 megasas - ok
12:22:56.0050 0732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:22:56.0054 0732 MegaSR - ok
12:22:56.0098 0732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:22:56.0100 0732 MMCSS - ok
12:22:56.0110 0732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:22:56.0111 0732 Modem - ok
12:22:56.0133 0732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:22:56.0134 0732 monitor - ok
12:22:56.0202 0732 [ 5FEC1FF5BB9A1FA5C9CF4544D19D6D5D ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
12:22:56.0205 0732 MotioninJoyXFilter - ok
12:22:56.0225 0732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:22:56.0227 0732 mouclass - ok
12:22:56.0232 0732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:22:56.0233 0732 mouhid - ok
12:22:56.0246 0732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:22:56.0248 0732 mountmgr - ok
12:22:56.0264 0732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:22:56.0267 0732 mpio - ok
12:22:56.0282 0732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:22:56.0284 0732 mpsdrv - ok
12:22:56.0349 0732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:22:56.0374 0732 MpsSvc - ok
12:22:56.0417 0732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:22:56.0420 0732 MRxDAV - ok
12:22:56.0462 0732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:22:56.0465 0732 mrxsmb - ok
12:22:56.0507 0732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:22:56.0510 0732 mrxsmb10 - ok
12:22:56.0560 0732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:22:56.0562 0732 mrxsmb20 - ok
12:22:56.0574 0732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:22:56.0575 0732 msahci - ok
12:22:56.0588 0732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:22:56.0591 0732 msdsm - ok
12:22:56.0613 0732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:22:56.0617 0732 MSDTC - ok
12:22:56.0657 0732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:22:56.0658 0732 Msfs - ok
12:22:56.0670 0732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:22:56.0671 0732 mshidkmdf - ok
12:22:56.0680 0732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:22:56.0681 0732 msisadrv - ok
12:22:56.0731 0732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:22:56.0734 0732 MSiSCSI - ok
12:22:56.0738 0732 msiserver - ok
12:22:56.0764 0732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:22:56.0765 0732 MSKSSRV - ok
12:22:56.0812 0732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:22:56.0814 0732 MSPCLOCK - ok
12:22:56.0817 0732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:22:56.0818 0732 MSPQM - ok
12:22:56.0839 0732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:22:56.0844 0732 MsRPC - ok
12:22:56.0891 0732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:22:56.0891 0732 mssmbios - ok
12:22:56.0895 0732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:22:56.0896 0732 MSTEE - ok
12:22:56.0947 0732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:22:56.0948 0732 MTConfig - ok
12:22:56.0990 0732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:22:56.0991 0732 Mup - ok
12:22:57.0039 0732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:22:57.0051 0732 napagent - ok
12:22:57.0079 0732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:22:57.0084 0732 NativeWifiP - ok
12:22:57.0142 0732 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:22:57.0168 0732 NDIS - ok
12:22:57.0202 0732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:22:57.0203 0732 NdisCap - ok
12:22:57.0223 0732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:22:57.0224 0732 NdisTapi - ok
12:22:57.0236 0732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:22:57.0237 0732 Ndisuio - ok
12:22:57.0244 0732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:22:57.0246 0732 NdisWan - ok
12:22:57.0259 0732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:22:57.0260 0732 NDProxy - ok
12:22:57.0284 0732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:22:57.0285 0732 NetBIOS - ok
12:22:57.0291 0732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:22:57.0295 0732 NetBT - ok
12:22:57.0309 0732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:22:57.0311 0732 Netlogon - ok
12:22:57.0361 0732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:22:57.0366 0732 Netman - ok
12:22:57.0390 0732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:22:57.0396 0732 netprofm - ok
12:22:57.0438 0732 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:22:57.0440 0732 NetTcpPortSharing - ok
12:22:57.0463 0732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:22:57.0464 0732 nfrd960 - ok
12:22:57.0478 0732 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:22:57.0484 0732 NlaSvc - ok
12:22:57.0495 0732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:22:57.0496 0732 Npfs - ok
12:22:57.0551 0732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:22:57.0553 0732 nsi - ok
12:22:57.0568 0732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:22:57.0569 0732 nsiproxy - ok
12:22:57.0648 0732 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:22:57.0683 0732 Ntfs - ok
12:22:57.0750 0732 [ 68E6732D74A74B1FFD386761BC1EB764 ] NU16StartManagerSvc C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
12:22:57.0763 0732 NU16StartManagerSvc - ok
12:22:57.0772 0732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:22:57.0772 0732 Null - ok
12:22:57.0833 0732 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
12:22:57.0837 0732 NVHDA - ok
12:22:58.0111 0732 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:22:58.0357 0732 nvlddmkm - ok
12:22:58.0438 0732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:22:58.0441 0732 nvraid - ok
12:22:58.0452 0732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:22:58.0455 0732 nvstor - ok
12:22:58.0489 0732 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
12:22:58.0515 0732 nvsvc - ok
12:22:58.0598 0732 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:22:58.0622 0732 nvUpdatusService - ok
12:22:58.0676 0732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:22:58.0679 0732 nv_agp - ok
12:22:58.0690 0732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:22:58.0692 0732 ohci1394 - ok
12:22:58.0740 0732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:22:58.0745 0732 p2pimsvc - ok
12:22:58.0799 0732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:22:58.0806 0732 p2psvc - ok
12:22:58.0847 0732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:22:58.0849 0732 Parport - ok
12:22:58.0893 0732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:22:58.0895 0732 partmgr - ok
12:22:58.0911 0732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:22:58.0915 0732 PcaSvc - ok
12:22:58.0928 0732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:22:58.0931 0732 pci - ok
12:22:58.0941 0732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:22:58.0943 0732 pciide - ok
12:22:58.0956 0732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:22:58.0959 0732 pcmcia - ok
12:22:58.0969 0732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:22:58.0970 0732 pcw - ok
12:22:58.0996 0732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:22:59.0009 0732 PEAUTH - ok
12:22:59.0079 0732 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:22:59.0113 0732 PeerDistSvc - ok
12:22:59.0216 0732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:22:59.0218 0732 PerfHost - ok
12:22:59.0263 0732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:22:59.0307 0732 pla - ok
12:22:59.0384 0732 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:22:59.0390 0732 PlugPlay - ok
12:22:59.0399 0732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:22:59.0401 0732 PNRPAutoReg - ok
12:22:59.0409 0732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:22:59.0412 0732 PNRPsvc - ok
12:22:59.0463 0732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:22:59.0475 0732 PolicyAgent - ok
12:22:59.0520 0732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:22:59.0524 0732 Power - ok
12:22:59.0542 0732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:22:59.0544 0732 PptpMiniport - ok
12:22:59.0559 0732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:22:59.0561 0732 Processor - ok
12:22:59.0610 0732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:22:59.0614 0732 ProfSvc - ok
12:22:59.0624 0732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:22:59.0625 0732 ProtectedStorage - ok
12:22:59.0654 0732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:22:59.0656 0732 Psched - ok
12:22:59.0699 0732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:22:59.0750 0732 ql2300 - ok
12:22:59.0765 0732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:22:59.0768 0732 ql40xx - ok
12:22:59.0813 0732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:22:59.0817 0732 QWAVE - ok
12:22:59.0831 0732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:22:59.0833 0732 QWAVEdrv - ok
12:22:59.0841 0732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:22:59.0842 0732 RasAcd - ok
12:22:59.0887 0732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:22:59.0889 0732 RasAgileVpn - ok
12:22:59.0901 0732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:22:59.0904 0732 RasAuto - ok
12:22:59.0919 0732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:22:59.0921 0732 Rasl2tp - ok
12:22:59.0934 0732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:22:59.0940 0732 RasMan - ok
12:22:59.0955 0732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:22:59.0957 0732 RasPppoe - ok
12:22:59.0963 0732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:22:59.0965 0732 RasSstp - ok
12:22:59.0980 0732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:22:59.0986 0732 rdbss - ok
12:23:00.0019 0732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:23:00.0020 0732 rdpbus - ok
12:23:00.0036 0732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:23:00.0037 0732 RDPCDD - ok
12:23:00.0096 0732 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:23:00.0098 0732 RDPDR - ok
12:23:00.0112 0732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:23:00.0114 0732 RDPENCDD - ok
12:23:00.0130 0732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:23:00.0131 0732 RDPREFMP - ok
12:23:00.0187 0732 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:23:00.0189 0732 RdpVideoMiniport - ok
12:23:00.0233 0732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:23:00.0236 0732 RDPWD - ok
12:23:00.0253 0732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:23:00.0256 0732 rdyboost - ok
12:23:00.0301 0732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:23:00.0304 0732 RemoteAccess - ok
12:23:00.0351 0732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:23:00.0355 0732 RemoteRegistry - ok
12:23:00.0424 0732 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:23:00.0427 0732 RFCOMM - ok
12:23:00.0449 0732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:23:00.0451 0732 RpcEptMapper - ok
12:23:00.0494 0732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:23:00.0496 0732 RpcLocator - ok
12:23:00.0513 0732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:23:00.0517 0732 RpcSs - ok
12:23:00.0530 0732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:23:00.0532 0732 rspndr - ok
12:23:00.0570 0732 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:23:00.0571 0732 s3cap - ok
12:23:00.0587 0732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:23:00.0588 0732 SamSs - ok
12:23:00.0672 0732 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:23:00.0672 0732 SASDIFSV - ok
12:23:00.0678 0732 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:23:00.0679 0732 SASKUTIL - ok
12:23:00.0694 0732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:23:00.0696 0732 sbp2port - ok
12:23:00.0724 0732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:23:00.0728 0732 SCardSvr - ok
12:23:00.0764 0732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:23:00.0765 0732 scfilter - ok
12:23:00.0799 0732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:23:00.0831 0732 Schedule - ok
12:23:00.0870 0732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:23:00.0871 0732 SCPolicySvc - ok
12:23:00.0884 0732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:23:00.0888 0732 SDRSVC - ok
12:23:00.0906 0732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:23:00.0907 0732 secdrv - ok
12:23:00.0917 0732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:23:00.0919 0732 seclogon - ok
12:23:00.0928 0732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:23:00.0931 0732 SENS - ok
12:23:00.0939 0732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:23:00.0941 0732 SensrSvc - ok
12:23:00.0963 0732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:23:00.0965 0732 Serenum - ok
12:23:00.0976 0732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:23:00.0978 0732 Serial - ok
12:23:00.0992 0732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:23:00.0994 0732 sermouse - ok
12:23:01.0007 0732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:23:01.0010 0732 SessionEnv - ok
12:23:01.0020 0732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:23:01.0021 0732 sffdisk - ok
12:23:01.0058 0732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:23:01.0060 0732 sffp_mmc - ok
12:23:01.0064 0732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:23:01.0065 0732 sffp_sd - ok
12:23:01.0069 0732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:23:01.0070 0732 sfloppy - ok
12:23:01.0122 0732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:23:01.0128 0732 SharedAccess - ok
12:23:01.0172 0732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:23:01.0178 0732 ShellHWDetection - ok
12:23:01.0203 0732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:23:01.0204 0732 SiSRaid2 - ok
12:23:01.0221 0732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:23:01.0223 0732 SiSRaid4 - ok
12:23:01.0404 0732 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:23:01.0480 0732 Skype C2C Service - ok
12:23:01.0560 0732 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:23:01.0563 0732 SkypeUpdate - ok
12:23:01.0584 0732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:23:01.0586 0732 Smb - ok
12:23:01.0616 0732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:23:01.0618 0732 SNMPTRAP - ok
12:23:01.0695 0732 [ 2BADEF77B26033065B1049EB51F6AE54 ] SpeedDiskService C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
12:23:01.0719 0732 SpeedDiskService - ok
12:23:01.0755 0732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:23:01.0757 0732 spldr - ok
12:23:01.0804 0732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:23:01.0815 0732 Spooler - ok
12:23:02.0554 0732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:23:02.0621 0732 sppsvc - ok
12:23:02.0641 0732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:23:02.0644 0732 sppuinotify - ok
12:23:02.0693 0732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:23:02.0699 0732 srv - ok
12:23:02.0718 0732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:23:02.0724 0732 srv2 - ok
12:23:02.0772 0732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:23:02.0775 0732 srvnet - ok
12:23:02.0826 0732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:23:02.0830 0732 SSDPSRV - ok
12:23:02.0842 0732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:23:02.0845 0732 SstpSvc - ok
12:23:02.0884 0732 Steam Client Service - ok
12:23:02.0990 0732 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:23:02.0995 0732 Stereo Service - ok
12:23:03.0042 0732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:23:03.0043 0732 stexstor - ok
12:23:03.0110 0732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:23:03.0122 0732 stisvc - ok
12:23:03.0173 0732 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:23:03.0175 0732 storflt - ok
12:23:03.0198 0732 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:23:03.0200 0732 storvsc - ok
12:23:03.0207 0732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:23:03.0208 0732 swenum - ok
12:23:03.0227 0732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:23:03.0239 0732 swprv - ok
12:23:03.0299 0732 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
12:23:03.0301 0732 Synth3dVsc - ok
12:23:03.0340 0732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:23:03.0388 0732 SysMain - ok
12:23:03.0437 0732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:23:03.0440 0732 TabletInputService - ok
12:23:03.0505 0732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:23:03.0512 0732 TapiSrv - ok
12:23:03.0528 0732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:23:03.0531 0732 TBS - ok
12:23:03.0623 0732 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:23:03.0665 0732 Tcpip - ok
12:23:03.0716 0732 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:23:03.0727 0732 TCPIP6 - ok
12:23:03.0766 0732 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:23:03.0768 0732 tcpipreg - ok
12:23:03.0780 0732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:23:03.0782 0732 TDPIPE - ok
12:23:03.0821 0732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:23:03.0822 0732 TDTCP - ok
12:23:03.0847 0732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:23:03.0849 0732 tdx - ok
12:23:03.0864 0732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:23:03.0866 0732 TermDD - ok
12:23:03.0874 0732 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
12:23:03.0875 0732 terminpt - ok
12:23:03.0903 0732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:23:03.0916 0732 TermService - ok
12:23:03.0930 0732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:23:03.0932 0732 Themes - ok
12:23:03.0940 0732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:23:03.0941 0732 THREADORDER - ok
12:23:03.0957 0732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:23:03.0960 0732 TrkWks - ok
12:23:04.0042 0732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:23:04.0046 0732 TrustedInstaller - ok
12:23:04.0062 0732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:23:04.0064 0732 tssecsrv - ok
12:23:04.0078 0732 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:23:04.0079 0732 TsUsbFlt - ok
12:23:04.0093 0732 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:23:04.0094 0732 TsUsbGD - ok
12:23:04.0103 0732 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
12:23:04.0105 0732 tsusbhub - ok
12:23:04.0133 0732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:23:04.0136 0732 tunnel - ok
12:23:04.0162 0732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:23:04.0164 0732 uagp35 - ok
12:23:04.0178 0732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:23:04.0182 0732 udfs - ok
12:23:04.0204 0732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:23:04.0207 0732 UI0Detect - ok
12:23:04.0219 0732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:23:04.0221 0732 uliagpkx - ok
12:23:04.0235 0732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:23:04.0237 0732 umbus - ok
12:23:04.0246 0732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:23:04.0247 0732 UmPass - ok
12:23:04.0294 0732 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:23:04.0299 0732 UmRdpService - ok
12:23:04.0366 0732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:23:04.0372 0732 upnphost - ok
12:23:04.0394 0732 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:23:04.0397 0732 usbaudio - ok
12:23:04.0439 0732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:23:04.0441 0732 usbccgp - ok
12:23:04.0469 0732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:23:04.0471 0732 usbcir - ok
12:23:04.0513 0732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:23:04.0514 0732 usbehci - ok
12:23:04.0528 0732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:23:04.0533 0732 usbhub - ok
12:23:04.0553 0732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:23:04.0554 0732 usbohci - ok
12:23:04.0559 0732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:23:04.0561 0732 usbprint - ok
12:23:04.0617 0732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:23:04.0619 0732 USBSTOR - ok
12:23:04.0628 0732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:23:04.0630 0732 usbuhci - ok
12:23:04.0641 0732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:23:04.0643 0732 UxSms - ok
12:23:04.0653 0732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:23:04.0655 0732 VaultSvc - ok
12:23:04.0665 0732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:23:04.0666 0732 vdrvroot - ok
12:23:04.0687 0732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:23:04.0699 0732 vds - ok
12:23:04.0722 0732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:23:04.0723 0732 vga - ok
12:23:04.0731 0732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:23:04.0732 0732 VgaSave - ok
12:23:04.0737 0732 VGPU - ok
12:23:04.0758 0732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:23:04.0761 0732 vhdmp - ok
12:23:04.0782 0732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:23:04.0783 0732 viaide - ok
12:23:04.0823 0732 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:23:04.0826 0732 vmbus - ok
12:23:04.0839 0732 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:23:04.0840 0732 VMBusHID - ok
12:23:04.0855 0732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:23:04.0857 0732 volmgr - ok
12:23:04.0878 0732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:23:04.0882 0732 volmgrx - ok
12:23:04.0909 0732 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:23:04.0913 0732 volsnap - ok
12:23:04.0937 0732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:23:04.0939 0732 vsmraid - ok
12:23:04.0994 0732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:23:05.0028 0732 VSS - ok
12:23:05.0099 0732 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
12:23:05.0104 0732 VST64HWBS2 - ok
12:23:05.0152 0732 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:23:05.0186 0732 VST64_DPV - ok
12:23:05.0212 0732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:23:05.0213 0732 vwifibus - ok
12:23:05.0234 0732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:23:05.0240 0732 W32Time - ok
12:23:05.0266 0732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:23:05.0268 0732 WacomPen - ok
12:23:05.0296 0732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:23:05.0298 0732 WANARP - ok
12:23:05.0311 0732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:23:05.0312 0732 Wanarpv6 - ok
12:23:05.0390 0732 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:23:05.0436 0732 WatAdminSvc - ok
12:23:05.0504 0732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:23:05.0547 0732 wbengine - ok
12:23:05.0576 0732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:23:05.0580 0732 WbioSrvc - ok
12:23:05.0620 0732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:23:05.0626 0732 wcncsvc - ok
12:23:05.0664 0732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:23:05.0667 0732 WcsPlugInService - ok
12:23:05.0674 0732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:23:05.0676 0732 Wd - ok
12:23:05.0736 0732 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:23:05.0748 0732 Wdf01000 - ok
12:23:05.0786 0732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:23:05.0790 0732 WdiServiceHost - ok
12:23:05.0794 0732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:23:05.0797 0732 WdiSystemHost - ok
12:23:05.0844 0732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:23:05.0849 0732 WebClient - ok
12:23:05.0860 0732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:23:05.0865 0732 Wecsvc - ok
12:23:05.0880 0732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:23:05.0883 0732 wercplsupport - ok
12:23:05.0909 0732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:23:05.0912 0732 WerSvc - ok
12:23:05.0942 0732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:23:05.0944 0732 WfpLwf - ok
12:23:05.0952 0732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:23:05.0953 0732 WIMMount - ok
12:23:06.0013 0732 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:23:06.0024 0732 winachsf - ok
12:23:06.0060 0732 WinDefend - ok
12:23:06.0065 0732 WinHttpAutoProxySvc - ok
12:23:06.0138 0732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:23:06.0142 0732 Winmgmt - ok
12:23:06.0225 0732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:23:06.0268 0732 WinRM - ok
12:23:06.0359 0732 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.SYS
12:23:06.0360 0732 WinUsb - ok
12:23:06.0389 0732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:23:06.0414 0732 Wlansvc - ok
12:23:06.0437 0732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:23:06.0439 0732 WmiAcpi - ok
12:23:06.0486 0732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:23:06.0490 0732 wmiApSrv - ok
12:23:06.0502 0732 WMPNetworkSvc - ok
12:23:06.0509 0732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:23:06.0512 0732 WPCSvc - ok
12:23:06.0558 0732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:23:06.0561 0732 WPDBusEnum - ok
12:23:06.0623 0732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:23:06.0625 0732 ws2ifsl - ok
12:23:06.0640 0732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:23:06.0644 0732 wscsvc - ok
12:23:06.0647 0732 WSearch - ok
12:23:06.0818 0732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:23:06.0885 0732 wuauserv - ok
12:23:06.0938 0732 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:23:06.0940 0732 WudfPf - ok
12:23:07.0000 0732 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:23:07.0003 0732 WUDFRd - ok
12:23:07.0046 0732 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:23:07.0049 0732 wudfsvc - ok
12:23:07.0096 0732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:23:07.0129 0732 WwanSvc - ok
12:23:07.0185 0732 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
12:23:07.0187 0732 xusb21 - ok
12:23:07.0192 0732 ================ Scan global ===============================
12:23:07.0230 0732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:23:07.0272 0732 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:23:07.0288 0732 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:23:07.0347 0732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:23:07.0394 0732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:23:07.0399 0732 [Global] - ok
12:23:07.0400 0732 ================ Scan MBR ==================================
12:23:07.0403 0732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:23:07.0403 0732 Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:23:07.0499 0732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:23:07.0499 0732 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:23:07.0499 0732 ================ Scan VBR ==================================
12:23:07.0516 0732 [ B00965EBF3C182CE85D0F5763C37DDB4 ] \Device\Harddisk0\DR0\Partition1
12:23:07.0518 0732 \Device\Harddisk0\DR0\Partition1 - ok
12:23:07.0521 0732 [ 7E4BA4696544284B8907ECE022395B3D ] \Device\Harddisk0\DR0\Partition2
12:23:07.0523 0732 \Device\Harddisk0\DR0\Partition2 - ok
12:23:07.0524 0732 ============================================================
12:23:07.0524 0732 Scan finished
12:23:07.0524 0732 ============================================================
12:23:07.0537 6008 Detected object count: 1
12:23:07.0537 6008 Actual detected object count: 1
12:23:37.0181 6008 \Device\Harddisk0\DR0\# - copied to quarantine
12:23:37.0183 6008 \Device\Harddisk0\DR0 - copied to quarantine
12:23:37.0211 6008 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:23:37.0213 6008 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:23:37.0224 6008 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:23:37.0230 6008 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:23:37.0232 6008 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:23:37.0233 6008 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:23:37.0234 6008 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:23:37.0236 6008 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:23:37.0238 6008 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:23:37.0238 6008 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:23:37.0239 6008 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:23:37.0241 6008 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:23:37.0243 6008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:23:37.0244 6008 \Device\Harddisk0\DR0 - ok
12:23:37.0289 6008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:23:41.0255 6748 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-27 12:25:59
-----------------------------
12:25:59.660 OS Version: Windows x64 6.1.7601 Service Pack 1
12:25:59.660 Number of processors: 4 586 0xF0B
12:25:59.675 ComputerName: JUSTINDCARROLL UserName:
12:26:00.970 Initialize success
12:26:44.345 AVAST engine defs: 12122701
12:33:41.826 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:33:41.826 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 8
12:33:41.873 Disk 0 MBR read successfully
12:33:41.889 Disk 0 MBR scan
12:33:41.889 Disk 0 Windows 7 default MBR code
12:33:41.889 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
12:33:41.935 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
12:33:41.951 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 289829 MB offset 31569920
12:33:41.967 Disk 0 scanning C:\Windows\system32\drivers
12:33:59.595 Service scanning
12:34:41.324 Modules scanning
12:34:41.331 Disk 0 trace - called modules:
12:34:41.350 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
12:34:41.852 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004092060]
12:34:41.852 3 CLASSPNP.SYS[fffff88001b6643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002f59050]
12:34:46.798 AVAST engine scan C:\Windows
12:34:51.836 AVAST engine scan C:\Windows\system32
12:38:38.430 AVAST engine scan C:\Windows\system32\drivers
12:38:53.453 AVAST engine scan C:\Users\Justin D Carroll
12:46:00.895 Disk 0 MBR has been saved successfully to "C:\Users\Justin D Carroll\Desktop\MBR.dat"
12:46:00.911 The log file has been saved successfully to "C:\Users\Justin D Carroll\Desktop\aswMBR.txt"

ESET LOG

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U484005G\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus unable to clean
C:\Windows.old\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application unable to clean
C:\Windows.old\Users\Dustin\Local Settings\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application unable to clean
C:\Windows.old\Users\Dustin\Local Settings\Temp\YontooSetup-S.exe multiple threats unable to clean
C:\TDSSKiller_Quarantine\27.12.2012_12.22.38\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.22.38\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.22.38\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.22.38\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.22.38\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.22.38\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.25.30\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.25.30\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.25.30\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.25.30\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.25.30\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_12.25.30\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Justin D Carroll\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U484005G\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows.old\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Windows.old\Users\Dustin\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Windows.old\Users\Dustin\AppData\Local\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined

Edited by boopme, 27 December 2012 - 03:32 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 27 December 2012 - 07:38 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 lordsigurd

lordsigurd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 December 2012 - 11:49 AM

Is there another device I can use if I do not have a flash drive at the moment?

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 28 December 2012 - 04:12 PM

Yes, Please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 lordsigurd

lordsigurd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 December 2012 - 05:43 PM

ComboFix 12-12-28.02 - Justin D Carroll 12/28/2012 17:26:18.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1723 [GMT -5:00]
Running from: c:\users\Justin D Carroll\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 22:32 . 2012-12-28 22:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-28 22:32 . 2012-12-28 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 20:44 . 2012-12-28 20:44 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB191B3A-E312-49D1-A1BC-EBD970EE23EE}\offreg.dll
2012-12-28 16:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB191B3A-E312-49D1-A1BC-EBD970EE23EE}\mpengine.dll
2012-12-27 17:27 . 2012-12-27 17:27 -------- d-----w- c:\program files (x86)\ESET
2012-12-27 17:23 . 2012-12-27 17:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-23 21:09 . 2012-12-23 21:09 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-23 20:57 . 2012-12-23 20:57 -------- d-----w- c:\program files (x86)\Foxit Software
2012-12-23 20:56 . 2012-12-25 04:28 -------- d-----w- C:\GOG Games
2012-12-23 20:28 . 2012-12-23 20:29 -------- d-----w- c:\program files (x86)\Google
2012-12-21 08:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 08:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 23:24 . 2012-12-18 23:24 -------- d-----w- c:\users\Justin D Carroll\AppData\Roaming\SUPERAntiSpyware.com
2012-12-18 23:24 . 2012-12-18 23:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-18 23:24 . 2012-12-18 23:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-18 23:09 . 2012-12-18 23:09 -------- d-----w- C:\f672ee3d72e6da5f7a0f8c62c2b5d7
2012-12-15 18:59 . 2012-12-15 18:59 -------- d-----w- c:\users\Justin D Carroll\AppData\Roaming\Malwarebytes
2012-12-15 18:59 . 2012-12-15 18:59 -------- d-----w- c:\programdata\Malwarebytes
2012-12-15 18:59 . 2012-12-19 02:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-15 18:46 . 2012-12-15 18:46 -------- d-----w- c:\programdata\AVAST Software
2012-12-15 18:46 . 2012-12-15 18:46 -------- d-----w- c:\program files\AVAST Software
2012-12-11 23:04 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 23:03 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 23:03 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-06 04:03 . 2012-12-06 04:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-06 03:58 . 2012-12-06 03:58 -------- d-----w- c:\windows\Sun
2012-12-01 03:43 . 2012-12-01 03:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 05:19 . 2012-07-14 18:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 05:19 . 2012-07-14 18:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-03 15:47 . 2012-10-11 02:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-11 02:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-07-14 22:48 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-07-14 22:48 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-07-14 22:48 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-01 05:49 . 2012-07-14 22:49 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-07-14 22:49 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-07-14 22:49 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-07-14 22:49 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-07-14 22:49 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-07-14 22:49 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-16 08:38 . 2012-11-27 22:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 22:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 22:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 09:05 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 09:05 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 09:05 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:05 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-11 23:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 09:05 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 09:05 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 09:05 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 09:05 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 09:05 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 09:05 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 09:05 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 09:05 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:05 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:05 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 09:05 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:50 . 2012-11-23 08:05 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-09-30 03:50 . 2012-11-11 03:47 512544 ----a-w- c:\windows\SysWow64\msxml.dll
2012-09-30 03:49 . 2012-11-11 03:47 40992 ----a-w- c:\windows\system32\CleanMFT64.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-07-14 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-07-14 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-03 1398680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1255736]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-10-20 131912]
R4 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-09-30 1147424]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R4 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2012-09-30 792608]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-09-30 1160224]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-04 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-11 115272]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 07732653
*NewlyCreated* - 75511644
*NewlyCreated* - ASWMBR
*Deregistered* - 07732653
*Deregistered* - 75511644
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 05:19]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23 20:28]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23 20:28]
.
2012-12-27 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2012-11-11 03:49]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
SafeBoot-75511644.sys
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:eb,9d,27,1d,5f,d5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-28 17:35:52
ComboFix-quarantined-files.txt 2012-12-28 22:35
.
Pre-Run: 50,407,075,840 bytes free
Post-Run: 53,682,958,336 bytes free
.
- - End Of File - - F266F95507630BAC6E531C17F80D8445

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 28 December 2012 - 05:56 PM

we still have a little more work to do with ComboFix, but I'd like you to run this tool first:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 lordsigurd

lordsigurd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 December 2012 - 06:49 PM

18:47:39.0263 2968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:47:39.0578 2968 ============================================================
18:47:39.0578 2968 Current date / time: 2012/12/28 18:47:39.0578
18:47:39.0578 2968 SystemInfo:
18:47:39.0578 2968
18:47:39.0578 2968 OS Version: 6.1.7601 ServicePack: 1.0
18:47:39.0578 2968 Product type: Workstation
18:47:39.0578 2968 ComputerName: JUSTINDCARROLL
18:47:39.0578 2968 UserName: Justin D Carroll
18:47:39.0578 2968 Windows directory: C:\Windows
18:47:39.0578 2968 System windows directory: C:\Windows
18:47:39.0578 2968 Running under WOW64
18:47:39.0578 2968 Processor architecture: Intel x64
18:47:39.0578 2968 Number of processors: 4
18:47:39.0578 2968 Page size: 0x1000
18:47:39.0578 2968 Boot type: Normal boot
18:47:39.0578 2968 ============================================================
18:47:40.0258 2968 BG loaded
18:47:40.0548 2968 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:47:40.0601 2968 ============================================================
18:47:40.0601 2968 \Device\Harddisk0\DR0:
18:47:40.0601 2968 MBR partitions:
18:47:40.0601 2968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
18:47:40.0601 2968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x23612800
18:47:40.0601 2968 ============================================================
18:47:40.0616 2968 C: <-> \Device\Harddisk0\DR0\Partition2
18:47:40.0636 2968 D: <-> \Device\Harddisk0\DR0\Partition1
18:47:40.0637 2968 ============================================================
18:47:40.0637 2968 Initialize success
18:47:40.0637 2968 ============================================================
18:48:12.0194 1032 ============================================================
18:48:12.0194 1032 Scan started
18:48:12.0194 1032 Mode: Manual; TDLFS;
18:48:12.0195 1032 ============================================================
18:48:13.0049 1032 ================ Scan system memory ========================
18:48:13.0049 1032 System memory - ok
18:48:13.0050 1032 ================ Scan services =============================
18:48:13.0153 1032 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:48:13.0155 1032 !SASCORE - ok
18:48:13.0395 1032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:48:13.0398 1032 1394ohci - ok
18:48:13.0420 1032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:48:13.0424 1032 ACPI - ok
18:48:13.0437 1032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:48:13.0438 1032 AcpiPmi - ok
18:48:13.0539 1032 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:13.0541 1032 AdobeARMservice - ok
18:48:13.0646 1032 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:48:13.0650 1032 AdobeFlashPlayerUpdateSvc - ok
18:48:13.0683 1032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:48:13.0689 1032 adp94xx - ok
18:48:13.0705 1032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:48:13.0710 1032 adpahci - ok
18:48:13.0725 1032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:48:13.0728 1032 adpu320 - ok
18:48:13.0777 1032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:48:13.0778 1032 AeLookupSvc - ok
18:48:13.0837 1032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:48:13.0843 1032 AFD - ok
18:48:13.0856 1032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:48:13.0858 1032 agp440 - ok
18:48:13.0866 1032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:48:13.0867 1032 ALG - ok
18:48:13.0877 1032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:48:13.0878 1032 aliide - ok
18:48:13.0900 1032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:48:13.0902 1032 amdide - ok
18:48:13.0913 1032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:48:13.0915 1032 AmdK8 - ok
18:48:13.0930 1032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:48:13.0932 1032 AmdPPM - ok
18:48:13.0978 1032 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:48:13.0980 1032 amdsata - ok
18:48:13.0999 1032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:48:14.0002 1032 amdsbs - ok
18:48:14.0015 1032 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:48:14.0016 1032 amdxata - ok
18:48:14.0024 1032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:48:14.0025 1032 AppID - ok
18:48:14.0076 1032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:48:14.0077 1032 AppIDSvc - ok
18:48:14.0093 1032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:48:14.0095 1032 Appinfo - ok
18:48:14.0133 1032 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:48:14.0136 1032 AppMgmt - ok
18:48:14.0153 1032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:48:14.0155 1032 arc - ok
18:48:14.0169 1032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:48:14.0171 1032 arcsas - ok
18:48:14.0195 1032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:14.0196 1032 AsyncMac - ok
18:48:14.0216 1032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:48:14.0217 1032 atapi - ok
18:48:14.0239 1032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:48:14.0251 1032 AudioEndpointBuilder - ok
18:48:14.0262 1032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:48:14.0266 1032 AudioSrv - ok
18:48:14.0314 1032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:48:14.0316 1032 AxInstSV - ok
18:48:14.0339 1032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:48:14.0345 1032 b06bdrv - ok
18:48:14.0364 1032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:48:14.0368 1032 b57nd60a - ok
18:48:14.0379 1032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:48:14.0381 1032 BDESVC - ok
18:48:14.0385 1032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:48:14.0386 1032 Beep - ok
18:48:14.0423 1032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:48:14.0434 1032 BFE - ok
18:48:14.0492 1032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:48:14.0510 1032 BITS - ok
18:48:14.0525 1032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:48:14.0527 1032 blbdrive - ok
18:48:14.0576 1032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:48:14.0578 1032 bowser - ok
18:48:14.0584 1032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:48:14.0585 1032 BrFiltLo - ok
18:48:14.0596 1032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:48:14.0597 1032 BrFiltUp - ok
18:48:14.0614 1032 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:48:14.0616 1032 BridgeMP - ok
18:48:14.0664 1032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:48:14.0666 1032 Browser - ok
18:48:14.0678 1032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:48:14.0682 1032 Brserid - ok
18:48:14.0691 1032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:48:14.0693 1032 BrSerWdm - ok
18:48:14.0700 1032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:48:14.0701 1032 BrUsbMdm - ok
18:48:14.0709 1032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:48:14.0710 1032 BrUsbSer - ok
18:48:14.0770 1032 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:48:14.0772 1032 BthEnum - ok
18:48:14.0787 1032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:48:14.0789 1032 BTHMODEM - ok
18:48:14.0835 1032 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:48:14.0837 1032 BthPan - ok
18:48:14.0906 1032 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:48:14.0912 1032 BTHPORT - ok
18:48:14.0961 1032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:48:14.0963 1032 bthserv - ok
18:48:15.0044 1032 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:48:15.0052 1032 BTHUSB - ok
18:48:15.0085 1032 catchme - ok
18:48:15.0130 1032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:48:15.0132 1032 cdfs - ok
18:48:15.0191 1032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:48:15.0195 1032 cdrom - ok
18:48:15.0223 1032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:48:15.0224 1032 CertPropSvc - ok
18:48:15.0239 1032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:48:15.0240 1032 circlass - ok
18:48:15.0260 1032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:48:15.0265 1032 CLFS - ok
18:48:15.0377 1032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:15.0381 1032 clr_optimization_v2.0.50727_32 - ok
18:48:15.0471 1032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:15.0474 1032 clr_optimization_v2.0.50727_64 - ok
18:48:15.0550 1032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:15.0574 1032 clr_optimization_v4.0.30319_32 - ok
18:48:15.0614 1032 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:48:15.0616 1032 clr_optimization_v4.0.30319_64 - ok
18:48:15.0635 1032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:48:15.0636 1032 CmBatt - ok
18:48:15.0644 1032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:48:15.0645 1032 cmdide - ok
18:48:15.0694 1032 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:48:15.0714 1032 CNG - ok
18:48:15.0745 1032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:48:15.0746 1032 Compbatt - ok
18:48:15.0762 1032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:48:15.0763 1032 CompositeBus - ok
18:48:15.0768 1032 COMSysApp - ok
18:48:15.0783 1032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:48:15.0784 1032 crcdisk - ok
18:48:15.0827 1032 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:48:15.0830 1032 CryptSvc - ok
18:48:15.0883 1032 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:48:15.0897 1032 CSC - ok
18:48:15.0925 1032 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:48:15.0939 1032 CscService - ok
18:48:16.0003 1032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:48:16.0016 1032 DcomLaunch - ok
18:48:16.0076 1032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:48:16.0082 1032 defragsvc - ok
18:48:16.0154 1032 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
18:48:16.0156 1032 Desura Install Service - ok
18:48:16.0170 1032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:48:16.0172 1032 DfsC - ok
18:48:16.0201 1032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:48:16.0205 1032 Dhcp - ok
18:48:16.0231 1032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:48:16.0232 1032 discache - ok
18:48:16.0262 1032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:48:16.0264 1032 Disk - ok
18:48:16.0375 1032 [ AE39BAFDDDB0B27F1CFE3639423594B5 ] DiskDoctorService C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
18:48:16.0400 1032 DiskDoctorService - ok
18:48:16.0443 1032 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:48:16.0445 1032 dmvsc - ok
18:48:16.0494 1032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:48:16.0497 1032 Dnscache - ok
18:48:16.0548 1032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:48:16.0553 1032 dot3svc - ok
18:48:16.0568 1032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:48:16.0571 1032 DPS - ok
18:48:16.0624 1032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:48:16.0625 1032 drmkaud - ok
18:48:16.0684 1032 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:48:16.0688 1032 dtsoftbus01 - ok
18:48:16.0750 1032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:48:16.0775 1032 DXGKrnl - ok
18:48:16.0831 1032 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
18:48:16.0835 1032 e1express - ok
18:48:16.0874 1032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:48:16.0876 1032 EapHost - ok
18:48:16.0949 1032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:48:17.0020 1032 ebdrv - ok
18:48:17.0221 1032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:48:17.0223 1032 EFS - ok
18:48:17.0310 1032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:48:17.0323 1032 ehRecvr - ok
18:48:17.0349 1032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:48:17.0351 1032 ehSched - ok
18:48:17.0379 1032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:48:17.0385 1032 elxstor - ok
18:48:17.0427 1032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:48:17.0428 1032 ErrDev - ok
18:48:17.0457 1032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:48:17.0463 1032 EventSystem - ok
18:48:17.0521 1032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:48:17.0524 1032 exfat - ok
18:48:17.0537 1032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:48:17.0540 1032 fastfat - ok
18:48:17.0599 1032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:48:17.0612 1032 Fax - ok
18:48:17.0627 1032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:48:17.0628 1032 fdc - ok
18:48:17.0640 1032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:48:17.0642 1032 fdPHost - ok
18:48:17.0651 1032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:48:17.0653 1032 FDResPub - ok
18:48:17.0669 1032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:48:17.0670 1032 FileInfo - ok
18:48:17.0682 1032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:48:17.0683 1032 Filetrace - ok
18:48:17.0692 1032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:48:17.0693 1032 flpydisk - ok
18:48:17.0712 1032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:48:17.0716 1032 FltMgr - ok
18:48:17.0781 1032 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:48:17.0806 1032 FontCache - ok
18:48:17.0880 1032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:17.0882 1032 FontCache3.0.0.0 - ok
18:48:17.0906 1032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:48:17.0908 1032 FsDepends - ok
18:48:17.0944 1032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:48:17.0945 1032 Fs_Rec - ok
18:48:17.0961 1032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:48:17.0964 1032 fvevol - ok
18:48:17.0970 1032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:48:17.0971 1032 gagp30kx - ok
18:48:18.0000 1032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:48:18.0014 1032 gpsvc - ok
18:48:18.0052 1032 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:18.0054 1032 gupdate - ok
18:48:18.0059 1032 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:18.0060 1032 gupdatem - ok
18:48:18.0073 1032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:48:18.0074 1032 hcw85cir - ok
18:48:18.0129 1032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:48:18.0134 1032 HdAudAddService - ok
18:48:18.0147 1032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:48:18.0149 1032 HDAudBus - ok
18:48:18.0161 1032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:48:18.0162 1032 HidBatt - ok
18:48:18.0175 1032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:48:18.0177 1032 HidBth - ok
18:48:18.0190 1032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:48:18.0191 1032 HidIr - ok
18:48:18.0243 1032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:48:18.0245 1032 hidserv - ok
18:48:18.0270 1032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:48:18.0271 1032 HidUsb - ok
18:48:18.0311 1032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:48:18.0313 1032 hkmsvc - ok
18:48:18.0327 1032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:48:18.0331 1032 HomeGroupListener - ok
18:48:18.0376 1032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:48:18.0380 1032 HomeGroupProvider - ok
18:48:18.0390 1032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:48:18.0392 1032 HpSAMD - ok
18:48:18.0423 1032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:48:18.0444 1032 HTTP - ok
18:48:18.0460 1032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:48:18.0461 1032 hwpolicy - ok
18:48:18.0476 1032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:48:18.0478 1032 i8042prt - ok
18:48:18.0498 1032 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:48:18.0501 1032 iaStorV - ok
18:48:18.0566 1032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:18.0592 1032 idsvc - ok
18:48:18.0614 1032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:48:18.0615 1032 iirsp - ok
18:48:18.0675 1032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:48:18.0700 1032 IKEEXT - ok
18:48:18.0717 1032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:48:18.0718 1032 intelide - ok
18:48:18.0739 1032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:48:18.0741 1032 intelppm - ok
18:48:18.0755 1032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:48:18.0758 1032 IPBusEnum - ok
18:48:18.0768 1032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:18.0770 1032 IpFilterDriver - ok
18:48:18.0818 1032 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:48:18.0830 1032 iphlpsvc - ok
18:48:18.0844 1032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:48:18.0846 1032 IPMIDRV - ok
18:48:18.0858 1032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:48:18.0860 1032 IPNAT - ok
18:48:18.0875 1032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:48:18.0876 1032 IRENUM - ok
18:48:18.0889 1032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:48:18.0890 1032 isapnp - ok
18:48:18.0908 1032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:48:18.0912 1032 iScsiPrt - ok
18:48:18.0938 1032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:48:18.0939 1032 kbdclass - ok
18:48:18.0954 1032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:48:18.0956 1032 kbdhid - ok
18:48:18.0972 1032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:48:18.0977 1032 KeyIso - ok
18:48:19.0022 1032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:48:19.0024 1032 KSecDD - ok
18:48:19.0039 1032 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:48:19.0042 1032 KSecPkg - ok
18:48:19.0053 1032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:48:19.0055 1032 ksthunk - ok
18:48:19.0105 1032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:48:19.0112 1032 KtmRm - ok
18:48:19.0172 1032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:48:19.0177 1032 LanmanServer - ok
18:48:19.0224 1032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:48:19.0228 1032 LanmanWorkstation - ok
18:48:19.0245 1032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:48:19.0247 1032 lltdio - ok
18:48:19.0442 1032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:48:19.0446 1032 lltdsvc - ok
18:48:19.0462 1032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:48:19.0464 1032 lmhosts - ok
18:48:19.0493 1032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:48:19.0495 1032 LSI_FC - ok
18:48:19.0507 1032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:48:19.0509 1032 LSI_SAS - ok
18:48:19.0524 1032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:48:19.0526 1032 LSI_SAS2 - ok
18:48:19.0541 1032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:48:19.0543 1032 LSI_SCSI - ok
18:48:19.0563 1032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:48:19.0566 1032 luafv - ok
18:48:19.0631 1032 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
18:48:19.0634 1032 McComponentHostService - ok
18:48:19.0676 1032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:48:19.0679 1032 Mcx2Svc - ok
18:48:19.0704 1032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:48:19.0705 1032 megasas - ok
18:48:19.0721 1032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:48:19.0725 1032 MegaSR - ok
18:48:19.0735 1032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:48:19.0738 1032 MMCSS - ok
18:48:19.0748 1032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:48:19.0749 1032 Modem - ok
18:48:19.0771 1032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:48:19.0772 1032 monitor - ok
18:48:19.0832 1032 [ 5FEC1FF5BB9A1FA5C9CF4544D19D6D5D ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
18:48:19.0834 1032 MotioninJoyXFilter - ok
18:48:19.0855 1032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:48:19.0856 1032 mouclass - ok
18:48:19.0861 1032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:48:19.0862 1032 mouhid - ok
18:48:19.0876 1032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:48:19.0877 1032 mountmgr - ok
18:48:19.0893 1032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:48:19.0896 1032 mpio - ok
18:48:19.0912 1032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:48:19.0913 1032 mpsdrv - ok
18:48:19.0937 1032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:48:19.0962 1032 MpsSvc - ok
18:48:19.0972 1032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:48:19.0974 1032 MRxDAV - ok
18:48:20.0025 1032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:48:20.0028 1032 mrxsmb - ok
18:48:20.0045 1032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:48:20.0049 1032 mrxsmb10 - ok
18:48:20.0065 1032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:48:20.0067 1032 mrxsmb20 - ok
18:48:20.0079 1032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:48:20.0080 1032 msahci - ok
18:48:20.0093 1032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:48:20.0096 1032 msdsm - ok
18:48:20.0118 1032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:48:20.0122 1032 MSDTC - ok
18:48:20.0162 1032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:48:20.0163 1032 Msfs - ok
18:48:20.0175 1032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:48:20.0176 1032 mshidkmdf - ok
18:48:20.0185 1032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:48:20.0186 1032 msisadrv - ok
18:48:20.0236 1032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:48:20.0239 1032 MSiSCSI - ok
18:48:20.0243 1032 msiserver - ok
18:48:20.0269 1032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:48:20.0270 1032 MSKSSRV - ok
18:48:20.0293 1032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:48:20.0294 1032 MSPCLOCK - ok
18:48:20.0298 1032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:48:20.0299 1032 MSPQM - ok
18:48:20.0311 1032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:48:20.0316 1032 MsRPC - ok
18:48:20.0329 1032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:48:20.0330 1032 mssmbios - ok
18:48:20.0334 1032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:48:20.0335 1032 MSTEE - ok
18:48:20.0338 1032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:48:20.0339 1032 MTConfig - ok
18:48:20.0387 1032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:48:20.0389 1032 Mup - ok
18:48:20.0436 1032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:48:20.0448 1032 napagent - ok
18:48:20.0477 1032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:48:20.0481 1032 NativeWifiP - ok
18:48:20.0547 1032 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:48:20.0573 1032 NDIS - ok
18:48:20.0591 1032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:48:20.0592 1032 NdisCap - ok
18:48:20.0611 1032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:48:20.0613 1032 NdisTapi - ok
18:48:20.0625 1032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:48:20.0626 1032 Ndisuio - ok
18:48:20.0632 1032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:48:20.0635 1032 NdisWan - ok
18:48:20.0648 1032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:48:20.0649 1032 NDProxy - ok
18:48:20.0654 1032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:48:20.0656 1032 NetBIOS - ok
18:48:20.0662 1032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:48:20.0666 1032 NetBT - ok
18:48:20.0681 1032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:48:20.0683 1032 Netlogon - ok
18:48:20.0733 1032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:48:20.0739 1032 Netman - ok
18:48:20.0762 1032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:48:20.0768 1032 netprofm - ok
18:48:20.0810 1032 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:48:20.0812 1032 NetTcpPortSharing - ok
18:48:20.0835 1032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:48:20.0836 1032 nfrd960 - ok
18:48:20.0850 1032 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:48:20.0855 1032 NlaSvc - ok
18:48:20.0867 1032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:48:20.0868 1032 Npfs - ok
18:48:20.0915 1032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:48:20.0917 1032 nsi - ok
18:48:20.0932 1032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:48:20.0933 1032 nsiproxy - ok
18:48:21.0004 1032 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:48:21.0038 1032 Ntfs - ok
18:48:21.0114 1032 [ 68E6732D74A74B1FFD386761BC1EB764 ] NU16StartManagerSvc C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
18:48:21.0126 1032 NU16StartManagerSvc - ok
18:48:21.0185 1032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:48:21.0186 1032 Null - ok
18:48:21.0255 1032 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:48:21.0258 1032 NVHDA - ok
18:48:21.0536 1032 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:48:21.0781 1032 nvlddmkm - ok
18:48:21.0852 1032 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:48:21.0855 1032 nvraid - ok
18:48:21.0866 1032 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:48:21.0869 1032 nvstor - ok
18:48:21.0903 1032 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
18:48:21.0929 1032 nvsvc - ok
18:48:21.0979 1032 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:48:21.0993 1032 nvUpdatusService - ok
18:48:22.0007 1032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:48:22.0009 1032 nv_agp - ok
18:48:22.0021 1032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:48:22.0023 1032 ohci1394 - ok
18:48:22.0079 1032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:48:22.0084 1032 p2pimsvc - ok
18:48:22.0137 1032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:48:22.0144 1032 p2psvc - ok
18:48:22.0153 1032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:48:22.0155 1032 Parport - ok
18:48:22.0207 1032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:48:22.0209 1032 partmgr - ok
18:48:22.0225 1032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:48:22.0229 1032 PcaSvc - ok
18:48:22.0242 1032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:48:22.0245 1032 pci - ok
18:48:22.0256 1032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:48:22.0258 1032 pciide - ok
18:48:22.0278 1032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:48:22.0282 1032 pcmcia - ok
18:48:22.0300 1032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:48:22.0301 1032 pcw - ok
18:48:22.0360 1032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:48:22.0371 1032 PEAUTH - ok
18:48:22.0435 1032 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:48:22.0468 1032 PeerDistSvc - ok
18:48:22.0580 1032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:48:22.0581 1032 PerfHost - ok
18:48:22.0628 1032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:48:22.0661 1032 pla - ok
18:48:22.0715 1032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:48:22.0722 1032 PlugPlay - ok
18:48:22.0730 1032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:48:22.0732 1032 PNRPAutoReg - ok
18:48:22.0739 1032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:48:22.0742 1032 PNRPsvc - ok
18:48:22.0794 1032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:48:22.0800 1032 PolicyAgent - ok
18:48:22.0842 1032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:48:22.0846 1032 Power - ok
18:48:22.0864 1032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:48:22.0867 1032 PptpMiniport - ok
18:48:22.0882 1032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:48:22.0883 1032 Processor - ok
18:48:22.0933 1032 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:48:22.0937 1032 ProfSvc - ok
18:48:22.0947 1032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:48:22.0948 1032 ProtectedStorage - ok
18:48:22.0977 1032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:48:22.0979 1032 Psched - ok
18:48:23.0022 1032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:48:23.0056 1032 ql2300 - ok
18:48:23.0088 1032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:48:23.0090 1032 ql40xx - ok
18:48:23.0136 1032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:48:23.0140 1032 QWAVE - ok
18:48:23.0154 1032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:48:23.0155 1032 QWAVEdrv - ok
18:48:23.0163 1032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:48:23.0165 1032 RasAcd - ok
18:48:23.0209 1032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:48:23.0211 1032 RasAgileVpn - ok
18:48:23.0223 1032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:48:23.0226 1032 RasAuto - ok
18:48:23.0241 1032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:48:23.0244 1032 Rasl2tp - ok
18:48:23.0256 1032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:48:23.0262 1032 RasMan - ok
18:48:23.0310 1032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:48:23.0312 1032 RasPppoe - ok
18:48:23.0327 1032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:48:23.0329 1032 RasSstp - ok
18:48:23.0342 1032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:48:23.0346 1032 rdbss - ok
18:48:23.0358 1032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:48:23.0359 1032 rdpbus - ok
18:48:23.0367 1032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:48:23.0368 1032 RDPCDD - ok
18:48:23.0418 1032 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:48:23.0421 1032 RDPDR - ok
18:48:23.0435 1032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:48:23.0436 1032 RDPENCDD - ok
18:48:23.0452 1032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:48:23.0453 1032 RDPREFMP - ok
18:48:23.0510 1032 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:48:23.0511 1032 RdpVideoMiniport - ok
18:48:23.0555 1032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:48:23.0558 1032 RDPWD - ok
18:48:23.0575 1032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:48:23.0579 1032 rdyboost - ok
18:48:23.0624 1032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:48:23.0626 1032 RemoteAccess - ok
18:48:23.0640 1032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:48:23.0644 1032 RemoteRegistry - ok
18:48:23.0697 1032 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:48:23.0699 1032 RFCOMM - ok
18:48:23.0746 1032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:48:23.0749 1032 RpcEptMapper - ok
18:48:23.0792 1032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:48:23.0794 1032 RpcLocator - ok
18:48:23.0811 1032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:48:23.0815 1032 RpcSs - ok
18:48:23.0828 1032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:48:23.0830 1032 rspndr - ok
18:48:23.0876 1032 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:48:23.0877 1032 s3cap - ok
18:48:23.0884 1032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:48:23.0885 1032 SamSs - ok
18:48:23.0977 1032 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:48:23.0978 1032 SASDIFSV - ok
18:48:23.0984 1032 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:48:23.0985 1032 SASKUTIL - ok
18:48:24.0000 1032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:48:24.0002 1032 sbp2port - ok
18:48:24.0008 1032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:48:24.0012 1032 SCardSvr - ok
18:48:24.0053 1032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:48:24.0055 1032 scfilter - ok
18:48:24.0121 1032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:48:24.0153 1032 Schedule - ok
18:48:24.0201 1032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:48:24.0201 1032 SCPolicySvc - ok
18:48:24.0215 1032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:48:24.0219 1032 SDRSVC - ok
18:48:24.0236 1032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:48:24.0237 1032 secdrv - ok
18:48:24.0248 1032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:48:24.0250 1032 seclogon - ok
18:48:24.0259 1032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:48:24.0261 1032 SENS - ok
18:48:24.0270 1032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:48:24.0272 1032 SensrSvc - ok
18:48:24.0294 1032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:48:24.0295 1032 Serenum - ok
18:48:24.0300 1032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:48:24.0302 1032 Serial - ok
18:48:24.0315 1032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:48:24.0316 1032 sermouse - ok
18:48:24.0371 1032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:48:24.0374 1032 SessionEnv - ok
18:48:24.0384 1032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:48:24.0385 1032 sffdisk - ok
18:48:24.0397 1032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:48:24.0398 1032 sffp_mmc - ok
18:48:24.0402 1032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:48:24.0403 1032 sffp_sd - ok
18:48:24.0407 1032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:48:24.0407 1032 sfloppy - ok
18:48:24.0461 1032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:48:24.0467 1032 SharedAccess - ok
18:48:24.0520 1032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:48:24.0526 1032 ShellHWDetection - ok
18:48:24.0542 1032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:48:24.0545 1032 SiSRaid2 - ok
18:48:24.0560 1032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:48:24.0562 1032 SiSRaid4 - ok
18:48:24.0751 1032 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:48:24.0861 1032 Skype C2C Service - ok
18:48:24.0941 1032 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:48:24.0944 1032 SkypeUpdate - ok
18:48:24.0965 1032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:48:24.0966 1032 Smb - ok
18:48:24.0997 1032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:48:24.0999 1032 SNMPTRAP - ok
18:48:25.0092 1032 [ 2BADEF77B26033065B1049EB51F6AE54 ] SpeedDiskService C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
18:48:25.0117 1032 SpeedDiskService - ok
18:48:25.0151 1032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:48:25.0153 1032 spldr - ok
18:48:25.0226 1032 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:48:25.0238 1032 Spooler - ok
18:48:25.0346 1032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:48:25.0473 1032 sppsvc - ok
18:48:25.0514 1032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:48:25.0517 1032 sppuinotify - ok
18:48:25.0575 1032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:48:25.0580 1032 srv - ok
18:48:25.0642 1032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:48:25.0647 1032 srv2 - ok
18:48:25.0687 1032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:48:25.0690 1032 srvnet - ok
18:48:25.0716 1032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:48:25.0721 1032 SSDPSRV - ok
18:48:25.0732 1032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:48:25.0735 1032 SstpSvc - ok
18:48:25.0782 1032 Steam Client Service - ok
18:48:25.0880 1032 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:48:25.0885 1032 Stereo Service - ok
18:48:25.0898 1032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:48:25.0900 1032 stexstor - ok
18:48:25.0959 1032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:48:25.0970 1032 stisvc - ok
18:48:26.0013 1032 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:48:26.0015 1032 storflt - ok
18:48:26.0039 1032 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:48:26.0040 1032 storvsc - ok
18:48:26.0047 1032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:48:26.0048 1032 swenum - ok
18:48:26.0067 1032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:48:26.0079 1032 swprv - ok
18:48:26.0122 1032 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
18:48:26.0124 1032 Synth3dVsc - ok
18:48:26.0164 1032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:48:26.0206 1032 SysMain - ok
18:48:26.0219 1032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:48:26.0223 1032 TabletInputService - ok
18:48:26.0238 1032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:48:26.0243 1032 TapiSrv - ok
18:48:26.0252 1032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:48:26.0255 1032 TBS - ok
18:48:26.0329 1032 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:48:26.0372 1032 Tcpip - ok
18:48:26.0415 1032 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:48:26.0425 1032 TCPIP6 - ok
18:48:26.0466 1032 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:48:26.0467 1032 tcpipreg - ok
18:48:26.0480 1032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:48:26.0481 1032 TDPIPE - ok
18:48:26.0520 1032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:48:26.0521 1032 TDTCP - ok
18:48:26.0546 1032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:48:26.0548 1032 tdx - ok
18:48:26.0555 1032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:48:26.0557 1032 TermDD - ok
18:48:26.0564 1032 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
18:48:26.0566 1032 terminpt - ok
18:48:26.0593 1032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:48:26.0605 1032 TermService - ok
18:48:26.0621 1032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:48:26.0623 1032 Themes - ok
18:48:26.0631 1032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:48:26.0632 1032 THREADORDER - ok
18:48:26.0648 1032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:48:26.0651 1032 TrkWks - ok
18:48:26.0741 1032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:48:26.0745 1032 TrustedInstaller - ok
18:48:26.0761 1032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:48:26.0763 1032 tssecsrv - ok
18:48:26.0777 1032 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:48:26.0778 1032 TsUsbFlt - ok
18:48:26.0792 1032 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:48:26.0793 1032 TsUsbGD - ok
18:48:26.0802 1032 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
18:48:26.0805 1032 tsusbhub - ok
18:48:26.0815 1032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:48:26.0817 1032 tunnel - ok
18:48:26.0828 1032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:48:26.0830 1032 uagp35 - ok
18:48:26.0885 1032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:48:26.0890 1032 udfs - ok
18:48:26.0903 1032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:48:26.0907 1032 UI0Detect - ok
18:48:26.0919 1032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:48:26.0921 1032 uliagpkx - ok
18:48:26.0935 1032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:48:26.0936 1032 umbus - ok
18:48:26.0945 1032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:48:26.0946 1032 UmPass - ok
18:48:26.0994 1032 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:48:26.0998 1032 UmRdpService - ok
18:48:27.0040 1032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:48:27.0047 1032 upnphost - ok
18:48:27.0094 1032 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:48:27.0096 1032 usbaudio - ok
18:48:27.0147 1032 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:48:27.0148 1032 usbccgp - ok
18:48:27.0177 1032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:48:27.0179 1032 usbcir - ok
18:48:27.0228 1032 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:48:27.0230 1032 usbehci - ok
18:48:27.0261 1032 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:48:27.0266 1032 usbhub - ok
18:48:27.0302 1032 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:48:27.0303 1032 usbohci - ok
18:48:27.0308 1032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:48:27.0309 1032 usbprint - ok
18:48:27.0316 1032 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:48:27.0318 1032 USBSTOR - ok
18:48:27.0327 1032 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:48:27.0329 1032 usbuhci - ok
18:48:27.0340 1032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:48:27.0342 1032 UxSms - ok
18:48:27.0352 1032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:48:27.0354 1032 VaultSvc - ok
18:48:27.0364 1032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:48:27.0366 1032 vdrvroot - ok
18:48:27.0386 1032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:48:27.0398 1032 vds - ok
18:48:27.0413 1032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:48:27.0414 1032 vga - ok
18:48:27.0422 1032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:48:27.0423 1032 VgaSave - ok
18:48:27.0427 1032 VGPU - ok
18:48:27.0442 1032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:48:27.0445 1032 vhdmp - ok
18:48:27.0456 1032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:48:27.0458 1032 viaide - ok
18:48:27.0506 1032 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:48:27.0509 1032 vmbus - ok
18:48:27.0555 1032 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:48:27.0556 1032 VMBusHID - ok
18:48:27.0571 1032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:48:27.0572 1032 volmgr - ok
18:48:27.0585 1032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:48:27.0590 1032 volmgrx - ok
18:48:27.0641 1032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:48:27.0645 1032 volsnap - ok
18:48:27.0669 1032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:48:27.0672 1032 vsmraid - ok
18:48:27.0743 1032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:48:27.0777 1032 VSS - ok
18:48:27.0873 1032 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
18:48:27.0878 1032 VST64HWBS2 - ok
18:48:27.0959 1032 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:48:27.0994 1032 VST64_DPV - ok
18:48:28.0002 1032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:48:28.0004 1032 vwifibus - ok
18:48:28.0024 1032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:48:28.0030 1032 W32Time - ok
18:48:28.0040 1032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:48:28.0042 1032 WacomPen - ok
18:48:28.0054 1032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:48:28.0056 1032 WANARP - ok
18:48:28.0061 1032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:48:28.0061 1032 Wanarpv6 - ok
18:48:28.0138 1032 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:48:28.0163 1032 WatAdminSvc - ok
18:48:28.0211 1032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:48:28.0246 1032 wbengine - ok
18:48:28.0258 1032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:48:28.0263 1032 WbioSrvc - ok
18:48:28.0278 1032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:48:28.0284 1032 wcncsvc - ok
18:48:28.0297 1032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:48:28.0300 1032 WcsPlugInService - ok
18:48:28.0307 1032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:48:28.0309 1032 Wd - ok
18:48:28.0368 1032 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:48:28.0380 1032 Wdf01000 - ok
18:48:28.0394 1032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:48:28.0397 1032 WdiServiceHost - ok
18:48:28.0401 1032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:48:28.0404 1032 WdiSystemHost - ok
18:48:28.0419 1032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:48:28.0424 1032 WebClient - ok
18:48:28.0435 1032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:48:28.0440 1032 Wecsvc - ok
18:48:28.0454 1032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:48:28.0458 1032 wercplsupport - ok
18:48:28.0484 1032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:48:28.0487 1032 WerSvc - ok
18:48:28.0500 1032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:48:28.0502 1032 WfpLwf - ok
18:48:28.0519 1032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:48:28.0520 1032 WIMMount - ok
18:48:28.0580 1032 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:48:28.0602 1032 winachsf - ok
18:48:28.0626 1032 WinDefend - ok
18:48:28.0632 1032 WinHttpAutoProxySvc - ok
18:48:28.0713 1032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:48:28.0716 1032 Winmgmt - ok
18:48:28.0800 1032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:48:28.0854 1032 WinRM - ok
18:48:28.0917 1032 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.SYS
18:48:28.0918 1032 WinUsb - ok
18:48:28.0980 1032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:48:29.0005 1032 Wlansvc - ok
18:48:29.0037 1032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:48:29.0038 1032 WmiAcpi - ok
18:48:29.0086 1032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:48:29.0089 1032 wmiApSrv - ok
18:48:29.0102 1032 WMPNetworkSvc - ok
18:48:29.0150 1032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:48:29.0153 1032 WPCSvc - ok
18:48:29.0165 1032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:48:29.0169 1032 WPDBusEnum - ok
18:48:29.0206 1032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:48:29.0208 1032 ws2ifsl - ok
18:48:29.0223 1032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:48:29.0227 1032 wscsvc - ok
18:48:29.0230 1032 WSearch - ok
18:48:29.0350 1032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:48:29.0407 1032 wuauserv - ok
18:48:29.0488 1032 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:48:29.0490 1032 WudfPf - ok
18:48:29.0550 1032 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:48:29.0553 1032 WUDFRd - ok
18:48:29.0596 1032 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:48:29.0599 1032 wudfsvc - ok
18:48:29.0645 1032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:48:29.0650 1032 WwanSvc - ok
18:48:29.0702 1032 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:48:29.0704 1032 xusb21 - ok
18:48:29.0708 1032 ================ Scan global ===============================
18:48:29.0747 1032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:48:29.0789 1032 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:48:29.0805 1032 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:48:29.0872 1032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:48:29.0918 1032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:48:29.0924 1032 [Global] - ok
18:48:29.0924 1032 ================ Scan MBR ==================================
18:48:29.0937 1032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:48:30.0193 1032 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:48:30.0193 1032 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:48:30.0194 1032 ================ Scan VBR ==================================
18:48:30.0232 1032 [ B00965EBF3C182CE85D0F5763C37DDB4 ] \Device\Harddisk0\DR0\Partition1
18:48:30.0233 1032 \Device\Harddisk0\DR0\Partition1 - ok
18:48:30.0236 1032 [ 7E4BA4696544284B8907ECE022395B3D ] \Device\Harddisk0\DR0\Partition2
18:48:30.0238 1032 \Device\Harddisk0\DR0\Partition2 - ok
18:48:30.0239 1032 ============================================================
18:48:30.0239 1032 Scan finished
18:48:30.0239 1032 ============================================================
18:48:30.0248 4620 Detected object count: 1
18:48:30.0248 4620 Actual detected object count: 1
18:48:41.0347 4620 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:48:41.0347 4620 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:48:54.0541 2696 Deinitialize success

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 28 December 2012 - 07:27 PM

Please run the following:

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 lordsigurd

lordsigurd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 December 2012 - 07:43 PM

RogueKiller V8.4.1 _x64_ [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Justin D Carroll [Admin rights]
Mode : Scan -- Date : 12/28/2012 19:40:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Services\Microsoft\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75VYA0 +++++
--- User ---
[MBR] 91284443e9a472e44e9e30951fd760e3
[BSP] f3f6eb90eb3955241edbbc61cf11a1fd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31569920 | Size: 289829 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12282012_02d1940.txt >>
RKreport[1]_S_12282012_02d1940.txt


RogueKiller V8.4.1 _x64_ [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Justin D Carroll [Admin rights]
Mode : Remove -- Date : 12/28/2012 19:40:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\Services\Microsoft\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75VYA0 +++++
--- User ---
[MBR] 91284443e9a472e44e9e30951fd760e3
[BSP] f3f6eb90eb3955241edbbc61cf11a1fd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31569920 | Size: 289829 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12282012_02d1940.txt >>
RKreport[1]_S_12282012_02d1940.txt ; RKreport[2]_D_12282012_02d1940.txt

RogueKiller V8.4.1 _x64_ [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Justin D Carroll [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/28/2012 19:42:43

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 68 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 430 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[J:] \Device\CdRom1 -- 0x5 --> Skipped
[K:] \Device\CdRom2 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_12282012_02d1942.txt >>
RKreport[1]_S_12282012_02d1940.txt ; RKreport[2]_D_12282012_02d1940.txt ; RKreport[3]_SC_12282012_02d1942.txt

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 28 December 2012 - 08:50 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll | c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll

File::
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U484005G\cat-and-dolphin-playing-together[1].htm 
C:\Windows.old\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 
C:\Windows.old\Users\Dustin\Local Settings\Temp\YontooIEClient.dll 
C:\Windows.old\Users\Dustin\Local Settings\Temp\YontooSetup-S.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Please advise how the computer is running now and if there are any outstanding issues

Edited by CatByte, 28 December 2012 - 08:51 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 lordsigurd

lordsigurd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 December 2012 - 11:47 PM

ComboFix 12-12-28.02 - Justin D Carroll 12/28/2012 23:32:33.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1706 [GMT -5:00]
Running from: c:\users\Justin D Carroll\Downloads\ComboFix.exe
Command switches used :: c:\users\Justin D Carroll\Desktop\LOGS\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows.old\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
"c:\windows.old\Users\Dustin\Local Settings\Temp\YontooIEClient.dll"
"c:\windows.old\Users\Dustin\Local Settings\Temp\YontooSetup-S.exe"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U484005G\cat-and-dolphin-playing-together[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))
.
.
2012-12-29 04:37 . 2012-12-29 04:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-29 04:37 . 2012-12-29 04:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-29 04:12 . 2012-12-29 04:12 -------- d-----w- c:\windows\ERUNT
2012-12-29 04:12 . 2012-12-29 04:12 -------- d-----w- C:\JRT
2012-12-28 16:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB191B3A-E312-49D1-A1BC-EBD970EE23EE}\mpengine.dll
2012-12-27 17:27 . 2012-12-27 17:27 -------- d-----w- c:\program files (x86)\ESET
2012-12-27 17:23 . 2012-12-27 17:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-23 21:09 . 2012-12-23 21:09 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-23 20:57 . 2012-12-23 20:57 -------- d-----w- c:\program files (x86)\Foxit Software
2012-12-23 20:56 . 2012-12-25 04:28 -------- d-----w- C:\GOG Games
2012-12-23 20:28 . 2012-12-23 20:29 -------- d-----w- c:\program files (x86)\Google
2012-12-21 08:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 08:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 23:24 . 2012-12-18 23:24 -------- d-----w- c:\users\Justin D Carroll\AppData\Roaming\SUPERAntiSpyware.com
2012-12-18 23:24 . 2012-12-18 23:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-18 23:24 . 2012-12-18 23:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-18 23:09 . 2012-12-18 23:09 -------- d-----w- C:\f672ee3d72e6da5f7a0f8c62c2b5d7
2012-12-15 18:59 . 2012-12-15 18:59 -------- d-----w- c:\users\Justin D Carroll\AppData\Roaming\Malwarebytes
2012-12-15 18:59 . 2012-12-15 18:59 -------- d-----w- c:\programdata\Malwarebytes
2012-12-15 18:59 . 2012-12-19 02:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-15 18:46 . 2012-12-15 18:46 -------- d-----w- c:\programdata\AVAST Software
2012-12-15 18:46 . 2012-12-15 18:46 -------- d-----w- c:\program files\AVAST Software
2012-12-11 23:04 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 23:03 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 23:03 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-06 04:03 . 2012-12-06 04:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-06 03:58 . 2012-12-06 03:58 -------- d-----w- c:\windows\Sun
2012-12-01 03:43 . 2012-12-01 03:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 05:19 . 2012-07-14 18:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 05:19 . 2012-07-14 18:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-03 15:47 . 2012-10-11 02:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-11 02:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-07-14 22:48 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-07-14 22:48 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-07-14 22:48 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-01 05:49 . 2012-07-14 22:49 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-07-14 22:49 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-07-14 22:49 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-07-14 22:49 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-07-14 22:49 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-07-14 22:49 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-16 08:38 . 2012-11-27 22:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 22:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 22:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 09:05 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 09:05 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 09:05 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:05 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-11 23:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 09:05 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 09:05 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 09:05 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 09:05 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 09:05 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 09:05 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 09:05 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 09:05 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:05 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:05 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 09:05 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:50 . 2012-11-23 08:05 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-03 1398680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1255736]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-10-20 131912]
R4 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-09-30 1147424]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R4 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2012-09-30 792608]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-09-30 1160224]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-04 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-11 115272]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 05:19]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23 20:28]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23 20:28]
.
2012-12-29 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2012-11-11 03:49]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:eb,9d,27,1d,5f,d5,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-28 23:40:44
ComboFix-quarantined-files.txt 2012-12-29 04:40
ComboFix2.txt 2012-12-29 04:02
ComboFix3.txt 2012-12-28 22:35
.
Pre-Run: 54,472,974,336 bytes free
Post-Run: 54,407,540,736 bytes free
.
- - End Of File - - 33B3ACEEFA186A3EDA7EBB0F374BFCCA

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.9 (12.28.2012:1)
OS: Windows 7 Ultimate x64
Ran by Justin D Carroll on Fri 12/28/2012 at 23:12:24.23
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3645651465-2916764551-3385731688-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Justin D Carroll\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Justin D Carroll\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Justin D Carroll\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/28/2012 at 23:18:44.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.103 - Logfile created 12/28/2012 at 23:22:38
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Justin D Carroll - JUSTINDCARROLL
# Boot Mode : Normal
# Running from : C:\Users\Justin D Carroll\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Justin D Carroll\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.14] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48"[...]
Deleted [l.2380] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [2219 octets] - [28/12/2012 23:11:29]
AdwCleaner[S1].txt - [986 octets] - [28/12/2012 23:22:38]

########## EOF - C:\AdwCleaner[S1].txt - [1045 octets] ##########

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Justin D Carroll :: JUSTINDCARROLL [administrator]

12/28/2012 11:43:03 PM
mbam-log-2012-12-28 (23-43-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228351
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 lordsigurd

lordsigurd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 December 2012 - 11:57 PM

So far, my computer is running so much better and the only weird thing that happened on the last step was when I was trying to download JRT and AdwCleaner my Google Chrome bugged out. Otherwise, my computer is running better than it has in months! Thank you so much for your help!

#13 lordsigurd

lordsigurd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 29 December 2012 - 12:39 AM

I restarted my computer again and it seems the issues I had with Chrome have been resolved.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 29 December 2012 - 09:56 AM

that's good to hear, let's make certain there are no broken services, please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:06 PM

Posted 10 January 2013 - 08:55 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users