Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RogueKiller finds Zeroaccess - Want to be sure I'm clean


  • This topic is locked This topic is locked
43 replies to this topic

#1 Zartos

Zartos

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 March 2013 - 02:21 AM

I update and full scan with MSE almost daily and everything seems to be running fine. Computers fast, internet good, keeping windows/java/adobe up to date, etc. Then last Thursday I get an email from my internet provider saying that there might be a bot type program on my computer so I did a full MSE scan again and nothing. Tonight I downloaded Roguekiller, a program I never used before, and ran it and it said I had (Blinking) Zeroaccess. I believe this is the scan result. Attached File  RKreport1_S_03112013_02d2347.txt   2.47KB   10 downloads

 

I hit delete and it was deleted, I guess? Now everytime I restart my computer and run RogueKiller it doesn't find Zeroaccess, but it does find 2 things, which I delete and it says it has replaced, but they come back every startup. I'm not sure if they're bad. Attached File  RKreport1_S_03122013_02d0013.txt   1.42KB   2 downloads

 

I want to make sure I'm clean and any help would be greatful.

 

Thanks



BC AdBot (Login to Remove)

 


#2 Zartos

Zartos
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 March 2013 - 02:33 AM

I believe this was the deletion file of ZeroAccess:


Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 03/11/2013 23:49:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\David\AppData\Local\Temp\IHU9E78.tmp.exe [x] -> DELETED
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\David\AppData\Local\Temp\IHU8861.tmp.exe [x] -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Users\David\AppData\Local\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\David\AppData\Local\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\David\AppData\Local\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 2067bd8b18d5b178d42687c1bc99a078
[BSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12318 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25309184 | Size: 464581 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03112013_02d2349.txt >>
RKreport[1]_S_03112013_02d2347.txt ; RKreport[2]_D_03112013_02d2349.txt

 



#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 12 March 2013 - 05:19 AM


**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, Zartos

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 12 March 2013 - 05:20 AM

Hi,

Yes indeed those are ZA infections. Please run these for a review.

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • ---------------------------------------------------
    • Post the contents of the DDS.txt report in your next reply
    • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
    ===================================================

    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
    ===================================================

    Download TDSSKiller.exe and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.
    Press Start Scan
    If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    ===================================================

    On your next reply please post :
    DDS log
    aswMBR log
    TDSSKiller log


    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 Zartos

Zartos
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 March 2013 - 06:59 AM

I was wondering if those 2 files that RogueKiller keeps showing after restart are actually bad because when I replace/remove them all that happens is my "personal folder" is now on the desktop. This thing: http://imgur.com/08qTPgL
 
I attached a log of Roguekiller of the 2 files it keeps finding. Thanks for your help =)
 
DDS:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.17.2
Run by David at 3:57:15 on 2013-03-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2449 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\components\scheduler\stservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Z1] cmd /c "C:\Users\David\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" /cleanup /s
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{7053488E-9042-490B-AEBC-92DE82C3DE31} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C76CBD46-369E-41E9-90AA-D831ED8DA487} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tcdeucgv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-22 19:32; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tcdeucgv.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-3 55280]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-3 13336]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-3 689472]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R3 RTL8023x64;Dynex DX-E102 PCI 10/100Mb Network Adapter Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2012-5-4 52736]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-11-3 138752]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-13 1255736]
.
=============== Created Last 30 ================
.
2013-03-12 07:38:31    --------    d-----w-    C:\Users\David\My Backup Files
2013-03-12 06:41:07    --------    d-----w-    C:\Users\David\Screenshots
2013-03-11 08:38:01    9162192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0E210AB-042C-497A-AE09-7215474861C0}\mpengine.dll
2013-03-11 00:09:42    9162192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-05 23:55:04    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-21 08:51:42    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-21 08:51:42    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-21 08:48:49    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-21 08:48:48    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-02-21 08:48:48    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-21 08:48:43    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-02-21 08:48:35    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-02-21 08:48:34    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-02-21 08:48:34    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-02-21 08:48:33    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-02-21 08:48:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-02-21 08:48:33    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-02-21 08:48:12    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-21 08:48:12    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-03-12 07:54:43    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 07:54:43    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-05 23:54:54    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 23:54:54    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-10 02:43:52    555808    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-02-10 01:04:31    6393120    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-02-10 01:04:31    3472672    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-02-10 01:04:29    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-02-10 01:04:29    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-02-10 01:04:29    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-02-09 13:25:36    3035306    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-20 23:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 23:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2012-12-29 10:34:47    1813432    ----a-w-    C:\Windows\System32\nvdispco64.dll
2012-12-29 10:34:47    1504696    ----a-w-    C:\Windows\System32\nvdispgenco64.dll
2012-12-19 05:42:00    31672    ----a-w-    C:\Windows\System32\nvhdap64.dll
2012-12-19 05:41:52    194488    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2012-12-18 08:31:25    1510328    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-15 00:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
.
============= FINISH:  3:57:59.23 ===============
 
 
 
ASWMBR:
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-12 04:03:08
-----------------------------
04:03:08.062    OS Version: Windows x64 6.1.7601 Service Pack 1
04:03:08.062    Number of processors: 2 586 0x170A
04:03:08.062    ComputerName: DESKTOP  UserName: David
04:03:12.383    Initialize success
04:04:10.901    AVAST engine defs: 13031200
04:04:23.225    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:04:23.240    Disk 0 Vendor: ST350041 CC46 Size: 476940MB BusType: 3
04:04:23.256    Disk 0 MBR read successfully
04:04:23.256    Disk 0 MBR scan
04:04:23.272    Disk 0 Windows VISTA default MBR code
04:04:23.272    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
04:04:23.287    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        12318 MB offset 81920
04:04:23.303    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       464581 MB offset 25309184
04:04:23.318    Disk 0 scanning C:\Windows\system32\drivers
04:04:34.644    Service scanning
04:04:54.300    Modules scanning
04:04:54.300    Disk 0 trace - called modules:
04:04:54.331    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:04:54.347    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004613060]
04:04:54.347    3 CLASSPNP.SYS[fffff880012b043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040cf050]
04:05:01.273    AVAST engine scan C:\Windows
04:05:03.239    AVAST engine scan C:\Windows\system32
04:08:28.036    AVAST engine scan C:\Windows\system32\drivers
04:08:52.247    AVAST engine scan C:\Users\David
04:18:31.429    AVAST engine scan C:\ProgramData
04:28:53.059    Scan finished successfully
04:45:46.968    Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
04:45:46.968    The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

 
 
TDSSKILLER:
04:49:14.0824 5640  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
04:49:15.0432 5640  ============================================================
04:49:15.0432 5640  Current date / time: 2013/03/12 04:49:15.0432
04:49:15.0432 5640  SystemInfo:
04:49:15.0432 5640  
04:49:15.0432 5640  OS Version: 6.1.7601 ServicePack: 1.0
04:49:15.0432 5640  Product type: Workstation
04:49:15.0432 5640  ComputerName: DESKTOP
04:49:15.0432 5640  UserName: David
04:49:15.0432 5640  Windows directory: C:\Windows
04:49:15.0432 5640  System windows directory: C:\Windows
04:49:15.0432 5640  Running under WOW64
04:49:15.0432 5640  Processor architecture: Intel x64
04:49:15.0432 5640  Number of processors: 2
04:49:15.0432 5640  Page size: 0x1000
04:49:15.0432 5640  Boot type: Normal boot
04:49:15.0432 5640  ============================================================
04:49:15.0775 5640  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:49:15.0791 5640  ============================================================
04:49:15.0791 5640  \Device\Harddisk0\DR0:
04:49:15.0791 5640  MBR partitions:
04:49:15.0791 5640  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x180F000
04:49:15.0791 5640  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1823000, BlocksNum 0x38B62800
04:49:15.0791 5640  ============================================================
04:49:15.0822 5640  C: <-> \Device\Harddisk0\DR0\Partition2
04:49:15.0822 5640  ============================================================
04:49:15.0822 5640  Initialize success
04:49:15.0822 5640  ============================================================
04:49:17.0772 0544  ============================================================
04:49:17.0772 0544  Scan started
04:49:17.0772 0544  Mode: Manual;
04:49:17.0772 0544  ============================================================
04:49:18.0224 0544  ================ Scan system memory ========================
04:49:18.0224 0544  System memory - ok
04:49:18.0224 0544  ================ Scan services =============================
04:49:18.0396 0544  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
04:49:18.0396 0544  1394ohci - ok
04:49:18.0412 0544  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
04:49:18.0412 0544  ACPI - ok
04:49:18.0443 0544  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
04:49:18.0443 0544  AcpiPmi - ok
04:49:18.0536 0544  [ 765FE0463E711E5A68AC7B69538ED922 ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
04:49:18.0552 0544  AdobeActiveFileMonitor8.0 - ok
04:49:18.0614 0544  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:49:18.0614 0544  AdobeARMservice - ok
04:49:18.0708 0544  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:49:18.0708 0544  AdobeFlashPlayerUpdateSvc - ok
04:49:18.0755 0544  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
04:49:18.0770 0544  adp94xx - ok
04:49:18.0802 0544  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
04:49:18.0802 0544  adpahci - ok
04:49:18.0833 0544  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
04:49:18.0833 0544  adpu320 - ok
04:49:18.0848 0544  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
04:49:18.0848 0544  AeLookupSvc - ok
04:49:18.0911 0544  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
04:49:18.0911 0544  AFD - ok
04:49:18.0958 0544  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
04:49:18.0958 0544  agp440 - ok
04:49:18.0973 0544  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
04:49:18.0973 0544  ALG - ok
04:49:19.0004 0544  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
04:49:19.0004 0544  aliide - ok
04:49:19.0020 0544  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
04:49:19.0020 0544  amdide - ok
04:49:19.0051 0544  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
04:49:19.0051 0544  AmdK8 - ok
04:49:19.0082 0544  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
04:49:19.0082 0544  AmdPPM - ok
04:49:19.0098 0544  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
04:49:19.0098 0544  amdsata - ok
04:49:19.0129 0544  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
04:49:19.0129 0544  amdsbs - ok
04:49:19.0145 0544  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
04:49:19.0145 0544  amdxata - ok
04:49:19.0207 0544  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
04:49:19.0207 0544  AppID - ok
04:49:19.0223 0544  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
04:49:19.0238 0544  AppIDSvc - ok
04:49:19.0270 0544  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
04:49:19.0270 0544  Appinfo - ok
04:49:19.0301 0544  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
04:49:19.0301 0544  arc - ok
04:49:19.0332 0544  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
04:49:19.0332 0544  arcsas - ok
04:49:19.0472 0544  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:49:19.0472 0544  aspnet_state - ok
04:49:19.0488 0544  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
04:49:19.0488 0544  AsyncMac - ok
04:49:19.0519 0544  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
04:49:19.0519 0544  atapi - ok
04:49:19.0582 0544  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:49:19.0582 0544  AudioEndpointBuilder - ok
04:49:19.0597 0544  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
04:49:19.0597 0544  AudioSrv - ok
04:49:19.0644 0544  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
04:49:19.0644 0544  AxInstSV - ok
04:49:19.0691 0544  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
04:49:19.0691 0544  b06bdrv - ok
04:49:19.0738 0544  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
04:49:19.0738 0544  b57nd60a - ok
04:49:19.0769 0544  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
04:49:19.0769 0544  BDESVC - ok
04:49:19.0784 0544  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
04:49:19.0784 0544  Beep - ok
04:49:19.0831 0544  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
04:49:19.0847 0544  BFE - ok
04:49:19.0925 0544  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
04:49:19.0940 0544  BITS - ok
04:49:19.0972 0544  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
04:49:19.0972 0544  blbdrive - ok
04:49:20.0003 0544  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
04:49:20.0003 0544  bowser - ok
04:49:20.0034 0544  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:49:20.0034 0544  BrFiltLo - ok
04:49:20.0050 0544  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:49:20.0050 0544  BrFiltUp - ok
04:49:20.0081 0544  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
04:49:20.0081 0544  BridgeMP - ok
04:49:20.0112 0544  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
04:49:20.0128 0544  Browser - ok
04:49:20.0143 0544  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
04:49:20.0143 0544  Brserid - ok
04:49:20.0159 0544  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
04:49:20.0159 0544  BrSerWdm - ok
04:49:20.0174 0544  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
04:49:20.0174 0544  BrUsbMdm - ok
04:49:20.0206 0544  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
04:49:20.0206 0544  BrUsbSer - ok
04:49:20.0221 0544  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
04:49:20.0221 0544  BTHMODEM - ok
04:49:20.0237 0544  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
04:49:20.0252 0544  bthserv - ok
04:49:20.0268 0544  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
04:49:20.0268 0544  cdfs - ok
04:49:20.0299 0544  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
04:49:20.0299 0544  cdrom - ok
04:49:20.0346 0544  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
04:49:20.0362 0544  CertPropSvc - ok
04:49:20.0393 0544  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
04:49:20.0393 0544  circlass - ok
04:49:20.0408 0544  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
04:49:20.0408 0544  CLFS - ok
04:49:20.0471 0544  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:49:20.0471 0544  clr_optimization_v2.0.50727_32 - ok
04:49:20.0502 0544  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:49:20.0502 0544  clr_optimization_v2.0.50727_64 - ok
04:49:20.0564 0544  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:49:20.0564 0544  clr_optimization_v4.0.30319_32 - ok
04:49:20.0580 0544  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:49:20.0580 0544  clr_optimization_v4.0.30319_64 - ok
04:49:20.0611 0544  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
04:49:20.0611 0544  CmBatt - ok
04:49:20.0627 0544  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
04:49:20.0627 0544  cmdide - ok
04:49:20.0674 0544  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
04:49:20.0689 0544  CNG - ok
04:49:20.0705 0544  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
04:49:20.0705 0544  Compbatt - ok
04:49:20.0752 0544  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
04:49:20.0752 0544  CompositeBus - ok
04:49:20.0767 0544  COMSysApp - ok
04:49:20.0798 0544  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
04:49:20.0798 0544  crcdisk - ok
04:49:20.0845 0544  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
04:49:20.0845 0544  CryptSvc - ok
04:49:20.0954 0544  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
04:49:20.0970 0544  cvhsvc - ok
04:49:21.0017 0544  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
04:49:21.0017 0544  DcomLaunch - ok
04:49:21.0048 0544  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
04:49:21.0048 0544  defragsvc - ok
04:49:21.0079 0544  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
04:49:21.0079 0544  DfsC - ok
04:49:21.0110 0544  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
04:49:21.0126 0544  Dhcp - ok
04:49:21.0142 0544  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
04:49:21.0142 0544  discache - ok
04:49:21.0173 0544  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
04:49:21.0173 0544  Disk - ok
04:49:21.0220 0544  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
04:49:21.0220 0544  Dnscache - ok
04:49:21.0266 0544  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
04:49:21.0266 0544  DockLoginService - ok
04:49:21.0313 0544  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
04:49:21.0313 0544  dot3svc - ok
04:49:21.0329 0544  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
04:49:21.0344 0544  DPS - ok
04:49:21.0376 0544  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
04:49:21.0376 0544  drmkaud - ok
04:49:21.0407 0544  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
04:49:21.0422 0544  DXGKrnl - ok
04:49:21.0454 0544  EagleX64 - ok
04:49:21.0469 0544  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
04:49:21.0485 0544  EapHost - ok
04:49:21.0563 0544  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
04:49:21.0625 0544  ebdrv - ok
04:49:21.0656 0544  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
04:49:21.0672 0544  EFS - ok
04:49:21.0719 0544  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
04:49:21.0719 0544  ehRecvr - ok
04:49:21.0750 0544  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
04:49:21.0750 0544  ehSched - ok
04:49:21.0797 0544  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
04:49:21.0797 0544  elxstor - ok
04:49:21.0828 0544  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
04:49:21.0828 0544  ErrDev - ok
04:49:21.0875 0544  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
04:49:21.0875 0544  EventSystem - ok
04:49:21.0890 0544  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
04:49:21.0906 0544  exfat - ok
04:49:21.0922 0544  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
04:49:21.0937 0544  fastfat - ok
04:49:21.0984 0544  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
04:49:22.0000 0544  Fax - ok
04:49:22.0000 0544  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
04:49:22.0015 0544  fdc - ok
04:49:22.0031 0544  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
04:49:22.0031 0544  fdPHost - ok
04:49:22.0046 0544  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
04:49:22.0046 0544  FDResPub - ok
04:49:22.0078 0544  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
04:49:22.0078 0544  FileInfo - ok
04:49:22.0078 0544  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
04:49:22.0093 0544  Filetrace - ok
04:49:22.0124 0544  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:49:22.0140 0544  FLEXnet Licensing Service - ok
04:49:22.0156 0544  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
04:49:22.0171 0544  flpydisk - ok
04:49:22.0202 0544  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
04:49:22.0202 0544  FltMgr - ok
04:49:22.0249 0544  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
04:49:22.0280 0544  FontCache - ok
04:49:22.0327 0544  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:49:22.0343 0544  FontCache3.0.0.0 - ok
04:49:22.0358 0544  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
04:49:22.0358 0544  FsDepends - ok
04:49:22.0405 0544  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
04:49:22.0405 0544  Fs_Rec - ok
04:49:22.0436 0544  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
04:49:22.0436 0544  fvevol - ok
04:49:22.0468 0544  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
04:49:22.0468 0544  gagp30kx - ok
04:49:22.0499 0544  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
04:49:22.0514 0544  gpsvc - ok
04:49:22.0608 0544  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:49:22.0608 0544  gupdate - ok
04:49:22.0608 0544  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:49:22.0608 0544  gupdatem - ok
04:49:22.0655 0544  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
04:49:22.0655 0544  hamachi - ok
04:49:22.0686 0544  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
04:49:22.0686 0544  hcw85cir - ok
04:49:22.0733 0544  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:49:22.0748 0544  HdAudAddService - ok
04:49:22.0764 0544  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
04:49:22.0764 0544  HDAudBus - ok
04:49:22.0795 0544  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
04:49:22.0795 0544  HidBatt - ok
04:49:22.0811 0544  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
04:49:22.0811 0544  HidBth - ok
04:49:22.0826 0544  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
04:49:22.0826 0544  HidIr - ok
04:49:22.0858 0544  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
04:49:22.0858 0544  hidserv - ok
04:49:22.0873 0544  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
04:49:22.0873 0544  HidUsb - ok
04:49:22.0904 0544  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
04:49:22.0904 0544  hkmsvc - ok
04:49:22.0951 0544  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:49:22.0951 0544  HomeGroupListener - ok
04:49:22.0982 0544  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:49:22.0998 0544  HomeGroupProvider - ok
04:49:23.0014 0544  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
04:49:23.0014 0544  HpSAMD - ok
04:49:23.0060 0544  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
04:49:23.0076 0544  HTTP - ok
04:49:23.0107 0544  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
04:49:23.0107 0544  hwpolicy - ok
04:49:23.0138 0544  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
04:49:23.0138 0544  i8042prt - ok
04:49:23.0185 0544  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
04:49:23.0185 0544  iaStor - ok
04:49:23.0248 0544  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
04:49:23.0248 0544  IAStorDataMgrSvc - ok
04:49:23.0279 0544  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
04:49:23.0279 0544  iaStorV - ok
04:49:23.0341 0544  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:49:23.0357 0544  idsvc - ok
04:49:23.0575 0544  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
04:49:23.0762 0544  igfx - ok
04:49:23.0794 0544  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
04:49:23.0794 0544  iirsp - ok
04:49:23.0840 0544  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
04:49:23.0856 0544  IKEEXT - ok
04:49:23.0918 0544  [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
04:49:23.0934 0544  IntcAzAudAddService - ok
04:49:23.0950 0544  [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
04:49:23.0950 0544  IntcHdmiAddService - ok
04:49:23.0981 0544  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
04:49:23.0981 0544  intelide - ok
04:49:24.0012 0544  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
04:49:24.0012 0544  intelppm - ok
04:49:24.0043 0544  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
04:49:24.0043 0544  IPBusEnum - ok
04:49:24.0074 0544  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:49:24.0074 0544  IpFilterDriver - ok
04:49:24.0121 0544  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
04:49:24.0121 0544  iphlpsvc - ok
04:49:24.0137 0544  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
04:49:24.0152 0544  IPMIDRV - ok
04:49:24.0184 0544  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
04:49:24.0184 0544  IPNAT - ok
04:49:24.0215 0544  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
04:49:24.0215 0544  IRENUM - ok
04:49:24.0215 0544  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
04:49:24.0230 0544  isapnp - ok
04:49:24.0246 0544  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
04:49:24.0246 0544  iScsiPrt - ok
04:49:24.0277 0544  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
04:49:24.0277 0544  kbdclass - ok
04:49:24.0293 0544  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
04:49:24.0293 0544  kbdhid - ok
04:49:24.0308 0544  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
04:49:24.0308 0544  KeyIso - ok
04:49:24.0355 0544  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
04:49:24.0355 0544  KSecDD - ok
04:49:24.0371 0544  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
04:49:24.0371 0544  KSecPkg - ok
04:49:24.0386 0544  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
04:49:24.0386 0544  ksthunk - ok
04:49:24.0418 0544  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
04:49:24.0433 0544  KtmRm - ok
04:49:24.0480 0544  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
04:49:24.0480 0544  LanmanServer - ok
04:49:24.0511 0544  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:49:24.0527 0544  LanmanWorkstation - ok
04:49:24.0542 0544  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
04:49:24.0542 0544  lltdio - ok
04:49:24.0574 0544  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
04:49:24.0574 0544  lltdsvc - ok
04:49:24.0589 0544  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
04:49:24.0589 0544  lmhosts - ok
04:49:24.0620 0544  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
04:49:24.0620 0544  LSI_FC - ok
04:49:24.0652 0544  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
04:49:24.0652 0544  LSI_SAS - ok
04:49:24.0698 0544  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:49:24.0698 0544  LSI_SAS2 - ok
04:49:24.0714 0544  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:49:24.0714 0544  LSI_SCSI - ok
04:49:24.0745 0544  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
04:49:24.0745 0544  luafv - ok
04:49:24.0776 0544  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
04:49:24.0792 0544  Mcx2Svc - ok
04:49:24.0808 0544  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
04:49:24.0808 0544  megasas - ok
04:49:24.0823 0544  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
04:49:24.0823 0544  MegaSR - ok
04:49:24.0839 0544  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
04:49:24.0839 0544  MMCSS - ok
04:49:24.0870 0544  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
04:49:24.0870 0544  Modem - ok
04:49:24.0886 0544  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
04:49:24.0886 0544  monitor - ok
04:49:24.0917 0544  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
04:49:24.0917 0544  mouclass - ok
04:49:24.0948 0544  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
04:49:24.0948 0544  mouhid - ok
04:49:24.0979 0544  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
04:49:24.0979 0544  mountmgr - ok
04:49:25.0057 0544  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:49:25.0057 0544  MozillaMaintenance - ok
04:49:25.0104 0544  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
04:49:25.0104 0544  MpFilter - ok
04:49:25.0135 0544  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
04:49:25.0151 0544  mpio - ok
04:49:25.0166 0544  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
04:49:25.0166 0544  mpsdrv - ok
04:49:25.0213 0544  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
04:49:25.0229 0544  MpsSvc - ok
04:49:25.0276 0544  MREMP50 - ok
04:49:25.0307 0544  MREMP50a64 - ok
04:49:25.0322 0544  MREMPR5 - ok
04:49:25.0338 0544  MRENDIS5 - ok
04:49:25.0338 0544  MRESP50 - ok
04:49:25.0354 0544  MRESP50a64 - ok
04:49:25.0400 0544  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
04:49:25.0400 0544  MRxDAV - ok
04:49:25.0432 0544  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
04:49:25.0432 0544  mrxsmb - ok
04:49:25.0478 0544  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:49:25.0478 0544  mrxsmb10 - ok
04:49:25.0494 0544  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:49:25.0494 0544  mrxsmb20 - ok
04:49:25.0510 0544  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
04:49:25.0510 0544  msahci - ok
04:49:25.0525 0544  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
04:49:25.0525 0544  msdsm - ok
04:49:25.0556 0544  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
04:49:25.0556 0544  MSDTC - ok
04:49:25.0588 0544  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
04:49:25.0588 0544  Msfs - ok
04:49:25.0603 0544  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
04:49:25.0603 0544  mshidkmdf - ok
04:49:25.0634 0544  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
04:49:25.0634 0544  msisadrv - ok
04:49:25.0666 0544  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
04:49:25.0666 0544  MSiSCSI - ok
04:49:25.0681 0544  msiserver - ok
04:49:25.0697 0544  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
04:49:25.0697 0544  MSKSSRV - ok
04:49:25.0775 0544  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:49:25.0775 0544  MsMpSvc - ok
04:49:25.0790 0544  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
04:49:25.0790 0544  MSPCLOCK - ok
04:49:25.0806 0544  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
04:49:25.0806 0544  MSPQM - ok
04:49:25.0837 0544  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
04:49:25.0853 0544  MsRPC - ok
04:49:25.0884 0544  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
04:49:25.0884 0544  mssmbios - ok
04:49:25.0900 0544  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
04:49:25.0915 0544  MSTEE - ok
04:49:25.0931 0544  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
04:49:25.0931 0544  MTConfig - ok
04:49:25.0946 0544  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
04:49:25.0946 0544  Mup - ok
04:49:25.0962 0544  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
04:49:25.0978 0544  napagent - ok
04:49:25.0993 0544  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
04:49:26.0009 0544  NativeWifiP - ok
04:49:26.0040 0544  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
04:49:26.0040 0544  NDIS - ok
04:49:26.0056 0544  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
04:49:26.0056 0544  NdisCap - ok
04:49:26.0071 0544  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
04:49:26.0071 0544  NdisTapi - ok
04:49:26.0102 0544  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
04:49:26.0102 0544  Ndisuio - ok
04:49:26.0134 0544  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
04:49:26.0149 0544  NdisWan - ok
04:49:26.0196 0544  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
04:49:26.0196 0544  NDProxy - ok
04:49:26.0212 0544  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
04:49:26.0212 0544  NetBIOS - ok
04:49:26.0243 0544  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
04:49:26.0243 0544  NetBT - ok
04:49:26.0258 0544  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
04:49:26.0258 0544  Netlogon - ok
04:49:26.0290 0544  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
04:49:26.0290 0544  Netman - ok
04:49:26.0352 0544  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:49:26.0352 0544  NetMsmqActivator - ok
04:49:26.0352 0544  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:49:26.0352 0544  NetPipeActivator - ok
04:49:26.0383 0544  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
04:49:26.0383 0544  netprofm - ok
04:49:26.0399 0544  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:49:26.0399 0544  NetTcpActivator - ok
04:49:26.0399 0544  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:49:26.0399 0544  NetTcpPortSharing - ok
04:49:26.0430 0544  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
04:49:26.0430 0544  nfrd960 - ok
04:49:26.0446 0544  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:49:26.0446 0544  NisDrv - ok
04:49:26.0508 0544  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
04:49:26.0508 0544  NisSrv - ok
04:49:26.0570 0544  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
04:49:26.0570 0544  NlaSvc - ok
04:49:26.0586 0544  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
04:49:26.0586 0544  Npfs - ok
04:49:26.0617 0544  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
04:49:26.0617 0544  nsi - ok
04:49:26.0633 0544  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
04:49:26.0633 0544  nsiproxy - ok
04:49:26.0664 0544  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
04:49:26.0680 0544  Ntfs - ok
04:49:26.0695 0544  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
04:49:26.0695 0544  Null - ok
04:49:26.0742 0544  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
04:49:26.0742 0544  NVHDA - ok
04:49:26.0929 0544  [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:49:27.0101 0544  nvlddmkm - ok
04:49:27.0132 0544  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
04:49:27.0132 0544  nvraid - ok
04:49:27.0194 0544  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
04:49:27.0194 0544  nvstor - ok
04:49:27.0226 0544  [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
04:49:27.0241 0544  nvsvc - ok
04:49:27.0319 0544  [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
04:49:27.0335 0544  nvUpdatusService - ok
04:49:27.0350 0544  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
04:49:27.0366 0544  nv_agp - ok
04:49:27.0397 0544  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
04:49:27.0397 0544  ohci1394 - ok
04:49:27.0444 0544  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:49:27.0444 0544  ose - ok
04:49:27.0569 0544  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
04:49:27.0631 0544  osppsvc - ok
04:49:27.0678 0544  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
04:49:27.0678 0544  p2pimsvc - ok
04:49:27.0694 0544  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
04:49:27.0694 0544  p2psvc - ok
04:49:27.0725 0544  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
04:49:27.0725 0544  Parport - ok
04:49:27.0756 0544  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
04:49:27.0756 0544  partmgr - ok
04:49:27.0772 0544  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
04:49:27.0787 0544  PcaSvc - ok
04:49:27.0818 0544  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
04:49:27.0818 0544  pci - ok
04:49:27.0818 0544  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
04:49:27.0834 0544  pciide - ok
04:49:27.0850 0544  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
04:49:27.0850 0544  pcmcia - ok
04:49:27.0865 0544  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
04:49:27.0865 0544  pcw - ok
04:49:27.0896 0544  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
04:49:27.0896 0544  PEAUTH - ok
04:49:27.0943 0544  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
04:49:27.0943 0544  PerfHost - ok
04:49:28.0006 0544  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
04:49:28.0052 0544  pla - ok
04:49:28.0115 0544  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
04:49:28.0115 0544  PlugPlay - ok
04:49:28.0130 0544  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
04:49:28.0146 0544  PNRPAutoReg - ok
04:49:28.0162 0544  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
04:49:28.0162 0544  PNRPsvc - ok
04:49:28.0177 0544  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
04:49:28.0177 0544  PolicyAgent - ok
04:49:28.0208 0544  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
04:49:28.0208 0544  Power - ok
04:49:28.0255 0544  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
04:49:28.0255 0544  PptpMiniport - ok
04:49:28.0271 0544  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
04:49:28.0271 0544  Processor - ok
04:49:28.0286 0544  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
04:49:28.0302 0544  ProfSvc - ok
04:49:28.0318 0544  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:49:28.0318 0544  ProtectedStorage - ok
04:49:28.0349 0544  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
04:49:28.0349 0544  Psched - ok
04:49:28.0380 0544  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
04:49:28.0380 0544  PxHlpa64 - ok
04:49:28.0427 0544  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
04:49:28.0458 0544  ql2300 - ok
04:49:28.0474 0544  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
04:49:28.0474 0544  ql40xx - ok
04:49:28.0505 0544  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
04:49:28.0520 0544  QWAVE - ok
04:49:28.0536 0544  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
04:49:28.0536 0544  QWAVEdrv - ok
04:49:28.0536 0544  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
04:49:28.0536 0544  RasAcd - ok
04:49:28.0567 0544  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
04:49:28.0567 0544  RasAgileVpn - ok
04:49:28.0567 0544  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
04:49:28.0583 0544  RasAuto - ok
04:49:28.0614 0544  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
04:49:28.0614 0544  Rasl2tp - ok
04:49:28.0645 0544  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
04:49:28.0661 0544  RasMan - ok
04:49:28.0661 0544  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
04:49:28.0661 0544  RasPppoe - ok
04:49:28.0676 0544  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
04:49:28.0676 0544  RasSstp - ok
04:49:28.0692 0544  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
04:49:28.0692 0544  rdbss - ok
04:49:28.0708 0544  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
04:49:28.0708 0544  rdpbus - ok
04:49:28.0723 0544  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
04:49:28.0723 0544  RDPCDD - ok
04:49:28.0739 0544  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
04:49:28.0739 0544  RDPENCDD - ok
04:49:28.0754 0544  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
04:49:28.0754 0544  RDPREFMP - ok
04:49:28.0786 0544  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
04:49:28.0786 0544  RDPWD - ok
04:49:28.0817 0544  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
04:49:28.0817 0544  rdyboost - ok
04:49:28.0848 0544  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
04:49:28.0848 0544  RemoteAccess - ok
04:49:28.0879 0544  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
04:49:28.0879 0544  RemoteRegistry - ok
04:49:28.0895 0544  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
04:49:28.0895 0544  RpcEptMapper - ok
04:49:28.0910 0544  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
04:49:28.0910 0544  RpcLocator - ok
04:49:28.0957 0544  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
04:49:28.0973 0544  RpcSs - ok
04:49:28.0988 0544  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
04:49:29.0004 0544  rspndr - ok
04:49:29.0035 0544  [ 04C2D5BD8D0776320230978A0AEC3BD0 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
04:49:29.0035 0544  RTL8023x64 - ok
04:49:29.0082 0544  [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
04:49:29.0098 0544  RTL8167 - ok
04:49:29.0113 0544  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
04:49:29.0113 0544  SamSs - ok
04:49:29.0144 0544  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
04:49:29.0144 0544  sbp2port - ok
04:49:29.0176 0544  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
04:49:29.0176 0544  SCardSvr - ok
04:49:29.0207 0544  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
04:49:29.0207 0544  scfilter - ok
04:49:29.0254 0544  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
04:49:29.0285 0544  Schedule - ok
04:49:29.0316 0544  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
04:49:29.0316 0544  SCPolicySvc - ok
04:49:29.0332 0544  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
04:49:29.0332 0544  SDRSVC - ok
04:49:29.0363 0544  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
04:49:29.0363 0544  secdrv - ok
04:49:29.0378 0544  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
04:49:29.0378 0544  seclogon - ok
04:49:29.0394 0544  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
04:49:29.0394 0544  SENS - ok
04:49:29.0410 0544  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
04:49:29.0410 0544  SensrSvc - ok
04:49:29.0425 0544  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
04:49:29.0425 0544  Serenum - ok
04:49:29.0441 0544  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
04:49:29.0441 0544  Serial - ok
04:49:29.0488 0544  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
04:49:29.0488 0544  sermouse - ok
04:49:29.0534 0544  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
04:49:29.0550 0544  SessionEnv - ok
04:49:29.0566 0544  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
04:49:29.0566 0544  sffdisk - ok
04:49:29.0581 0544  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
04:49:29.0581 0544  sffp_mmc - ok
04:49:29.0597 0544  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
04:49:29.0597 0544  sffp_sd - ok
04:49:29.0612 0544  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
04:49:29.0612 0544  sfloppy - ok
04:49:29.0675 0544  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
04:49:29.0675 0544  Sftfs - ok
04:49:29.0753 0544  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
04:49:29.0753 0544  sftlist - ok
04:49:29.0768 0544  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
04:49:29.0784 0544  Sftplay - ok
04:49:29.0784 0544  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
04:49:29.0784 0544  Sftredir - ok
04:49:29.0831 0544  [ E1974A92AC0914A3859359A0A8C82C68 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
04:49:29.0846 0544  SftService - ok
04:49:29.0878 0544  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
04:49:29.0878 0544  Sftvol - ok
04:49:29.0924 0544  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
04:49:29.0924 0544  sftvsa - ok
04:49:29.0971 0544  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
04:49:29.0971 0544  SharedAccess - ok
04:49:30.0002 0544  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:49:30.0018 0544  ShellHWDetection - ok
04:49:30.0049 0544  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:49:30.0049 0544  SiSRaid2 - ok
04:49:30.0065 0544  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
04:49:30.0065 0544  SiSRaid4 - ok
04:49:30.0096 0544  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
04:49:30.0096 0544  Smb - ok
04:49:30.0127 0544  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
04:49:30.0127 0544  SNMPTRAP - ok
04:49:30.0143 0544  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
04:49:30.0143 0544  spldr - ok
04:49:30.0158 0544  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
04:49:30.0158 0544  Spooler - ok
04:49:30.0252 0544  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
04:49:30.0330 0544  sppsvc - ok
04:49:30.0361 0544  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
04:49:30.0361 0544  sppuinotify - ok
04:49:30.0392 0544  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellComms C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
04:49:30.0392 0544  sprtsvc_DellComms - ok
04:49:30.0439 0544  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
04:49:30.0439 0544  srv - ok
04:49:30.0470 0544  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
04:49:30.0470 0544  srv2 - ok
04:49:30.0486 0544  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
04:49:30.0486 0544  srvnet - ok
04:49:30.0502 0544  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
04:49:30.0517 0544  SSDPSRV - ok
04:49:30.0517 0544  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
04:49:30.0533 0544  SstpSvc - ok
04:49:30.0548 0544  Steam Client Service - ok
04:49:30.0626 0544  [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
04:49:30.0626 0544  Stereo Service - ok
04:49:30.0658 0544  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
04:49:30.0658 0544  stexstor - ok
04:49:30.0689 0544  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
04:49:30.0704 0544  stisvc - ok
04:49:30.0736 0544  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
04:49:30.0736 0544  swenum - ok
04:49:30.0767 0544  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
04:49:30.0782 0544  swprv - ok
04:49:30.0845 0544  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
04:49:30.0892 0544  SysMain - ok
04:49:30.0923 0544  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:49:30.0938 0544  TabletInputService - ok
04:49:30.0954 0544  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
04:49:30.0970 0544  TapiSrv - ok
04:49:30.0970 0544  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
04:49:30.0970 0544  TBS - ok
04:49:31.0032 0544  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
04:49:31.0094 0544  Tcpip - ok
04:49:31.0126 0544  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
04:49:31.0141 0544  TCPIP6 - ok
04:49:31.0188 0544  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
04:49:31.0188 0544  tcpipreg - ok
04:49:31.0235 0544  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
04:49:31.0235 0544  TDPIPE - ok
04:49:31.0266 0544  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
04:49:31.0266 0544  TDTCP - ok
04:49:31.0313 0544  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
04:49:31.0313 0544  tdx - ok
04:49:31.0344 0544  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
04:49:31.0344 0544  TermDD - ok
04:49:31.0375 0544  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
04:49:31.0391 0544  TermService - ok
04:49:31.0406 0544  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
04:49:31.0406 0544  Themes - ok
04:49:31.0422 0544  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
04:49:31.0422 0544  THREADORDER - ok
04:49:31.0438 0544  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
04:49:31.0438 0544  TrkWks - ok
04:49:31.0500 0544  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:49:31.0500 0544  TrustedInstaller - ok
04:49:31.0547 0544  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
04:49:31.0547 0544  tssecsrv - ok
04:49:31.0609 0544  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
04:49:31.0609 0544  TsUsbFlt - ok
04:49:31.0656 0544  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
04:49:31.0656 0544  tunnel - ok
04:49:31.0672 0544  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
04:49:31.0687 0544  uagp35 - ok
04:49:31.0703 0544  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
04:49:31.0718 0544  udfs - ok
04:49:31.0750 0544  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
04:49:31.0750 0544  UI0Detect - ok
04:49:31.0765 0544  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
04:49:31.0765 0544  uliagpkx - ok
04:49:31.0812 0544  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
04:49:31.0812 0544  umbus - ok
04:49:31.0828 0544  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
04:49:31.0828 0544  UmPass - ok
04:49:31.0843 0544  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
04:49:31.0843 0544  upnphost - ok
04:49:31.0906 0544  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
04:49:31.0906 0544  USBAAPL64 - ok
04:49:31.0921 0544  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
04:49:31.0921 0544  usbccgp - ok
04:49:31.0952 0544  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
04:49:31.0952 0544  usbcir - ok
04:49:31.0984 0544  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
04:49:31.0984 0544  usbehci - ok
04:49:31.0999 0544  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
04:49:31.0999 0544  usbhub - ok
04:49:32.0015 0544  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
04:49:32.0015 0544  usbohci - ok
04:49:32.0046 0544  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
04:49:32.0046 0544  usbprint - ok
04:49:32.0062 0544  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
04:49:32.0062 0544  USBSTOR - ok
04:49:32.0062 0544  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
04:49:32.0062 0544  usbuhci - ok
04:49:32.0077 0544  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
04:49:32.0077 0544  UxSms - ok
04:49:32.0093 0544  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
04:49:32.0093 0544  VaultSvc - ok
04:49:32.0108 0544  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
04:49:32.0108 0544  vdrvroot - ok
04:49:32.0171 0544  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
04:49:32.0171 0544  vds - ok
04:49:32.0218 0544  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
04:49:32.0218 0544  vga - ok
04:49:32.0233 0544  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
04:49:32.0233 0544  VgaSave - ok
04:49:32.0249 0544  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
04:49:32.0249 0544  vhdmp - ok
04:49:32.0264 0544  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
04:49:32.0264 0544  viaide - ok
04:49:32.0280 0544  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
04:49:32.0280 0544  volmgr - ok
04:49:32.0327 0544  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
04:49:32.0327 0544  volmgrx - ok
04:49:32.0342 0544  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
04:49:32.0358 0544  volsnap - ok
04:49:32.0374 0544  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
04:49:32.0389 0544  vsmraid - ok
04:49:32.0436 0544  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
04:49:32.0483 0544  VSS - ok
04:49:32.0498 0544  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
04:49:32.0498 0544  vwifibus - ok
04:49:32.0530 0544  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
04:49:32.0530 0544  W32Time - ok
04:49:32.0545 0544  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
04:49:32.0545 0544  WacomPen - ok
04:49:32.0592 0544  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
04:49:32.0592 0544  WANARP - ok
04:49:32.0592 0544  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
04:49:32.0592 0544  Wanarpv6 - ok
04:49:32.0654 0544  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
04:49:32.0686 0544  WatAdminSvc - ok
04:49:32.0732 0544  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
04:49:32.0764 0544  wbengine - ok
04:49:32.0795 0544  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
04:49:32.0795 0544  WbioSrvc - ok
04:49:32.0810 0544  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
04:49:32.0826 0544  wcncsvc - ok
04:49:32.0826 0544  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:49:32.0826 0544  WcsPlugInService - ok
04:49:32.0857 0544  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
04:49:32.0857 0544  Wd - ok
04:49:32.0873 0544  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
04:49:32.0888 0544  Wdf01000 - ok
04:49:32.0888 0544  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
04:49:32.0904 0544  WdiServiceHost - ok
04:49:32.0904 0544  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
04:49:32.0904 0544  WdiSystemHost - ok
04:49:32.0935 0544  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
04:49:32.0951 0544  WebClient - ok
04:49:32.0966 0544  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
04:49:32.0966 0544  Wecsvc - ok
04:49:32.0966 0544  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
04:49:32.0982 0544  wercplsupport - ok
04:49:32.0998 0544  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
04:49:32.0998 0544  WerSvc - ok
04:49:33.0029 0544  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
04:49:33.0029 0544  WfpLwf - ok
04:49:33.0060 0544  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
04:49:33.0060 0544  WimFltr - ok
04:49:33.0076 0544  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
04:49:33.0076 0544  WIMMount - ok
04:49:33.0091 0544  WinDefend - ok
04:49:33.0107 0544  WinHttpAutoProxySvc - ok
04:49:33.0138 0544  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
04:49:33.0138 0544  Winmgmt - ok
04:49:33.0200 0544  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
04:49:33.0232 0544  WinRM - ok
04:49:33.0278 0544  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
04:49:33.0294 0544  WinUsb - ok
04:49:33.0325 0544  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
04:49:33.0341 0544  Wlansvc - ok
04:49:33.0466 0544  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:49:33.0481 0544  wlidsvc - ok
04:49:33.0528 0544  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
04:49:33.0528 0544  WmiAcpi - ok
04:49:33.0544 0544  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
04:49:33.0544 0544  wmiApSrv - ok
04:49:33.0575 0544  WMPNetworkSvc - ok
04:49:33.0606 0544  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
04:49:33.0606 0544  WPCSvc - ok
04:49:33.0637 0544  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
04:49:33.0637 0544  WPDBusEnum - ok
04:49:33.0653 0544  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
04:49:33.0653 0544  ws2ifsl - ok
04:49:33.0700 0544  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
04:49:33.0715 0544  wscsvc - ok
04:49:33.0715 0544  WSearch - ok
04:49:33.0809 0544  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
04:49:33.0871 0544  wuauserv - ok
04:49:33.0918 0544  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
04:49:33.0918 0544  WudfPf - ok
04:49:33.0949 0544  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
04:49:33.0949 0544  WUDFRd - ok
04:49:33.0996 0544  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
04:49:33.0996 0544  wudfsvc - ok
04:49:34.0027 0544  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
04:49:34.0027 0544  WwanSvc - ok
04:49:34.0058 0544  ================ Scan global ===============================
04:49:34.0090 0544  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:49:34.0121 0544  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
04:49:34.0136 0544  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
04:49:34.0152 0544  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:49:34.0183 0544  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:49:34.0199 0544  [Global] - ok
04:49:34.0199 0544  ================ Scan MBR ==================================
04:49:34.0214 0544  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
04:49:34.0370 0544  \Device\Harddisk0\DR0 - ok
04:49:34.0370 0544  ================ Scan VBR ==================================
04:49:34.0386 0544  [ A282163D612C85CDC4435DE06E55CD11 ] \Device\Harddisk0\DR0\Partition1
04:49:34.0386 0544  \Device\Harddisk0\DR0\Partition1 - ok
04:49:34.0402 0544  [ 2A272869E8AC7F698BB9D11275958FA3 ] \Device\Harddisk0\DR0\Partition2
04:49:34.0402 0544  \Device\Harddisk0\DR0\Partition2 - ok
04:49:34.0402 0544  ============================================================
04:49:34.0402 0544  Scan finished
04:49:34.0402 0544  ============================================================
04:49:34.0402 3296  Detected object count: 0
04:49:34.0402 3296  Actual detected object count: 0
04:50:16.0946 2584  Deinitialize success
 

Attached Files


Edited by Zartos, 12 March 2013 - 07:03 AM.


#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 12 March 2013 - 07:04 AM

You're welcome. :)

Thanks for the logs.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 Zartos

Zartos
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 March 2013 - 07:20 AM

ComboFix 13-03-11.01 - David 03/12/2013   5:10.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2393 [GMT -7:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-12 to 2013-03-12  )))))))))))))))))))))))))))))))
.
.
2013-03-12 12:17 . 2013-03-12 12:17    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-03-12 12:04 . 2013-03-12 12:04    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBE1D090-CCE2-42D1-A4B0-5C10C28CA3E4}\offreg.dll
2013-03-12 12:04 . 2013-02-08 00:28    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBE1D090-CCE2-42D1-A4B0-5C10C28CA3E4}\mpengine.dll
2013-03-12 07:38 . 2013-03-12 07:38    --------    d-----w-    c:\users\David\My Backup Files
2013-03-12 06:41 . 2013-03-12 06:41    --------    d-----w-    c:\users\David\Screenshots
2013-03-11 00:09 . 2013-02-08 00:28    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-05 23:55 . 2013-03-05 23:54    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 23:54 . 2013-03-05 23:54    --------    d-----w-    c:\program files (x86)\Java
2013-02-21 08:51 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-21 08:51 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-21 08:48 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-21 08:48 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-21 08:48 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-21 08:48 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-21 08:48 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-21 08:48 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-21 08:48 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-21 08:48 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-21 08:48 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-21 08:48 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-21 08:48 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-21 08:48 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 07:54 . 2012-04-01 10:07    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 07:54 . 2011-05-16 05:19    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:54 . 2012-07-07 12:05    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-05 23:54 . 2010-11-04 00:24    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-02-21 08:54 . 2011-02-14 05:06    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-10 03:25 . 2012-04-28 12:07    15275744    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2012-04-28 12:06    2854344    ----a-w-    c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-02-10 05:43    1114144    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-02-10 02:43 . 2013-02-10 02:43    555808    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-02-10 01:04 . 2012-04-28 12:07    6393120    ----a-w-    c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2012-04-28 12:07    3472672    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2012-04-28 12:07    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2012-04-28 12:07    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2012-04-28 12:07    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-02-09 13:25 . 2012-04-29 09:43    3035306    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-01-30 10:53 . 2011-02-23 23:01    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-20 23:59 . 2013-01-20 23:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 23:59 . 2012-03-21 03:44    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-21 08:48    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2012-10-11 04:23    1504696    ----a-w-    c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-02-10 05:43    1813432    ----a-w-    c:\windows\system32\nvdispco64.dll
2012-12-18 08:31 . 2012-04-29 09:42    1510328    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2012-12-16 17:11 . 2012-12-27 13:35    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-27 13:35    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-27 13:35    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-27 13:35    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-06-24 02:08    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-10 383264]
S3 RTL8023x64;Dynex DX-E102 PCI 10/100Mb Network Adapter Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-07-23 52736]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 41279170
*Deregistered* - 41279170
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 05:27    1630672    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 07:54]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 18:59]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 18:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tcdeucgv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-01-22 19:32; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tcdeucgv.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-RunOnce-Z1 - c:\users\David\Desktop\mbar-1.01.0.1021\mbar\mbar.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-133748524-1769667520-4195161268-1001\Software\SecuROM\License information*]
"datasecu"=hex:27,6a,80,d8,3f,79,f6,94,85,87,88,59,71,db,a3,59,f3,5e,68,44,95,
   9e,1f,e1,47,27,60,c0,0f,d1,2b,32,7c,3e,ce,7d,7a,9c,9c,3c,6b,00,dd,ae,73,ef,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-12  05:18:40
ComboFix-quarantined-files.txt  2013-03-12 12:18
.
Pre-Run: 265,123,131,392 bytes free
Post-Run: 265,026,383,872 bytes free
.
- - End Of File - - 17E165F3E0547EC7334C8A815C33B629
 



#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 12 March 2013 - 08:46 AM

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 Zartos

Zartos
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 March 2013 - 09:27 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01
Ran by SYSTEM at 12-03-2013 07:23:48
Running from I:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms [206064 2009-05-05] (SupportSoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\UpdatusUser.CDTS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [877856 2013-02-09] (NVIDIA Corporation)
2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1266464 2013-02-09] (NVIDIA Corporation)
2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [383264 2013-02-09] (NVIDIA Corporation)

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2009-07-23] (Realtek Semiconductor Corporation                           )
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-12 07:09 - 2013-03-12 07:18 - 00000000 ____D C:\Qoobox
2013-03-12 07:09 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-12 07:09 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-12 07:09 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-03-12 07:09 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-12 07:09 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-12 07:09 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-12 07:09 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-12 07:09 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-12 07:06 - 2013-03-12 07:07 - 05037889 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2013-03-12 06:06 - 2013-03-12 06:06 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe
2013-03-12 06:01 - 2013-03-12 06:02 - 04732416 ____A (AVAST Software) C:\Users\David\Desktop\aswMBR.exe
2013-03-12 05:54 - 2013-03-12 05:55 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com
2013-03-12 02:38 - 2013-03-12 02:38 - 00000000 ____D C:\Users\David\My Backup Files
2013-03-12 01:45 - 2013-03-12 01:45 - 00816640 ____A C:\Users\David\Desktop\RogueKiller.exe
2013-03-12 01:41 - 2013-03-12 01:41 - 00000000 ____D C:\Users\David\Screenshots
2013-03-12 00:22 - 2013-03-12 00:22 - 00001080 ____A C:\Users\David\Documents - Shortcut.lnk
2013-03-07 22:37 - 2013-03-07 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-05 18:55 - 2013-03-05 18:54 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-05 18:55 - 2013-03-05 18:54 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-05 18:55 - 2013-03-05 18:54 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-05 18:55 - 2013-03-05 18:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-05 18:54 - 2013-03-05 18:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-02-21 03:49 - 2013-01-08 20:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-21 03:49 - 2013-01-08 20:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-21 03:49 - 2013-01-08 20:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-21 03:49 - 2013-01-08 20:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-21 03:49 - 2013-01-08 20:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-21 03:49 - 2013-01-08 20:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-21 03:49 - 2013-01-08 20:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-21 03:49 - 2013-01-08 20:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-21 03:49 - 2013-01-08 20:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-21 03:49 - 2013-01-08 20:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-21 03:49 - 2013-01-08 20:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-21 03:49 - 2013-01-08 20:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-21 03:49 - 2013-01-08 20:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-21 03:49 - 2013-01-08 20:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-21 03:49 - 2013-01-08 20:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-21 03:49 - 2013-01-08 20:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-21 03:49 - 2013-01-08 17:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-21 03:49 - 2013-01-08 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-21 03:49 - 2013-01-08 17:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-21 03:49 - 2013-01-08 17:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-21 03:49 - 2013-01-08 17:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-21 03:49 - 2013-01-08 17:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-21 03:49 - 2013-01-08 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-21 03:49 - 2013-01-08 17:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-21 03:49 - 2013-01-08 16:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-21 03:49 - 2013-01-08 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-21 03:49 - 2013-01-08 16:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-21 03:49 - 2013-01-08 16:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-21 03:49 - 2013-01-08 16:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-21 03:49 - 2013-01-08 16:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-21 03:49 - 2013-01-08 16:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-21 03:49 - 2013-01-08 16:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-21 03:48 - 2013-01-05 00:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-21 03:48 - 2013-01-05 00:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-21 03:48 - 2013-01-05 00:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-21 03:48 - 2013-01-04 00:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-21 03:48 - 2013-01-03 23:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-21 03:48 - 2013-01-03 22:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-21 03:48 - 2013-01-03 21:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-21 03:48 - 2013-01-03 21:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-21 03:48 - 2013-01-03 21:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-21 03:48 - 2013-01-03 21:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-21 03:48 - 2013-01-03 01:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-21 03:48 - 2013-01-03 01:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-19 09:24 - 2013-02-09 22:25 - 26947360 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 25256736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 20534560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 17987192 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 15038296 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 12862400 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 11040544 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-02-19 09:24 - 2013-02-09 22:25 - 09422672 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 07964680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 07569184 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 06267240 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 02911008 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 02726176 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 02528840 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 02350368 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 01990944 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 01807136 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6420294.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6420162.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 00963776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 00250504 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-02-19 09:24 - 2013-02-09 22:25 - 00205184 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-02-19 09:24 - 2012-12-19 00:42 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-02-19 09:24 - 2012-12-19 00:41 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-02-15 03:53 - 2013-02-15 03:53 - 00000000 ____D C:\Users\David\My Documents\League of Legends
2013-02-15 03:53 - 2013-02-15 03:53 - 00000000 ____D C:\Users\David\Documents\League of Legends


==================== One Month Modified Files and Folders =======

2013-03-12 09:21 - 2011-02-12 23:14 - 00000000 ____D C:\users\David
2013-03-12 09:21 - 2009-07-14 00:10 - 01080274 ____A C:\Windows\WindowsUpdate.log
2013-03-12 09:16 - 2009-07-14 00:13 - 00780156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-12 08:52 - 2012-07-01 09:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-12 08:27 - 2012-02-23 13:59 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-12 07:23 - 2013-03-12 07:23 - 00000000 ____D C:\FRST
2013-03-12 07:18 - 2013-03-12 07:09 - 00000000 ____D C:\Qoobox
2013-03-12 07:17 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2013-03-12 07:09 - 2012-07-06 06:43 - 00000000 ____D C:\Windows\erdnt
2013-03-12 07:07 - 2013-03-12 07:06 - 05037889 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2013-03-12 06:56 - 2012-04-02 17:49 - 00472576 __ASH C:\Users\David\Desktop\Thumbs.db
2013-03-12 06:06 - 2013-03-12 06:06 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe
2013-03-12 06:02 - 2013-03-12 06:01 - 04732416 ____A (AVAST Software) C:\Users\David\Desktop\aswMBR.exe
2013-03-12 05:55 - 2013-03-12 05:54 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com
2013-03-12 03:00 - 2010-11-03 21:50 - 00000000 ____D C:\dell
2013-03-12 02:55 - 2010-11-03 19:27 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-03-12 02:55 - 2010-11-03 19:27 - 00000000 ____D C:\ProgramData\Adobe
2013-03-12 02:54 - 2012-04-01 05:07 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-12 02:54 - 2011-05-16 00:19 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-12 02:38 - 2013-03-12 02:38 - 00000000 ____D C:\Users\David\My Backup Files
2013-03-12 02:38 - 2011-02-12 23:14 - 00000000 ____D C:\Users\David\Local Settings\SoftThinks
2013-03-12 02:38 - 2011-02-12 23:14 - 00000000 ____D C:\Users\David\Local Settings\Application Data\SoftThinks
2013-03-12 02:38 - 2011-02-12 23:14 - 00000000 ____D C:\Users\David\AppData\Local\SoftThinks
2013-03-12 02:38 - 2010-11-03 19:30 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-03-12 02:19 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-12 02:19 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-12 02:12 - 2012-02-23 13:59 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-12 02:12 - 2011-10-06 00:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-03-12 02:12 - 2011-10-06 00:32 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-03-12 02:12 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-12 02:12 - 2009-07-13 23:51 - 00209112 ____A C:\Windows\setupact.log
2013-03-12 02:10 - 2013-02-09 02:29 - 00000000 ____D C:\Users\David\Local Settings\Solid State Networks
2013-03-12 02:10 - 2013-02-09 02:29 - 00000000 ____D C:\Users\David\Local Settings\Application Data\Solid State Networks
2013-03-12 02:10 - 2013-02-09 02:29 - 00000000 ____D C:\Users\David\AppData\Local\Solid State Networks
2013-03-12 02:10 - 2013-02-09 02:28 - 00000000 ____D C:\Program Files (x86)\MeteorEntertainment
2013-03-12 01:56 - 2010-11-03 21:19 - 02558780 ____A C:\Windows\PFRO.log
2013-03-12 01:48 - 2012-03-12 13:52 - 00000000 __SHD C:\Users\David\Local Settings\Application Data\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}
2013-03-12 01:48 - 2012-03-12 13:52 - 00000000 __SHD C:\Users\David\Local Settings\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}
2013-03-12 01:48 - 2012-03-12 13:52 - 00000000 __SHD C:\Users\David\AppData\Local\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}
2013-03-12 01:45 - 2013-03-12 01:45 - 00816640 ____A C:\Users\David\Desktop\RogueKiller.exe
2013-03-12 01:41 - 2013-03-12 01:41 - 00000000 ____D C:\Users\David\Screenshots
2013-03-12 00:22 - 2013-03-12 00:22 - 00001080 ____A C:\Users\David\Documents - Shortcut.lnk
2013-03-11 21:26 - 2012-02-23 23:00 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-03-11 21:26 - 2010-11-03 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-03-11 21:22 - 2011-02-13 00:11 - 00000000 ____D C:\Program Files (x86)\Steam
2013-03-08 06:50 - 2012-07-10 20:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-07 22:37 - 2013-03-07 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-06 00:28 - 2011-02-13 23:25 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-03-05 18:54 - 2013-03-05 18:55 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-05 18:54 - 2013-03-05 18:55 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-05 18:54 - 2013-03-05 18:55 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-05 18:54 - 2013-03-05 18:55 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-05 18:54 - 2013-03-05 18:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-03-05 18:54 - 2012-07-07 07:05 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-03-05 18:54 - 2010-11-03 19:24 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-03-04 17:29 - 2010-11-03 19:34 - 00146984 ____A C:\Windows\DirectX.log
2013-03-04 12:01 - 2012-04-30 22:46 - 00000000 ____D C:\Users\David\My Documents\My Games
2013-03-04 12:01 - 2012-04-30 22:46 - 00000000 ____D C:\Users\David\Documents\My Games
2013-02-21 04:09 - 2012-01-03 12:16 - 00000000 ____D C:\Users\David\Application Data\SoftGrid Client
2013-02-21 04:09 - 2012-01-03 12:16 - 00000000 ____D C:\Users\David\AppData\Roaming\SoftGrid Client
2013-02-21 04:07 - 2011-03-30 18:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-21 04:07 - 2011-03-30 18:11 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy
2013-02-21 04:03 - 2012-04-29 04:44 - 00000000 ____D C:\users\UpdatusUser.CDTS-PC
2013-02-21 04:01 - 2009-07-13 23:45 - 00271008 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-21 03:54 - 2011-02-14 00:06 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-21 03:51 - 2012-07-07 07:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-02-21 03:51 - 2012-07-07 07:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-02-21 03:51 - 2012-06-26 05:53 - 00001945 ____A C:\Windows\epplauncher.mif
2013-02-20 22:17 - 2011-11-27 18:22 - 00000000 ____D C:\Users\David\Desktop\Mom
2013-02-19 09:26 - 2012-04-26 18:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-02-19 09:25 - 2012-04-26 18:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-02-19 09:12 - 2012-07-07 07:07 - 00000000 ____D C:\Program Files\CCleaner
2013-02-15 03:53 - 2013-02-15 03:53 - 00000000 ____D C:\Users\David\My Documents\League of Legends
2013-02-15 03:53 - 2013-02-15 03:53 - 00000000 ____D C:\Users\David\Documents\League of Legends
2013-02-12 21:04 - 2012-05-14 16:14 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-02-12 10:08 - 2009-07-14 00:08 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-09 20:24:20
Restore point made on: 2013-03-11 21:24:49
Restore point made on: 2013-03-11 21:26:35

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.98 MB
Available physical RAM: 3507.61 MB
Total Pagefile: 4093.13 MB
Available Pagefile: 3497.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:246.65 GB) NTFS
7 Drive i: (USB DISK) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
8 Drive j: (RECOVERY) (Fixed) (Total:12.03 GB) (Free:5.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online          247 MB      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         
  Disk 5    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 259D4594

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 39 MB    31 KB
  Partition 2    Primary             12 GB    40 MB
  Partition 3    Primary            453 GB    12 GB

==================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 8                      FAT    Partition     39 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     J   RECOVERY     NTFS   Partition     12 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    453 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

Disk ID: B90A64DD

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            247 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     I   USB DISK     FAT    Removable    247 MB  Healthy            

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 259D4594

Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 2:
=========
Hex: 8019150507FEFFFF0040010000F08001
Active: YES
Type: 07 (NTFS)
Size: 12 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF003082010028B638
Active: NO
Type: 07 (NTFS)
Size: 454 GB

==============================
Partitions of Disk 1:
===============
Disk ID: B90A64DD

Partition 1:
=========
Hex: 00010100064020F920000000E0BB0700
Active: NO
Type: 06
Size: 247 MB


Last Boot: 2013-03-07 10:36

==================== End Of Log =============================



#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 12 March 2013 - 12:43 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
Start
C:\Users\David\Local Settings\Application Data\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}
C:\Users\David\Local Settings\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}
C:\Users\David\AppData\Local\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7}
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 Zartos

Zartos
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 March 2013 - 08:29 PM

After running this I am now told my version of windows is not genuine: http://imgur.com/0GnA6Sx

Also MSE says: http://imgur.com/QzDfxY1

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2013 01
Ran by SYSTEM at 2013-03-12 18:26:44 Run:1
Running from I:\

==============================================

C:\Users\David\Local Settings\Application Data\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7} moved successfully.
C:\Users\David\Local Settings\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7} not found.
C:\Users\David\AppData\Local\{a6e118fe-4fae-05d8-c6d5-09ed7bce2bf7} not found.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.

==== End of Fixlog ====


Edited by Zartos, 12 March 2013 - 08:47 PM.


#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 13 March 2013 - 12:40 AM

I need to make sure your Windows is genuine before we continue.

MGADiag
  • Please download MGADiag and save it to your desktop.
  • Double click the diagicon.png icon on your desktop.
  • Push continue.png
  • Push copy.png
  • Go to Start -> Run and type in "Notepad"
  • Go to Edit -> Paste in notepad.
  • Copy and paste that log here.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 Zartos

Zartos
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 13 March 2013 - 12:47 AM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {9E8D6781-6137-451A-9AF1-AE92075987C9}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130104-1431
TTS Error: T:20130312183012838-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9E8D6781-6137-451A-9AF1-AE92075987C9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-133748524-1769667520-4195161268</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 560  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04    </Version><SMBIOSVersion major="2" minor="6"/><Date>20100702000000.000000+000</Date></BIOS><HWID>F1C73C07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>ECS    </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: U1BMRwEAAAAAAQAACAAAAK8nAAAAAAAAYWECAAAAAACX281Oih/OAWbXGpOihAOpMHzDmWxsjuqBew6tG0MUtzQhJ5IKdJqtdG3pHv3Nf5JzvLNgsjDlDTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHUnws9cNXG5heTgWYVSddv20yvDIj0lnc+qEbTWdTjggzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Software licensing service version: 6.1.7601.17514
Error: product key not found.

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C4A8
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:12:2013 18:44
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEA6GGwGfDpgsDArzbDPsRCtxT7Rso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            070210        APIC1823
  FACP            070210        FACP1823
  HPET            070210        OEMHPET
  MCFG            070210        OEMMCFG
  SLIC            DELL          ECS    
  OEMB            070210        OEMB1823
  GSCI            070210        GMCHSCI
  SSDT            DpgPmm        CpuPm

 



#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 13 March 2013 - 12:56 AM

The rootkit may have borked the product key. I will have to discuss this with my colleagues on the next step.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 Zartos

Zartos
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 13 March 2013 - 12:57 AM

Alrighty






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users