Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove HEUR:Exploit.Java.CVE-2012-1723.gen


  • This topic is locked This topic is locked
8 replies to this topic

#1 sergeigrey1

sergeigrey1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 14 May 2013 - 02:01 AM

Hi

 

I would be grateful if you could help me to remove the trojan HEUR:Exploit.Java.CVE-2012-1723.gen I found on my PC by using Kaspersky Security Scan. My laptop runs Windows 7 and I have recently noticed that it sarted to slow down. I followed the advice on ypour website and tried to remove different programmes running during StartUp. I also run Kaspersky Scan instead of Avast I normall use and it found the above trojan.

I have tried to remobve this trojan manually by following the advice posted on the web, i.e. I run my PC in Safe mode and tried to delete trojan related files as identified by its name. I also tried to look at the stat up menu and see if I can spot the trojan present there. After that, I run regedit and checked entries for the viirus in HKEY_CURRENT_USER directory (Software\Windows\Microsoft\Current version\Run and... RunOnce) and HKEY_LOCAL_MACHINE (Software\Windows\Microsoft\Current version\Run

 .... SOftware\Classes\Interface). I aso checked few other places suggested by the forum on Kaspersky's website, but I cannot find any sign of the trojan' presence in the places indicated. Meanwhile, if I run Kaspersky Scan, it indicates the presence of the trojan.

I have spent a lot of time trying to clean up my PC and I cannot manually remove the trojan. I would be very graeful if you could help.

 

As advised, I prepared my PC for running malware removal tools by backing up my data etc. I also downloaded ad run DDS. Please find below DDS text log. I also attach the attach.txt file to this post.

------------------

-------------DDS.txt------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.21.2
Run by Sergei at 18:43:15 on 2013-05-14
.
============== Running Processes ================
.
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Sergei\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{4D7BD8C8-42B5-4B2A-869D-3A5ECC8E91AE} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{4D7BD8C8-42B5-4B2A-869D-3A5ECC8E91AE}\84F6C6964616970294E6E602845616478627F6770214279656C60275966496 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4D7BD8C8-42B5-4B2A-869D-3A5ECC8E91AE}\D6F657E6471696E602275637F62747021343 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4D7BD8C8-42B5-4B2A-869D-3A5ECC8E91AE}\E4164796F6E6D286F6473707F647D263 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4D7BD8C8-42B5-4B2A-869D-3A5ECC8E91AE}\E4544574541425D205C65737E65647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7527B73C-8388-44AA-B18D-457788DDEE7C} : DHCPNameServer = 10.1.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sergei\AppData\Roaming\Mozilla\Firefox\Profiles\v9hxjzio.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-07-02 20:18; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 01f3da40-f336-4b32-8414-6e3d47682ef4
.
============= SERVICES / DRIVERS ===============
.
R? 0028311357419075mcinstcleanup;McAfee Application Installer Cleanup (0028311357419075)
R? aswVmm;aswVmm
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? HTCAND64;HTC Device Driver
R? htcnprot;HTC NDIS Protocol Driver
R? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
R? SkypeUpdate;Skype Updater
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? AESTFilters;Andrea ST Filters Service
S? AMD External Events Utility;AMD External Events Utility
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? btwampfl;Bluetooth AMP USB Filter
S? btwl2cap;Bluetooth L2CAP Service
S? cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester
S? clwvd;CyberLink WebCam Virtual Driver
S? ezSharedSvc;Easybits Services for Windows
S? FPLService;TrueSuiteService
S? HP Support Assistant Service;HP Support Assistant Service
S? HP Wireless Assistant Service;HP Wireless Assistant Service
S? HPClientSvc;HP Client Services
S? hpsrv;HP Service
S? HPWMISVC;HPWMISVC
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? IconMan_R;IconMan_R
S? IntcDAud;Intel® Display Audio
S? intelkmd;intelkmd
S? KSS;Kaspersky Security Scan Service
S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
S? PassThru Service;Internet Pass-Through Service
S? RSPCIESTOR;Realtek PCIE CardReader Driver
S? RTL8167;Realtek 8167 NT Driver
S? TomTomHOMEService;TomTomHOMEService
S? UNS;Intel® Management and Security Application User Notification Service
.
=============== Created Last 30 ================
.
2013-05-14 02:11:38    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96249E33-2E9B-461A-BA51-4B81C5D8E387}\offreg.dll
2013-05-14 02:09:19    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2013-05-14 02:01:51    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2013-05-14 00:13:10    --------    d-----w-    C:\ProgramData\Kaspersky Lab Setup Files
2013-05-13 21:13:32    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-05-13 21:13:32    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2013-05-12 08:14:46    9317456    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96249E33-2E9B-461A-BA51-4B81C5D8E387}\mpengine.dll
2013-05-06 22:27:10    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 01:30:30    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-15 12:27:15    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-04-15 12:27:14    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-04-15 12:27:11    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-04-15 12:27:11    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-04-15 12:27:10    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-04-15 12:27:10    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-04-15 12:26:45    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-15 12:26:34    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-04-15 12:26:16    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-15 12:26:14    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 12:26:12    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 12:26:11    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-15 12:26:11    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-15 12:26:11    112640    ----a-w-    C:\Windows\System32\smss.exe
.
==================== Find3M  ====================
.
2013-05-06 22:26:59    866720    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-05-06 22:26:59    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-05-01 14:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-20 22:52:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 22:52:10    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33:21    70992    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 23:33:21    178624    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 23:33:21    1025808    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51    41664    ----a-w-    C:\Windows\avastSS.scr
2013-02-22 06:27:49    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-22 06:19:37    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 18:43:58.08 ===============
 

Attached File  Attach.txt   10.47KB   1 downloadsAttached File  Attach.txt   10.47KB   1 downloads

In the past, I tried to run Malware removal software, but not on this laptop. I often found that they did not clean up my PC. I would be gratefl if you could help me to remove the above trojan.

 

Thank you in advance

 

Sergei

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 16 May 2013 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#3 sergeigrey1

sergeigrey1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 17 May 2013 - 05:09 AM

Hi nasdaq

 

Thank you for finding time to help me. I was very worried about finding this trojan and not being able to get rid of it. While waiting for your reply, I downloaded Windows Defender offline on another PC, saved it on USB stick and run it on my infected computer. The software found the Trojan and deleted several entries from the registry. I could not save the log of what it did (there were seven or eight lines only) as Windows Defender was running from the USB stick. I am not convinced, however, that the trojan is gone, so I followed your instructions and run first TDSSKiller as advised. It found 11 suspicious objects (all seem to be legitimate processes), but no Malicious objects. Here is the log file created by this program:

 

21:09:23.0993 7756  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:09:24.0653 7756  ============================================================
21:09:24.0653 7756  Current date / time: 2013/05/17 21:09:24.0653
21:09:24.0653 7756  SystemInfo:
21:09:24.0653 7756  
21:09:24.0653 7756  OS Version: 6.1.7601 ServicePack: 1.0
21:09:24.0653 7756  Product type: Workstation
21:09:24.0653 7756  ComputerName: SERGEI-HP
21:09:24.0653 7756  UserName: Sergei
21:09:24.0653 7756  Windows directory: C:\Windows
21:09:24.0653 7756  System windows directory: C:\Windows
21:09:24.0653 7756  Running under WOW64
21:09:24.0653 7756  Processor architecture: Intel x64
21:09:24.0653 7756  Number of processors: 8
21:09:24.0653 7756  Page size: 0x1000
21:09:24.0653 7756  Boot type: Normal boot
21:09:24.0653 7756  ============================================================
21:09:25.0513 7756  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:25.0523 7756  ============================================================
21:09:25.0523 7756  \Device\Harddisk0\DR0:
21:09:25.0523 7756  MBR partitions:
21:09:25.0523 7756  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:09:25.0523 7756  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55519800
21:09:25.0523 7756  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5557D800, BlocksNum 0x1F95000
21:09:25.0523 7756  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
21:09:25.0523 7756  ============================================================
21:09:25.0633 7756  C: <-> \Device\Harddisk0\DR0\Partition2
21:09:25.0743 7756  D: <-> \Device\Harddisk0\DR0\Partition3
21:09:25.0793 7756  F: <-> \Device\Harddisk0\DR0\Partition4
21:09:25.0793 7756  ============================================================
21:09:25.0793 7756  Initialize success
21:09:25.0793 7756  ============================================================
21:10:46.0893 8068  ============================================================
21:10:46.0893 8068  Scan started
21:10:46.0893 8068  Mode: Manual; SigCheck; TDLFS;
21:10:46.0893 8068  ============================================================
21:10:48.0503 8068  ================ Scan system memory ========================
21:10:48.0503 8068  System memory - ok
21:10:48.0503 8068  ================ Scan services =============================
21:10:48.0953 8068  0028311357419075mcinstcleanup - ok
21:10:49.0113 8068  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:10:49.0273 8068  1394ohci - ok
21:10:49.0313 8068  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
21:10:49.0403 8068  Accelerometer - ok
21:10:49.0473 8068  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:10:49.0503 8068  ACPI - ok
21:10:49.0523 8068  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:10:49.0623 8068  AcpiPmi - ok
21:10:49.0693 8068  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:10:49.0733 8068  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:10:49.0733 8068  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:10:49.0833 8068  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:10:49.0873 8068  AdobeARMservice - ok
21:10:50.0003 8068  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:50.0033 8068  AdobeFlashPlayerUpdateSvc - ok
21:10:50.0063 8068  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:10:50.0093 8068  adp94xx - ok
21:10:50.0123 8068  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:10:50.0143 8068  adpahci - ok
21:10:50.0163 8068  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:10:50.0183 8068  adpu320 - ok
21:10:50.0223 8068  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:10:50.0323 8068  AeLookupSvc - ok
21:10:50.0413 8068  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
21:10:50.0503 8068  AESTFilters - ok
21:10:50.0543 8068  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:10:50.0623 8068  AFD - ok
21:10:50.0663 8068  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:10:50.0673 8068  agp440 - ok
21:10:50.0723 8068  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:10:50.0813 8068  ALG - ok
21:10:50.0843 8068  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:10:50.0863 8068  aliide - ok
21:10:50.0893 8068  [ 951F9713EBB69866EA24E4E53D270A02 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:10:50.0983 8068  AMD External Events Utility - ok
21:10:51.0003 8068  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:10:51.0013 8068  amdide - ok
21:10:51.0043 8068  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:10:51.0083 8068  AmdK8 - ok
21:10:51.0313 8068  [ C4A36B9AFB5C993C0A750589BBEAC845 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:10:51.0633 8068  amdkmdag - ok
21:10:51.0723 8068  [ EE789EA97D06BEC75FCD5E69BB69A93B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:10:51.0773 8068  amdkmdap - ok
21:10:51.0783 8068  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:10:51.0873 8068  AmdPPM - ok
21:10:51.0903 8068  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:10:51.0943 8068  amdsata - ok
21:10:51.0983 8068  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:10:51.0993 8068  amdsbs - ok
21:10:52.0073 8068  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:10:52.0103 8068  amdxata - ok
21:10:52.0143 8068  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:10:52.0333 8068  AppID - ok
21:10:52.0353 8068  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:10:52.0433 8068  AppIDSvc - ok
21:10:52.0473 8068  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
21:10:52.0513 8068  Appinfo - ok
21:10:52.0563 8068  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:10:52.0583 8068  arc - ok
21:10:52.0593 8068  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:10:52.0613 8068  arcsas - ok
21:10:52.0663 8068  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:10:52.0693 8068  aswFsBlk - ok
21:10:52.0733 8068  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:10:52.0753 8068  aswMonFlt - ok
21:10:52.0793 8068  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
21:10:52.0823 8068  aswRdr - ok
21:10:52.0843 8068  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
21:10:52.0873 8068  aswRvrt - ok
21:10:52.0923 8068  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:10:52.0973 8068  aswSnx - ok
21:10:53.0003 8068  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:10:53.0023 8068  aswSP - ok
21:10:53.0073 8068  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:10:53.0083 8068  aswTdi - ok
21:10:53.0103 8068  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
21:10:53.0123 8068  aswVmm - ok
21:10:53.0143 8068  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:53.0203 8068  AsyncMac - ok
21:10:53.0233 8068  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:10:53.0243 8068  atapi - ok
21:10:53.0283 8068  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:10:53.0413 8068  AudioEndpointBuilder - ok
21:10:53.0423 8068  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:10:53.0453 8068  AudioSrv - ok
21:10:53.0593 8068  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:10:53.0623 8068  avast! Antivirus - ok
21:10:53.0653 8068  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:10:53.0703 8068  AxInstSV - ok
21:10:53.0743 8068  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:10:53.0813 8068  b06bdrv - ok
21:10:53.0833 8068  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:53.0893 8068  b57nd60a - ok
21:10:53.0993 8068  [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:10:54.0083 8068  BCM43XX - ok
21:10:54.0103 8068  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:10:54.0153 8068  BDESVC - ok
21:10:54.0183 8068  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:10:54.0233 8068  Beep - ok
21:10:54.0293 8068  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:10:54.0373 8068  BFE - ok
21:10:54.0423 8068  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:10:54.0493 8068  BITS - ok
21:10:54.0523 8068  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:54.0553 8068  blbdrive - ok
21:10:54.0573 8068  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:10:54.0603 8068  bowser - ok
21:10:54.0643 8068  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:10:54.0703 8068  BrFiltLo - ok
21:10:54.0743 8068  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:10:54.0763 8068  BrFiltUp - ok
21:10:54.0783 8068  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:10:54.0853 8068  BridgeMP - ok
21:10:54.0893 8068  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:10:54.0933 8068  Browser - ok
21:10:54.0973 8068  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:10:55.0043 8068  Brserid - ok
21:10:55.0083 8068  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:55.0153 8068  BrSerWdm - ok
21:10:55.0193 8068  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:55.0233 8068  BrUsbMdm - ok
21:10:55.0263 8068  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:55.0313 8068  BrUsbSer - ok
21:10:55.0353 8068  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:10:55.0503 8068  BthEnum - ok
21:10:55.0533 8068  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:10:55.0583 8068  BTHMODEM - ok
21:10:55.0623 8068  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:10:55.0663 8068  BthPan - ok
21:10:55.0713 8068  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:10:55.0773 8068  BTHPORT - ok
21:10:55.0813 8068  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:10:55.0903 8068  bthserv - ok
21:10:55.0923 8068  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:10:55.0953 8068  BTHUSB - ok
21:10:55.0993 8068  [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
21:10:56.0023 8068  btwampfl - ok
21:10:56.0053 8068  [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:10:56.0063 8068  btwaudio - ok
21:10:56.0083 8068  [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
21:10:56.0093 8068  btwavdt - ok
21:10:56.0173 8068  [ 692F8648D7686D91E34A65AC698019D8 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:10:56.0203 8068  btwdins - ok
21:10:56.0233 8068  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:10:56.0243 8068  btwl2cap - ok
21:10:56.0253 8068  [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:10:56.0263 8068  btwrchid - ok
21:10:56.0263 8068  catchme - ok
21:10:56.0323 8068  [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11  C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
21:10:56.0343 8068  cbVSCService11 ( UnsignedFile.Multi.Generic ) - warning
21:10:56.0343 8068  cbVSCService11 - detected UnsignedFile.Multi.Generic (1)
21:10:56.0383 8068  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:10:56.0473 8068  cdfs - ok
21:10:56.0503 8068  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:10:56.0543 8068  cdrom - ok
21:10:56.0573 8068  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:10:56.0633 8068  CertPropSvc - ok
21:10:56.0663 8068  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:10:56.0713 8068  circlass - ok
21:10:56.0753 8068  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:10:56.0783 8068  CLFS - ok
21:10:56.0853 8068  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:56.0873 8068  clr_optimization_v2.0.50727_32 - ok
21:10:56.0923 8068  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:56.0953 8068  clr_optimization_v2.0.50727_64 - ok
21:10:57.0013 8068  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:57.0073 8068  clr_optimization_v4.0.30319_32 - ok
21:10:57.0103 8068  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:57.0133 8068  clr_optimization_v4.0.30319_64 - ok
21:10:57.0153 8068  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
21:10:57.0163 8068  clwvd - ok
21:10:57.0193 8068  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:57.0223 8068  CmBatt - ok
21:10:57.0243 8068  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:10:57.0253 8068  cmdide - ok
21:10:57.0283 8068  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:10:57.0333 8068  CNG - ok
21:10:57.0363 8068  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:10:57.0373 8068  Compbatt - ok
21:10:57.0403 8068  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:10:57.0463 8068  CompositeBus - ok
21:10:57.0463 8068  COMSysApp - ok
21:10:57.0503 8068  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:10:57.0523 8068  crcdisk - ok
21:10:57.0553 8068  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:10:57.0593 8068  CryptSvc - ok
21:10:57.0653 8068  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:10:57.0723 8068  DcomLaunch - ok
21:10:57.0753 8068  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:10:57.0843 8068  defragsvc - ok
21:10:57.0893 8068  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:10:57.0983 8068  DfsC - ok
21:10:58.0023 8068  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:10:58.0083 8068  Dhcp - ok
21:10:58.0113 8068  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:10:58.0183 8068  discache - ok
21:10:58.0213 8068  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:10:58.0243 8068  Disk - ok
21:10:58.0273 8068  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:10:58.0333 8068  Dnscache - ok
21:10:58.0373 8068  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:10:58.0453 8068  dot3svc - ok
21:10:58.0483 8068  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:10:58.0523 8068  Dot4 - ok
21:10:58.0553 8068  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:10:58.0593 8068  Dot4Print - ok
21:10:58.0623 8068  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:10:58.0673 8068  dot4usb - ok
21:10:58.0703 8068  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:10:58.0773 8068  DPS - ok
21:10:58.0803 8068  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:10:58.0823 8068  drmkaud - ok
21:10:58.0863 8068  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:10:58.0903 8068  DXGKrnl - ok
21:10:58.0933 8068  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:10:58.0993 8068  EapHost - ok
21:10:59.0083 8068  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:10:59.0223 8068  ebdrv - ok
21:10:59.0263 8068  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:10:59.0323 8068  EFS - ok
21:10:59.0393 8068  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:10:59.0453 8068  ehRecvr - ok
21:10:59.0493 8068  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:10:59.0573 8068  ehSched - ok
21:10:59.0593 8068  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:10:59.0623 8068  elxstor - ok
21:10:59.0643 8068  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:10:59.0673 8068  ErrDev - ok
21:10:59.0733 8068  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:10:59.0823 8068  EventSystem - ok
21:10:59.0853 8068  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:10:59.0913 8068  exfat - ok
21:10:59.0913 8068  ezSharedSvc - ok
21:10:59.0963 8068  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:11:00.0023 8068  fastfat - ok
21:11:00.0073 8068  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:11:00.0183 8068  Fax - ok
21:11:00.0223 8068  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:11:00.0253 8068  fdc - ok
21:11:00.0313 8068  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:11:00.0373 8068  fdPHost - ok
21:11:00.0393 8068  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:11:00.0423 8068  FDResPub - ok
21:11:00.0433 8068  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:11:00.0443 8068  FileInfo - ok
21:11:00.0483 8068  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:11:00.0533 8068  Filetrace - ok
21:11:00.0563 8068  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:00.0583 8068  flpydisk - ok
21:11:00.0623 8068  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:11:00.0633 8068  FltMgr - ok
21:11:00.0723 8068  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:11:00.0773 8068  FontCache - ok
21:11:00.0843 8068  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:11:00.0853 8068  FontCache3.0.0.0 - ok
21:11:00.0913 8068  [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
21:11:00.0923 8068  FPLService - ok
21:11:00.0953 8068  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:11:00.0963 8068  FsDepends - ok
21:11:00.0993 8068  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:11:01.0003 8068  Fs_Rec - ok
21:11:01.0033 8068  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:11:01.0073 8068  fvevol - ok
21:11:01.0093 8068  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:01.0113 8068  gagp30kx - ok
21:11:01.0163 8068  [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:11:01.0183 8068  GameConsoleService - ok
21:11:01.0223 8068  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:11:01.0283 8068  gpsvc - ok
21:11:01.0323 8068  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:11:01.0363 8068  hcw85cir - ok
21:11:01.0403 8068  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:11:01.0453 8068  HdAudAddService - ok
21:11:01.0473 8068  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:11:01.0513 8068  HDAudBus - ok
21:11:01.0533 8068  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:01.0573 8068  HidBatt - ok
21:11:01.0583 8068  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:11:01.0623 8068  HidBth - ok
21:11:01.0653 8068  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:11:01.0663 8068  HidIr - ok
21:11:01.0693 8068  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:11:01.0763 8068  hidserv - ok
21:11:01.0793 8068  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:11:01.0843 8068  HidUsb - ok
21:11:01.0893 8068  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:11:01.0993 8068  hkmsvc - ok
21:11:02.0033 8068  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:11:02.0073 8068  HomeGroupListener - ok
21:11:02.0103 8068  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:11:02.0133 8068  HomeGroupProvider - ok
21:11:02.0223 8068  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:11:02.0243 8068  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
21:11:02.0243 8068  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
21:11:02.0303 8068  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
21:11:02.0333 8068  HP Wireless Assistant Service - ok
21:11:02.0363 8068  [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:11:02.0393 8068  HPClientSvc - ok
21:11:02.0423 8068  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
21:11:02.0433 8068  hpdskflt - ok
21:11:02.0493 8068  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:11:02.0533 8068  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:11:02.0533 8068  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:11:02.0563 8068  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:11:02.0603 8068  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:11:02.0603 8068  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:11:02.0693 8068  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:11:02.0733 8068  hpqwmiex - ok
21:11:02.0773 8068  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:11:02.0803 8068  HpSAMD - ok
21:11:02.0823 8068  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
21:11:02.0843 8068  hpsrv - ok
21:11:02.0873 8068  [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:11:02.0893 8068  HPWMISVC - ok
21:11:02.0913 8068  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:11:02.0973 8068  HTCAND64 - ok
21:11:03.0003 8068  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
21:11:03.0033 8068  htcnprot - ok
21:11:03.0083 8068  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:11:03.0173 8068  HTTP - ok
21:11:03.0203 8068  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:11:03.0213 8068  hwpolicy - ok
21:11:03.0233 8068  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:11:03.0253 8068  i8042prt - ok
21:11:03.0293 8068  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:11:03.0323 8068  iaStor - ok
21:11:03.0383 8068  [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:11:03.0413 8068  IAStorDataMgrSvc - ok
21:11:03.0453 8068  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:11:03.0483 8068  iaStorV - ok
21:11:03.0573 8068  [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
21:11:03.0643 8068  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
21:11:03.0643 8068  IconMan_R - detected UnsignedFile.Multi.Generic (1)
21:11:03.0713 8068  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:11:03.0753 8068  idsvc - ok
21:11:03.0973 8068  [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:11:04.0333 8068  igfx - ok
21:11:04.0373 8068  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:11:04.0393 8068  iirsp - ok
21:11:04.0453 8068  [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:11:04.0483 8068  IJPLMSVC - ok
21:11:04.0523 8068  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:11:04.0583 8068  IKEEXT - ok
21:11:04.0603 8068  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:11:04.0643 8068  IntcDAud - ok
21:11:04.0683 8068  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:11:04.0713 8068  intelide - ok
21:11:05.0003 8068  [ 795C99DC4F574C97C03D0BB39CF099EE ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
21:11:05.0283 8068  intelkmd - ok
21:11:05.0343 8068  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:11:05.0393 8068  intelppm - ok
21:11:05.0433 8068  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:11:05.0513 8068  IPBusEnum - ok
21:11:05.0543 8068  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:05.0613 8068  IpFilterDriver - ok
21:11:05.0663 8068  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:11:05.0713 8068  iphlpsvc - ok
21:11:05.0743 8068  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:11:05.0793 8068  IPMIDRV - ok
21:11:05.0813 8068  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:11:05.0883 8068  IPNAT - ok
21:11:05.0913 8068  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:11:05.0993 8068  IRENUM - ok
21:11:06.0013 8068  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:11:06.0033 8068  isapnp - ok
21:11:06.0043 8068  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:11:06.0063 8068  iScsiPrt - ok
21:11:06.0083 8068  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:11:06.0093 8068  kbdclass - ok
21:11:06.0113 8068  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:11:06.0123 8068  kbdhid - ok
21:11:06.0133 8068  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:11:06.0153 8068  KeyIso - ok
21:11:06.0163 8068  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:11:06.0173 8068  KSecDD - ok
21:11:06.0203 8068  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:11:06.0213 8068  KSecPkg - ok
21:11:06.0343 8068  [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
21:11:06.0373 8068  KSS - ok
21:11:06.0403 8068  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:11:06.0473 8068  ksthunk - ok
21:11:06.0513 8068  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:11:06.0573 8068  KtmRm - ok
21:11:06.0613 8068  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:11:06.0693 8068  LanmanServer - ok
21:11:06.0733 8068  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:11:06.0803 8068  LanmanWorkstation - ok
21:11:06.0853 8068  [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:11:06.0873 8068  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:11:06.0873 8068  LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:11:06.0903 8068  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:11:06.0963 8068  lltdio - ok
21:11:07.0003 8068  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:11:07.0093 8068  lltdsvc - ok
21:11:07.0113 8068  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:11:07.0143 8068  lmhosts - ok
21:11:07.0163 8068  [ C463A25F01C6237295917417C5E9E344 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:11:07.0183 8068  LMS - ok
21:11:07.0213 8068  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:07.0223 8068  LSI_FC - ok
21:11:07.0243 8068  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:07.0253 8068  LSI_SAS - ok
21:11:07.0263 8068  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:07.0283 8068  LSI_SAS2 - ok
21:11:07.0283 8068  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:07.0293 8068  LSI_SCSI - ok
21:11:07.0313 8068  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:11:07.0363 8068  luafv - ok
21:11:07.0403 8068  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:11:07.0433 8068  Mcx2Svc - ok
21:11:07.0523 8068  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:11:07.0563 8068  MDM ( UnsignedFile.Multi.Generic ) - warning
21:11:07.0563 8068  MDM - detected UnsignedFile.Multi.Generic (1)
21:11:07.0603 8068  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:11:07.0623 8068  megasas - ok
21:11:07.0663 8068  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:07.0693 8068  MegaSR - ok
21:11:07.0723 8068  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:11:07.0743 8068  MEIx64 - ok
21:11:07.0763 8068  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:11:07.0823 8068  MMCSS - ok
21:11:07.0863 8068  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:11:07.0933 8068  Modem - ok
21:11:07.0953 8068  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:11:07.0993 8068  monitor - ok
21:11:08.0013 8068  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:11:08.0023 8068  mouclass - ok
21:11:08.0043 8068  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:11:08.0063 8068  mouhid - ok
21:11:08.0093 8068  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:11:08.0103 8068  mountmgr - ok
21:11:08.0143 8068  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:11:08.0173 8068  MozillaMaintenance - ok
21:11:08.0203 8068  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:11:08.0223 8068  mpio - ok
21:11:08.0243 8068  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:11:08.0273 8068  mpsdrv - ok
21:11:08.0313 8068  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:11:08.0383 8068  MpsSvc - ok
21:11:08.0413 8068  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:11:08.0443 8068  MRxDAV - ok
21:11:08.0483 8068  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:08.0523 8068  mrxsmb - ok
21:11:08.0563 8068  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:08.0613 8068  mrxsmb10 - ok
21:11:08.0663 8068  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:08.0693 8068  mrxsmb20 - ok
21:11:08.0723 8068  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:11:08.0743 8068  msahci - ok
21:11:08.0753 8068  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:11:08.0773 8068  msdsm - ok
21:11:08.0783 8068  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:11:08.0823 8068  MSDTC - ok
21:11:08.0853 8068  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:11:08.0923 8068  Msfs - ok
21:11:08.0933 8068  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:11:08.0983 8068  mshidkmdf - ok
21:11:09.0023 8068  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:11:09.0043 8068  msisadrv - ok
21:11:09.0073 8068  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:11:09.0143 8068  MSiSCSI - ok
21:11:09.0143 8068  msiserver - ok
21:11:09.0173 8068  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:11:09.0203 8068  MSKSSRV - ok
21:11:09.0223 8068  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:09.0263 8068  MSPCLOCK - ok
21:11:09.0303 8068  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:11:09.0383 8068  MSPQM - ok
21:11:09.0423 8068  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:11:09.0433 8068  MsRPC - ok
21:11:09.0453 8068  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:11:09.0463 8068  mssmbios - ok
21:11:09.0483 8068  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:11:09.0533 8068  MSTEE - ok
21:11:09.0563 8068  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:09.0613 8068  MTConfig - ok
21:11:09.0643 8068  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:11:09.0663 8068  Mup - ok
21:11:09.0693 8068  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:11:09.0733 8068  napagent - ok
21:11:09.0743 8068  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:11:09.0773 8068  NativeWifiP - ok
21:11:09.0853 8068  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:11:09.0903 8068  NDIS - ok
21:11:09.0923 8068  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:09.0973 8068  NdisCap - ok
21:11:09.0993 8068  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:10.0023 8068  NdisTapi - ok
21:11:10.0073 8068  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:10.0163 8068  Ndisuio - ok
21:11:10.0203 8068  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:10.0273 8068  NdisWan - ok
21:11:10.0303 8068  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:11:10.0353 8068  NDProxy - ok
21:11:10.0383 8068  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:11:10.0403 8068  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:11:10.0403 8068  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:11:10.0443 8068  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:11:10.0523 8068  NetBIOS - ok
21:11:10.0553 8068  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:11:10.0583 8068  NetBT - ok
21:11:10.0593 8068  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:11:10.0603 8068  Netlogon - ok
21:11:10.0633 8068  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:11:10.0703 8068  Netman - ok
21:11:10.0703 8068  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:11:10.0763 8068  netprofm - ok
21:11:10.0813 8068  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:10.0843 8068  NetTcpPortSharing - ok
21:11:10.0973 8068  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
21:11:11.0143 8068  netw5v64 - ok
21:11:11.0173 8068  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:11.0183 8068  nfrd960 - ok
21:11:11.0223 8068  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:11:11.0263 8068  NlaSvc - ok
21:11:11.0293 8068  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:11:11.0353 8068  Npfs - ok
21:11:11.0383 8068  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:11:11.0423 8068  nsi - ok
21:11:11.0453 8068  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:11:11.0483 8068  nsiproxy - ok
21:11:11.0523 8068  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:11:11.0563 8068  Ntfs - ok
21:11:11.0603 8068  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:11:11.0663 8068  Null - ok
21:11:11.0693 8068  [ B227E75AD10A142DD326B4CC8D73A6D9 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
21:11:11.0723 8068  nusb3hub - ok
21:11:11.0763 8068  [ 55959DB860E4E484681586824D09E52C ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:11:11.0803 8068  nusb3xhc - ok
21:11:11.0853 8068  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:11:11.0883 8068  nvraid - ok
21:11:11.0893 8068  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:11:11.0913 8068  nvstor - ok
21:11:11.0943 8068  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:11:11.0953 8068  nv_agp - ok
21:11:12.0003 8068  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:11:12.0023 8068  odserv - ok
21:11:12.0043 8068  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:11:12.0063 8068  ohci1394 - ok
21:11:12.0093 8068  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:11:12.0103 8068  ose - ok
21:11:12.0123 8068  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:11:12.0163 8068  p2pimsvc - ok
21:11:12.0203 8068  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:11:12.0223 8068  p2psvc - ok
21:11:12.0243 8068  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:11:12.0263 8068  Parport - ok
21:11:12.0293 8068  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:11:12.0303 8068  partmgr - ok
21:11:12.0333 8068  [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:11:12.0363 8068  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:11:12.0363 8068  PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:11:12.0393 8068  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:11:12.0443 8068  PcaSvc - ok
21:11:12.0473 8068  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:11:12.0483 8068  pci - ok
21:11:12.0503 8068  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:11:12.0513 8068  pciide - ok
21:11:12.0533 8068  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:12.0543 8068  pcmcia - ok
21:11:12.0563 8068  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:11:12.0583 8068  pcw - ok
21:11:12.0593 8068  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:11:12.0653 8068  PEAUTH - ok
21:11:12.0773 8068  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:11:12.0833 8068  PerfHost - ok
21:11:12.0903 8068  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:11:12.0983 8068  pla - ok
21:11:13.0023 8068  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:11:13.0073 8068  PlugPlay - ok
21:11:13.0083 8068  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:11:13.0093 8068  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:11:13.0093 8068  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:11:13.0103 8068  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:11:13.0143 8068  PNRPAutoReg - ok
21:11:13.0173 8068  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:11:13.0183 8068  PNRPsvc - ok
21:11:13.0223 8068  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:11:13.0283 8068  PolicyAgent - ok
21:11:13.0313 8068  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:11:13.0373 8068  Power - ok
21:11:13.0403 8068  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:11:13.0433 8068  PptpMiniport - ok
21:11:13.0453 8068  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:11:13.0493 8068  Processor - ok
21:11:13.0533 8068  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:11:13.0553 8068  ProfSvc - ok
21:11:13.0563 8068  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:11:13.0573 8068  ProtectedStorage - ok
21:11:13.0603 8068  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:11:13.0663 8068  Psched - ok
21:11:13.0723 8068  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:11:13.0783 8068  ql2300 - ok
21:11:13.0803 8068  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:13.0813 8068  ql40xx - ok
21:11:13.0923 8068  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:11:13.0983 8068  QWAVE - ok
21:11:14.0033 8068  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:11:14.0113 8068  QWAVEdrv - ok
21:11:14.0153 8068  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:11:14.0243 8068  RasAcd - ok
21:11:14.0263 8068  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:14.0293 8068  RasAgileVpn - ok
21:11:14.0313 8068  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:11:14.0373 8068  RasAuto - ok
21:11:14.0413 8068  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:14.0483 8068  Rasl2tp - ok
21:11:14.0523 8068  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:11:14.0593 8068  RasMan - ok
21:11:14.0613 8068  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:14.0663 8068  RasPppoe - ok
21:11:14.0663 8068  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:11:14.0703 8068  RasSstp - ok
21:11:14.0743 8068  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:11:14.0823 8068  rdbss - ok
21:11:14.0853 8068  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:14.0863 8068  rdpbus - ok
21:11:14.0893 8068  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:14.0943 8068  RDPCDD - ok
21:11:14.0943 8068  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:11:14.0983 8068  RDPENCDD - ok
21:11:15.0003 8068  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:11:15.0033 8068  RDPREFMP - ok
21:11:15.0063 8068  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:11:15.0093 8068  RDPWD - ok
21:11:15.0133 8068  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:11:15.0163 8068  rdyboost - ok
21:11:15.0223 8068  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:11:15.0323 8068  RemoteAccess - ok
21:11:15.0363 8068  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:11:15.0463 8068  RemoteRegistry - ok
21:11:15.0493 8068  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:11:15.0543 8068  RFCOMM - ok
21:11:15.0553 8068  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:11:15.0593 8068  RpcEptMapper - ok
21:11:15.0623 8068  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:11:15.0663 8068  RpcLocator - ok
21:11:15.0713 8068  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:11:15.0773 8068  RpcSs - ok
21:11:15.0793 8068  [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
21:11:15.0803 8068  RSPCIESTOR - ok
21:11:15.0833 8068  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:11:15.0863 8068  rspndr - ok
21:11:15.0893 8068  [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:11:15.0913 8068  RTL8167 - ok
21:11:15.0923 8068  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:11:15.0943 8068  SamSs - ok
21:11:15.0963 8068  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:11:15.0973 8068  sbp2port - ok
21:11:15.0993 8068  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:11:16.0043 8068  SCardSvr - ok
21:11:16.0073 8068  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:11:16.0163 8068  scfilter - ok
21:11:16.0233 8068  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:11:16.0313 8068  Schedule - ok
21:11:16.0353 8068  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:11:16.0413 8068  SCPolicySvc - ok
21:11:16.0433 8068  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
21:11:16.0453 8068  sdbus - ok
21:11:16.0483 8068  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:11:16.0533 8068  SDRSVC - ok
21:11:16.0563 8068  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:11:16.0613 8068  secdrv - ok
21:11:16.0653 8068  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:11:16.0683 8068  seclogon - ok
21:11:16.0703 8068  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:11:16.0743 8068  SENS - ok
21:11:16.0753 8068  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:11:16.0833 8068  SensrSvc - ok
21:11:16.0853 8068  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:11:16.0883 8068  Serenum - ok
21:11:16.0903 8068  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:11:16.0923 8068  Serial - ok
21:11:16.0943 8068  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:11:16.0993 8068  sermouse - ok
21:11:17.0023 8068  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:11:17.0093 8068  SessionEnv - ok
21:11:17.0123 8068  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:11:17.0153 8068  sffdisk - ok
21:11:17.0183 8068  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:11:17.0233 8068  sffp_mmc - ok
21:11:17.0263 8068  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:11:17.0323 8068  sffp_sd - ok
21:11:17.0363 8068  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:17.0403 8068  sfloppy - ok
21:11:17.0463 8068  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:11:17.0563 8068  SharedAccess - ok
21:11:17.0633 8068  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:11:17.0713 8068  ShellHWDetection - ok
21:11:17.0753 8068  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:17.0763 8068  SiSRaid2 - ok
21:11:17.0793 8068  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:17.0803 8068  SiSRaid4 - ok
21:11:17.0833 8068  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:11:17.0863 8068  SkypeUpdate - ok
21:11:17.0883 8068  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:11:17.0933 8068  Smb - ok
21:11:17.0953 8068  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:11:17.0993 8068  SNMPTRAP - ok
21:11:18.0023 8068  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:11:18.0033 8068  spldr - ok
21:11:18.0083 8068  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:11:18.0133 8068  Spooler - ok
21:11:18.0253 8068  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:11:18.0383 8068  sppsvc - ok
21:11:18.0403 8068  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:11:18.0453 8068  sppuinotify - ok
21:11:18.0503 8068  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:11:18.0553 8068  srv - ok
21:11:18.0603 8068  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:11:18.0623 8068  srv2 - ok
21:11:18.0643 8068  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:11:18.0663 8068  SrvHsfHDA - ok
21:11:18.0693 8068  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:11:18.0823 8068  SrvHsfV92 - ok
21:11:18.0853 8068  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:11:18.0883 8068  SrvHsfWinac - ok
21:11:18.0913 8068  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:11:18.0923 8068  srvnet - ok
21:11:18.0953 8068  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:11:19.0013 8068  SSDPSRV - ok
21:11:19.0033 8068  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:11:19.0073 8068  SstpSvc - ok
21:11:19.0153 8068  [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
21:11:19.0203 8068  STacSV - ok
21:11:19.0213 8068  Steam Client Service - ok
21:11:19.0223 8068  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:11:19.0243 8068  stexstor - ok
21:11:19.0263 8068  [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
21:11:19.0293 8068  STHDA - ok
21:11:19.0343 8068  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:11:19.0393 8068  stisvc - ok
21:11:19.0423 8068  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:11:19.0433 8068  swenum - ok
21:11:19.0453 8068  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:11:19.0513 8068  swprv - ok
21:11:19.0563 8068  [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:11:19.0603 8068  SynTP - ok
21:11:19.0683 8068  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:11:19.0743 8068  SysMain - ok
21:11:19.0783 8068  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:11:19.0853 8068  TabletInputService - ok
21:11:19.0873 8068  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:11:19.0943 8068  TapiSrv - ok
21:11:19.0983 8068  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:11:20.0013 8068  TBS - ok
21:11:20.0093 8068  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:11:20.0153 8068  Tcpip - ok
21:11:20.0173 8068  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:11:20.0203 8068  TCPIP6 - ok
21:11:20.0233 8068  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:11:20.0243 8068  tcpipreg - ok
21:11:20.0273 8068  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:11:20.0283 8068  TDPIPE - ok
21:11:20.0313 8068  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:11:20.0363 8068  TDTCP - ok
21:11:20.0393 8068  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:11:20.0443 8068  tdx - ok
21:11:20.0463 8068  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:11:20.0473 8068  TermDD - ok
21:11:20.0513 8068  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:11:20.0583 8068  TermService - ok
21:11:20.0603 8068  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:11:20.0643 8068  Themes - ok
21:11:20.0673 8068  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:11:20.0733 8068  THREADORDER - ok
21:11:20.0773 8068  [ A21E58F345F337316A98C5121CBE17E8 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
21:11:20.0803 8068  TomTomHOMEService - ok
21:11:20.0823 8068  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:11:20.0883 8068  TrkWks - ok
21:11:20.0953 8068  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:11:21.0043 8068  TrustedInstaller - ok
21:11:21.0083 8068  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:11:21.0163 8068  tssecsrv - ok
21:11:21.0203 8068  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:11:21.0243 8068  TsUsbFlt - ok
21:11:21.0293 8068  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:11:21.0353 8068  tunnel - ok
21:11:21.0373 8068  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:11:21.0393 8068  uagp35 - ok
21:11:21.0423 8068  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:11:21.0473 8068  udfs - ok
21:11:21.0503 8068  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:11:21.0523 8068  UI0Detect - ok
21:11:21.0543 8068  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:11:21.0553 8068  uliagpkx - ok
21:11:21.0573 8068  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:11:21.0603 8068  umbus - ok
21:11:21.0633 8068  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:11:21.0663 8068  UmPass - ok
21:11:21.0813 8068  [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:11:21.0873 8068  UNS - ok
21:11:21.0903 8068  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:11:21.0943 8068  upnphost - ok
21:11:21.0963 8068  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:11:21.0973 8068  usbccgp - ok
21:11:22.0003 8068  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:11:22.0013 8068  usbcir - ok
21:11:22.0033 8068  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:11:22.0053 8068  usbehci - ok
21:11:22.0073 8068  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:11:22.0113 8068  usbhub - ok
21:11:22.0133 8068  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:11:22.0173 8068  usbohci - ok
21:11:22.0203 8068  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:11:22.0243 8068  usbprint - ok
21:11:22.0293 8068  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:11:22.0333 8068  usbscan - ok
21:11:22.0373 8068  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:11:22.0393 8068  USBSTOR - ok
21:11:22.0403 8068  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:11:22.0443 8068  usbuhci - ok
21:11:22.0473 8068  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:11:22.0513 8068  usbvideo - ok
21:11:22.0543 8068  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:11:22.0603 8068  UxSms - ok
21:11:22.0613 8068  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:11:22.0633 8068  VaultSvc - ok
21:11:22.0643 8068  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:11:22.0653 8068  vdrvroot - ok
21:11:22.0703 8068  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:11:22.0783 8068  vds - ok
21:11:22.0823 8068  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:11:22.0843 8068  vga - ok
21:11:22.0853 8068  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:11:22.0913 8068  VgaSave - ok
21:11:22.0953 8068  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:11:22.0993 8068  vhdmp - ok
21:11:23.0023 8068  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:11:23.0053 8068  viaide - ok
21:11:23.0063 8068  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:11:23.0083 8068  volmgr - ok
21:11:23.0113 8068  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:11:23.0143 8068  volmgrx - ok
21:11:23.0193 8068  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:11:23.0233 8068  volsnap - ok
21:11:23.0263 8068  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:11:23.0293 8068  vsmraid - ok
21:11:23.0343 8068  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:11:23.0393 8068  VSS - ok
21:11:23.0433 8068  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:11:23.0493 8068  vwifibus - ok
21:11:23.0523 8068  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:11:23.0583 8068  vwififlt - ok
21:11:23.0613 8068  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:11:23.0683 8068  vwifimp - ok
21:11:23.0723 8068  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:11:23.0773 8068  W32Time - ok
21:11:23.0833 8068  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:11:23.0893 8068  WacomPen - ok
21:11:23.0953 8068  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:11:24.0113 8068  WANARP - ok
21:11:24.0123 8068  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:11:24.0183 8068  Wanarpv6 - ok
21:11:24.0243 8068  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:11:24.0283 8068  WatAdminSvc - ok
21:11:24.0373 8068  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:11:24.0433 8068  wbengine - ok
21:11:24.0463 8068  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:11:24.0483 8068  WbioSrvc - ok
21:11:24.0543 8068  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:11:24.0613 8068  wcncsvc - ok
21:11:24.0643 8068  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:11:24.0723 8068  WcsPlugInService - ok
21:11:24.0773 8068  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:11:24.0813 8068  Wd - ok
21:11:24.0863 8068  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:11:24.0913 8068  Wdf01000 - ok
21:11:24.0933 8068  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:11:25.0003 8068  WdiServiceHost - ok
21:11:25.0053 8068  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:11:25.0083 8068  WdiSystemHost - ok
21:11:25.0123 8068  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:11:25.0193 8068  WebClient - ok
21:11:25.0243 8068  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:11:25.0323 8068  Wecsvc - ok
21:11:25.0333 8068  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:11:25.0373 8068  wercplsupport - ok
21:11:25.0403 8068  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:11:25.0453 8068  WerSvc - ok
21:11:25.0503 8068  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:11:25.0533 8068  WfpLwf - ok
21:11:25.0553 8068  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:11:25.0563 8068  WIMMount - ok
21:11:25.0573 8068  WinDefend - ok
21:11:25.0573 8068  WinHttpAutoProxySvc - ok
21:11:25.0613 8068  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:11:25.0663 8068  Winmgmt - ok
21:11:25.0743 8068  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:11:25.0833 8068  WinRM - ok
21:11:25.0863 8068  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
21:11:25.0893 8068  WinUsb - ok
21:11:25.0943 8068  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:11:26.0023 8068  Wlansvc - ok
21:11:26.0073 8068  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:11:26.0083 8068  wlcrasvc - ok
21:11:26.0213 8068  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:11:26.0273 8068  wlidsvc - ok
21:11:26.0303 8068  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:11:26.0353 8068  WmiAcpi - ok
21:11:26.0393 8068  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:11:26.0463 8068  wmiApSrv - ok
21:11:26.0503 8068  WMPNetworkSvc - ok
21:11:26.0523 8068  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:11:26.0543 8068  WPCSvc - ok
21:11:26.0583 8068  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:11:26.0603 8068  WPDBusEnum - ok
21:11:26.0633 8068  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:11:26.0713 8068  ws2ifsl - ok
21:11:26.0743 8068  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:11:26.0773 8068  wscsvc - ok
21:11:26.0773 8068  WSearch - ok
21:11:26.0883 8068  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:11:26.0953 8068  wuauserv - ok
21:11:26.0993 8068  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:11:27.0033 8068  WudfPf - ok
21:11:27.0063 8068  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:11:27.0133 8068  WUDFRd - ok
21:11:27.0153 8068  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:11:27.0193 8068  wudfsvc - ok
21:11:27.0233 8068  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:11:27.0283 8068  WwanSvc - ok
21:11:27.0323 8068  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
21:11:27.0363 8068  yukonw7 - ok
21:11:27.0373 8068  ================ Scan global ===============================
21:11:27.0423 8068  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:11:27.0453 8068  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:11:27.0473 8068  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:11:27.0513 8068  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:11:27.0533 8068  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:11:27.0553 8068  [Global] - ok
21:11:27.0553 8068  ================ Scan MBR ==================================
21:11:27.0563 8068  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:11:27.0893 8068  \Device\Harddisk0\DR0 - ok
21:11:27.0893 8068  ================ Scan VBR ==================================
21:11:27.0903 8068  [ E755B095CD365DE2E78D63BC40791FFF ] \Device\Harddisk0\DR0\Partition1
21:11:27.0913 8068  \Device\Harddisk0\DR0\Partition1 - ok
21:11:27.0923 8068  [ 6C111A3F4614F7F2752D2BE5B679A826 ] \Device\Harddisk0\DR0\Partition2
21:11:27.0923 8068  \Device\Harddisk0\DR0\Partition2 - ok
21:11:27.0953 8068  [ 6362890779F06C22D101C512AF56F98C ] \Device\Harddisk0\DR0\Partition3
21:11:27.0963 8068  \Device\Harddisk0\DR0\Partition3 - ok
21:11:27.0983 8068  [ D13E8FD13435AA3216B2C97B9A93D02C ] \Device\Harddisk0\DR0\Partition4
21:11:27.0983 8068  \Device\Harddisk0\DR0\Partition4 - ok
21:11:27.0983 8068  ============================================================
21:11:27.0983 8068  Scan finished
21:11:27.0983 8068  ============================================================
21:11:27.0993 9144  Detected object count: 11
21:11:27.0993 9144  Actual detected object count: 11
21:14:02.0113 9144  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0113 9144  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0113 9144  cbVSCService11 ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0113 9144  cbVSCService11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0113 9144  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0113 9144  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0113 9144  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0113 9144  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0123 9144  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0123 9144  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0123 9144  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0123 9144  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0123 9144  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0123 9144  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0123 9144  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0123 9144  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0133 9144  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0133 9144  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0133 9144  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0133 9144  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:14:02.0133 9144  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:14:02.0133 9144  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
 

-----

 

Second, as advised, I run aswMBR.exe. Here is the log created by this program:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-17 21:23:01
-----------------------------
21:23:01.505    OS Version: Windows x64 6.1.7601 Service Pack 1
21:23:01.505    Number of processors: 8 586 0x2A07
21:23:01.506    ComputerName: SERGEI-HP  UserName: Sergei
21:23:03.406    Initialize success
21:23:03.877    AVAST engine defs: 13051601
21:23:14.566    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:23:14.572    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
21:23:14.689    Disk 0 MBR read successfully
21:23:14.695    Disk 0 MBR scan
21:23:14.702    Disk 0 Windows 7 default MBR code
21:23:14.708    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
21:23:14.723    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       698931 MB offset 409600
21:23:14.758    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16170 MB offset 1431820288
21:23:14.783    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448
21:23:14.925    Disk 0 scanning C:\Windows\system32\drivers
21:23:24.408    Service scanning
21:23:49.439    Modules scanning
21:23:49.455    Disk 0 trace - called modules:
21:23:49.548    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
21:23:49.559    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800531a790]
21:23:49.569    3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8005209b10]
21:23:49.579    5 hpdskflt.sys[fffff8800180b189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80050db050]
21:23:50.887    AVAST engine scan C:\Windows
21:23:54.787    AVAST engine scan C:\Windows\system32
21:26:36.707    AVAST engine scan C:\Windows\system32\drivers
21:27:03.387    AVAST engine scan C:\Users\Sergei
21:45:15.379    AVAST engine scan C:\ProgramData
21:49:34.371    Scan finished successfully
21:52:54.061    Disk 0 MBR has been saved successfully to "C:\Users\Sergei\Documents\Antivirus\MBR.dat"
21:52:54.071    The log file has been saved successfully to "C:\Users\Sergei\Documents\Antivirus\aswMBR.txt"

--------

 

I also tried to attach MBR.dat file (in zipped form) as advised, but I cannot find the option of attaching it in reply message. I went back to the instructions on the forum and there was a suggestion that not all forums allow attaching files for security purposes. I am not sure if I am doing something wrong or missing an obvious thing to attach MBR.dat. I there is any other way I can link it to the post, I would be happy to do so. I would be very thankful if you could help me to make sure that the trojan is no longer on my computer.

 

Regards

 

Sergei



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 17 May 2013 - 09:59 AM

Your logs are clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 sergeigrey1

sergeigrey1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 18 May 2013 - 04:07 AM

Hi,

 

Thnk you very much for helping me with this problem. I am very glad to hear that the trojan now seems to be removed from my computer. As advised, I run ComboFix. The report is below:

 

ComboFix 13-05-16.02 - Sergei 18/05/2013  20:52:13.3.8 - x64
Running from: c:\users\Sergei\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Sergei\AppData\Local\assembly\tmp
c:\users\Sergei\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Sergei\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-18 to 2013-05-18  )))))))))))))))))))))))))))))))
.
.
2013-05-18 08:59 . 2013-05-18 08:59    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-05-18 08:59 . 2013-05-18 08:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-17 23:05 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FD76AB7-071B-4AE6-A646-53D0217BC7B8}\mpengine.dll
2013-05-16 22:34 . 2013-05-16 22:47    --------    d-----w-    c:\windows\Microsoft Antimalware
2013-05-15 05:11 . 2013-05-05 21:36    17818624    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-15 05:11 . 2013-05-05 21:16    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-15 05:11 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-15 03:37 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-14 02:09 . 2013-05-14 02:09    --------    d-----w-    c:\program files (x86)\Cobian Backup 11
2013-05-14 02:01 . 2013-05-14 02:03    --------    d-----w-    c:\program files (x86)\Runtime Software
2013-05-13 21:13 . 2013-05-14 23:32    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-05-13 21:13 . 2013-05-14 23:32    --------    d-----w-    c:\program files (x86)\Kaspersky Lab
2013-05-06 22:28 . 2013-05-06 22:28    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-05-06 22:27 . 2013-05-06 22:27    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-06 22:26 . 2013-05-06 22:26    --------    d-----w-    c:\program files (x86)\Java
2013-04-24 01:30 . 2013-04-12 14:45    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 05:22 . 2012-05-01 04:24    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 05:22 . 2011-06-30 19:57    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 05:17 . 2011-07-03 19:11    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-13 23:07 . 2012-06-25 08:38    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-06 22:26 . 2012-06-27 21:46    866720    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-05-06 22:26 . 2011-01-28 00:56    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-01 14:06 . 2011-10-03 18:23    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 03:37    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 03:37    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 03:37    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 03:37    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 03:37    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:37    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-15 12:26    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-15 12:26    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-15 12:26    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-15 12:26    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-15 12:26    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-15 12:26    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-06 23:33 . 2013-03-16 08:44    178624    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-16 08:44    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-01-05 23:15    377920    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-01-05 23:15    70992    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-01-05 23:15    68920    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-01-05 23:15    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-01-05 23:15    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-01-05 23:15    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-01-05 23:15    41664    ----a-w-    c:\windows\avastSS.scr
2013-03-06 23:32 . 2013-01-05 23:15    287840    ----a-w-    c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Sergei\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Sergei\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Sergei\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-02-11 248208]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0028311357419075mcinstcleanup;McAfee Application Installer Cleanup (0028311357419075);c:\users\Sergei\AppData\Local\Temp\002831~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 aswVmm;aswVmm; [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-13 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-03-07 67584]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-10 2413056]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-02-11 93072]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-03-23 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-10 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-07-17 428136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 05:22]
.
2013-05-18 c:\windows\Tasks\HPCeeScheduleForSERGEI-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-18 c:\windows\Tasks\HPCeeScheduleForSergei.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Sergei\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Sergei\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Sergei\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Sergei\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-03 1128448]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{4D7BD8C8-42B5-4B2A-869D-3A5ECC8E91AE}: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Sergei\AppData\Roaming\Mozilla\Firefox\Profiles\v9hxjzio.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2011-07-02 20:18; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - 01f3da40-f336-4b32-8414-6e3d47682ef4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-18  21:03:17
ComboFix-quarantined-files.txt  2013-05-18 09:03
ComboFix2.txt  2013-01-06 15:18
ComboFix3.txt  2013-01-05 23:02
.
Pre-Run: 512,812,474,368 bytes free
Post-Run: 513,270,853,632 bytes free
.
- - End Of File - - 6D181FF0B4B37F694AB687C979B366C9
 

Please let me know if you think that the problem is now sorted and I can use my computer as normal. Once again, thank you for taking time to help

 

Regards

 

Sergei



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 18 May 2013 - 08:34 AM

Your logs are clean.

Use the computer for 3 days and if all is well do the housekeeping.

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#7 sergeigrey1

sergeigrey1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 19 May 2013 - 02:53 AM

Hi nasdaq

 

Thank you for walking me through the cleaning process and helping me to get rid of trojan. My computer is still slow to start (black screem before Welcome one)  and I tried to install Windows 7 Firewall control to monitor the processes active when I use the Internet. I have also tried to go through StartUp files (msconfig) and see if I can disable some processes which slow my computer down, but it does not seem to matter. I hope that the slowness is not a trojan or a virus and I will keep an eye on how PC works within the next couple of days.

Once again, thank you for all your help

 

Regards

 

Sergei



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 19 May 2013 - 07:35 AM

Run this File Checker tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 25 May 2013 - 08:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users