Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log check.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Necroticx

Necroticx

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 26 July 2013 - 01:20 PM

Hello, my name is Tom and I have been coming to BC for awhile now. I am an aspiring malware crusader and I have recently been learning how to read logs. I did run a couple logs to check my PC, I believe it's clean, still not a pro though. So I am posting my logs here to see if you guys wouldn't mind taking a look.

 

First is TDSSKiller: No delete, just a log.

 

14:07:02.0157 8108  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:07:04.0215 8108  ============================================================
14:07:04.0215 8108  Current date / time: 2013/07/26 14:07:04.0215
14:07:04.0215 8108  SystemInfo:
14:07:04.0215 8108  
14:07:04.0216 8108  OS Version: 6.1.7601 ServicePack: 1.0
14:07:04.0216 8108  Product type: Workstation
14:07:04.0216 8108  ComputerName: THESPORK
14:07:04.0216 8108  UserName: Tom
14:07:04.0216 8108  Windows directory: C:\Windows
14:07:04.0216 8108  System windows directory: C:\Windows
14:07:04.0216 8108  Running under WOW64
14:07:04.0216 8108  Processor architecture: Intel x64
14:07:04.0216 8108  Number of processors: 6
14:07:04.0216 8108  Page size: 0x1000
14:07:04.0216 8108  Boot type: Normal boot
14:07:04.0216 8108  ============================================================
14:07:06.0175 8108  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:07:06.0203 8108  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:07:06.0208 8108  ============================================================
14:07:06.0208 8108  \Device\Harddisk0\DR0:
14:07:06.0208 8108  MBR partitions:
14:07:06.0208 8108  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
14:07:06.0208 8108  \Device\Harddisk1\DR1:
14:07:06.0209 8108  MBR partitions:
14:07:06.0209 8108  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
14:07:06.0209 8108  ============================================================
14:07:06.0215 8108  C: <-> \Device\Harddisk0\DR0\Partition1
14:07:06.0232 8108  D: <-> \Device\Harddisk1\DR1\Partition1
14:07:06.0232 8108  ============================================================
14:07:06.0232 8108  Initialize success
14:07:06.0232 8108  ============================================================
14:07:07.0576 8028  ============================================================
14:07:07.0576 8028  Scan started
14:07:07.0576 8028  Mode: Manual; 
14:07:07.0576 8028  ============================================================
14:07:11.0581 8028  ================ Scan system memory ========================
14:07:11.0581 8028  System memory - ok
14:07:11.0581 8028  ================ Scan services =============================
14:07:12.0106 8028  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:07:12.0110 8028  1394ohci - ok
14:07:12.0165 8028  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:07:12.0170 8028  ACPI - ok
14:07:12.0211 8028  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:07:12.0212 8028  AcpiPmi - ok
14:07:12.0357 8028  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:07:12.0359 8028  AdobeARMservice - ok
14:07:12.0510 8028  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:07:12.0514 8028  AdobeFlashPlayerUpdateSvc - ok
14:07:12.0579 8028  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:07:12.0586 8028  adp94xx - ok
14:07:12.0626 8028  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:07:12.0631 8028  adpahci - ok
14:07:12.0648 8028  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:07:12.0652 8028  adpu320 - ok
14:07:12.0692 8028  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:07:12.0693 8028  AeLookupSvc - ok
14:07:12.0753 8028  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:07:12.0759 8028  AFD - ok
14:07:12.0799 8028  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:07:12.0800 8028  agp440 - ok
14:07:12.0822 8028  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:07:12.0824 8028  ALG - ok
14:07:12.0848 8028  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:07:12.0849 8028  aliide - ok
14:07:12.0974 8028  ALSysIO - ok
14:07:13.0019 8028  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:07:13.0022 8028  AMD External Events Utility - ok
14:07:13.0053 8028  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:07:13.0055 8028  amdide - ok
14:07:13.0097 8028  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:07:13.0099 8028  AmdK8 - ok
14:07:15.0101 8028  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:07:16.0094 8028  amdkmdag - ok
14:07:16.0327 8028  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:07:16.0332 8028  amdkmdap - ok
14:07:16.0383 8028  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:07:16.0384 8028  AmdPPM - ok
14:07:16.0430 8028  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:07:16.0432 8028  amdsata - ok
14:07:16.0457 8028  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:07:16.0460 8028  amdsbs - ok
14:07:16.0473 8028  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:07:16.0474 8028  amdxata - ok
14:07:16.0522 8028  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:07:16.0524 8028  AppID - ok
14:07:16.0556 8028  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:07:16.0558 8028  AppIDSvc - ok
14:07:16.0603 8028  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:07:16.0605 8028  Appinfo - ok
14:07:16.0693 8028  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:07:16.0695 8028  Apple Mobile Device - ok
14:07:16.0746 8028  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:07:16.0750 8028  AppMgmt - ok
14:07:16.0769 8028  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:07:16.0771 8028  arc - ok
14:07:16.0792 8028  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:07:16.0794 8028  arcsas - ok
14:07:17.0479 8028  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:07:17.0490 8028  aspnet_state - ok
14:07:17.0538 8028  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:07:17.0539 8028  aswFsBlk - ok
14:07:17.0596 8028  [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
14:07:17.0598 8028  aswFW - ok
14:07:17.0666 8028  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
14:07:17.0666 8028  aswKbd - ok
14:07:17.0725 8028  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:07:17.0726 8028  aswMonFlt - ok
14:07:17.0771 8028  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
14:07:17.0772 8028  aswNdis - ok
14:07:17.0814 8028  [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
14:07:17.0818 8028  aswNdis2 - ok
14:07:17.0827 8028  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
14:07:17.0829 8028  aswRdr - ok
14:07:17.0843 8028  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:07:17.0844 8028  aswRvrt - ok
14:07:17.0911 8028  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:07:17.0945 8028  aswSnx - ok
14:07:17.0980 8028  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:07:17.0986 8028  aswSP - ok
14:07:18.0029 8028  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:07:18.0031 8028  aswTdi - ok
14:07:18.0074 8028  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:07:18.0077 8028  aswVmm - ok
14:07:18.0100 8028  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:07:18.0101 8028  AsyncMac - ok
14:07:18.0135 8028  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:07:18.0136 8028  atapi - ok
14:07:18.0235 8028  [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:07:18.0251 8028  AtiHDAudioService - ok
14:07:18.0373 8028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:07:18.0383 8028  AudioEndpointBuilder - ok
14:07:18.0395 8028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:07:18.0399 8028  AudioSrv - ok
14:07:18.0473 8028  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:07:18.0474 8028  avast! Antivirus - ok
14:07:18.0524 8028  [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
14:07:18.0525 8028  avast! Firewall - ok
14:07:18.0573 8028  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:07:18.0575 8028  AxInstSV - ok
14:07:18.0643 8028  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:07:18.0650 8028  b06bdrv - ok
14:07:18.0704 8028  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:07:18.0709 8028  b57nd60a - ok
14:07:18.0750 8028  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:07:18.0752 8028  BDESVC - ok
14:07:18.0765 8028  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:07:18.0766 8028  Beep - ok
14:07:18.0833 8028  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:07:18.0844 8028  BFE - ok
14:07:18.0908 8028  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:07:18.0983 8028  BITS - ok
14:07:19.0005 8028  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:07:19.0006 8028  blbdrive - ok
14:07:19.0094 8028  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:07:19.0101 8028  Bonjour Service - ok
14:07:19.0145 8028  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:07:19.0146 8028  bowser - ok
14:07:19.0161 8028  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:07:19.0162 8028  BrFiltLo - ok
14:07:19.0171 8028  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:07:19.0172 8028  BrFiltUp - ok
14:07:19.0207 8028  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:07:19.0209 8028  BridgeMP - ok
14:07:19.0242 8028  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:07:19.0245 8028  Browser - ok
14:07:19.0264 8028  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:07:19.0269 8028  Brserid - ok
14:07:19.0279 8028  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:07:19.0300 8028  BrSerWdm - ok
14:07:19.0313 8028  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:07:19.0314 8028  BrUsbMdm - ok
14:07:19.0327 8028  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:07:19.0328 8028  BrUsbSer - ok
14:07:19.0342 8028  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:07:19.0344 8028  BTHMODEM - ok
14:07:19.0400 8028  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:07:19.0402 8028  bthserv - ok
14:07:19.0415 8028  catchme - ok
14:07:19.0441 8028  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:07:19.0443 8028  cdfs - ok
14:07:19.0495 8028  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:07:19.0498 8028  cdrom - ok
14:07:19.0549 8028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:07:19.0551 8028  CertPropSvc - ok
14:07:19.0691 8028  [ 1EDBC1DBDEAAB7B185B4491BF6129701 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
14:07:19.0742 8028  CGVPNCliSrvc - ok
14:07:19.0780 8028  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:07:19.0782 8028  circlass - ok
14:07:19.0834 8028  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:07:19.0840 8028  CLFS - ok
14:07:19.0906 8028  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:07:19.0909 8028  clr_optimization_v2.0.50727_32 - ok
14:07:19.0987 8028  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:07:19.0989 8028  clr_optimization_v2.0.50727_64 - ok
14:07:20.0066 8028  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:07:20.0128 8028  clr_optimization_v4.0.30319_32 - ok
14:07:20.0146 8028  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:07:20.0243 8028  clr_optimization_v4.0.30319_64 - ok
14:07:20.0292 8028  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:07:20.0294 8028  CmBatt - ok
14:07:20.0306 8028  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:07:20.0307 8028  cmdide - ok
14:07:20.0371 8028  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
14:07:20.0378 8028  CNG - ok
14:07:20.0395 8028  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:07:20.0396 8028  Compbatt - ok
14:07:20.0451 8028  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:07:20.0452 8028  CompositeBus - ok
14:07:20.0466 8028  COMSysApp - ok
14:07:20.0486 8028  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:07:20.0487 8028  crcdisk - ok
14:07:20.0537 8028  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:07:20.0541 8028  CryptSvc - ok
14:07:20.0595 8028  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:07:20.0602 8028  CSC - ok
14:07:20.0616 8028  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:07:20.0639 8028  CscService - ok
14:07:20.0696 8028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:07:20.0705 8028  DcomLaunch - ok
14:07:20.0759 8028  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:07:20.0764 8028  defragsvc - ok
14:07:20.0799 8028  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:07:20.0800 8028  DfsC - ok
14:07:20.0821 8028  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:07:20.0826 8028  Dhcp - ok
14:07:20.0841 8028  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:07:20.0842 8028  discache - ok
14:07:20.0876 8028  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:07:20.0877 8028  Disk - ok
14:07:20.0915 8028  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:07:20.0919 8028  Dnscache - ok
14:07:20.0965 8028  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:07:20.0970 8028  dot3svc - ok
14:07:21.0009 8028  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:07:21.0013 8028  DPS - ok
14:07:21.0055 8028  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:07:21.0056 8028  drmkaud - ok
14:07:21.0084 8028  dump_wmimmc - ok
14:07:21.0147 8028  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:07:21.0181 8028  DXGKrnl - ok
14:07:21.0322 8028  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:07:21.0325 8028  EapHost - ok
14:07:21.0416 8028  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:07:21.0485 8028  ebdrv - ok
14:07:21.0517 8028  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:07:21.0520 8028  EFS - ok
14:07:21.0605 8028  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:07:21.0615 8028  ehRecvr - ok
14:07:21.0653 8028  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:07:21.0655 8028  ehSched - ok
14:07:21.0696 8028  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:07:21.0704 8028  elxstor - ok
14:07:21.0738 8028  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:07:21.0739 8028  ErrDev - ok
14:07:21.0766 8028  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:07:21.0772 8028  EventSystem - ok
14:07:21.0803 8028  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:07:21.0807 8028  exfat - ok
14:07:21.0828 8028  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:07:21.0831 8028  fastfat - ok
14:07:21.0900 8028  FastUserSwitchingCompatibility - ok
14:07:21.0962 8028  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:07:21.0972 8028  Fax - ok
14:07:21.0994 8028  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:07:21.0995 8028  fdc - ok
14:07:22.0030 8028  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:07:22.0032 8028  fdPHost - ok
14:07:22.0045 8028  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:07:22.0047 8028  FDResPub - ok
14:07:22.0087 8028  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:07:22.0088 8028  FileInfo - ok
14:07:22.0096 8028  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:07:22.0097 8028  Filetrace - ok
14:07:22.0109 8028  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:07:22.0111 8028  flpydisk - ok
14:07:22.0154 8028  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:07:22.0158 8028  FltMgr - ok
14:07:22.0259 8028  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:07:22.0294 8028  FontCache - ok
14:07:22.0368 8028  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:07:22.0369 8028  FontCache3.0.0.0 - ok
14:07:22.0385 8028  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:07:22.0386 8028  FsDepends - ok
14:07:22.0429 8028  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:07:22.0430 8028  Fs_Rec - ok
14:07:22.0497 8028  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:07:22.0500 8028  fvevol - ok
14:07:22.0545 8028  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:07:22.0546 8028  gagp30kx - ok
14:07:22.0591 8028  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:07:22.0593 8028  GEARAspiWDM - ok
14:07:22.0649 8028  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:07:22.0675 8028  gpsvc - ok
14:07:22.0689 8028  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:07:22.0690 8028  hcw85cir - ok
14:07:22.0751 8028  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:07:22.0757 8028  HdAudAddService - ok
14:07:22.0797 8028  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:07:22.0799 8028  HDAudBus - ok
14:07:22.0816 8028  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:07:22.0817 8028  HidBatt - ok
14:07:22.0829 8028  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:07:22.0831 8028  HidBth - ok
14:07:22.0849 8028  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:07:22.0851 8028  HidIr - ok
14:07:22.0886 8028  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:07:22.0889 8028  hidserv - ok
14:07:22.0916 8028  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:07:22.0917 8028  HidUsb - ok
14:07:22.0951 8028  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:07:22.0954 8028  hkmsvc - ok
14:07:22.0999 8028  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:07:23.0004 8028  HomeGroupListener - ok
14:07:23.0016 8028  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:07:23.0021 8028  HomeGroupProvider - ok
14:07:23.0067 8028  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:07:23.0069 8028  HpSAMD - ok
14:07:23.0125 8028  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:07:23.0136 8028  HTTP - ok
14:07:23.0171 8028  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:07:23.0172 8028  hwpolicy - ok
14:07:23.0213 8028  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:07:23.0215 8028  i8042prt - ok
14:07:23.0255 8028  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:07:23.0262 8028  iaStorV - ok
14:07:23.0332 8028  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:07:23.0358 8028  idsvc - ok
14:07:23.0395 8028  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:07:23.0397 8028  iirsp - ok
14:07:23.0453 8028  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:07:23.0478 8028  IKEEXT - ok
14:07:23.0521 8028  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:07:23.0522 8028  intelide - ok
14:07:23.0545 8028  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:07:23.0547 8028  intelppm - ok
14:07:23.0587 8028  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:07:23.0590 8028  IPBusEnum - ok
14:07:23.0620 8028  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:07:23.0622 8028  IpFilterDriver - ok
14:07:23.0677 8028  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:07:23.0686 8028  iphlpsvc - ok
14:07:23.0720 8028  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:07:23.0722 8028  IPMIDRV - ok
14:07:23.0739 8028  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:07:23.0741 8028  IPNAT - ok
14:07:23.0823 8028  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:07:23.0833 8028  iPod Service - ok
14:07:23.0854 8028  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:07:23.0856 8028  IRENUM - ok
14:07:23.0895 8028  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:07:23.0896 8028  isapnp - ok
14:07:23.0914 8028  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:07:23.0919 8028  iScsiPrt - ok
14:07:23.0937 8028  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:07:23.0939 8028  kbdclass - ok
14:07:23.0960 8028  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:07:23.0962 8028  kbdhid - ok
14:07:23.0983 8028  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:07:23.0985 8028  KeyIso - ok
14:07:24.0026 8028  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:07:24.0028 8028  KSecDD - ok
14:07:24.0070 8028  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:07:24.0073 8028  KSecPkg - ok
14:07:24.0084 8028  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:07:24.0086 8028  ksthunk - ok
14:07:24.0122 8028  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:07:24.0129 8028  KtmRm - ok
14:07:24.0169 8028  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:07:24.0175 8028  LanmanServer - ok
14:07:24.0309 8028  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:07:24.0314 8028  LanmanWorkstation - ok
14:07:24.0341 8028  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:07:24.0343 8028  lltdio - ok
14:07:24.0392 8028  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:07:24.0398 8028  lltdsvc - ok
14:07:24.0408 8028  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:07:24.0411 8028  lmhosts - ok
14:07:24.0436 8028  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:07:24.0444 8028  LSI_FC - ok
14:07:24.0472 8028  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:07:24.0474 8028  LSI_SAS - ok
14:07:24.0484 8028  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:07:24.0486 8028  LSI_SAS2 - ok
14:07:24.0501 8028  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:07:24.0503 8028  LSI_SCSI - ok
14:07:24.0526 8028  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:07:24.0528 8028  luafv - ok
14:07:24.0582 8028  [ 07389F6925E490D2DB7882110E99921C ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
14:07:24.0584 8028  lvpepf64 - ok
14:07:24.0621 8028  [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
14:07:24.0647 8028  LVRS64 - ok
14:07:24.0690 8028  [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
14:07:24.0692 8028  LVUSBS64 - ok
14:07:24.0732 8028  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:07:24.0735 8028  Mcx2Svc - ok
14:07:24.0753 8028  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:07:24.0755 8028  megasas - ok
14:07:24.0775 8028  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:07:24.0780 8028  MegaSR - ok
14:07:24.0823 8028  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:07:24.0826 8028  MMCSS - ok
14:07:24.0837 8028  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:07:24.0838 8028  Modem - ok
14:07:24.0874 8028  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:07:24.0875 8028  monitor - ok
14:07:24.0918 8028  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:07:24.0920 8028  mouclass - ok
14:07:24.0936 8028  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:07:24.0937 8028  mouhid - ok
14:07:24.0982 8028  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:07:24.0984 8028  mountmgr - ok
14:07:25.0024 8028  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:07:25.0027 8028  mpio - ok
14:07:25.0071 8028  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:07:25.0073 8028  mpsdrv - ok
14:07:25.0135 8028  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:07:25.0161 8028  MpsSvc - ok
14:07:25.0297 8028  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:07:25.0300 8028  MRxDAV - ok
14:07:25.0343 8028  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:07:25.0345 8028  mrxsmb - ok
14:07:25.0361 8028  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:07:25.0366 8028  mrxsmb10 - ok
14:07:25.0375 8028  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:07:25.0378 8028  mrxsmb20 - ok
14:07:25.0409 8028  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:07:25.0410 8028  msahci - ok
14:07:25.0428 8028  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:07:25.0431 8028  msdsm - ok
14:07:25.0448 8028  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:07:25.0452 8028  MSDTC - ok
14:07:25.0471 8028  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:07:25.0472 8028  Msfs - ok
14:07:25.0483 8028  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:07:25.0484 8028  mshidkmdf - ok
14:07:25.0517 8028  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:07:25.0518 8028  msisadrv - ok
14:07:25.0565 8028  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:07:25.0568 8028  MSiSCSI - ok
14:07:25.0573 8028  msiserver - ok
14:07:25.0598 8028  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:07:25.0599 8028  MSKSSRV - ok
14:07:25.0610 8028  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:07:25.0611 8028  MSPCLOCK - ok
14:07:25.0622 8028  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:07:25.0623 8028  MSPQM - ok
14:07:25.0667 8028  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:07:25.0672 8028  MsRPC - ok
14:07:25.0685 8028  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:07:25.0686 8028  mssmbios - ok
14:07:25.0697 8028  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:07:25.0699 8028  MSTEE - ok
14:07:25.0717 8028  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:07:25.0718 8028  MTConfig - ok
14:07:25.0770 8028  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
14:07:25.0771 8028  MTsensor - ok
14:07:25.0783 8028  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:07:25.0784 8028  Mup - ok
14:07:25.0829 8028  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:07:25.0838 8028  napagent - ok
14:07:25.0894 8028  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:07:25.0900 8028  NativeWifiP - ok
14:07:26.0002 8028  [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
14:07:26.0028 8028  NAUpdate - ok
14:07:26.0097 8028  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:07:26.0122 8028  NDIS - ok
14:07:26.0157 8028  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:07:26.0158 8028  NdisCap - ok
14:07:26.0211 8028  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:07:26.0310 8028  NdisTapi - ok
14:07:26.0347 8028  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:07:26.0348 8028  Ndisuio - ok
14:07:26.0392 8028  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:07:26.0395 8028  NdisWan - ok
14:07:26.0438 8028  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:07:26.0440 8028  NDProxy - ok
14:07:26.0460 8028  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:07:26.0461 8028  NetBIOS - ok
14:07:26.0500 8028  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:07:26.0504 8028  NetBT - ok
14:07:26.0524 8028  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:07:26.0526 8028  Netlogon - ok
14:07:26.0572 8028  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:07:26.0579 8028  Netman - ok
14:07:26.0658 8028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:07:26.0699 8028  NetMsmqActivator - ok
14:07:26.0703 8028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:07:26.0705 8028  NetPipeActivator - ok
14:07:26.0748 8028  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:07:26.0756 8028  netprofm - ok
14:07:26.0761 8028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:07:26.0763 8028  NetTcpActivator - ok
14:07:26.0767 8028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:07:26.0768 8028  NetTcpPortSharing - ok
14:07:26.0798 8028  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:07:26.0800 8028  nfrd960 - ok
14:07:26.0848 8028  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:07:26.0855 8028  NlaSvc - ok
14:07:26.0867 8028  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:07:26.0868 8028  Npfs - ok
14:07:26.0880 8028  npggsvc - ok
14:07:26.0885 8028  NPPTNT2 - ok
14:07:26.0925 8028  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:07:26.0928 8028  nsi - ok
14:07:26.0935 8028  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:07:26.0936 8028  nsiproxy - ok
14:07:27.0021 8028  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:07:27.0056 8028  Ntfs - ok
14:07:27.0073 8028  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:07:27.0074 8028  Null - ok
14:07:27.0123 8028  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
14:07:27.0130 8028  NVENETFD - ok
14:07:27.0573 8028  [ 8E6247F418B4C8AE9EEB0B532CABCC21 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:07:27.0875 8028  nvlddmkm - ok
14:07:27.0926 8028  [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
14:07:27.0932 8028  NVNET - ok
14:07:27.0951 8028  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:07:27.0954 8028  nvraid - ok
14:07:27.0996 8028  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:07:27.0997 8028  nvstor - ok
14:07:28.0081 8028  [ 41B97DCE2B2D113B831EB197F02A7398 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:07:28.0107 8028  nvsvc - ok
14:07:28.0174 8028  [ A3A25E0509F67473B960DAF214828BE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:07:28.0225 8028  nvUpdatusService - ok
14:07:28.0272 8028  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:07:28.0274 8028  nv_agp - ok
14:07:28.0317 8028  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:07:28.0319 8028  ohci1394 - ok
14:07:28.0379 8028  [ 2B8E4C792BED0E5882702720BC528AE5 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:28.0382 8028  ose - ok
14:07:28.0565 8028  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:07:28.0676 8028  osppsvc - ok
14:07:28.0730 8028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:07:28.0737 8028  p2pimsvc - ok
14:07:28.0796 8028  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:07:28.0804 8028  p2psvc - ok
14:07:28.0872 8028  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:07:28.0875 8028  Parport - ok
14:07:28.0916 8028  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:07:28.0917 8028  partmgr - ok
14:07:28.0927 8028  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:07:28.0932 8028  PcaSvc - ok
14:07:28.0969 8028  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:07:28.0971 8028  pci - ok
14:07:28.0985 8028  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:07:28.0986 8028  pciide - ok
14:07:29.0003 8028  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:07:29.0007 8028  pcmcia - ok
14:07:29.0022 8028  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:07:29.0023 8028  pcw - ok
14:07:29.0055 8028  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:07:29.0064 8028  PEAUTH - ok
14:07:29.0142 8028  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:07:29.0185 8028  PeerDistSvc - ok
14:07:29.0264 8028  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:07:29.0267 8028  PerfHost - ok
14:07:29.0383 8028  [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
14:07:29.0443 8028  PID_PEPI - ok
14:07:29.0520 8028  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:07:29.0554 8028  pla - ok
14:07:29.0598 8028  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:07:29.0607 8028  PlugPlay - ok
14:07:29.0620 8028  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:07:29.0623 8028  PNRPAutoReg - ok
14:07:29.0638 8028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:07:29.0642 8028  PNRPsvc - ok
14:07:29.0677 8028  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:07:29.0679 8028  Point64 - ok
14:07:29.0729 8028  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:07:29.0738 8028  PolicyAgent - ok
14:07:29.0759 8028  PortTalk - ok
14:07:29.0799 8028  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:07:29.0804 8028  Power - ok
14:07:29.0853 8028  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:07:29.0855 8028  PptpMiniport - ok
14:07:29.0887 8028  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:07:29.0889 8028  Processor - ok
14:07:29.0928 8028  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:07:29.0934 8028  ProfSvc - ok
14:07:29.0948 8028  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:07:29.0950 8028  ProtectedStorage - ok
14:07:29.0993 8028  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:07:29.0995 8028  Psched - ok
14:07:30.0055 8028  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:07:30.0106 8028  ql2300 - ok
14:07:30.0125 8028  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:07:30.0128 8028  ql40xx - ok
14:07:30.0167 8028  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:07:30.0172 8028  QWAVE - ok
14:07:30.0196 8028  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:07:30.0197 8028  QWAVEdrv - ok
14:07:30.0210 8028  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:07:30.0211 8028  RasAcd - ok
14:07:30.0253 8028  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:07:30.0255 8028  RasAgileVpn - ok
14:07:30.0263 8028  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:07:30.0267 8028  RasAuto - ok
14:07:30.0302 8028  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:07:30.0305 8028  Rasl2tp - ok
14:07:30.0363 8028  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:07:30.0370 8028  RasMan - ok
14:07:30.0411 8028  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:07:30.0414 8028  RasPppoe - ok
14:07:30.0435 8028  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:07:30.0437 8028  RasSstp - ok
14:07:30.0480 8028  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:07:30.0484 8028  rdbss - ok
14:07:30.0498 8028  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:07:30.0499 8028  rdpbus - ok
14:07:30.0508 8028  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:07:30.0509 8028  RDPCDD - ok
14:07:30.0551 8028  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:07:30.0554 8028  RDPDR - ok
14:07:30.0571 8028  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:07:30.0572 8028  RDPENCDD - ok
14:07:30.0583 8028  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:07:30.0584 8028  RDPREFMP - ok
14:07:30.0637 8028  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:07:30.0638 8028  RdpVideoMiniport - ok
14:07:30.0677 8028  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:07:30.0680 8028  RDPWD - ok
14:07:30.0728 8028  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:07:30.0731 8028  rdyboost - ok
14:07:30.0768 8028  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:07:30.0772 8028  RemoteAccess - ok
14:07:30.0812 8028  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:07:30.0817 8028  RemoteRegistry - ok
14:07:30.0826 8028  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:07:30.0830 8028  RpcEptMapper - ok
14:07:30.0865 8028  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:07:30.0867 8028  RpcLocator - ok
14:07:30.0925 8028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
14:07:30.0931 8028  RpcSs - ok
14:07:30.0964 8028  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:07:30.0966 8028  rspndr - ok
14:07:31.0015 8028  [ 3641E624C8C5D5EA089AE9B5340B5B79 ] rt70x64         C:\Windows\system32\DRIVERS\netr7064.sys
14:07:31.0021 8028  rt70x64 - ok
14:07:31.0074 8028  [ 809A46521BC240D201A01920FC494314 ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
14:07:31.0077 8028  rzudd - ok
14:07:31.0110 8028  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:07:31.0111 8028  s3cap - ok
14:07:31.0123 8028  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:07:31.0125 8028  SamSs - ok
14:07:31.0141 8028  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:07:31.0143 8028  sbp2port - ok
14:07:31.0183 8028  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:07:31.0188 8028  SCardSvr - ok
14:07:31.0229 8028  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:07:31.0230 8028  scfilter - ok
14:07:31.0295 8028  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:07:31.0330 8028  Schedule - ok
14:07:31.0362 8028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:07:31.0363 8028  SCPolicySvc - ok
14:07:31.0400 8028  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:07:31.0405 8028  SDRSVC - ok
14:07:31.0449 8028  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:07:31.0450 8028  secdrv - ok
14:07:31.0482 8028  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:07:31.0485 8028  seclogon - ok
14:07:31.0511 8028  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:07:31.0514 8028  SENS - ok
14:07:31.0550 8028  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:07:31.0553 8028  SensrSvc - ok
14:07:31.0577 8028  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:07:31.0578 8028  Serenum - ok
14:07:31.0593 8028  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:07:31.0595 8028  Serial - ok
14:07:31.0610 8028  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:07:31.0611 8028  sermouse - ok
14:07:31.0700 8028  [ 8FEF3CDAFFBB862E0903199AB6A08D55 ] Service KMSELDI C:\Program Files\KMSpico\Service_KMS.exe
14:07:31.0701 8028  Service KMSELDI - ok
14:07:31.0744 8028  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:07:31.0748 8028  SessionEnv - ok
14:07:31.0788 8028  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:07:31.0789 8028  sffdisk - ok
14:07:31.0803 8028  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:07:31.0804 8028  sffp_mmc - ok
14:07:31.0812 8028  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:07:31.0813 8028  sffp_sd - ok
14:07:31.0827 8028  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:07:31.0829 8028  sfloppy - ok
14:07:31.0886 8028  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:07:31.0893 8028  SharedAccess - ok
14:07:31.0940 8028  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:07:31.0948 8028  ShellHWDetection - ok
14:07:31.0969 8028  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:07:31.0971 8028  SiSRaid2 - ok
14:07:31.0982 8028  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:07:31.0985 8028  SiSRaid4 - ok
14:07:32.0183 8028  [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:07:32.0301 8028  Skype C2C Service - ok
14:07:32.0394 8028  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:07:32.0397 8028  SkypeUpdate - ok
14:07:32.0409 8028  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:07:32.0412 8028  Smb - ok
14:07:32.0463 8028  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:07:32.0467 8028  SNMPTRAP - ok
14:07:32.0479 8028  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:07:32.0480 8028  spldr - ok
14:07:32.0540 8028  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:07:32.0551 8028  Spooler - ok
14:07:32.0668 8028  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:07:32.0745 8028  sppsvc - ok
14:07:32.0762 8028  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:07:32.0766 8028  sppuinotify - ok
14:07:32.0829 8028  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
14:07:32.0829 8028  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
14:07:32.0831 8028  sptd ( LockedFile.Multi.Generic ) - warning
14:07:32.0831 8028  sptd - detected LockedFile.Multi.Generic (1)
14:07:32.0882 8028  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:07:32.0889 8028  srv - ok
14:07:32.0910 8028  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:07:32.0916 8028  srv2 - ok
14:07:32.0927 8028  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:07:32.0930 8028  srvnet - ok
14:07:32.0971 8028  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
14:07:32.0974 8028  sscdbus - ok
14:07:33.0021 8028  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:07:33.0022 8028  sscdmdfl - ok
14:07:33.0053 8028  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
14:07:33.0057 8028  sscdmdm - ok
14:07:33.0081 8028  [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
14:07:33.0084 8028  sscdserd - ok
14:07:33.0134 8028  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:07:33.0140 8028  SSDPSRV - ok
14:07:33.0149 8028  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:07:33.0153 8028  SstpSvc - ok
14:07:33.0168 8028  Steam Client Service - ok
14:07:33.0196 8028  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:07:33.0198 8028  stexstor - ok
14:07:33.0257 8028  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:07:33.0268 8028  stisvc - ok
14:07:33.0307 8028  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:07:33.0308 8028  storflt - ok
14:07:33.0321 8028  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:07:33.0323 8028  storvsc - ok
14:07:33.0355 8028  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:07:33.0357 8028  swenum - ok
14:07:33.0392 8028  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:07:33.0403 8028  swprv - ok
14:07:33.0417 8028  Synth3dVsc - ok
14:07:33.0495 8028  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:07:33.0537 8028  SysMain - ok
14:07:33.0571 8028  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:07:33.0575 8028  TabletInputService - ok
14:07:33.0616 8028  [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
14:07:33.0618 8028  tap0901 - ok
14:07:33.0665 8028  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:07:33.0672 8028  TapiSrv - ok
14:07:33.0712 8028  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:07:33.0715 8028  TBS - ok
14:07:33.0794 8028  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:07:33.0837 8028  Tcpip - ok
14:07:33.0902 8028  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:07:33.0913 8028  TCPIP6 - ok
14:07:33.0954 8028  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:07:33.0956 8028  tcpipreg - ok
14:07:33.0992 8028  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:07:33.0993 8028  TDPIPE - ok
14:07:34.0028 8028  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:07:34.0029 8028  TDTCP - ok
14:07:34.0067 8028  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:07:34.0070 8028  tdx - ok
14:07:34.0104 8028  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:07:34.0106 8028  TermDD - ok
14:07:34.0166 8028  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:07:34.0173 8028  TermService - ok
14:07:34.0209 8028  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:07:34.0213 8028  Themes - ok
14:07:34.0253 8028  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:07:34.0255 8028  THREADORDER - ok
14:07:34.0265 8028  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:07:34.0269 8028  TrkWks - ok
14:07:34.0342 8028  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:07:34.0344 8028  TrustedInstaller - ok
14:07:34.0382 8028  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:07:34.0383 8028  tssecsrv - ok
14:07:34.0421 8028  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:07:34.0423 8028  TsUsbFlt - ok
14:07:34.0426 8028  tsusbhub - ok
14:07:34.0486 8028  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:07:34.0489 8028  tunnel - ok
14:07:34.0507 8028  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:07:34.0509 8028  uagp35 - ok
14:07:34.0547 8028  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:07:34.0552 8028  udfs - ok
14:07:34.0597 8028  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:07:34.0601 8028  UI0Detect - ok
14:07:34.0626 8028  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:07:34.0628 8028  uliagpkx - ok
14:07:34.0674 8028  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:07:34.0681 8028  umbus - ok
14:07:34.0717 8028  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:07:34.0719 8028  UmPass - ok
14:07:34.0762 8028  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
14:07:34.0768 8028  UmRdpService - ok
14:07:34.0784 8028  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:07:34.0791 8028  upnphost - ok
14:07:34.0832 8028  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:07:34.0833 8028  USBAAPL64 - ok
14:07:34.0868 8028  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:07:34.0870 8028  usbaudio - ok
14:07:34.0889 8028  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:07:34.0891 8028  usbccgp - ok
14:07:34.0949 8028  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:07:34.0952 8028  usbcir - ok
14:07:34.0965 8028  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:07:34.0967 8028  usbehci - ok
14:07:34.0993 8028  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:07:34.0999 8028  usbhub - ok
14:07:35.0012 8028  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:07:35.0014 8028  usbohci - ok
14:07:35.0032 8028  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:07:35.0033 8028  usbprint - ok
14:07:35.0053 8028  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:07:35.0055 8028  USBSTOR - ok
14:07:35.0071 8028  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:07:35.0073 8028  usbuhci - ok
14:07:35.0108 8028  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:07:35.0112 8028  UxSms - ok
14:07:35.0121 8028  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:07:35.0123 8028  VaultSvc - ok
14:07:35.0145 8028  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:07:35.0146 8028  vdrvroot - ok
14:07:35.0203 8028  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:07:35.0214 8028  vds - ok
14:07:35.0252 8028  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:07:35.0253 8028  vga - ok
14:07:35.0269 8028  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:07:35.0270 8028  VgaSave - ok
14:07:35.0274 8028  VGPU - ok
14:07:35.0299 8028  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:07:35.0303 8028  vhdmp - ok
14:07:35.0409 8028  [ 0AE6B10B700689681A9892E67EE7B00B ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
14:07:35.0461 8028  VIAHdAudAddService - ok
14:07:35.0481 8028  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:07:35.0482 8028  viaide - ok
14:07:35.0529 8028  [ 265ABC06AD6BD64AFBFB61B3E57839A1 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
14:07:35.0533 8028  VIAKaraokeService - ok
14:07:35.0573 8028  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:07:35.0576 8028  vmbus - ok
14:07:35.0592 8028  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:07:35.0594 8028  VMBusHID - ok
14:07:35.0633 8028  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:07:35.0634 8028  volmgr - ok
14:07:35.0675 8028  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:07:35.0680 8028  volmgrx - ok
14:07:35.0707 8028  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:07:35.0709 8028  volsnap - ok
14:07:35.0742 8028  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:07:35.0745 8028  vsmraid - ok
14:07:35.0819 8028  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:07:35.0870 8028  VSS - ok
14:07:35.0887 8028  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:07:35.0889 8028  vwifibus - ok
14:07:35.0935 8028  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:07:35.0943 8028  W32Time - ok
14:07:35.0960 8028  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:07:35.0961 8028  WacomPen - ok
14:07:36.0013 8028  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:07:36.0015 8028  WANARP - ok
14:07:36.0019 8028  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:07:36.0020 8028  Wanarpv6 - ok
14:07:36.0105 8028  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:07:36.0147 8028  WatAdminSvc - ok
14:07:36.0341 8028  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:07:36.0383 8028  wbengine - ok
14:07:36.0401 8028  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:07:36.0407 8028  WbioSrvc - ok
14:07:36.0456 8028  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:07:36.0464 8028  wcncsvc - ok
14:07:36.0480 8028  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:07:36.0484 8028  WcsPlugInService - ok
14:07:36.0499 8028  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:07:36.0501 8028  Wd - ok
14:07:36.0540 8028  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:07:36.0541 8028  WDC_SAM - ok
14:07:36.0598 8028  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:07:36.0624 8028  Wdf01000 - ok
14:07:36.0641 8028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:07:36.0646 8028  WdiServiceHost - ok
14:07:36.0650 8028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:07:36.0653 8028  WdiSystemHost - ok
14:07:36.0693 8028  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:07:36.0700 8028  WebClient - ok
14:07:36.0712 8028  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:07:36.0718 8028  Wecsvc - ok
14:07:36.0729 8028  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:07:36.0734 8028  wercplsupport - ok
14:07:36.0755 8028  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:07:36.0759 8028  WerSvc - ok
14:07:36.0780 8028  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:07:36.0781 8028  WfpLwf - ok
14:07:36.0801 8028  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:07:36.0802 8028  WIMMount - ok
14:07:36.0834 8028  WinDefend - ok
14:07:36.0853 8028  WinHttpAutoProxySvc - ok
14:07:36.0937 8028  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:07:36.0941 8028  Winmgmt - ok
14:07:37.0026 8028  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:07:37.0078 8028  WinRM - ok
14:07:37.0124 8028  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:07:37.0125 8028  WinUsb - ok
14:07:37.0186 8028  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:07:37.0212 8028  Wlansvc - ok
14:07:37.0250 8028  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:07:37.0251 8028  WmiAcpi - ok
14:07:37.0274 8028  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:07:37.0278 8028  wmiApSrv - ok
14:07:37.0286 8028  WMPNetworkSvc - ok
14:07:37.0322 8028  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:07:37.0326 8028  WPCSvc - ok
14:07:37.0365 8028  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:07:37.0370 8028  WPDBusEnum - ok
14:07:37.0405 8028  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:07:37.0406 8028  ws2ifsl - ok
14:07:37.0415 8028  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:07:37.0419 8028  wscsvc - ok
14:07:37.0423 8028  WSearch - ok
14:07:37.0523 8028  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:07:37.0583 8028  wuauserv - ok
14:07:37.0621 8028  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:07:37.0623 8028  WudfPf - ok
14:07:37.0644 8028  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:07:37.0648 8028  WUDFRd - ok
14:07:37.0684 8028  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:07:37.0689 8028  wudfsvc - ok
14:07:37.0731 8028  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:07:37.0755 8028  WwanSvc - ok
14:07:37.0807 8028  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:07:37.0809 8028  xusb21 - ok
14:07:37.0846 8028  ================ Scan global ===============================
14:07:37.0876 8028  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:07:37.0894 8028  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:07:37.0905 8028  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:07:37.0941 8028  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:07:37.0984 8028  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:07:37.0988 8028  [Global] - ok
14:07:37.0989 8028  ================ Scan MBR ==================================
14:07:37.0998 8028  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:07:38.0138 8028  \Device\Harddisk0\DR0 - ok
14:07:38.0141 8028  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:07:38.0285 8028  \Device\Harddisk1\DR1 - ok
14:07:38.0286 8028  ================ Scan VBR ==================================
14:07:38.0288 8028  [ 258AB67A6DB3FF343B07B2C975C6DEA8 ] \Device\Harddisk0\DR0\Partition1
14:07:38.0289 8028  \Device\Harddisk0\DR0\Partition1 - ok
14:07:38.0293 8028  [ DB6F4C03EDA7CB4F429C59B5AE598B2A ] \Device\Harddisk1\DR1\Partition1
14:07:38.0294 8028  \Device\Harddisk1\DR1\Partition1 - ok
14:07:38.0294 8028  ============================================================
14:07:38.0294 8028  Scan finished
14:07:38.0294 8028  ============================================================
14:07:38.0303 4564  Detected object count: 1
14:07:38.0303 4564  Actual detected object count: 1
14:07:48.0668 4564  sptd ( LockedFile.Multi.Generic ) - skipped by user
14:07:48.0668 4564  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
 
 
Second is adwCleaner:
 
 
# AdwCleaner v2.306 - Logfile created 07/26/2013 at 14:09:15
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Tom - THESPORK
# Boot Mode : Normal
# Running from : D:\Chrome Downloads\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Program Files (x86)\Coupon Companion Plugin
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\Users\Tom\AppData\Local\Coupon Companion Plugin
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKU\S-1-5-21-3918430682-2842056346-2368100274-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-3918430682-2842056346-2368100274-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={B78E3E50-E41C-11E2-85AE-BCAEC5955CF1}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={B78E3E50-E41C-11E2-85AE-BCAEC5955CF1}
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [4649 octets] - [26/07/2013 14:09:15]
 
########## EOF - C:\AdwCleaner[R1].txt - [4709 octets] ##########
 

 

Look forward to a reply. :)

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Necroticx

Necroticx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 26 July 2013 - 01:24 PM

P.S. I saw SPTD was a suspicious file, I know that that is a Daemon Tools entry so I didn't do any "fixing".



#3 Necroticx

Necroticx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 27 July 2013 - 11:41 PM

48 hour bump!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 28 July 2013 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 Necroticx

Necroticx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 28 July 2013 - 11:27 AM

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Ultimate x64
Ran by Tom on Sun 07/28/2013 at 12:08:16.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3918430682-2842056346-2368100274-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Tom\appdata\local\coupon companion plugin"
Successfully deleted: [Folder] "C:\Users\Tom\appdata\local\toparcadehits"
Successfully deleted: [Folder] "C:\Users\Tom\appdata\local\updater21804"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion plugin"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Tom\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/28/2013 at 12:12:44.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.25.2
Run by Tom at 12:14:25 on 2013-07-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.6275 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\KMSpico\Service_KMS.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyServer = 37.59.236.42:3128
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CB4BC76B-C940-4354-BB55-44C12DE6E0E5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D35EF8F3-B228-4CCF-85A8-706006304D40} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-7-13 22600]
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-7-13 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-7-13 270824]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-13 189936]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-7-13 131232]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-13 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-13 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-28 203776]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-13 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-13 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-13 46808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-7-13 137960]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2013-7-10 37888]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-2-26 27768]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-3-2 116240]
R3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-7-8 2438696]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-3-4 117248]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-2-26 2206864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-9 19456]
S3 rt70x64;Linksys Home Wireless-G USB Adaptor Driver;C:\Windows\System32\drivers\netr7064.sys [2010-4-27 388448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-9 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-07-28 16:07:56 -------- d-----w- C:\Windows\ERUNT
2013-07-27 09:28:36 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{748C718E-F437-471E-B321-D61EDD57EE31}\offreg.dll
2013-07-26 11:45:25 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{748C718E-F437-471E-B321-D61EDD57EE31}\mpengine.dll
2013-07-23 16:12:35 -------- d-----w- C:\Users\Tom\AppData\Local\SCE
2013-07-23 16:10:28 -------- d-----w- C:\Windows\SysWow64\directx
2013-07-16 06:06:39 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2013-07-13 15:57:21 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2013-07-13 15:57:17 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2013-07-13 15:57:12 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-07-13 15:57:01 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-07-13 15:56:51 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-07-13 15:56:32 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-07-13 15:56:28 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-07-13 15:56:19 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-07-13 15:55:31 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2013-07-13 15:54:48 41664 ----a-w- C:\Windows\avastSS.scr
2013-07-13 05:23:30 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-07-10 17:21:18 -------- d-----w- C:\Program Files\KMSpico
2013-07-10 05:11:22 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 05:11:18 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 05:11:18 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 04:59:14 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 04:59:14 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-10 04:29:50 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-07-10 04:26:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-07-10 04:23:31 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-07-10 04:23:16 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Help
2013-07-09 17:21:43 -------- d-----w- C:\Program Files (x86)\ISO to USB
2013-07-06 05:29:52 -------- d-----w- C:\Program Files\CPUID
2013-07-06 02:35:42 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor
2013-07-06 02:35:42 -------- d-----w- C:\Windows\System32\wbem\Framework\root
2013-07-06 02:35:42 -------- d-----w- C:\Windows\System32\wbem\Framework
2013-06-29 00:13:31 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-07-13 19:35:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 19:35:07 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-29 00:13:19 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-29 00:13:19 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 05:07:50 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2013-06-21 04:49:09 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2013-05-27 05:54:10 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-05-27 05:02:03 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-27 03:58:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-27 03:20:41 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-30 11:50:04 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2007-09-26 03:20:32 2251304 ----a-w- C:\Program Files (x86)\WindowsXP-KB297694-x86-ENU.exe
.
============= FINISH: 12:15:10.37 ===============
 

 

 

Security Check came back with UNSUPPORTED OPERATING SYSTEM. (Yes, ran it as admin)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 28 July 2013 - 01:09 PM

Security Check came back with UNSUPPORTED OPERATING SYSTEM. (Yes, ran it as admin)


Restart the computer and run it.

Any remaining issues?

#7 Necroticx

Necroticx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 28 July 2013 - 03:31 PM

 

Security Check came back with UNSUPPORTED OPERATING SYSTEM. (Yes, ran it as admin)


Restart the computer and run it.

Any remaining issues?

 

 

I'm sorry it did the same thing. 



#8 Necroticx

Necroticx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 28 July 2013 - 04:28 PM

Nevermind, sorry for the double-post. Got the Security Check to work.

 

SC Log

 

Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java™ 6 Update 31  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 29 July 2013 - 06:55 AM


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#10 Necroticx

Necroticx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 29 July 2013 - 09:41 AM

Beautiful. Updating and cleaning up. :D



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 29 July 2013 - 12:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users