Jump to content


Photo
- - - - -

Trojan.Agent on Win7 x64


  • This topic is locked This topic is locked
10 replies to this topic

#1 thanksinadvance

thanksinadvance

    New Member

  • Members
  • Pip
  • 15 posts

Posted 24 July 2012 - 08:35 PM

Ran MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Garcia :: GARCIA-HP [administrator]

Protection: Enabled

7/24/2012 6:15:29 PM
mbam-log-2012-07-24 (18-26-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192399
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3116 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Ran RogueKiller and did NOT fix anything. Just scan.

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Garcia [Admin rights]
Mode: Scan -- Date: 07/24/2012 18:31:09

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] 4fe3708a56449a85c0f6eadf7ea17587
[BSP] bee1f23af191fbaa51922b5a56c0af45 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 452248 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 926613504 | Size: 20428 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f422c3a2e25804b54a2e495407f8f578
[BSP] 7d12ba7f0c72df697c5b2a28b89020cb : TDL4 MBR Code!
Partition table:

Finished : << RKreport[1].txt >>
RKreport[1].txt

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 24 July 2012 - 08:38 PM

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 thanksinadvance

thanksinadvance

    New Member

  • Members
  • Pip
  • 15 posts

Posted 24 July 2012 - 08:52 PM

18:41:29.0680 2816 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:41:30.0070 2816 ============================================================
18:41:30.0070 2816 Current date / time: 2012/07/24 18:41:30.0070
18:41:30.0070 2816 SystemInfo:
18:41:30.0070 2816
18:41:30.0070 2816 OS Version: 6.1.7601 ServicePack: 1.0
18:41:30.0070 2816 Product type: Workstation
18:41:30.0070 2816 ComputerName: GARCIA-HP
18:41:30.0070 2816 UserName: Garcia
18:41:30.0070 2816 Windows directory: C:\Windows
18:41:30.0070 2816 System windows directory: C:\Windows
18:41:30.0070 2816 Running under WOW64
18:41:30.0070 2816 Processor architecture: Intel x64
18:41:30.0070 2816 Number of processors: 4
18:41:30.0070 2816 Page size: 0x1000
18:41:30.0070 2816 Boot type: Normal boot
18:41:30.0070 2816 ============================================================
18:41:31.0396 2816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:41:31.0396 2816 ============================================================
18:41:31.0396 2816 \Device\Harddisk0\DR0:
18:41:31.0396 2816 MBR partitions:
18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3734C000
18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x373B0000, BlocksNum 0x27E6000
18:41:31.0396 2816 ============================================================
18:41:31.0427 2816 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:31.0458 2816 D: <-> \Device\Harddisk0\DR0\Partition2
18:41:31.0458 2816 ============================================================
18:41:31.0458 2816 Initialize success
18:41:31.0458 2816 ============================================================
18:41:55.0342 5004 ============================================================
18:41:55.0342 5004 Scan started
18:41:55.0342 5004 Mode: Manual; SigCheck; TDLFS;
18:41:55.0342 5004 ============================================================
18:41:55.0857 5004 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:41:56.0028 5004 1394ohci - ok
18:41:56.0075 5004 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:41:56.0122 5004 ACPI - ok
18:41:56.0153 5004 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:41:56.0247 5004 AcpiPmi - ok
18:41:56.0340 5004 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:41:56.0372 5004 AdobeARMservice - ok
18:41:56.0512 5004 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:41:56.0543 5004 AdobeFlashPlayerUpdateSvc - ok
18:41:56.0637 5004 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:41:56.0715 5004 adp94xx - ok
18:41:56.0793 5004 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:41:56.0824 5004 adpahci - ok
18:41:56.0886 5004 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:41:56.0933 5004 adpu320 - ok
18:41:56.0964 5004 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:41:57.0136 5004 AeLookupSvc - ok
18:41:57.0214 5004 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:41:57.0292 5004 AFD - ok
18:41:57.0323 5004 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:41:57.0354 5004 agp440 - ok
18:41:57.0401 5004 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:41:57.0448 5004 ALG - ok
18:41:57.0495 5004 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:41:57.0526 5004 aliide - ok
18:41:57.0573 5004 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe
18:41:57.0682 5004 AMD External Events Utility - ok
18:41:57.0729 5004 AMD FUEL Service - ok
18:41:57.0776 5004 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:41:57.0807 5004 amdide - ok
18:41:57.0822 5004 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:41:57.0854 5004 amdiox64 - ok
18:41:57.0900 5004 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:41:57.0947 5004 AmdK8 - ok
18:41:58.0665 5004 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
18:41:58.0977 5004 amdkmdag - ok
18:41:59.0148 5004 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
18:41:59.0211 5004 amdkmdap - ok
18:41:59.0258 5004 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:41:59.0289 5004 AmdPPM - ok
18:41:59.0336 5004 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:41:59.0367 5004 amdsata - ok
18:41:59.0414 5004 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:41:59.0445 5004 amdsbs - ok
18:41:59.0460 5004 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:41:59.0476 5004 amdxata - ok
18:41:59.0523 5004 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys
18:41:59.0523 5004 amd_sata - ok
18:41:59.0538 5004 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys
18:41:59.0554 5004 amd_xata - ok
18:41:59.0585 5004 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:41:59.0788 5004 AppID - ok
18:41:59.0819 5004 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:41:59.0866 5004 AppIDSvc - ok
18:41:59.0897 5004 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:41:59.0944 5004 Appinfo - ok
18:42:00.0069 5004 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:42:00.0100 5004 Apple Mobile Device - ok
18:42:00.0147 5004 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:42:00.0178 5004 arc - ok
18:42:00.0225 5004 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:42:00.0256 5004 arcsas - ok
18:42:00.0350 5004 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:42:00.0381 5004 aspnet_state - ok
18:42:00.0428 5004 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:00.0506 5004 AsyncMac - ok
18:42:00.0537 5004 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:42:00.0552 5004 atapi - ok
18:42:00.0615 5004 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
18:42:00.0630 5004 AtiHDAudioService - ok
18:42:00.0724 5004 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:00.0786 5004 AudioEndpointBuilder - ok
18:42:00.0802 5004 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:00.0833 5004 AudioSrv - ok
18:42:00.0896 5004 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:42:01.0036 5004 AxInstSV - ok
18:42:01.0114 5004 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:42:01.0192 5004 b06bdrv - ok
18:42:01.0254 5004 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:01.0317 5004 b57nd60a - ok
18:42:01.0442 5004 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:42:01.0488 5004 BBSvc - ok
18:42:01.0520 5004 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:42:01.0551 5004 BBUpdate - ok
18:42:01.0691 5004 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:42:01.0769 5004 BCM43XX - ok
18:42:01.0800 5004 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:42:01.0832 5004 BDESVC - ok
18:42:01.0894 5004 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:42:01.0972 5004 Beep - ok
18:42:02.0066 5004 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:42:02.0159 5004 BFE - ok
18:42:02.0253 5004 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:42:02.0331 5004 BITS - ok
18:42:02.0393 5004 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:42:02.0440 5004 blbdrive - ok
18:42:02.0549 5004 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:42:02.0596 5004 Bonjour Service - ok
18:42:02.0643 5004 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:42:02.0690 5004 bowser - ok
18:42:02.0736 5004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:42:02.0783 5004 BrFiltLo - ok
18:42:02.0799 5004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:42:02.0814 5004 BrFiltUp - ok
18:42:02.0861 5004 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:42:02.0908 5004 Browser - ok
18:42:02.0939 5004 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:42:03.0033 5004 Brserid - ok
18:42:03.0064 5004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:03.0111 5004 BrSerWdm - ok
18:42:03.0158 5004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:03.0220 5004 BrUsbMdm - ok
18:42:03.0236 5004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:03.0267 5004 BrUsbSer - ok
18:42:03.0314 5004 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:42:03.0329 5004 BTHMODEM - ok
18:42:03.0376 5004 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:42:03.0454 5004 bthserv - ok
18:42:03.0485 5004 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:03.0532 5004 cdfs - ok
18:42:03.0579 5004 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:42:03.0610 5004 cdrom - ok
18:42:03.0657 5004 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:42:03.0735 5004 CertPropSvc - ok
18:42:03.0797 5004 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:42:03.0844 5004 circlass - ok
18:42:03.0891 5004 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:42:03.0922 5004 CLFS - ok
18:42:04.0000 5004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:04.0047 5004 clr_optimization_v2.0.50727_32 - ok
18:42:04.0109 5004 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:04.0125 5004 clr_optimization_v2.0.50727_64 - ok
18:42:04.0203 5004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:04.0234 5004 clr_optimization_v4.0.30319_32 - ok
18:42:04.0265 5004 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:04.0296 5004 clr_optimization_v4.0.30319_64 - ok
18:42:04.0421 5004 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
18:42:04.0437 5004 clwvd - ok
18:42:04.0499 5004 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:42:04.0562 5004 CmBatt - ok
18:42:04.0593 5004 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:42:04.0608 5004 cmdide - ok
18:42:04.0671 5004 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:42:04.0702 5004 CNG - ok
18:42:04.0733 5004 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:42:04.0749 5004 Compbatt - ok
18:42:04.0780 5004 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:42:04.0811 5004 CompositeBus - ok
18:42:04.0827 5004 COMSysApp - ok
18:42:04.0858 5004 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:42:04.0874 5004 crcdisk - ok
18:42:04.0936 5004 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:42:04.0998 5004 CryptSvc - ok
18:42:05.0092 5004 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:42:05.0170 5004 DcomLaunch - ok
18:42:05.0232 5004 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:42:05.0310 5004 defragsvc - ok
18:42:05.0357 5004 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:42:05.0420 5004 DfsC - ok
18:42:05.0482 5004 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:42:05.0544 5004 Dhcp - ok
18:42:05.0576 5004 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:42:05.0622 5004 discache - ok
18:42:05.0700 5004 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:42:05.0716 5004 Disk - ok
18:42:05.0763 5004 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:42:05.0841 5004 Dnscache - ok
18:42:05.0903 5004 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:42:05.0981 5004 dot3svc - ok
18:42:06.0012 5004 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:42:06.0075 5004 DPS - ok
18:42:06.0122 5004 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:42:06.0153 5004 drmkaud - ok
18:42:06.0246 5004 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:06.0293 5004 DXGKrnl - ok
18:42:06.0340 5004 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:42:06.0434 5004 EapHost - ok
18:42:06.0683 5004 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:42:06.0777 5004 ebdrv - ok
18:42:06.0917 5004 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:42:06.0995 5004 EFS - ok
18:42:07.0120 5004 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:42:07.0214 5004 ehRecvr - ok
18:42:07.0245 5004 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:42:07.0260 5004 ehSched - ok
18:42:07.0370 5004 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:42:07.0432 5004 elxstor - ok
18:42:07.0448 5004 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:42:07.0463 5004 ErrDev - ok
18:42:07.0541 5004 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:42:07.0604 5004 EventSystem - ok
18:42:07.0635 5004 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:42:07.0682 5004 exfat - ok
18:42:07.0713 5004 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:42:07.0775 5004 fastfat - ok
18:42:07.0869 5004 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:42:07.0916 5004 Fax - ok
18:42:07.0962 5004 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:42:07.0994 5004 fdc - ok
18:42:08.0025 5004 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:42:08.0087 5004 fdPHost - ok
18:42:08.0103 5004 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:42:08.0134 5004 FDResPub - ok
18:42:08.0165 5004 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:42:08.0181 5004 FileInfo - ok
18:42:08.0181 5004 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:42:08.0228 5004 Filetrace - ok
18:42:08.0274 5004 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:42:08.0274 5004 flpydisk - ok
18:42:08.0321 5004 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:42:08.0337 5004 FltMgr - ok
18:42:08.0462 5004 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:42:08.0540 5004 FontCache - ok
18:42:08.0602 5004 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:08.0618 5004 FontCache3.0.0.0 - ok
18:42:08.0649 5004 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:42:08.0664 5004 FsDepends - ok
18:42:08.0696 5004 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:08.0711 5004 Fs_Rec - ok
18:42:08.0758 5004 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:42:08.0789 5004 fvevol - ok
18:42:08.0820 5004 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:42:08.0820 5004 gagp30kx - ok
18:42:08.0930 5004 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:42:08.0961 5004 GamesAppService - ok
18:42:09.0008 5004 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:42:09.0039 5004 GEARAspiWDM - ok
18:42:09.0148 5004 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:42:09.0226 5004 gpsvc - ok
18:42:09.0288 5004 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:09.0320 5004 gupdate - ok
18:42:09.0335 5004 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:09.0351 5004 gupdatem - ok
18:42:09.0398 5004 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:42:09.0444 5004 hcw85cir - ok
18:42:09.0491 5004 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:42:09.0554 5004 HdAudAddService - ok
18:42:09.0600 5004 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:42:09.0632 5004 HDAudBus - ok
18:42:09.0663 5004 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:42:09.0694 5004 HidBatt - ok
18:42:09.0710 5004 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:42:09.0741 5004 HidBth - ok
18:42:09.0772 5004 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:42:09.0788 5004 HidIr - ok
18:42:09.0819 5004 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:42:09.0912 5004 hidserv - ok
18:42:09.0959 5004 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:42:09.0975 5004 HidUsb - ok
18:42:10.0006 5004 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:42:10.0068 5004 hkmsvc - ok
18:42:10.0100 5004 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:42:10.0162 5004 HomeGroupListener - ok
18:42:10.0193 5004 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:42:10.0224 5004 HomeGroupProvider - ok
18:42:10.0334 5004 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:42:10.0365 5004 HP Support Assistant Service - ok
18:42:10.0458 5004 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
18:42:10.0521 5004 HPAuto - ok
18:42:10.0568 5004 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:42:10.0614 5004 HPClientSvc - ok
18:42:10.0677 5004 HPDrvMntSvc.exe (e6ab9e7ff923928e9f549fddfcedb28a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:42:10.0708 5004 HPDrvMntSvc.exe - ok
18:42:10.0802 5004 hpqwmiex (dbdc0581d4506c13e6bef48d14b1c55b) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:42:10.0833 5004 hpqwmiex - ok
18:42:11.0020 5004 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:42:11.0051 5004 HpSAMD - ok
18:42:11.0129 5004 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:42:11.0145 5004 HPWMISVC - ok
18:42:11.0238 5004 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:42:11.0332 5004 HTTP - ok
18:42:11.0348 5004 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:42:11.0348 5004 hwpolicy - ok
18:42:11.0426 5004 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:42:11.0457 5004 i8042prt - ok
18:42:11.0504 5004 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:42:11.0566 5004 iaStorV - ok
18:42:11.0816 5004 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:42:12.0190 5004 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
18:42:12.0190 5004 IconMan_R - detected UnsignedFile.Multi.Generic (1)
18:42:12.0346 5004 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:12.0408 5004 idsvc - ok
18:42:12.0518 5004 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:42:12.0549 5004 iirsp - ok
18:42:12.0627 5004 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:42:12.0783 5004 IKEEXT - ok
18:42:12.0798 5004 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:42:12.0814 5004 intelide - ok
18:42:12.0845 5004 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:42:12.0876 5004 intelppm - ok
18:42:12.0908 5004 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:42:12.0970 5004 IPBusEnum - ok
18:42:13.0032 5004 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:13.0095 5004 IpFilterDriver - ok
18:42:13.0188 5004 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:42:13.0298 5004 iphlpsvc - ok
18:42:13.0329 5004 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:42:13.0376 5004 IPMIDRV - ok
18:42:13.0438 5004 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:42:13.0500 5004 IPNAT - ok
18:42:13.0672 5004 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:42:13.0734 5004 iPod Service - ok
18:42:13.0766 5004 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:42:13.0781 5004 IRENUM - ok
18:42:13.0828 5004 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:42:13.0859 5004 isapnp - ok
18:42:13.0922 5004 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:42:13.0953 5004 iScsiPrt - ok
18:42:14.0046 5004 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:42:14.0078 5004 kbdclass - ok
18:42:14.0109 5004 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:42:14.0140 5004 kbdhid - ok
18:42:14.0171 5004 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:14.0187 5004 KeyIso - ok
18:42:14.0218 5004 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:42:14.0234 5004 KSecDD - ok
18:42:14.0265 5004 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:42:14.0296 5004 KSecPkg - ok
18:42:14.0343 5004 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:42:14.0390 5004 ksthunk - ok
18:42:14.0452 5004 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:42:14.0546 5004 KtmRm - ok
18:42:14.0608 5004 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:42:14.0686 5004 LanmanServer - ok
18:42:14.0733 5004 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:42:14.0780 5004 LanmanWorkstation - ok
18:42:14.0811 5004 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:14.0873 5004 lltdio - ok
18:42:14.0920 5004 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:42:14.0982 5004 lltdsvc - ok
18:42:15.0014 5004 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:42:15.0045 5004 lmhosts - ok
18:42:15.0107 5004 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:42:15.0123 5004 LSI_FC - ok
18:42:15.0154 5004 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:42:15.0170 5004 LSI_SAS - ok
18:42:15.0216 5004 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:42:15.0232 5004 LSI_SAS2 - ok
18:42:15.0248 5004 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:42:15.0263 5004 LSI_SCSI - ok
18:42:15.0310 5004 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:42:15.0372 5004 luafv - ok
18:42:15.0404 5004 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
18:42:15.0435 5004 MBAMProtector - ok
18:42:15.0560 5004 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:42:15.0591 5004 MBAMService - ok
18:42:15.0622 5004 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:42:15.0653 5004 Mcx2Svc - ok
18:42:15.0684 5004 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:42:15.0700 5004 megasas - ok
18:42:15.0778 5004 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:42:15.0825 5004 MegaSR - ok
18:42:15.0887 5004 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:15.0950 5004 MMCSS - ok
18:42:15.0981 5004 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:42:16.0028 5004 Modem - ok
18:42:16.0059 5004 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:42:16.0090 5004 monitor - ok
18:42:16.0152 5004 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:16.0184 5004 mouclass - ok
18:42:16.0215 5004 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
18:42:16.0277 5004 mouhid - ok
18:42:16.0309 5004 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:42:16.0340 5004 mountmgr - ok
18:42:16.0418 5004 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:42:16.0449 5004 MozillaMaintenance - ok
18:42:16.0496 5004 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:42:16.0511 5004 MpFilter - ok
18:42:16.0558 5004 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:42:16.0574 5004 mpio - ok
18:42:16.0605 5004 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:42:16.0652 5004 mpsdrv - ok
18:42:16.0730 5004 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:42:16.0823 5004 MpsSvc - ok
18:42:16.0855 5004 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:42:16.0886 5004 MRxDAV - ok
18:42:16.0917 5004 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:16.0979 5004 mrxsmb - ok
18:42:17.0011 5004 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:17.0057 5004 mrxsmb10 - ok
18:42:17.0073 5004 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:17.0089 5004 mrxsmb20 - ok
18:42:17.0104 5004 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:42:17.0120 5004 msahci - ok
18:42:17.0167 5004 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:42:17.0182 5004 msdsm - ok
18:42:17.0213 5004 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:42:17.0245 5004 MSDTC - ok
18:42:17.0260 5004 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:42:17.0307 5004 Msfs - ok
18:42:17.0323 5004 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:42:17.0369 5004 mshidkmdf - ok
18:42:17.0416 5004 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:42:17.0416 5004 msisadrv - ok
18:42:17.0463 5004 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:42:17.0557 5004 MSiSCSI - ok
18:42:17.0557 5004 msiserver - ok
18:42:17.0588 5004 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:17.0635 5004 MSKSSRV - ok
18:42:17.0744 5004 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:42:17.0759 5004 MsMpSvc - ok
18:42:17.0806 5004 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:17.0853 5004 MSPCLOCK - ok
18:42:17.0853 5004 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:42:17.0900 5004 MSPQM - ok
18:42:17.0947 5004 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:42:17.0978 5004 MsRPC - ok
18:42:18.0009 5004 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:42:18.0009 5004 mssmbios - ok
18:42:18.0056 5004 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:42:18.0103 5004 MSTEE - ok
18:42:18.0118 5004 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:42:18.0118 5004 MTConfig - ok
18:42:18.0149 5004 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:42:18.0165 5004 Mup - ok
18:42:18.0227 5004 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:42:18.0305 5004 napagent - ok
18:42:18.0368 5004 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:18.0446 5004 NativeWifiP - ok
18:42:18.0571 5004 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:42:18.0649 5004 NDIS - ok
18:42:18.0680 5004 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:18.0742 5004 NdisCap - ok
18:42:18.0773 5004 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:18.0836 5004 NdisTapi - ok
18:42:18.0851 5004 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:18.0883 5004 Ndisuio - ok
18:42:18.0898 5004 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:18.0961 5004 NdisWan - ok
18:42:18.0992 5004 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:42:19.0023 5004 NDProxy - ok
18:42:19.0039 5004 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:42:19.0101 5004 NetBIOS - ok
18:42:19.0132 5004 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:42:19.0163 5004 NetBT - ok
18:42:19.0195 5004 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:19.0210 5004 Netlogon - ok
18:42:19.0288 5004 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:42:19.0382 5004 Netman - ok
18:42:19.0460 5004 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0491 5004 NetMsmqActivator - ok
18:42:19.0507 5004 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0522 5004 NetPipeActivator - ok
18:42:19.0585 5004 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:42:19.0663 5004 netprofm - ok
18:42:19.0663 5004 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0678 5004 NetTcpActivator - ok
18:42:19.0678 5004 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0694 5004 NetTcpPortSharing - ok
18:42:19.0772 5004 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:42:19.0803 5004 nfrd960 - ok
18:42:19.0881 5004 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:42:19.0912 5004 NisDrv - ok
18:42:20.0006 5004 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:42:20.0037 5004 NisSrv - ok
18:42:20.0115 5004 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:42:20.0193 5004 NlaSvc - ok
18:42:20.0224 5004 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:42:20.0255 5004 Npfs - ok
18:42:20.0271 5004 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:42:20.0318 5004 nsi - ok
18:42:20.0333 5004 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:42:20.0365 5004 nsiproxy - ok
18:42:20.0505 5004 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:42:20.0614 5004 Ntfs - ok
18:42:20.0770 5004 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:42:20.0833 5004 Null - ok
18:42:20.0879 5004 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:42:20.0942 5004 NVENETFD - ok
18:42:21.0020 5004 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:42:21.0051 5004 nvraid - ok
18:42:21.0113 5004 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:42:21.0145 5004 nvstor - ok
18:42:21.0223 5004 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:42:21.0254 5004 nv_agp - ok
18:42:21.0285 5004 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:42:21.0301 5004 ohci1394 - ok
18:42:21.0410 5004 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:21.0441 5004 ose - ok
18:42:21.0878 5004 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:22.0081 5004 osppsvc - ok
18:42:22.0221 5004 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:22.0299 5004 p2pimsvc - ok
18:42:22.0393 5004 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:42:22.0439 5004 p2psvc - ok
18:42:22.0502 5004 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:42:22.0533 5004 Parport - ok
18:42:22.0564 5004 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:42:22.0595 5004 partmgr - ok
18:42:22.0658 5004 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:42:22.0689 5004 PcaSvc - ok
18:42:22.0720 5004 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:42:22.0767 5004 pci - ok
18:42:22.0798 5004 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:42:22.0814 5004 pciide - ok
18:42:22.0845 5004 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:42:22.0876 5004 pcmcia - ok
18:42:22.0907 5004 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:42:22.0923 5004 pcw - ok
18:42:22.0985 5004 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:42:23.0095 5004 PEAUTH - ok
18:42:23.0188 5004 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:42:23.0219 5004 PerfHost - ok
18:42:23.0360 5004 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:42:23.0469 5004 pla - ok
18:42:23.0547 5004 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:42:23.0625 5004 PlugPlay - ok
18:42:23.0656 5004 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:42:23.0687 5004 PNRPAutoReg - ok
18:42:23.0719 5004 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:23.0734 5004 PNRPsvc - ok
18:42:23.0797 5004 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:42:23.0875 5004 PolicyAgent - ok
18:42:23.0937 5004 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:42:24.0031 5004 Power - ok
18:42:24.0093 5004 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:24.0171 5004 PptpMiniport - ok
18:42:24.0202 5004 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:42:24.0311 5004 Processor - ok
18:42:24.0358 5004 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:42:24.0452 5004 ProfSvc - ok
18:42:24.0499 5004 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:24.0514 5004 ProtectedStorage - ok
18:42:24.0561 5004 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:42:24.0623 5004 Psched - ok
18:42:24.0795 5004 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:42:24.0873 5004 ql2300 - ok
18:42:25.0045 5004 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:42:25.0091 5004 ql40xx - ok
18:42:25.0138 5004 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:42:25.0185 5004 QWAVE - ok
18:42:25.0216 5004 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:42:25.0247 5004 QWAVEdrv - ok
18:42:25.0263 5004 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:25.0310 5004 RasAcd - ok
18:42:25.0341 5004 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:25.0372 5004 RasAgileVpn - ok
18:42:25.0450 5004 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:42:25.0528 5004 RasAuto - ok
18:42:25.0559 5004 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:25.0606 5004 Rasl2tp - ok
18:42:25.0669 5004 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:42:25.0731 5004 RasMan - ok
18:42:25.0747 5004 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:25.0793 5004 RasPppoe - ok
18:42:25.0825 5004 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:25.0871 5004 RasSstp - ok
18:42:25.0918 5004 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:26.0012 5004 rdbss - ok
18:42:26.0043 5004 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:42:26.0059 5004 rdpbus - ok
18:42:26.0105 5004 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:26.0152 5004 RDPCDD - ok
18:42:26.0152 5004 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:42:26.0215 5004 RDPENCDD - ok
18:42:26.0230 5004 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:42:26.0261 5004 RDPREFMP - ok
18:42:26.0293 5004 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:42:26.0339 5004 RDPWD - ok
18:42:26.0386 5004 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:42:26.0417 5004 rdyboost - ok
18:42:26.0449 5004 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:42:26.0511 5004 RemoteAccess - ok
18:42:26.0542 5004 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:42:26.0605 5004 RemoteRegistry - ok
18:42:26.0636 5004 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:42:26.0683 5004 RpcEptMapper - ok
18:42:26.0729 5004 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:42:26.0745 5004 RpcLocator - ok
18:42:26.0792 5004 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:42:26.0823 5004 RpcSs - ok
18:42:26.0870 5004 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
18:42:26.0917 5004 RSPCIESTOR - ok
18:42:26.0963 5004 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:27.0041 5004 rspndr - ok
18:42:27.0104 5004 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:42:27.0166 5004 RTL8167 - ok
18:42:27.0307 5004 RTL8192Ce (508d997a5e9f400fade6c85251bf13df) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
18:42:27.0385 5004 RTL8192Ce - ok
18:42:27.0416 5004 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:27.0431 5004 SamSs - ok
18:42:27.0463 5004 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:42:27.0478 5004 sbp2port - ok
18:42:27.0525 5004 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:42:27.0603 5004 SCardSvr - ok
18:42:27.0634 5004 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:42:27.0712 5004 scfilter - ok
18:42:27.0806 5004 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:42:27.0915 5004 Schedule - ok
18:42:27.0946 5004 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:42:27.0977 5004 SCPolicySvc - ok
18:42:28.0040 5004 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
18:42:28.0087 5004 sdbus - ok
18:42:28.0133 5004 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:42:28.0211 5004 SDRSVC - ok
18:42:28.0243 5004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:42:28.0321 5004 secdrv - ok
18:42:28.0352 5004 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:42:28.0383 5004 seclogon - ok
18:42:28.0414 5004 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:42:28.0461 5004 SENS - ok
18:42:28.0492 5004 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:42:28.0523 5004 SensrSvc - ok
18:42:28.0570 5004 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:42:28.0617 5004 Serenum - ok
18:42:28.0648 5004 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:42:28.0695 5004 Serial - ok
18:42:28.0742 5004 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:42:28.0757 5004 sermouse - ok
18:42:28.0804 5004 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:42:28.0882 5004 SessionEnv - ok
18:42:28.0913 5004 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:42:28.0929 5004 sffdisk - ok
18:42:28.0945 5004 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:42:28.0976 5004 sffp_mmc - ok
18:42:29.0007 5004 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:42:29.0038 5004 sffp_sd - ok
18:42:29.0085 5004 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:42:29.0116 5004 sfloppy - ok
18:42:29.0179 5004 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:42:29.0225 5004 SharedAccess - ok
18:42:29.0272 5004 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:42:29.0335 5004 ShellHWDetection - ok
18:42:29.0366 5004 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:42:29.0381 5004 SiSRaid2 - ok
18:42:29.0428 5004 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:42:29.0459 5004 SiSRaid4 - ok
18:42:29.0506 5004 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:42:29.0569 5004 Smb - ok
18:42:29.0615 5004 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:42:29.0647 5004 SNMPTRAP - ok
18:42:29.0662 5004 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:42:29.0678 5004 spldr - ok
18:42:29.0725 5004 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:42:29.0787 5004 Spooler - ok
18:42:30.0037 5004 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:42:30.0208 5004 sppsvc - ok
18:42:30.0333 5004 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:42:30.0395 5004 sppuinotify - ok
18:42:30.0473 5004 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:42:30.0536 5004 srv - ok
18:42:30.0583 5004 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:42:30.0645 5004 srv2 - ok
18:42:30.0692 5004 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:42:30.0723 5004 SrvHsfHDA - ok
18:42:30.0832 5004 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:42:30.0926 5004 SrvHsfV92 - ok
18:42:31.0113 5004 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:42:31.0191 5004 SrvHsfWinac - ok
18:42:31.0238 5004 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:31.0285 5004 srvnet - ok
18:42:31.0347 5004 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:42:31.0425 5004 SSDPSRV - ok
18:42:31.0441 5004 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:42:31.0487 5004 SstpSvc - ok
18:42:31.0581 5004 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
18:42:31.0659 5004 STacSV - ok
18:42:31.0706 5004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:42:31.0721 5004 stexstor - ok
18:42:31.0815 5004 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
18:42:31.0877 5004 STHDA - ok
18:42:31.0971 5004 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:42:32.0033 5004 stisvc - ok
18:42:32.0049 5004 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:42:32.0065 5004 swenum - ok
18:42:32.0127 5004 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:42:32.0189 5004 swprv - ok
18:42:32.0267 5004 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
18:42:32.0314 5004 SynTP - ok
18:42:32.0455 5004 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:42:32.0548 5004 SysMain - ok
18:42:32.0673 5004 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:42:32.0720 5004 TabletInputService - ok
18:42:32.0751 5004 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:42:32.0813 5004 TapiSrv - ok
18:42:32.0829 5004 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:42:32.0876 5004 TBS - ok
18:42:33.0079 5004 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:42:33.0157 5004 Tcpip - ok
18:42:33.0453 5004 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:33.0500 5004 TCPIP6 - ok
18:42:33.0640 5004 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:42:33.0718 5004 tcpipreg - ok
18:42:33.0734 5004 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:42:33.0765 5004 TDPIPE - ok
18:42:33.0796 5004 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:42:33.0827 5004 TDTCP - ok
18:42:33.0843 5004 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:42:33.0890 5004 tdx - ok
18:42:33.0921 5004 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:42:33.0937 5004 TermDD - ok
18:42:33.0999 5004 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:42:34.0077 5004 TermService - ok
18:42:34.0093 5004 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:42:34.0124 5004 Themes - ok
18:42:34.0155 5004 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:34.0202 5004 THREADORDER - ok
18:42:34.0217 5004 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:42:34.0264 5004 TrkWks - ok
18:42:34.0327 5004 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:42:34.0405 5004 TrustedInstaller - ok
18:42:34.0436 5004 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:34.0483 5004 tssecsrv - ok
18:42:34.0514 5004 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:42:34.0561 5004 TsUsbFlt - ok
18:42:34.0592 5004 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:42:34.0607 5004 TsUsbGD - ok
18:42:34.0654 5004 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:34.0701 5004 tunnel - ok
18:42:34.0717 5004 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:42:34.0732 5004 uagp35 - ok
18:42:34.0810 5004 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:42:34.0904 5004 udfs - ok
18:42:34.0951 5004 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:42:34.0966 5004 UI0Detect - ok
18:42:34.0997 5004 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:42:35.0013 5004 uliagpkx - ok
18:42:35.0029 5004 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:42:35.0060 5004 umbus - ok
18:42:35.0075 5004 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:42:35.0091 5004 UmPass - ok
18:42:35.0122 5004 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:42:35.0200 5004 upnphost - ok
18:42:35.0231 5004 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:42:35.0278 5004 USBAAPL64 - ok
18:42:35.0309 5004 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:35.0341 5004 usbccgp - ok
18:42:35.0372 5004 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:42:35.0403 5004 usbcir - ok
18:42:35.0434 5004 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:42:35.0450 5004 usbehci - ok
18:42:35.0481 5004 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
18:42:35.0497 5004 usbfilter - ok
18:42:35.0543 5004 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
18:42:35.0621 5004 usbhub - ok
18:42:35.0653 5004 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:42:35.0699 5004 usbohci - ok
18:42:35.0746 5004 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:35.0793 5004 usbprint - ok
18:42:35.0824 5004 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:42:35.0855 5004 usbscan - ok
18:42:35.0902 5004 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:35.0949 5004 USBSTOR - ok
18:42:35.0980 5004 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:42:36.0011 5004 usbuhci - ok
18:42:36.0043 5004 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:42:36.0089 5004 usbvideo - ok
18:42:36.0121 5004 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:42:36.0183 5004 UxSms - ok
18:42:36.0230 5004 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:36.0261 5004 VaultSvc - ok
18:42:36.0292 5004 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:42:36.0308 5004 vdrvroot - ok
18:42:36.0386 5004 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:42:36.0511 5004 vds - ok
18:42:36.0526 5004 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:36.0542 5004 vga - ok
18:42:36.0542 5004 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:42:36.0589 5004 VgaSave - ok
18:42:36.0635 5004 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:42:36.0682 5004 vhdmp - ok
18:42:36.0713 5004 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:42:36.0729 5004 viaide - ok
18:42:36.0745 5004 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:42:36.0760 5004 volmgr - ok
18:42:36.0807 5004 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:42:36.0838 5004 volmgrx - ok
18:42:36.0869 5004 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
18:42:36.0901 5004 volsnap - ok
18:42:36.0947 5004 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:42:36.0979 5004 vsmraid - ok
18:42:37.0119 5004 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:42:37.0228 5004 VSS - ok
18:42:37.0369 5004 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:42:37.0415 5004 vwifibus - ok
18:42:37.0447 5004 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:42:37.0478 5004 vwififlt - ok
18:42:37.0493 5004 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:42:37.0509 5004 vwifimp - ok
18:42:37.0571 5004 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:42:37.0649 5004 W32Time - ok
18:42:37.0665 5004 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:42:37.0681 5004 WacomPen - ok
18:42:37.0727 5004 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:37.0805 5004 WANARP - ok
18:42:37.0805 5004 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:37.0837 5004 Wanarpv6 - ok
18:42:37.0961 5004 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:42:38.0039 5004 WatAdminSvc - ok
18:42:38.0164 5004 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:42:38.0258 5004 wbengine - ok
18:42:38.0383 5004 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:42:38.0429 5004 WbioSrvc - ok
18:42:38.0461 5004 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:42:38.0507 5004 wcncsvc - ok
18:42:38.0523 5004 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:42:38.0554 5004 WcsPlugInService - ok
18:42:38.0601 5004 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:42:38.0617 5004 Wd - ok
18:42:38.0679 5004 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:42:38.0726 5004 Wdf01000 - ok
18:42:38.0757 5004 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:38.0851 5004 WdiServiceHost - ok
18:42:38.0866 5004 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:38.0882 5004 WdiSystemHost - ok
18:42:38.0929 5004 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:42:39.0022 5004 WebClient - ok
18:42:39.0038 5004 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:42:39.0116 5004 Wecsvc - ok
18:42:39.0131 5004 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:42:39.0163 5004 wercplsupport - ok
18:42:39.0194 5004 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:42:39.0256 5004 WerSvc - ok
18:42:39.0334 5004 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:42:39.0397 5004 WfpLwf - ok
18:42:39.0412 5004 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:42:39.0428 5004 WIMMount - ok
18:42:39.0459 5004 WinDefend - ok
18:42:39.0475 5004 WinHttpAutoProxySvc - ok
18:42:39.0537 5004 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:42:39.0615 5004 Winmgmt - ok
18:42:39.0787 5004 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:42:39.0927 5004 WinRM - ok
18:42:40.0130 5004 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:42:40.0208 5004 Wlansvc - ok
18:42:40.0286 5004 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:42:40.0301 5004 wlcrasvc - ok
18:42:40.0535 5004 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:42:40.0660 5004 wlidsvc - ok
18:42:40.0801 5004 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:42:40.0847 5004 WmiAcpi - ok
18:42:40.0910 5004 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:42:40.0972 5004 wmiApSrv - ok
18:42:41.0035 5004 WMPNetworkSvc - ok
18:42:41.0066 5004 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:42:41.0113 5004 WPCSvc - ok
18:42:41.0144 5004 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:42:41.0191 5004 WPDBusEnum - ok
18:42:41.0206 5004 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:41.0253 5004 ws2ifsl - ok
18:42:41.0269 5004 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:42:41.0300 5004 wscsvc - ok
18:42:41.0300 5004 WSearch - ok
18:42:41.0518 5004 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:42:41.0659 5004 wuauserv - ok
18:42:41.0846 5004 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:42:41.0924 5004 WudfPf - ok
18:42:41.0971 5004 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:42.0033 5004 WUDFRd - ok
18:42:42.0049 5004 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:42:42.0080 5004 wudfsvc - ok
18:42:42.0127 5004 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
18:42:42.0189 5004 WwanSvc - ok
18:42:42.0236 5004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:42:42.0298 5004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:42:42.0298 5004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:42:42.0392 5004 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:42:42.0392 5004 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:42:42.0407 5004 Boot (0x1200) (4d47ceb3bf85d42623c9a7ffe15ac44b) \Device\Harddisk0\DR0\Partition0
18:42:42.0407 5004 \Device\Harddisk0\DR0\Partition0 - ok
18:42:42.0454 5004 Boot (0x1200) (59af69a5151ac842a25dad878ead5245) \Device\Harddisk0\DR0\Partition1
18:42:42.0454 5004 \Device\Harddisk0\DR0\Partition1 - ok
18:42:42.0485 5004 Boot (0x1200) (4ed319b030ed9d2db20124d453d35c56) \Device\Harddisk0\DR0\Partition2
18:42:42.0485 5004 \Device\Harddisk0\DR0\Partition2 - ok
18:42:42.0485 5004 ============================================================
18:42:42.0485 5004 Scan finished
18:42:42.0485 5004 ============================================================
18:42:42.0517 5488 Detected object count: 3
18:42:42.0517 5488 Actual detected object count: 3
18:44:26.0165 5488 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:26.0165 5488 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:27.0246 5488 \Device\Harddisk0\DR0\# - copied to quarantine
18:44:27.0600 5488 \Device\Harddisk0\DR0 - copied to quarantine
18:44:29.0344 5488 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:44:29.0442 5488 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:44:29.0490 5488 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:44:29.0555 5488 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:44:29.0657 5488 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:44:29.0672 5488 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:44:29.0677 5488 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:44:29.0711 5488 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:44:29.0940 5488 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:44:30.0010 5488 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:44:30.0043 5488 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:44:30.0048 5488 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:44:30.0052 5488 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:44:30.0182 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:44:30.0192 5488 \Device\Harddisk0\DR0 - ok
18:44:31.0114 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:44:56.0745 3320 Deinitialize success

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 24 July 2012 - 08:57 PM

[color=#282828]

18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:44:56.0745 3320 Deinitialize success


Please run it again and choose Delete for this one, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 thanksinadvance

thanksinadvance

    New Member

  • Members
  • Pip
  • 15 posts

Posted 24 July 2012 - 09:09 PM

attached.

it told me post was too long.

Attached Files



#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 24 July 2012 - 09:13 PM

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 thanksinadvance

thanksinadvance

    New Member

  • Members
  • Pip
  • 15 posts

Posted 24 July 2012 - 11:22 PM

ComboFix 12-07-25.04 - Garcia 07/24/2012 20:45:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2027 [GMT -7:00]
Running from: c:\users\Garcia\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30E781BB-EFEB-4056-B514-2FED416B0555}.xps
c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35B582CB-0510-42D7-B593-3CCDDD8EA367}.xps
c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABCAAEBD-DF02-4392-A6BC-AB0F3C51D2C2}.xps
c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E71AF224-73F8-4A22-88FF-6B8E90CF3653}.xps
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 04:00 . 2012-07-25 04:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EDD1839-EE2B-402C-889F-9F7E29189BAB}\offreg.dll
2012-07-25 03:58 . 2012-07-25 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 01:44 . 2012-07-25 02:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-25 01:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EDD1839-EE2B-402C-889F-9F7E29189BAB}\mpengine.dll
2012-07-22 05:37 . 2012-07-22 05:59 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-22 03:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 03:33 . 2012-07-22 03:33 -------- d-----w- c:\windows\Sun
2012-07-21 18:46 . 2012-07-21 18:46 121344 ----a-w- c:\programdata\Microsoft\Windows\DRM\D6DA.tmp
2012-07-21 18:46 . 2012-07-21 18:46 121344 ----a-w- c:\programdata\Microsoft\Windows\DRM\D4D6.tmp.dat
2012-07-12 05:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:26 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-04 15:43 . 2012-02-12 06:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{742977BE-95CE-4C4B-A5ED-7F1E179731AE}\gapaengine.dll
2012-07-04 03:22 . 2012-07-25 00:32 -------- d-----w- c:\users\Garcia\AppData\Local\Spotify
2012-07-04 03:21 . 2012-07-25 01:47 -------- d-----w- c:\users\Garcia\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 21:32 . 2012-04-17 16:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 21:32 . 2011-10-15 06:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:50 . 2012-02-12 08:46 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2012-02-12 07:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 02:40 . 2011-12-17 08:50 878184 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2012-06-02 22:19 . 2012-06-21 03:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 03:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 03:37 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 03:37 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 03:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 03:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 03:37 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 03:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 03:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-04 11:06 . 2012-06-12 23:26 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-15 21:31 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-12 23:26 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:26 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-15 21:31 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-12 23:26 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 23:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 23:27 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 23:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 23:27 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Garcia\AppData\Roaming\Spotify\Spotify.exe" [2012-07-21 7601880]
"Spotify Web Helper"="c:\users\Garcia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-21 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-29 10210304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-29 317952]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-06-04 878184]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:32]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 03:33]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 03:33]
.
2012-07-25 c:\windows\Tasks\HPCeeScheduleForGARCIA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2012-07-25 c:\windows\Tasks\HPCeeScheduleForGarcia.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\n6n6vcp0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods.id - 1e3d589700000000000020107a0cbd4a
FF - user.js: extensions.funmoods.instlDay - 15444
FF - user.js: extensions.funmoods.vrsn - 1.5.19.3
FF - user.js: extensions.funmoods.vrsni - 1.5.19.3
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.19.315:04
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-07-24 21:18:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 04:18
.
Pre-Run: 401,126,596,608 bytes free
Post-Run: 405,438,238,720 bytes free
.
- - End Of File - - 1D5CB18BC64FEE52DB3320DDC4A3A5F3

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 July 2012 - 05:25 AM

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 thanksinadvance

thanksinadvance

    New Member

  • Members
  • Pip
  • 15 posts

Posted 25 July 2012 - 09:53 AM

No malicious items detected.

Thanks again MrC!

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 July 2012 - 10:15 AM

Great Posted Image

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 25 July 2012 - 08:13 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users