Sign in to follow this  
Followers 0
thanksinadvance

Trojan.Agent on Win7 x64

11 posts in this topic

Ran MBAM

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Garcia :: GARCIA-HP [administrator]

Protection: Enabled

7/24/2012 6:15:29 PM

mbam-log-2012-07-24 (18-26-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 192399

Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3116 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Ran RogueKiller and did NOT fix anything. Just scan.

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Garcia [Admin rights]

Mode: Scan -- Date: 07/24/2012 18:31:09

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++

--- User ---

[MBR] 4fe3708a56449a85c0f6eadf7ea17587

[bSP] bee1f23af191fbaa51922b5a56c0af45 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 452248 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 926613504 | Size: 20428 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] f422c3a2e25804b54a2e495407f8f578

[bSP] 7d12ba7f0c72df697c5b2a28b89020cb : TDL4 MBR Code!

Partition table:

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

18:41:29.0680 2816 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

18:41:30.0070 2816 ============================================================

18:41:30.0070 2816 Current date / time: 2012/07/24 18:41:30.0070

18:41:30.0070 2816 SystemInfo:

18:41:30.0070 2816

18:41:30.0070 2816 OS Version: 6.1.7601 ServicePack: 1.0

18:41:30.0070 2816 Product type: Workstation

18:41:30.0070 2816 ComputerName: GARCIA-HP

18:41:30.0070 2816 UserName: Garcia

18:41:30.0070 2816 Windows directory: C:\Windows

18:41:30.0070 2816 System windows directory: C:\Windows

18:41:30.0070 2816 Running under WOW64

18:41:30.0070 2816 Processor architecture: Intel x64

18:41:30.0070 2816 Number of processors: 4

18:41:30.0070 2816 Page size: 0x1000

18:41:30.0070 2816 Boot type: Normal boot

18:41:30.0070 2816 ============================================================

18:41:31.0396 2816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:41:31.0396 2816 ============================================================

18:41:31.0396 2816 \Device\Harddisk0\DR0:

18:41:31.0396 2816 MBR partitions:

18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3734C000

18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x373B0000, BlocksNum 0x27E6000

18:41:31.0396 2816 ============================================================

18:41:31.0427 2816 C: <-> \Device\Harddisk0\DR0\Partition1

18:41:31.0458 2816 D: <-> \Device\Harddisk0\DR0\Partition2

18:41:31.0458 2816 ============================================================

18:41:31.0458 2816 Initialize success

18:41:31.0458 2816 ============================================================

18:41:55.0342 5004 ============================================================

18:41:55.0342 5004 Scan started

18:41:55.0342 5004 Mode: Manual; SigCheck; TDLFS;

18:41:55.0342 5004 ============================================================

18:41:55.0857 5004 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:41:56.0028 5004 1394ohci - ok

18:41:56.0075 5004 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:41:56.0122 5004 ACPI - ok

18:41:56.0153 5004 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:41:56.0247 5004 AcpiPmi - ok

18:41:56.0340 5004 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:41:56.0372 5004 AdobeARMservice - ok

18:41:56.0512 5004 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:41:56.0543 5004 AdobeFlashPlayerUpdateSvc - ok

18:41:56.0637 5004 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

18:41:56.0715 5004 adp94xx - ok

18:41:56.0793 5004 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

18:41:56.0824 5004 adpahci - ok

18:41:56.0886 5004 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

18:41:56.0933 5004 adpu320 - ok

18:41:56.0964 5004 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:41:57.0136 5004 AeLookupSvc - ok

18:41:57.0214 5004 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

18:41:57.0292 5004 AFD - ok

18:41:57.0323 5004 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:41:57.0354 5004 agp440 - ok

18:41:57.0401 5004 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:41:57.0448 5004 ALG - ok

18:41:57.0495 5004 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:41:57.0526 5004 aliide - ok

18:41:57.0573 5004 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe

18:41:57.0682 5004 AMD External Events Utility - ok

18:41:57.0729 5004 AMD FUEL Service - ok

18:41:57.0776 5004 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:41:57.0807 5004 amdide - ok

18:41:57.0822 5004 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

18:41:57.0854 5004 amdiox64 - ok

18:41:57.0900 5004 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

18:41:57.0947 5004 AmdK8 - ok

18:41:58.0665 5004 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys

18:41:58.0977 5004 amdkmdag - ok

18:41:59.0148 5004 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys

18:41:59.0211 5004 amdkmdap - ok

18:41:59.0258 5004 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:41:59.0289 5004 AmdPPM - ok

18:41:59.0336 5004 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:41:59.0367 5004 amdsata - ok

18:41:59.0414 5004 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

18:41:59.0445 5004 amdsbs - ok

18:41:59.0460 5004 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:41:59.0476 5004 amdxata - ok

18:41:59.0523 5004 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys

18:41:59.0523 5004 amd_sata - ok

18:41:59.0538 5004 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys

18:41:59.0554 5004 amd_xata - ok

18:41:59.0585 5004 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:41:59.0788 5004 AppID - ok

18:41:59.0819 5004 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:41:59.0866 5004 AppIDSvc - ok

18:41:59.0897 5004 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

18:41:59.0944 5004 Appinfo - ok

18:42:00.0069 5004 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:42:00.0100 5004 Apple Mobile Device - ok

18:42:00.0147 5004 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

18:42:00.0178 5004 arc - ok

18:42:00.0225 5004 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

18:42:00.0256 5004 arcsas - ok

18:42:00.0350 5004 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:42:00.0381 5004 aspnet_state - ok

18:42:00.0428 5004 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:42:00.0506 5004 AsyncMac - ok

18:42:00.0537 5004 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:42:00.0552 5004 atapi - ok

18:42:00.0615 5004 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys

18:42:00.0630 5004 AtiHDAudioService - ok

18:42:00.0724 5004 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:42:00.0786 5004 AudioEndpointBuilder - ok

18:42:00.0802 5004 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:42:00.0833 5004 AudioSrv - ok

18:42:00.0896 5004 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

18:42:01.0036 5004 AxInstSV - ok

18:42:01.0114 5004 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

18:42:01.0192 5004 b06bdrv - ok

18:42:01.0254 5004 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:42:01.0317 5004 b57nd60a - ok

18:42:01.0442 5004 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

18:42:01.0488 5004 BBSvc - ok

18:42:01.0520 5004 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

18:42:01.0551 5004 BBUpdate - ok

18:42:01.0691 5004 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

18:42:01.0769 5004 BCM43XX - ok

18:42:01.0800 5004 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:42:01.0832 5004 BDESVC - ok

18:42:01.0894 5004 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:42:01.0972 5004 Beep - ok

18:42:02.0066 5004 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

18:42:02.0159 5004 BFE - ok

18:42:02.0253 5004 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

18:42:02.0331 5004 BITS - ok

18:42:02.0393 5004 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

18:42:02.0440 5004 blbdrive - ok

18:42:02.0549 5004 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

18:42:02.0596 5004 Bonjour Service - ok

18:42:02.0643 5004 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:42:02.0690 5004 bowser - ok

18:42:02.0736 5004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

18:42:02.0783 5004 BrFiltLo - ok

18:42:02.0799 5004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

18:42:02.0814 5004 BrFiltUp - ok

18:42:02.0861 5004 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

18:42:02.0908 5004 Browser - ok

18:42:02.0939 5004 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:42:03.0033 5004 Brserid - ok

18:42:03.0064 5004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:42:03.0111 5004 BrSerWdm - ok

18:42:03.0158 5004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:42:03.0220 5004 BrUsbMdm - ok

18:42:03.0236 5004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:42:03.0267 5004 BrUsbSer - ok

18:42:03.0314 5004 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

18:42:03.0329 5004 BTHMODEM - ok

18:42:03.0376 5004 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:42:03.0454 5004 bthserv - ok

18:42:03.0485 5004 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:42:03.0532 5004 cdfs - ok

18:42:03.0579 5004 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

18:42:03.0610 5004 cdrom - ok

18:42:03.0657 5004 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:42:03.0735 5004 CertPropSvc - ok

18:42:03.0797 5004 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

18:42:03.0844 5004 circlass - ok

18:42:03.0891 5004 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:42:03.0922 5004 CLFS - ok

18:42:04.0000 5004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:42:04.0047 5004 clr_optimization_v2.0.50727_32 - ok

18:42:04.0109 5004 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:42:04.0125 5004 clr_optimization_v2.0.50727_64 - ok

18:42:04.0203 5004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:42:04.0234 5004 clr_optimization_v4.0.30319_32 - ok

18:42:04.0265 5004 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:42:04.0296 5004 clr_optimization_v4.0.30319_64 - ok

18:42:04.0421 5004 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

18:42:04.0437 5004 clwvd - ok

18:42:04.0499 5004 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

18:42:04.0562 5004 CmBatt - ok

18:42:04.0593 5004 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:42:04.0608 5004 cmdide - ok

18:42:04.0671 5004 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

18:42:04.0702 5004 CNG - ok

18:42:04.0733 5004 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

18:42:04.0749 5004 Compbatt - ok

18:42:04.0780 5004 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:42:04.0811 5004 CompositeBus - ok

18:42:04.0827 5004 COMSysApp - ok

18:42:04.0858 5004 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

18:42:04.0874 5004 crcdisk - ok

18:42:04.0936 5004 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

18:42:04.0998 5004 CryptSvc - ok

18:42:05.0092 5004 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:42:05.0170 5004 DcomLaunch - ok

18:42:05.0232 5004 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:42:05.0310 5004 defragsvc - ok

18:42:05.0357 5004 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:42:05.0420 5004 DfsC - ok

18:42:05.0482 5004 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

18:42:05.0544 5004 Dhcp - ok

18:42:05.0576 5004 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:42:05.0622 5004 discache - ok

18:42:05.0700 5004 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

18:42:05.0716 5004 Disk - ok

18:42:05.0763 5004 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

18:42:05.0841 5004 Dnscache - ok

18:42:05.0903 5004 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

18:42:05.0981 5004 dot3svc - ok

18:42:06.0012 5004 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

18:42:06.0075 5004 DPS - ok

18:42:06.0122 5004 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:42:06.0153 5004 drmkaud - ok

18:42:06.0246 5004 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys

18:42:06.0293 5004 DXGKrnl - ok

18:42:06.0340 5004 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:42:06.0434 5004 EapHost - ok

18:42:06.0683 5004 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

18:42:06.0777 5004 ebdrv - ok

18:42:06.0917 5004 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

18:42:06.0995 5004 EFS - ok

18:42:07.0120 5004 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

18:42:07.0214 5004 ehRecvr - ok

18:42:07.0245 5004 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:42:07.0260 5004 ehSched - ok

18:42:07.0370 5004 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

18:42:07.0432 5004 elxstor - ok

18:42:07.0448 5004 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:42:07.0463 5004 ErrDev - ok

18:42:07.0541 5004 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:42:07.0604 5004 EventSystem - ok

18:42:07.0635 5004 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:42:07.0682 5004 exfat - ok

18:42:07.0713 5004 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:42:07.0775 5004 fastfat - ok

18:42:07.0869 5004 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

18:42:07.0916 5004 Fax - ok

18:42:07.0962 5004 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

18:42:07.0994 5004 fdc - ok

18:42:08.0025 5004 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:42:08.0087 5004 fdPHost - ok

18:42:08.0103 5004 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:42:08.0134 5004 FDResPub - ok

18:42:08.0165 5004 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:42:08.0181 5004 FileInfo - ok

18:42:08.0181 5004 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:42:08.0228 5004 Filetrace - ok

18:42:08.0274 5004 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

18:42:08.0274 5004 flpydisk - ok

18:42:08.0321 5004 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:42:08.0337 5004 FltMgr - ok

18:42:08.0462 5004 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

18:42:08.0540 5004 FontCache - ok

18:42:08.0602 5004 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:42:08.0618 5004 FontCache3.0.0.0 - ok

18:42:08.0649 5004 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:42:08.0664 5004 FsDepends - ok

18:42:08.0696 5004 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

18:42:08.0711 5004 Fs_Rec - ok

18:42:08.0758 5004 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:42:08.0789 5004 fvevol - ok

18:42:08.0820 5004 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

18:42:08.0820 5004 gagp30kx - ok

18:42:08.0930 5004 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

18:42:08.0961 5004 GamesAppService - ok

18:42:09.0008 5004 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:42:09.0039 5004 GEARAspiWDM - ok

18:42:09.0148 5004 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

18:42:09.0226 5004 gpsvc - ok

18:42:09.0288 5004 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:42:09.0320 5004 gupdate - ok

18:42:09.0335 5004 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:42:09.0351 5004 gupdatem - ok

18:42:09.0398 5004 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:42:09.0444 5004 hcw85cir - ok

18:42:09.0491 5004 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

18:42:09.0554 5004 HdAudAddService - ok

18:42:09.0600 5004 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

18:42:09.0632 5004 HDAudBus - ok

18:42:09.0663 5004 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

18:42:09.0694 5004 HidBatt - ok

18:42:09.0710 5004 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

18:42:09.0741 5004 HidBth - ok

18:42:09.0772 5004 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

18:42:09.0788 5004 HidIr - ok

18:42:09.0819 5004 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

18:42:09.0912 5004 hidserv - ok

18:42:09.0959 5004 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

18:42:09.0975 5004 HidUsb - ok

18:42:10.0006 5004 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

18:42:10.0068 5004 hkmsvc - ok

18:42:10.0100 5004 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

18:42:10.0162 5004 HomeGroupListener - ok

18:42:10.0193 5004 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

18:42:10.0224 5004 HomeGroupProvider - ok

18:42:10.0334 5004 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

18:42:10.0365 5004 HP Support Assistant Service - ok

18:42:10.0458 5004 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

18:42:10.0521 5004 HPAuto - ok

18:42:10.0568 5004 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

18:42:10.0614 5004 HPClientSvc - ok

18:42:10.0677 5004 HPDrvMntSvc.exe (e6ab9e7ff923928e9f549fddfcedb28a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

18:42:10.0708 5004 HPDrvMntSvc.exe - ok

18:42:10.0802 5004 hpqwmiex (dbdc0581d4506c13e6bef48d14b1c55b) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

18:42:10.0833 5004 hpqwmiex - ok

18:42:11.0020 5004 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:42:11.0051 5004 HpSAMD - ok

18:42:11.0129 5004 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

18:42:11.0145 5004 HPWMISVC - ok

18:42:11.0238 5004 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:42:11.0332 5004 HTTP - ok

18:42:11.0348 5004 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:42:11.0348 5004 hwpolicy - ok

18:42:11.0426 5004 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

18:42:11.0457 5004 i8042prt - ok

18:42:11.0504 5004 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:42:11.0566 5004 iaStorV - ok

18:42:11.0816 5004 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

18:42:12.0190 5004 IconMan_R ( UnsignedFile.Multi.Generic ) - warning

18:42:12.0190 5004 IconMan_R - detected UnsignedFile.Multi.Generic (1)

18:42:12.0346 5004 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:42:12.0408 5004 idsvc - ok

18:42:12.0518 5004 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

18:42:12.0549 5004 iirsp - ok

18:42:12.0627 5004 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

18:42:12.0783 5004 IKEEXT - ok

18:42:12.0798 5004 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:42:12.0814 5004 intelide - ok

18:42:12.0845 5004 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

18:42:12.0876 5004 intelppm - ok

18:42:12.0908 5004 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:42:12.0970 5004 IPBusEnum - ok

18:42:13.0032 5004 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:42:13.0095 5004 IpFilterDriver - ok

18:42:13.0188 5004 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

18:42:13.0298 5004 iphlpsvc - ok

18:42:13.0329 5004 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:42:13.0376 5004 IPMIDRV - ok

18:42:13.0438 5004 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:42:13.0500 5004 IPNAT - ok

18:42:13.0672 5004 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

18:42:13.0734 5004 iPod Service - ok

18:42:13.0766 5004 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:42:13.0781 5004 IRENUM - ok

18:42:13.0828 5004 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:42:13.0859 5004 isapnp - ok

18:42:13.0922 5004 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

18:42:13.0953 5004 iScsiPrt - ok

18:42:14.0046 5004 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

18:42:14.0078 5004 kbdclass - ok

18:42:14.0109 5004 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

18:42:14.0140 5004 kbdhid - ok

18:42:14.0171 5004 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:42:14.0187 5004 KeyIso - ok

18:42:14.0218 5004 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

18:42:14.0234 5004 KSecDD - ok

18:42:14.0265 5004 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

18:42:14.0296 5004 KSecPkg - ok

18:42:14.0343 5004 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:42:14.0390 5004 ksthunk - ok

18:42:14.0452 5004 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:42:14.0546 5004 KtmRm - ok

18:42:14.0608 5004 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

18:42:14.0686 5004 LanmanServer - ok

18:42:14.0733 5004 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

18:42:14.0780 5004 LanmanWorkstation - ok

18:42:14.0811 5004 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:42:14.0873 5004 lltdio - ok

18:42:14.0920 5004 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:42:14.0982 5004 lltdsvc - ok

18:42:15.0014 5004 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:42:15.0045 5004 lmhosts - ok

18:42:15.0107 5004 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

18:42:15.0123 5004 LSI_FC - ok

18:42:15.0154 5004 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

18:42:15.0170 5004 LSI_SAS - ok

18:42:15.0216 5004 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

18:42:15.0232 5004 LSI_SAS2 - ok

18:42:15.0248 5004 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

18:42:15.0263 5004 LSI_SCSI - ok

18:42:15.0310 5004 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:42:15.0372 5004 luafv - ok

18:42:15.0404 5004 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

18:42:15.0435 5004 MBAMProtector - ok

18:42:15.0560 5004 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

18:42:15.0591 5004 MBAMService - ok

18:42:15.0622 5004 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

18:42:15.0653 5004 Mcx2Svc - ok

18:42:15.0684 5004 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

18:42:15.0700 5004 megasas - ok

18:42:15.0778 5004 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

18:42:15.0825 5004 MegaSR - ok

18:42:15.0887 5004 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:42:15.0950 5004 MMCSS - ok

18:42:15.0981 5004 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:42:16.0028 5004 Modem - ok

18:42:16.0059 5004 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:42:16.0090 5004 monitor - ok

18:42:16.0152 5004 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:42:16.0184 5004 mouclass - ok

18:42:16.0215 5004 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

18:42:16.0277 5004 mouhid - ok

18:42:16.0309 5004 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:42:16.0340 5004 mountmgr - ok

18:42:16.0418 5004 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:42:16.0449 5004 MozillaMaintenance - ok

18:42:16.0496 5004 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

18:42:16.0511 5004 MpFilter - ok

18:42:16.0558 5004 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:42:16.0574 5004 mpio - ok

18:42:16.0605 5004 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:42:16.0652 5004 mpsdrv - ok

18:42:16.0730 5004 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

18:42:16.0823 5004 MpsSvc - ok

18:42:16.0855 5004 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:42:16.0886 5004 MRxDAV - ok

18:42:16.0917 5004 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:42:16.0979 5004 mrxsmb - ok

18:42:17.0011 5004 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:42:17.0057 5004 mrxsmb10 - ok

18:42:17.0073 5004 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:42:17.0089 5004 mrxsmb20 - ok

18:42:17.0104 5004 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:42:17.0120 5004 msahci - ok

18:42:17.0167 5004 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:42:17.0182 5004 msdsm - ok

18:42:17.0213 5004 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:42:17.0245 5004 MSDTC - ok

18:42:17.0260 5004 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:42:17.0307 5004 Msfs - ok

18:42:17.0323 5004 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:42:17.0369 5004 mshidkmdf - ok

18:42:17.0416 5004 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:42:17.0416 5004 msisadrv - ok

18:42:17.0463 5004 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:42:17.0557 5004 MSiSCSI - ok

18:42:17.0557 5004 msiserver - ok

18:42:17.0588 5004 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:42:17.0635 5004 MSKSSRV - ok

18:42:17.0744 5004 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

18:42:17.0759 5004 MsMpSvc - ok

18:42:17.0806 5004 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:42:17.0853 5004 MSPCLOCK - ok

18:42:17.0853 5004 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:42:17.0900 5004 MSPQM - ok

18:42:17.0947 5004 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:42:17.0978 5004 MsRPC - ok

18:42:18.0009 5004 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:42:18.0009 5004 mssmbios - ok

18:42:18.0056 5004 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:42:18.0103 5004 MSTEE - ok

18:42:18.0118 5004 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

18:42:18.0118 5004 MTConfig - ok

18:42:18.0149 5004 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:42:18.0165 5004 Mup - ok

18:42:18.0227 5004 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

18:42:18.0305 5004 napagent - ok

18:42:18.0368 5004 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:42:18.0446 5004 NativeWifiP - ok

18:42:18.0571 5004 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

18:42:18.0649 5004 NDIS - ok

18:42:18.0680 5004 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:42:18.0742 5004 NdisCap - ok

18:42:18.0773 5004 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:42:18.0836 5004 NdisTapi - ok

18:42:18.0851 5004 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:42:18.0883 5004 Ndisuio - ok

18:42:18.0898 5004 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:42:18.0961 5004 NdisWan - ok

18:42:18.0992 5004 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:42:19.0023 5004 NDProxy - ok

18:42:19.0039 5004 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:42:19.0101 5004 NetBIOS - ok

18:42:19.0132 5004 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:42:19.0163 5004 NetBT - ok

18:42:19.0195 5004 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:42:19.0210 5004 Netlogon - ok

18:42:19.0288 5004 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:42:19.0382 5004 Netman - ok

18:42:19.0460 5004 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:42:19.0491 5004 NetMsmqActivator - ok

18:42:19.0507 5004 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:42:19.0522 5004 NetPipeActivator - ok

18:42:19.0585 5004 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:42:19.0663 5004 netprofm - ok

18:42:19.0663 5004 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:42:19.0678 5004 NetTcpActivator - ok

18:42:19.0678 5004 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:42:19.0694 5004 NetTcpPortSharing - ok

18:42:19.0772 5004 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

18:42:19.0803 5004 nfrd960 - ok

18:42:19.0881 5004 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

18:42:19.0912 5004 NisDrv - ok

18:42:20.0006 5004 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

18:42:20.0037 5004 NisSrv - ok

18:42:20.0115 5004 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

18:42:20.0193 5004 NlaSvc - ok

18:42:20.0224 5004 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:42:20.0255 5004 Npfs - ok

18:42:20.0271 5004 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:42:20.0318 5004 nsi - ok

18:42:20.0333 5004 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:42:20.0365 5004 nsiproxy - ok

18:42:20.0505 5004 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:42:20.0614 5004 Ntfs - ok

18:42:20.0770 5004 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:42:20.0833 5004 Null - ok

18:42:20.0879 5004 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

18:42:20.0942 5004 NVENETFD - ok

18:42:21.0020 5004 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:42:21.0051 5004 nvraid - ok

18:42:21.0113 5004 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:42:21.0145 5004 nvstor - ok

18:42:21.0223 5004 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:42:21.0254 5004 nv_agp - ok

18:42:21.0285 5004 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:42:21.0301 5004 ohci1394 - ok

18:42:21.0410 5004 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:42:21.0441 5004 ose - ok

18:42:21.0878 5004 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:42:22.0081 5004 osppsvc - ok

18:42:22.0221 5004 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:42:22.0299 5004 p2pimsvc - ok

18:42:22.0393 5004 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:42:22.0439 5004 p2psvc - ok

18:42:22.0502 5004 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

18:42:22.0533 5004 Parport - ok

18:42:22.0564 5004 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

18:42:22.0595 5004 partmgr - ok

18:42:22.0658 5004 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:42:22.0689 5004 PcaSvc - ok

18:42:22.0720 5004 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:42:22.0767 5004 pci - ok

18:42:22.0798 5004 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:42:22.0814 5004 pciide - ok

18:42:22.0845 5004 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

18:42:22.0876 5004 pcmcia - ok

18:42:22.0907 5004 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:42:22.0923 5004 pcw - ok

18:42:22.0985 5004 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:42:23.0095 5004 PEAUTH - ok

18:42:23.0188 5004 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:42:23.0219 5004 PerfHost - ok

18:42:23.0360 5004 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

18:42:23.0469 5004 pla - ok

18:42:23.0547 5004 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

18:42:23.0625 5004 PlugPlay - ok

18:42:23.0656 5004 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:42:23.0687 5004 PNRPAutoReg - ok

18:42:23.0719 5004 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:42:23.0734 5004 PNRPsvc - ok

18:42:23.0797 5004 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

18:42:23.0875 5004 PolicyAgent - ok

18:42:23.0937 5004 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:42:24.0031 5004 Power - ok

18:42:24.0093 5004 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:42:24.0171 5004 PptpMiniport - ok

18:42:24.0202 5004 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

18:42:24.0311 5004 Processor - ok

18:42:24.0358 5004 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

18:42:24.0452 5004 ProfSvc - ok

18:42:24.0499 5004 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:42:24.0514 5004 ProtectedStorage - ok

18:42:24.0561 5004 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:42:24.0623 5004 Psched - ok

18:42:24.0795 5004 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

18:42:24.0873 5004 ql2300 - ok

18:42:25.0045 5004 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

18:42:25.0091 5004 ql40xx - ok

18:42:25.0138 5004 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:42:25.0185 5004 QWAVE - ok

18:42:25.0216 5004 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:42:25.0247 5004 QWAVEdrv - ok

18:42:25.0263 5004 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:42:25.0310 5004 RasAcd - ok

18:42:25.0341 5004 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:42:25.0372 5004 RasAgileVpn - ok

18:42:25.0450 5004 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:42:25.0528 5004 RasAuto - ok

18:42:25.0559 5004 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:42:25.0606 5004 Rasl2tp - ok

18:42:25.0669 5004 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

18:42:25.0731 5004 RasMan - ok

18:42:25.0747 5004 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:42:25.0793 5004 RasPppoe - ok

18:42:25.0825 5004 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:42:25.0871 5004 RasSstp - ok

18:42:25.0918 5004 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:42:26.0012 5004 rdbss - ok

18:42:26.0043 5004 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

18:42:26.0059 5004 rdpbus - ok

18:42:26.0105 5004 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:42:26.0152 5004 RDPCDD - ok

18:42:26.0152 5004 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:42:26.0215 5004 RDPENCDD - ok

18:42:26.0230 5004 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:42:26.0261 5004 RDPREFMP - ok

18:42:26.0293 5004 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

18:42:26.0339 5004 RDPWD - ok

18:42:26.0386 5004 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:42:26.0417 5004 rdyboost - ok

18:42:26.0449 5004 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:42:26.0511 5004 RemoteAccess - ok

18:42:26.0542 5004 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:42:26.0605 5004 RemoteRegistry - ok

18:42:26.0636 5004 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:42:26.0683 5004 RpcEptMapper - ok

18:42:26.0729 5004 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:42:26.0745 5004 RpcLocator - ok

18:42:26.0792 5004 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:42:26.0823 5004 RpcSs - ok

18:42:26.0870 5004 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys

18:42:26.0917 5004 RSPCIESTOR - ok

18:42:26.0963 5004 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:42:27.0041 5004 rspndr - ok

18:42:27.0104 5004 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys

18:42:27.0166 5004 RTL8167 - ok

18:42:27.0307 5004 RTL8192Ce (508d997a5e9f400fade6c85251bf13df) C:\Windows\system32\DRIVERS\rtl8192Ce.sys

18:42:27.0385 5004 RTL8192Ce - ok

18:42:27.0416 5004 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:42:27.0431 5004 SamSs - ok

18:42:27.0463 5004 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:42:27.0478 5004 sbp2port - ok

18:42:27.0525 5004 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:42:27.0603 5004 SCardSvr - ok

18:42:27.0634 5004 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:42:27.0712 5004 scfilter - ok

18:42:27.0806 5004 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

18:42:27.0915 5004 Schedule - ok

18:42:27.0946 5004 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:42:27.0977 5004 SCPolicySvc - ok

18:42:28.0040 5004 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

18:42:28.0087 5004 sdbus - ok

18:42:28.0133 5004 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

18:42:28.0211 5004 SDRSVC - ok

18:42:28.0243 5004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:42:28.0321 5004 secdrv - ok

18:42:28.0352 5004 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

18:42:28.0383 5004 seclogon - ok

18:42:28.0414 5004 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

18:42:28.0461 5004 SENS - ok

18:42:28.0492 5004 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:42:28.0523 5004 SensrSvc - ok

18:42:28.0570 5004 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

18:42:28.0617 5004 Serenum - ok

18:42:28.0648 5004 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

18:42:28.0695 5004 Serial - ok

18:42:28.0742 5004 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

18:42:28.0757 5004 sermouse - ok

18:42:28.0804 5004 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

18:42:28.0882 5004 SessionEnv - ok

18:42:28.0913 5004 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:42:28.0929 5004 sffdisk - ok

18:42:28.0945 5004 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:42:28.0976 5004 sffp_mmc - ok

18:42:29.0007 5004 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:42:29.0038 5004 sffp_sd - ok

18:42:29.0085 5004 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

18:42:29.0116 5004 sfloppy - ok

18:42:29.0179 5004 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:42:29.0225 5004 SharedAccess - ok

18:42:29.0272 5004 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

18:42:29.0335 5004 ShellHWDetection - ok

18:42:29.0366 5004 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

18:42:29.0381 5004 SiSRaid2 - ok

18:42:29.0428 5004 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

18:42:29.0459 5004 SiSRaid4 - ok

18:42:29.0506 5004 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:42:29.0569 5004 Smb - ok

18:42:29.0615 5004 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:42:29.0647 5004 SNMPTRAP - ok

18:42:29.0662 5004 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:42:29.0678 5004 spldr - ok

18:42:29.0725 5004 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

18:42:29.0787 5004 Spooler - ok

18:42:30.0037 5004 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

18:42:30.0208 5004 sppsvc - ok

18:42:30.0333 5004 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:42:30.0395 5004 sppuinotify - ok

18:42:30.0473 5004 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:42:30.0536 5004 srv - ok

18:42:30.0583 5004 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:42:30.0645 5004 srv2 - ok

18:42:30.0692 5004 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

18:42:30.0723 5004 SrvHsfHDA - ok

18:42:30.0832 5004 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

18:42:30.0926 5004 SrvHsfV92 - ok

18:42:31.0113 5004 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

18:42:31.0191 5004 SrvHsfWinac - ok

18:42:31.0238 5004 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:42:31.0285 5004 srvnet - ok

18:42:31.0347 5004 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:42:31.0425 5004 SSDPSRV - ok

18:42:31.0441 5004 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:42:31.0487 5004 SstpSvc - ok

18:42:31.0581 5004 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe

18:42:31.0659 5004 STacSV - ok

18:42:31.0706 5004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

18:42:31.0721 5004 stexstor - ok

18:42:31.0815 5004 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys

18:42:31.0877 5004 STHDA - ok

18:42:31.0971 5004 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

18:42:32.0033 5004 stisvc - ok

18:42:32.0049 5004 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:42:32.0065 5004 swenum - ok

18:42:32.0127 5004 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:42:32.0189 5004 swprv - ok

18:42:32.0267 5004 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys

18:42:32.0314 5004 SynTP - ok

18:42:32.0455 5004 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

18:42:32.0548 5004 SysMain - ok

18:42:32.0673 5004 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

18:42:32.0720 5004 TabletInputService - ok

18:42:32.0751 5004 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

18:42:32.0813 5004 TapiSrv - ok

18:42:32.0829 5004 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:42:32.0876 5004 TBS - ok

18:42:33.0079 5004 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

18:42:33.0157 5004 Tcpip - ok

18:42:33.0453 5004 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

18:42:33.0500 5004 TCPIP6 - ok

18:42:33.0640 5004 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:42:33.0718 5004 tcpipreg - ok

18:42:33.0734 5004 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:42:33.0765 5004 TDPIPE - ok

18:42:33.0796 5004 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

18:42:33.0827 5004 TDTCP - ok

18:42:33.0843 5004 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:42:33.0890 5004 tdx - ok

18:42:33.0921 5004 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:42:33.0937 5004 TermDD - ok

18:42:33.0999 5004 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

18:42:34.0077 5004 TermService - ok

18:42:34.0093 5004 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:42:34.0124 5004 Themes - ok

18:42:34.0155 5004 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:42:34.0202 5004 THREADORDER - ok

18:42:34.0217 5004 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:42:34.0264 5004 TrkWks - ok

18:42:34.0327 5004 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

18:42:34.0405 5004 TrustedInstaller - ok

18:42:34.0436 5004 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:42:34.0483 5004 tssecsrv - ok

18:42:34.0514 5004 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:42:34.0561 5004 TsUsbFlt - ok

18:42:34.0592 5004 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

18:42:34.0607 5004 TsUsbGD - ok

18:42:34.0654 5004 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:42:34.0701 5004 tunnel - ok

18:42:34.0717 5004 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

18:42:34.0732 5004 uagp35 - ok

18:42:34.0810 5004 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:42:34.0904 5004 udfs - ok

18:42:34.0951 5004 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:42:34.0966 5004 UI0Detect - ok

18:42:34.0997 5004 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:42:35.0013 5004 uliagpkx - ok

18:42:35.0029 5004 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

18:42:35.0060 5004 umbus - ok

18:42:35.0075 5004 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

18:42:35.0091 5004 UmPass - ok

18:42:35.0122 5004 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:42:35.0200 5004 upnphost - ok

18:42:35.0231 5004 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

18:42:35.0278 5004 USBAAPL64 - ok

18:42:35.0309 5004 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:42:35.0341 5004 usbccgp - ok

18:42:35.0372 5004 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:42:35.0403 5004 usbcir - ok

18:42:35.0434 5004 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

18:42:35.0450 5004 usbehci - ok

18:42:35.0481 5004 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys

18:42:35.0497 5004 usbfilter - ok

18:42:35.0543 5004 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys

18:42:35.0621 5004 usbhub - ok

18:42:35.0653 5004 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

18:42:35.0699 5004 usbohci - ok

18:42:35.0746 5004 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:42:35.0793 5004 usbprint - ok

18:42:35.0824 5004 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:42:35.0855 5004 usbscan - ok

18:42:35.0902 5004 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:42:35.0949 5004 USBSTOR - ok

18:42:35.0980 5004 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

18:42:36.0011 5004 usbuhci - ok

18:42:36.0043 5004 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

18:42:36.0089 5004 usbvideo - ok

18:42:36.0121 5004 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:42:36.0183 5004 UxSms - ok

18:42:36.0230 5004 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:42:36.0261 5004 VaultSvc - ok

18:42:36.0292 5004 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:42:36.0308 5004 vdrvroot - ok

18:42:36.0386 5004 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

18:42:36.0511 5004 vds - ok

18:42:36.0526 5004 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:42:36.0542 5004 vga - ok

18:42:36.0542 5004 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:42:36.0589 5004 VgaSave - ok

18:42:36.0635 5004 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:42:36.0682 5004 vhdmp - ok

18:42:36.0713 5004 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:42:36.0729 5004 viaide - ok

18:42:36.0745 5004 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:42:36.0760 5004 volmgr - ok

18:42:36.0807 5004 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:42:36.0838 5004 volmgrx - ok

18:42:36.0869 5004 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys

18:42:36.0901 5004 volsnap - ok

18:42:36.0947 5004 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

18:42:36.0979 5004 vsmraid - ok

18:42:37.0119 5004 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

18:42:37.0228 5004 VSS - ok

18:42:37.0369 5004 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:42:37.0415 5004 vwifibus - ok

18:42:37.0447 5004 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:42:37.0478 5004 vwififlt - ok

18:42:37.0493 5004 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

18:42:37.0509 5004 vwifimp - ok

18:42:37.0571 5004 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:42:37.0649 5004 W32Time - ok

18:42:37.0665 5004 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

18:42:37.0681 5004 WacomPen - ok

18:42:37.0727 5004 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:42:37.0805 5004 WANARP - ok

18:42:37.0805 5004 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:42:37.0837 5004 Wanarpv6 - ok

18:42:37.0961 5004 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

18:42:38.0039 5004 WatAdminSvc - ok

18:42:38.0164 5004 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

18:42:38.0258 5004 wbengine - ok

18:42:38.0383 5004 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:42:38.0429 5004 WbioSrvc - ok

18:42:38.0461 5004 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

18:42:38.0507 5004 wcncsvc - ok

18:42:38.0523 5004 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:42:38.0554 5004 WcsPlugInService - ok

18:42:38.0601 5004 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

18:42:38.0617 5004 Wd - ok

18:42:38.0679 5004 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:42:38.0726 5004 Wdf01000 - ok

18:42:38.0757 5004 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:42:38.0851 5004 WdiServiceHost - ok

18:42:38.0866 5004 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:42:38.0882 5004 WdiSystemHost - ok

18:42:38.0929 5004 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

18:42:39.0022 5004 WebClient - ok

18:42:39.0038 5004 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:42:39.0116 5004 Wecsvc - ok

18:42:39.0131 5004 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:42:39.0163 5004 wercplsupport - ok

18:42:39.0194 5004 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:42:39.0256 5004 WerSvc - ok

18:42:39.0334 5004 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:42:39.0397 5004 WfpLwf - ok

18:42:39.0412 5004 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:42:39.0428 5004 WIMMount - ok

18:42:39.0459 5004 WinDefend - ok

18:42:39.0475 5004 WinHttpAutoProxySvc - ok

18:42:39.0537 5004 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:42:39.0615 5004 Winmgmt - ok

18:42:39.0787 5004 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

18:42:39.0927 5004 WinRM - ok

18:42:40.0130 5004 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:42:40.0208 5004 Wlansvc - ok

18:42:40.0286 5004 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

18:42:40.0301 5004 wlcrasvc - ok

18:42:40.0535 5004 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:42:40.0660 5004 wlidsvc - ok

18:42:40.0801 5004 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:42:40.0847 5004 WmiAcpi - ok

18:42:40.0910 5004 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:42:40.0972 5004 wmiApSrv - ok

18:42:41.0035 5004 WMPNetworkSvc - ok

18:42:41.0066 5004 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:42:41.0113 5004 WPCSvc - ok

18:42:41.0144 5004 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

18:42:41.0191 5004 WPDBusEnum - ok

18:42:41.0206 5004 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:42:41.0253 5004 ws2ifsl - ok

18:42:41.0269 5004 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

18:42:41.0300 5004 wscsvc - ok

18:42:41.0300 5004 WSearch - ok

18:42:41.0518 5004 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

18:42:41.0659 5004 wuauserv - ok

18:42:41.0846 5004 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:42:41.0924 5004 WudfPf - ok

18:42:41.0971 5004 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:42:42.0033 5004 WUDFRd - ok

18:42:42.0049 5004 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

18:42:42.0080 5004 wudfsvc - ok

18:42:42.0127 5004 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll

18:42:42.0189 5004 WwanSvc - ok

18:42:42.0236 5004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

18:42:42.0298 5004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

18:42:42.0298 5004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

18:42:42.0392 5004 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:42:42.0392 5004 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:42:42.0407 5004 Boot (0x1200) (4d47ceb3bf85d42623c9a7ffe15ac44b) \Device\Harddisk0\DR0\Partition0

18:42:42.0407 5004 \Device\Harddisk0\DR0\Partition0 - ok

18:42:42.0454 5004 Boot (0x1200) (59af69a5151ac842a25dad878ead5245) \Device\Harddisk0\DR0\Partition1

18:42:42.0454 5004 \Device\Harddisk0\DR0\Partition1 - ok

18:42:42.0485 5004 Boot (0x1200) (4ed319b030ed9d2db20124d453d35c56) \Device\Harddisk0\DR0\Partition2

18:42:42.0485 5004 \Device\Harddisk0\DR0\Partition2 - ok

18:42:42.0485 5004 ============================================================

18:42:42.0485 5004 Scan finished

18:42:42.0485 5004 ============================================================

18:42:42.0517 5488 Detected object count: 3

18:42:42.0517 5488 Actual detected object count: 3

18:44:26.0165 5488 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

18:44:26.0165 5488 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:44:27.0246 5488 \Device\Harddisk0\DR0\# - copied to quarantine

18:44:27.0600 5488 \Device\Harddisk0\DR0 - copied to quarantine

18:44:29.0344 5488 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

18:44:29.0442 5488 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:44:29.0490 5488 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:44:29.0555 5488 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:44:29.0657 5488 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:44:29.0672 5488 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

18:44:29.0677 5488 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

18:44:29.0711 5488 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

18:44:29.0940 5488 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:44:30.0010 5488 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:44:30.0043 5488 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

18:44:30.0048 5488 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

18:44:30.0052 5488 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

18:44:30.0182 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

18:44:30.0192 5488 \Device\Harddisk0\DR0 - ok

18:44:31.0114 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:44:56.0745 3320 Deinitialize success

Share this post


Link to post
Share on other sites

18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:44:56.0745 3320 Deinitialize success

Please run it again and choose Delete for this one, MrC

Share this post


Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-07-25.04 - Garcia 07/24/2012 20:45:11.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2027 [GMT -7:00]

Running from: c:\users\Garcia\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30E781BB-EFEB-4056-B514-2FED416B0555}.xps

c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35B582CB-0510-42D7-B593-3CCDDD8EA367}.xps

c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABCAAEBD-DF02-4392-A6BC-AB0F3C51D2C2}.xps

c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E71AF224-73F8-4A22-88FF-6B8E90CF3653}.xps

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))

.

.

2012-07-25 04:00 . 2012-07-25 04:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EDD1839-EE2B-402C-889F-9F7E29189BAB}\offreg.dll

2012-07-25 03:58 . 2012-07-25 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-25 01:44 . 2012-07-25 02:02 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-25 01:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EDD1839-EE2B-402C-889F-9F7E29189BAB}\mpengine.dll

2012-07-22 05:37 . 2012-07-22 05:59 -------- d-----w- c:\windows\Microsoft Antimalware

2012-07-22 03:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-22 03:33 . 2012-07-22 03:33 -------- d-----w- c:\windows\Sun

2012-07-21 18:46 . 2012-07-21 18:46 121344 ----a-w- c:\programdata\Microsoft\Windows\DRM\D6DA.tmp

2012-07-21 18:46 . 2012-07-21 18:46 121344 ----a-w- c:\programdata\Microsoft\Windows\DRM\D4D6.tmp.dat

2012-07-12 05:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 02:26 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-04 15:43 . 2012-02-12 06:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{742977BE-95CE-4C4B-A5ED-7F1E179731AE}\gapaengine.dll

2012-07-04 03:22 . 2012-07-25 00:32 -------- d-----w- c:\users\Garcia\AppData\Local\Spotify

2012-07-04 03:21 . 2012-07-25 01:47 -------- d-----w- c:\users\Garcia\AppData\Roaming\Spotify

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-13 21:32 . 2012-04-17 16:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-13 21:32 . 2011-10-15 06:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 05:50 . 2012-02-12 08:46 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 20:46 . 2012-02-12 07:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 02:40 . 2011-12-17 08:50 878184 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys

2012-06-02 22:19 . 2012-06-21 03:37 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 03:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 03:37 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 03:37 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 03:37 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-21 03:37 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 03:37 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 03:37 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-21 03:37 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-05-04 11:06 . 2012-06-12 23:26 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 11:00 . 2012-06-15 21:31 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-05-04 10:03 . 2012-06-12 23:26 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-12 23:26 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-04 09:59 . 2012-06-15 21:31 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-05-01 05:40 . 2012-06-12 23:26 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-12 23:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-12 23:27 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-12 23:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-12 23:27 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\Garcia\AppData\Roaming\Spotify\Spotify.exe" [2012-07-21 7601880]

"Spotify Web Helper"="c:\users\Garcia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-21 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\users\Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-14 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-29 10210304]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-29 317952]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-06-04 878184]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:32]

.

2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 03:33]

.

2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 03:33]

.

2012-07-25 c:\windows\Tasks\HPCeeScheduleForGARCIA-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

2012-07-25 c:\windows\Tasks\HPCeeScheduleForGarcia.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\n6n6vcp0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=

FF - user.js: extensions.funmoods.id - 1e3d589700000000000020107a0cbd4a

FF - user.js: extensions.funmoods.instlDay - 15444

FF - user.js: extensions.funmoods.vrsn - 1.5.19.3

FF - user.js: extensions.funmoods.vrsni - 1.5.19.3

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.19.315:04

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - ironto

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef -

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.admin - false

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2012-07-24 21:18:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-25 04:18

.

Pre-Run: 401,126,596,608 bytes free

Post-Run: 405,438,238,720 bytes free

.

- - End Of File - - 1D5CB18BC64FEE52DB3320DDC4A3A5F3

Share this post


Link to post
Share on other sites

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.