Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:JS/Medfos.B Removal Help [Closed]

Started by lando1 , Oct 08 2012 06:09 PM

  • This topic is locked This topic is locked

#1
lando1
Posted 08 October 2012 - 06:09 PM

lando1

    New Member

  • Member
  • Pip
  • 3 posts
Hi, recently I have been getting some alerts from Microsoft Security Essentials regarding a Trojan:JS/Medfos.B. It removes it, but apparantely does not completely clean it because it continues to happen.

Ive seen some other topics posted here so I'll just go ahead and follow the instructions that "gringo_pr" has given them to, hopefully, save a little time and get the trojan removed quicker.

***EDIT*** Adding in OTL log

OTL Log
OTL logfile created on: 10/8/2012 8:30:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Corey\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.40 Gb Available Physical Memory | 80.88% Memory free
15.83 Gb Paging File | 14.22 Gb Available in Paging File | 89.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 639.74 Gb Free Space | 68.68% Space Free | Partition Type: NTFS

Computer Name: COREY-PC | User Name: Corey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 20:29:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Corey\Downloads\OTL.exe
PRC - [2012/09/06 21:47:53 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/16 21:58:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/02 18:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
PRC - [2010/09/02 18:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
PRC - [2010/09/02 15:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/06 21:47:37 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/01/09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\WinRAR\RarExt.dll
MOD - [2010/09/02 18:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
MOD - [2010/09/02 17:54:26 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/07/04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/06 21:47:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/21 19:38:40 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 21:58:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/02 18:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2010/09/02 15:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe -- (WCUService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/02/15 15:56:45 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011/07/07 17:05:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/14 23:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/06/11 15:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 16 F0 30 27 75 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{8E6D9089-7879-4ebe-BE12-DFFAF1B2CD8D}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {58C6AC15-10E9-11E2-8271-B8AC6F996F26}:2.0.14
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 21:47:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/06 21:47:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58C6AC15-10E9-11E2-8271-B8AC6F996F26}: C:\Users\Corey\AppData\Local\{58C6AC15-10E9-11E2-8271-B8AC6F996F26}\ [2012/10/07 21:42:10 | 000,000,000 | ---D | M]

[2012/02/15 17:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corey\AppData\Roaming\Mozilla\Extensions
[2012/10/08 19:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\uvd150mg.default\extensions
[2012/02/15 17:02:16 | 000,000,000 | ---D | M] (CLGaming) -- C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\uvd150mg.default\extensions\jid0-P3Wd6mBBwo2nnzniqsEVQZ0Q64c@jetpack
[2012/05/08 23:16:46 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\uvd150mg.default\extensions\[email protected]
[2012/07/24 17:50:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\uvd150mg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/06 21:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/06 21:47:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/07 21:42:10 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\COREY\APPDATA\LOCAL\{58C6AC15-10E9-11E2-8271-B8AC6F996F26}
[2012/09/06 21:47:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/22 00:56:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 19:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012/08/31 10:24:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/31 10:24:09 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartViewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe ()
O4 - HKCU..\Run: [ASRockXTU] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4 - Startup: C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk = C:\Program Files (x86)\UDPixel\UDPixel.exe (http://sam100.free.fr/UDPixel)
O4 - Startup: C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28493662-4AFE-4E25-97B5-2D640E48A8BC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D969CA8-3A2E-4263-B12B-5A0AD0631A63}: DhcpNameServer = 208.67.220.220 208.67.222.222
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 19:59:53 | 000,000,000 | ---D | C] -- C:\Users\Corey\Desktop\RK_Quarantine
[2012/10/07 21:42:10 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\{58C6AC15-10E9-11E2-8271-B8AC6F996F26}
[2012/10/07 21:42:09 | 000,461,824 | ---- | C] (Andrew Zhezherun) -- C:\Users\Corey\AppData\Roaming\mgmdan.dll
[2012/09/28 19:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/09/28 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/09/28 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/09/28 11:06:05 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UDPixel
[2012/09/28 11:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UDPixel
[2012/09/28 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UDPixel
[2012/09/28 10:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/09/26 21:50:01 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Mumble
[2012/09/23 15:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\roms
[2012/09/23 15:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\log
[2012/09/23 15:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lib
[2012/09/23 15:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\data
[2012/09/23 15:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\config
[2012/09/22 13:46:11 | 000,000,000 | ---D | C] -- C:\Users\Corey\Documents\Square Enix
[2012/09/22 13:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2012/09/22 13:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Enix
[2012/09/22 13:43:58 | 000,525,264 | ---- | C] (Square Enix ) -- C:\Program Files (x86)\FF7_v1.0.5.exe
[2012/09/22 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\GetRightToGo
[2012/09/17 15:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012/09/17 15:46:43 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\mIRC
[2012/09/17 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2012/02/25 00:37:38 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

========== Files - Modified Within 30 Days ==========

[2012/10/08 20:03:38 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 20:03:38 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 19:56:44 | 000,001,426 | ---- | M] () -- C:\Users\Corey\Desktop\Games.lnk
[2012/10/08 19:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 19:56:18 | 2077,900,799 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 21:42:10 | 000,461,824 | ---- | M] (Andrew Zhezherun) -- C:\Users\Corey\AppData\Roaming\mgmdan.dll
[2012/09/30 00:13:03 | 000,011,454 | ---- | M] () -- C:\Users\Corey\Desktop\GOLDSELLING.png
[2012/09/28 11:06:05 | 000,001,901 | ---- | M] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk
[2012/09/28 10:59:59 | 000,756,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/28 10:59:59 | 000,634,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/28 10:59:59 | 000,111,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/26 22:27:40 | 003,182,537 | ---- | M] () -- C:\Users\Corey\Desktop\screensdhot.png
[2012/09/23 03:10:30 | 001,359,383 | ---- | M] () -- C:\Program Files (x86)\PokeMMO.exe
[2012/09/23 03:10:28 | 000,000,113 | ---- | M] () -- C:\Program Files (x86)\PokeMMO.sh
[2012/09/22 13:45:24 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\FINAL FANTASY VII.lnk
[2012/09/22 13:44:00 | 000,525,264 | ---- | M] (Square Enix ) -- C:\Program Files (x86)\FF7_v1.0.5.exe
[2012/09/22 13:43:58 | 2099,480,832 | ---- | M] () -- C:\Program Files (x86)\FF7_v1.0.5-1.bin
[2012/09/22 13:32:51 | 387,504,841 | ---- | M] () -- C:\Program Files (x86)\FF7_v1.0.5-2.bin
[2012/09/21 20:28:45 | 005,912,364 | ---- | M] () -- C:\Users\Corey\Desktop\12 - Machete Rocket Ship Ride (To Destroy The Stars, With You, My Dearest).mp3
[2012/09/21 19:58:54 | 001,083,544 | ---- | M] () -- C:\Users\Corey\Desktop\cover.png
[2012/09/21 19:55:29 | 000,443,484 | ---- | M] () -- C:\Users\Corey\Desktop\CD_unfinished_2.jpg
[2012/09/18 21:58:14 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/09/17 21:55:58 | 000,000,651 | ---- | M] () -- C:\Users\Corey\Desktop\Toplane counters.rtf
[2012/09/17 15:46:44 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk

========== Files Created - No Company Name ==========

[2012/09/30 00:13:03 | 000,011,454 | ---- | C] () -- C:\Users\Corey\Desktop\GOLDSELLING.png
[2012/09/28 11:06:05 | 000,001,901 | ---- | C] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk
[2012/09/26 22:27:40 | 003,182,537 | ---- | C] () -- C:\Users\Corey\Desktop\screensdhot.png
[2012/09/23 15:52:01 | 001,359,383 | ---- | C] () -- C:\Program Files (x86)\PokeMMO.exe
[2012/09/23 15:52:01 | 000,000,113 | ---- | C] () -- C:\Program Files (x86)\PokeMMO.sh
[2012/09/22 13:45:24 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\FINAL FANTASY VII.lnk
[2012/09/22 13:32:52 | 2099,480,832 | ---- | C] () -- C:\Program Files (x86)\FF7_v1.0.5-1.bin
[2012/09/22 13:30:27 | 387,504,841 | ---- | C] () -- C:\Program Files (x86)\FF7_v1.0.5-2.bin
[2012/09/21 20:28:07 | 005,912,364 | ---- | C] () -- C:\Users\Corey\Desktop\12 - Machete Rocket Ship Ride (To Destroy The Stars, With You, My Dearest).mp3
[2012/09/21 19:58:47 | 001,083,544 | ---- | C] () -- C:\Users\Corey\Desktop\cover.png
[2012/09/21 19:55:28 | 000,443,484 | ---- | C] () -- C:\Users\Corey\Desktop\CD_unfinished_2.jpg
[2012/09/18 21:58:14 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/09/17 21:55:58 | 000,000,651 | ---- | C] () -- C:\Users\Corey\Desktop\Toplane counters.rtf
[2012/09/17 15:46:44 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/08/04 00:52:24 | 000,000,839 | ---- | C] () -- C:\Program Files (x86)\guildwars 2.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/02 22:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/03/23 15:37:45 | 000,000,093 | ---- | C] () -- C:\Users\Corey\AppData\Local\fusioncache.dat
[2012/02/22 23:00:06 | 1488,129,787 | ---- | C] () -- C:\Program Files (x86)\Lunia_Installer_20111115291200.exe
[2012/02/18 03:00:53 | 000,007,622 | ---- | C] () -- C:\Users\Corey\AppData\Local\Resmon.ResmonCfg
[2012/02/17 13:54:48 | 000,746,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/16 21:58:58 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/16 21:58:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/15 15:59:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/02/15 15:59:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/02/15 15:59:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/02/15 15:59:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/15 15:59:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/15 15:56:54 | 000,000,003 | ---- | C] () -- C:\Users\Corey\AppData\Local\user_data.ini
[2012/02/15 15:50:42 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/15 15:50:42 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/15 15:50:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/15 15:50:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/15 15:50:41 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/18 07:52:54 | 026,263,498 | ---- | C] ( ) -- C:\Program Files (x86)\NexusSetup.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 06:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/16 00:57:06 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\.minecraft
[2012/08/16 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\Audacity
[2012/09/03 13:57:00 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/15 16:01:20 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\DeviceVm
[2012/08/31 10:20:42 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\Dropbox
[2012/04/09 22:11:21 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\fltk.org
[2012/08/25 20:52:13 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\foobar2000
[2012/09/22 14:10:17 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\GetRightToGo
[2012/03/24 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\InfraRecorder
[2012/04/05 13:33:16 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\IrfanView
[2012/02/15 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\LolClient
[2012/05/26 00:44:12 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\LolClient2
[2012/07/31 01:44:26 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\LolMatches Client
[2012/04/16 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\MPEG Streamclip
[2012/09/29 18:56:10 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\Mumble
[2012/02/16 15:46:29 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\Origin
[2012/02/16 17:23:18 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\Rift
[2012/02/25 16:09:12 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\RotMG.Production
[2012/03/18 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\runic games
[2012/07/23 21:23:33 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\StepMania 5
[2012/09/07 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\SystemRequirementsLab
[2012/09/03 15:55:55 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >


Security Check Results:
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.1.102.62 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Microsoft Security Client Antimalware MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


AdwCleaner Results:

# AdwCleaner v2.004 - Logfile created 10/08/2012 at 19:55:32
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Corey - COREY-PC
# Boot Mode : Normal
# Running from : C:\Users\Corey\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\uvd150mg.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1589 octets] - [08/10/2012 19:55:32]

########## EOF - C:\AdwCleaner[S1].txt - [1649 octets] ##########


RogueKiller Results:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Corey [Admin rights]
Mode : Remove -- Date : 10/08/2012 20:01:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : mgmdan ("C:\Windows\System32\rundll32.exe" "C:\Users\Corey\AppData\Roaming\mgmdan.dll",KeyboardInterrupt) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FALS-00Y6A0 ATA Device +++++
--- User ---
[MBR] 1ee135fc2e178ec140fa703456af2b1e
[BSP] f647a7c9d985739e0e41f58e5af02bf1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by lando1, 08 October 2012 - 06:36 PM.

  • 0

Advertisements

#2
gringo_pr
Posted 08 October 2012 - 10:42 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#3
lando1
Posted 09 October 2012 - 08:25 AM

lando1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
After running the various programs suggested, I have not had any warnings from Microsoft Security Essentials about the trojan, I also did a full scan without finding anything. I'm not sure if that means the trojan is completely removed or not yet though.

Security Check Results:
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.1.102.62 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Microsoft Security Client Antimalware MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

ComboFix Log
ComboFix 12-10-09.01 - Corey 10/09/2012 10:13:51.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6633 [GMT -4:00]
Running from: c:\users\Corey\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Lunia_Installer_20111115291200.exe
c:\programdata\DynuEncrypt.dll
c:\users\Corey\AppData\Local\assembly\tmp
c:\users\Corey\AppData\Roaming\mgmdan.dll
c:\users\Corey\AppData\Roaming\mIRC\logs\status.log
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 14:16 . 2012-10-09 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-09 14:16 . 2012-10-09 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 14:07 . 2012-10-09 14:07 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCAFEB1C-E4A5-4528-B539-AFF8683D6E4F}\offreg.dll
2012-10-08 23:28 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCAFEB1C-E4A5-4528-B539-AFF8683D6E4F}\mpengine.dll
2012-10-08 01:42 . 2012-10-08 01:42 -------- d-----w- c:\users\Corey\AppData\Local\{58C6AC15-10E9-11E2-8271-B8AC6F996F26}
2012-09-28 23:49 . 2012-09-28 23:49 -------- d-----w- c:\program files\Microsoft Silverlight
2012-09-28 23:49 . 2012-09-28 23:49 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-09-28 15:06 . 2012-09-28 15:10 -------- d-----w- c:\program files (x86)\UDPixel
2012-09-28 14:59 . 2012-09-28 14:59 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-09-27 01:50 . 2012-09-27 01:50 -------- d-----w- c:\users\Corey\AppData\Local\Mumble
2012-09-23 19:52 . 2012-09-23 19:54 -------- d-----w- c:\program files (x86)\log
2012-09-23 19:52 . 2012-09-23 19:54 -------- d-----w- c:\program files (x86)\roms
2012-09-23 19:52 . 2012-09-23 07:10 1359383 ----a-w- c:\program files (x86)\PokeMMO.exe
2012-09-23 19:52 . 2012-09-23 07:10 -------- d-----w- c:\program files (x86)\data
2012-09-23 19:52 . 2012-09-23 07:10 -------- d-----w- c:\program files (x86)\lib
2012-09-23 19:52 . 2012-09-23 07:10 -------- d-----w- c:\program files (x86)\config
2012-09-22 17:44 . 2012-09-22 17:44 -------- d-----w- c:\program files (x86)\Square Enix
2012-09-22 17:43 . 2012-09-22 17:44 525264 ----a-w- c:\program files (x86)\FF7_v1.0.5.exe
2012-09-22 17:32 . 2012-09-22 17:43 2099480832 ----a-w- c:\program files (x86)\FF7_v1.0.5-1.bin
2012-09-22 17:30 . 2012-09-22 17:32 387504841 ----a-w- c:\program files (x86)\FF7_v1.0.5-2.bin
2012-09-22 17:30 . 2012-09-22 18:10 -------- d-----w- c:\users\Corey\AppData\Roaming\GetRightToGo
2012-09-17 19:46 . 2012-09-17 19:50 -------- d-----w- c:\users\Corey\AppData\Roaming\mIRC
2012-09-17 19:46 . 2012-09-17 19:49 -------- d-----w- c:\program files (x86)\mIRC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 07:27 . 2012-02-18 18:20 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 16:38 . 2012-07-12 16:38 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-12 16:38 . 2012-07-12 16:38 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 16:38 . 2012-07-12 16:38 268720 ----a-w- c:\windows\system32\javaws.exe
2012-07-12 16:38 . 2012-07-12 16:38 189360 ----a-w- c:\windows\system32\javaw.exe
2012-07-12 16:38 . 2012-07-12 16:38 188840 ----a-w- c:\windows\system32\java.exe
2011-11-18 11:52 . 2011-11-18 11:52 26263498 ----a-w- c:\program files (x86)\NexusSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Corey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Corey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Corey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
UDPixel.lnk - c:\program files (x86)\UDPixel\UDPixel.exe [2007-2-28 73728]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-5-2 3553176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-5-30 508416]
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2012-6-5 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-18 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-02-15 15936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 WCUService;SmartView Software Updater Service;c:\program files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-09-02 456976]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-07 66336]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Corey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Corey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Corey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Corey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 208.67.220.220 208.67.222.222
FF - ProfilePath - c:\users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\uvd150mg.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-09 10:18:40
ComboFix-quarantined-files.txt 2012-10-09 14:18
.
Pre-Run: 690,952,237,056 bytes free
Post-Run: 691,341,656,064 bytes free
.
- - End Of File - - 7DCC1E1243864A1CB4B282FC2502640D
  • 0

#4
gringo_pr
Posted 09 October 2012 - 11:29 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#5
lando1
Posted 09 October 2012 - 06:52 PM

lando1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
tdskiller log
20:40:59.0893 3908 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:41:00.0587 3908 ============================================================
20:41:00.0587 3908 Current date / time: 2012/10/09 20:41:00.0587
20:41:00.0587 3908 SystemInfo:
20:41:00.0587 3908
20:41:00.0587 3908 OS Version: 6.1.7601 ServicePack: 1.0
20:41:00.0587 3908 Product type: Workstation
20:41:00.0587 3908 ComputerName: COREY-PC
20:41:00.0587 3908 UserName: Corey
20:41:00.0587 3908 Windows directory: C:\Windows
20:41:00.0587 3908 System windows directory: C:\Windows
20:41:00.0587 3908 Running under WOW64
20:41:00.0587 3908 Processor architecture: Intel x64
20:41:00.0587 3908 Number of processors: 4
20:41:00.0587 3908 Page size: 0x1000
20:41:00.0587 3908 Boot type: Normal boot
20:41:00.0587 3908 ============================================================
20:41:01.0640 3908 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:01.0643 3908 ============================================================
20:41:01.0643 3908 \Device\Harddisk0\DR0:
20:41:01.0643 3908 MBR partitions:
20:41:01.0643 3908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:41:01.0643 3908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:41:01.0643 3908 ============================================================
20:41:01.0671 3908 C: <-> \Device\Harddisk0\DR0\Partition2
20:41:01.0671 3908 ============================================================
20:41:01.0671 3908 Initialize success
20:41:01.0671 3908 ============================================================
20:41:06.0962 1716 ============================================================
20:41:06.0962 1716 Scan started
20:41:06.0962 1716 Mode: Manual;
20:41:06.0962 1716 ============================================================
20:41:07.0337 1716 ================ Scan system memory ========================
20:41:07.0337 1716 System memory - ok
20:41:07.0338 1716 ================ Scan services =============================
20:41:07.0471 1716 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:41:07.0472 1716 1394ohci - ok
20:41:07.0487 1716 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:41:07.0488 1716 ACPI - ok
20:41:07.0505 1716 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:41:07.0506 1716 AcpiPmi - ok
20:41:07.0538 1716 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:41:07.0540 1716 adp94xx - ok
20:41:07.0558 1716 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:41:07.0561 1716 adpahci - ok
20:41:07.0573 1716 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:41:07.0574 1716 adpu320 - ok
20:41:07.0598 1716 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:41:07.0598 1716 AeLookupSvc - ok
20:41:07.0708 1716 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:41:07.0710 1716 AFD - ok
20:41:07.0731 1716 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:41:07.0731 1716 agp440 - ok
20:41:07.0750 1716 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:41:07.0751 1716 ALG - ok
20:41:07.0779 1716 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:41:07.0780 1716 aliide - ok
20:41:07.0802 1716 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:41:07.0802 1716 amdide - ok
20:41:07.0817 1716 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:41:07.0818 1716 AmdK8 - ok
20:41:07.0839 1716 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:41:07.0840 1716 AmdPPM - ok
20:41:07.0860 1716 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:41:07.0861 1716 amdsata - ok
20:41:07.0918 1716 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:41:07.0919 1716 amdsbs - ok
20:41:07.0937 1716 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:41:07.0938 1716 amdxata - ok
20:41:07.0998 1716 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:41:07.0999 1716 AppID - ok
20:41:08.0012 1716 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:41:08.0013 1716 AppIDSvc - ok
20:41:08.0035 1716 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:41:08.0035 1716 Appinfo - ok
20:41:08.0119 1716 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:41:08.0121 1716 AppMgmt - ok
20:41:08.0151 1716 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:41:08.0152 1716 arc - ok
20:41:08.0172 1716 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:41:08.0173 1716 arcsas - ok
20:41:08.0204 1716 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
20:41:08.0205 1716 asmthub3 - ok
20:41:08.0222 1716 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
20:41:08.0224 1716 asmtxhci - ok
20:41:08.0275 1716 aspnet_state - ok
20:41:08.0310 1716 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
20:41:08.0310 1716 AsrAppCharger - ok
20:41:08.0324 1716 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:41:08.0324 1716 AsyncMac - ok
20:41:08.0338 1716 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:41:08.0338 1716 atapi - ok
20:41:08.0369 1716 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:41:08.0375 1716 athr - ok
20:41:08.0396 1716 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:41:08.0399 1716 AudioEndpointBuilder - ok
20:41:08.0408 1716 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:41:08.0411 1716 AudioSrv - ok
20:41:08.0419 1716 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:41:08.0420 1716 AxInstSV - ok
20:41:08.0435 1716 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:41:08.0437 1716 b06bdrv - ok
20:41:08.0454 1716 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:41:08.0455 1716 b57nd60a - ok
20:41:08.0468 1716 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:41:08.0469 1716 BDESVC - ok
20:41:08.0490 1716 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:41:08.0491 1716 Beep - ok
20:41:08.0522 1716 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:41:08.0525 1716 BFE - ok
20:41:08.0556 1716 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:41:08.0560 1716 BITS - ok
20:41:08.0573 1716 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:41:08.0574 1716 blbdrive - ok
20:41:08.0588 1716 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:41:08.0588 1716 bowser - ok
20:41:08.0598 1716 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:41:08.0599 1716 BrFiltLo - ok
20:41:08.0610 1716 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:41:08.0610 1716 BrFiltUp - ok
20:41:08.0630 1716 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:41:08.0630 1716 BridgeMP - ok
20:41:08.0645 1716 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
20:41:08.0646 1716 Browser - ok
20:41:08.0667 1716 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:41:08.0668 1716 Brserid - ok
20:41:08.0681 1716 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:41:08.0682 1716 BrSerWdm - ok
20:41:08.0694 1716 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:41:08.0695 1716 BrUsbMdm - ok
20:41:08.0707 1716 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:41:08.0707 1716 BrUsbSer - ok
20:41:08.0714 1716 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:41:08.0715 1716 BTHMODEM - ok
20:41:08.0727 1716 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:41:08.0728 1716 bthserv - ok
20:41:08.0731 1716 catchme - ok
20:41:08.0746 1716 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:41:08.0747 1716 cdfs - ok
20:41:08.0766 1716 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:41:08.0767 1716 cdrom - ok
20:41:08.0786 1716 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:41:08.0787 1716 CertPropSvc - ok
20:41:08.0822 1716 [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
20:41:08.0829 1716 cFosSpeed - ok
20:41:08.0863 1716 [ 760085908644D2988F1B504C3FCA6959 ] cFosSpeedS C:\Program Files\ASRock\XFast LAN\spd.exe
20:41:08.0865 1716 cFosSpeedS - ok
20:41:08.0886 1716 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:41:08.0886 1716 circlass - ok
20:41:08.0925 1716 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:41:08.0927 1716 CLFS - ok
20:41:08.0939 1716 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:41:08.0940 1716 clr_optimization_v2.0.50727_32 - ok
20:41:08.0976 1716 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:41:08.0977 1716 clr_optimization_v2.0.50727_64 - ok
20:41:09.0031 1716 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:41:09.0032 1716 clr_optimization_v4.0.30319_32 - ok
20:41:09.0061 1716 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:41:09.0062 1716 clr_optimization_v4.0.30319_64 - ok
20:41:09.0076 1716 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:41:09.0077 1716 CmBatt - ok
20:41:09.0087 1716 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:41:09.0088 1716 cmdide - ok
20:41:09.0117 1716 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
20:41:09.0119 1716 CNG - ok
20:41:09.0129 1716 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:41:09.0129 1716 Compbatt - ok
20:41:09.0149 1716 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:41:09.0150 1716 CompositeBus - ok
20:41:09.0153 1716 COMSysApp - ok
20:41:09.0187 1716 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:41:09.0187 1716 crcdisk - ok
20:41:09.0238 1716 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:41:09.0239 1716 CryptSvc - ok
20:41:09.0267 1716 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:41:09.0271 1716 CSC - ok
20:41:09.0319 1716 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:41:09.0322 1716 CscService - ok
20:41:09.0366 1716 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:41:09.0370 1716 DcomLaunch - ok
20:41:09.0389 1716 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:41:09.0390 1716 defragsvc - ok
20:41:09.0405 1716 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:41:09.0406 1716 DfsC - ok
20:41:09.0430 1716 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:41:09.0432 1716 Dhcp - ok
20:41:09.0442 1716 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:41:09.0443 1716 discache - ok
20:41:09.0455 1716 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:41:09.0455 1716 Disk - ok
20:41:09.0476 1716 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:41:09.0476 1716 dmvsc - ok
20:41:09.0501 1716 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:41:09.0502 1716 Dnscache - ok
20:41:09.0518 1716 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:41:09.0520 1716 dot3svc - ok
20:41:09.0535 1716 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:41:09.0536 1716 DPS - ok
20:41:09.0542 1716 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:41:09.0543 1716 drmkaud - ok
20:41:09.0563 1716 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:41:09.0567 1716 DXGKrnl - ok
20:41:09.0581 1716 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:41:09.0582 1716 EapHost - ok
20:41:09.0640 1716 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:41:09.0654 1716 ebdrv - ok
20:41:09.0667 1716 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:41:09.0668 1716 EFS - ok
20:41:09.0708 1716 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:41:09.0712 1716 ehRecvr - ok
20:41:09.0717 1716 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:41:09.0718 1716 ehSched - ok
20:41:09.0740 1716 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:41:09.0743 1716 elxstor - ok
20:41:09.0751 1716 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:41:09.0751 1716 ErrDev - ok
20:41:09.0773 1716 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:41:09.0775 1716 EventSystem - ok
20:41:09.0787 1716 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:41:09.0788 1716 exfat - ok
20:41:09.0800 1716 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:41:09.0801 1716 fastfat - ok
20:41:09.0828 1716 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:41:09.0831 1716 Fax - ok
20:41:09.0836 1716 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:41:09.0837 1716 fdc - ok
20:41:09.0854 1716 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:41:09.0855 1716 fdPHost - ok
20:41:09.0861 1716 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:41:09.0862 1716 FDResPub - ok
20:41:09.0868 1716 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:41:09.0868 1716 FileInfo - ok
20:41:09.0873 1716 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:41:09.0873 1716 Filetrace - ok
20:41:09.0881 1716 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:41:09.0881 1716 flpydisk - ok
20:41:09.0903 1716 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:41:09.0904 1716 FltMgr - ok
20:41:09.0923 1716 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
20:41:09.0923 1716 FNETURPX - ok
20:41:09.0944 1716 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
20:41:09.0949 1716 FontCache - ok
20:41:09.0987 1716 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:41:09.0988 1716 FontCache3.0.0.0 - ok
20:41:10.0000 1716 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:41:10.0000 1716 FsDepends - ok
20:41:10.0012 1716 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:41:10.0012 1716 Fs_Rec - ok
20:41:10.0028 1716 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:41:10.0029 1716 fvevol - ok
20:41:10.0038 1716 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:41:10.0039 1716 gagp30kx - ok
20:41:10.0069 1716 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:41:10.0073 1716 gpsvc - ok
20:41:10.0082 1716 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:41:10.0082 1716 hcw85cir - ok
20:41:10.0109 1716 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:41:10.0110 1716 HdAudAddService - ok
20:41:10.0130 1716 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:41:10.0130 1716 HDAudBus - ok
20:41:10.0146 1716 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:41:10.0147 1716 HidBatt - ok
20:41:10.0161 1716 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:41:10.0161 1716 HidBth - ok
20:41:10.0185 1716 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:41:10.0186 1716 HidIr - ok
20:41:10.0197 1716 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:41:10.0198 1716 hidserv - ok
20:41:10.0213 1716 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:41:10.0214 1716 HidUsb - ok
20:41:10.0233 1716 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:41:10.0234 1716 hkmsvc - ok
20:41:10.0247 1716 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:41:10.0248 1716 HomeGroupListener - ok
20:41:10.0263 1716 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:41:10.0265 1716 HomeGroupProvider - ok
20:41:10.0276 1716 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:41:10.0277 1716 HpSAMD - ok
20:41:10.0293 1716 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:41:10.0297 1716 HTTP - ok
20:41:10.0309 1716 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:41:10.0309 1716 hwpolicy - ok
20:41:10.0321 1716 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:41:10.0322 1716 i8042prt - ok
20:41:10.0352 1716 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:41:10.0355 1716 iaStorV - ok
20:41:10.0399 1716 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:41:10.0404 1716 idsvc - ok
20:41:10.0580 1716 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:41:10.0636 1716 igfx - ok
20:41:10.0648 1716 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:41:10.0648 1716 iirsp - ok
20:41:10.0679 1716 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:41:10.0684 1716 IKEEXT - ok
20:41:10.0742 1716 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:41:10.0754 1716 IntcAzAudAddService - ok
20:41:10.0758 1716 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:41:10.0758 1716 intelide - ok
20:41:10.0770 1716 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:41:10.0770 1716 intelppm - ok
20:41:10.0777 1716 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:41:10.0779 1716 IPBusEnum - ok
20:41:10.0794 1716 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:41:10.0795 1716 IpFilterDriver - ok
20:41:10.0812 1716 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:41:10.0815 1716 iphlpsvc - ok
20:41:10.0825 1716 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:41:10.0826 1716 IPMIDRV - ok
20:41:10.0838 1716 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:41:10.0838 1716 IPNAT - ok
20:41:10.0850 1716 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:41:10.0851 1716 IRENUM - ok
20:41:10.0862 1716 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:41:10.0863 1716 isapnp - ok
20:41:10.0878 1716 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:41:10.0879 1716 iScsiPrt - ok
20:41:10.0896 1716 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:41:10.0897 1716 kbdclass - ok
20:41:10.0905 1716 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:41:10.0905 1716 kbdhid - ok
20:41:10.0909 1716 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:41:10.0911 1716 KeyIso - ok
20:41:10.0934 1716 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:41:10.0935 1716 KSecDD - ok
20:41:10.0951 1716 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:41:10.0951 1716 KSecPkg - ok
20:41:10.0954 1716 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:41:10.0955 1716 ksthunk - ok
20:41:10.0972 1716 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:41:10.0974 1716 KtmRm - ok
20:41:11.0006 1716 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:41:11.0009 1716 LanmanServer - ok
20:41:11.0026 1716 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:41:11.0027 1716 LanmanWorkstation - ok
20:41:11.0048 1716 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:41:11.0049 1716 lltdio - ok
20:41:11.0065 1716 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:41:11.0067 1716 lltdsvc - ok
20:41:11.0081 1716 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:41:11.0082 1716 lmhosts - ok
20:41:11.0149 1716 [ 9AD4BEE2FE76D4CA39AC969B617E94FB ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:41:11.0150 1716 LMS - ok
20:41:11.0163 1716 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:41:11.0164 1716 LSI_FC - ok
20:41:11.0175 1716 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:41:11.0176 1716 LSI_SAS - ok
20:41:11.0188 1716 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:41:11.0189 1716 LSI_SAS2 - ok
20:41:11.0199 1716 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:41:11.0200 1716 LSI_SCSI - ok
20:41:11.0222 1716 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:41:11.0222 1716 luafv - ok
20:41:11.0231 1716 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
20:41:11.0232 1716 MBfilt - ok
20:41:11.0240 1716 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:41:11.0241 1716 Mcx2Svc - ok
20:41:11.0252 1716 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:41:11.0253 1716 megasas - ok
20:41:11.0266 1716 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:41:11.0267 1716 MegaSR - ok
20:41:11.0287 1716 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:41:11.0287 1716 MEIx64 - ok
20:41:11.0295 1716 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:41:11.0296 1716 MMCSS - ok
20:41:11.0309 1716 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:41:11.0309 1716 Modem - ok
20:41:11.0321 1716 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:41:11.0322 1716 monitor - ok
20:41:11.0334 1716 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:41:11.0335 1716 mouclass - ok
20:41:11.0340 1716 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:41:11.0341 1716 mouhid - ok
20:41:11.0345 1716 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:41:11.0345 1716 mountmgr - ok
20:41:11.0397 1716 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:41:11.0397 1716 MozillaMaintenance - ok
20:41:11.0434 1716 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:41:11.0435 1716 MpFilter - ok
20:41:11.0459 1716 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:41:11.0460 1716 mpio - ok
20:41:11.0481 1716 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
20:41:11.0481 1716 MpNWMon - ok
20:41:11.0502 1716 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:41:11.0503 1716 mpsdrv - ok
20:41:11.0525 1716 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:41:11.0529 1716 MpsSvc - ok
20:41:11.0545 1716 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:41:11.0546 1716 MRxDAV - ok
20:41:11.0558 1716 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:41:11.0560 1716 mrxsmb - ok
20:41:11.0570 1716 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:41:11.0572 1716 mrxsmb10 - ok
20:41:11.0581 1716 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:41:11.0582 1716 mrxsmb20 - ok
20:41:11.0594 1716 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:41:11.0595 1716 msahci - ok
20:41:11.0606 1716 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:41:11.0607 1716 msdsm - ok
20:41:11.0621 1716 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:41:11.0623 1716 MSDTC - ok
20:41:11.0639 1716 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:41:11.0639 1716 Msfs - ok
20:41:11.0651 1716 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:41:11.0652 1716 mshidkmdf - ok
20:41:11.0656 1716 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:41:11.0656 1716 msisadrv - ok
20:41:11.0684 1716 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:41:11.0685 1716 MSiSCSI - ok
20:41:11.0688 1716 msiserver - ok
20:41:11.0709 1716 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:41:11.0710 1716 MSKSSRV - ok
20:41:11.0748 1716 [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:41:11.0749 1716 MsMpSvc - ok
20:41:11.0765 1716 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:41:11.0765 1716 MSPCLOCK - ok
20:41:11.0769 1716 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:41:11.0769 1716 MSPQM - ok
20:41:11.0786 1716 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:41:11.0787 1716 MsRPC - ok
20:41:11.0794 1716 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:41:11.0795 1716 mssmbios - ok
20:41:11.0798 1716 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:41:11.0798 1716 MSTEE - ok
20:41:11.0811 1716 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:41:11.0811 1716 MTConfig - ok
20:41:11.0822 1716 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:41:11.0823 1716 Mup - ok
20:41:11.0840 1716 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:41:11.0843 1716 napagent - ok
20:41:11.0867 1716 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:41:11.0869 1716 NativeWifiP - ok
20:41:11.0898 1716 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:41:11.0902 1716 NDIS - ok
20:41:11.0912 1716 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:41:11.0913 1716 NdisCap - ok
20:41:11.0932 1716 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:41:11.0932 1716 NdisTapi - ok
20:41:11.0936 1716 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:41:11.0937 1716 Ndisuio - ok
20:41:11.0949 1716 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:41:11.0951 1716 NdisWan - ok
20:41:11.0956 1716 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:41:11.0956 1716 NDProxy - ok
20:41:11.0971 1716 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:41:11.0971 1716 NetBIOS - ok
20:41:11.0985 1716 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:41:11.0987 1716 NetBT - ok
20:41:11.0992 1716 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:41:11.0993 1716 Netlogon - ok
20:41:12.0016 1716 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:41:12.0018 1716 Netman - ok
20:41:12.0025 1716 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:41:12.0028 1716 netprofm - ok
20:41:12.0061 1716 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:41:12.0062 1716 NetTcpPortSharing - ok
20:41:12.0077 1716 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:41:12.0077 1716 nfrd960 - ok
20:41:12.0087 1716 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:41:12.0088 1716 NisDrv - ok
20:41:12.0103 1716 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:41:12.0104 1716 NisSrv - ok
20:41:12.0120 1716 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:41:12.0122 1716 NlaSvc - ok
20:41:12.0130 1716 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:41:12.0131 1716 Npfs - ok
20:41:12.0139 1716 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:41:12.0141 1716 nsi - ok
20:41:12.0147 1716 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:41:12.0147 1716 nsiproxy - ok
20:41:12.0199 1716 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:41:12.0206 1716 Ntfs - ok
20:41:12.0216 1716 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:41:12.0216 1716 Null - ok
20:41:12.0253 1716 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:41:12.0253 1716 NVHDA - ok
20:41:12.0439 1716 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:41:12.0500 1716 nvlddmkm - ok
20:41:12.0518 1716 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:41:12.0519 1716 nvraid - ok
20:41:12.0531 1716 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:41:12.0532 1716 nvstor - ok
20:41:12.0573 1716 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:41:12.0578 1716 nvsvc - ok
20:41:12.0623 1716 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:41:12.0629 1716 nvUpdatusService - ok
20:41:12.0649 1716 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:41:12.0650 1716 nv_agp - ok
20:41:12.0673 1716 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:41:12.0674 1716 ohci1394 - ok
20:41:12.0692 1716 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:41:12.0694 1716 p2pimsvc - ok
20:41:12.0715 1716 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:41:12.0718 1716 p2psvc - ok
20:41:12.0728 1716 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:41:12.0729 1716 Parport - ok
20:41:12.0738 1716 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:41:12.0739 1716 partmgr - ok
20:41:12.0748 1716 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:41:12.0750 1716 PcaSvc - ok
20:41:12.0759 1716 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:41:12.0760 1716 pci - ok
20:41:12.0768 1716 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:41:12.0768 1716 pciide - ok
20:41:12.0784 1716 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:41:12.0785 1716 pcmcia - ok
20:41:12.0795 1716 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:41:12.0796 1716 pcw - ok
20:41:12.0813 1716 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:41:12.0816 1716 PEAUTH - ok
20:41:12.0837 1716 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:41:12.0844 1716 PeerDistSvc - ok
20:41:12.0910 1716 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:41:12.0911 1716 PerfHost - ok
20:41:12.0949 1716 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:41:12.0957 1716 pla - ok
20:41:12.0985 1716 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:41:12.0988 1716 PlugPlay - ok
20:41:12.0995 1716 PnkBstrA - ok
20:41:13.0000 1716 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:41:13.0001 1716 PNRPAutoReg - ok
20:41:13.0008 1716 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:41:13.0010 1716 PNRPsvc - ok
20:41:13.0035 1716 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:41:13.0038 1716 PolicyAgent - ok
20:41:13.0064 1716 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:41:13.0066 1716 Power - ok
20:41:13.0087 1716 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:41:13.0088 1716 PptpMiniport - ok
20:41:13.0101 1716 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:41:13.0101 1716 Processor - ok
20:41:13.0112 1716 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
20:41:13.0114 1716 ProfSvc - ok
20:41:13.0125 1716 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:41:13.0126 1716 ProtectedStorage - ok
20:41:13.0137 1716 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:41:13.0138 1716 Psched - ok
20:41:13.0169 1716 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:41:13.0176 1716 ql2300 - ok
20:41:13.0187 1716 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:41:13.0188 1716 ql40xx - ok
20:41:13.0201 1716 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:41:13.0204 1716 QWAVE - ok
20:41:13.0212 1716 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:41:13.0212 1716 QWAVEdrv - ok
20:41:13.0219 1716 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:41:13.0220 1716 RasAcd - ok
20:41:13.0237 1716 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:41:13.0238 1716 RasAgileVpn - ok
20:41:13.0248 1716 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:41:13.0250 1716 RasAuto - ok
20:41:13.0256 1716 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:41:13.0257 1716 Rasl2tp - ok
20:41:13.0270 1716 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:41:13.0272 1716 RasMan - ok
20:41:13.0283 1716 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:41:13.0283 1716 RasPppoe - ok
20:41:13.0303 1716 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:41:13.0303 1716 RasSstp - ok
20:41:13.0313 1716 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:41:13.0314 1716 rdbss - ok
20:41:13.0326 1716 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:41:13.0327 1716 rdpbus - ok
20:41:13.0331 1716 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:41:13.0331 1716 RDPCDD - ok
20:41:13.0348 1716 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:41:13.0349 1716 RDPDR - ok
20:41:13.0359 1716 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:41:13.0359 1716 RDPENCDD - ok
20:41:13.0371 1716 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:41:13.0371 1716 RDPREFMP - ok
20:41:13.0383 1716 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:41:13.0383 1716 RdpVideoMiniport - ok
20:41:13.0399 1716 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:41:13.0401 1716 RDPWD - ok
20:41:13.0415 1716 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:41:13.0417 1716 rdyboost - ok
20:41:13.0424 1716 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:41:13.0425 1716 RemoteAccess - ok
20:41:13.0434 1716 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:41:13.0436 1716 RemoteRegistry - ok
20:41:13.0448 1716 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:41:13.0450 1716 RpcEptMapper - ok
20:41:13.0458 1716 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:41:13.0459 1716 RpcLocator - ok
20:41:13.0474 1716 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
20:41:13.0477 1716 RpcSs - ok
20:41:13.0490 1716 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:41:13.0490 1716 rspndr - ok
20:41:13.0525 1716 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:41:13.0528 1716 RTL8167 - ok
20:41:13.0539 1716 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:41:13.0539 1716 s3cap - ok
20:41:13.0542 1716 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:41:13.0543 1716 SamSs - ok
20:41:13.0553 1716 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:41:13.0554 1716 sbp2port - ok
20:41:13.0568 1716 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:41:13.0570 1716 SCardSvr - ok
20:41:13.0582 1716 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:41:13.0582 1716 scfilter - ok
20:41:13.0607 1716 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:41:13.0613 1716 Schedule - ok
20:41:13.0627 1716 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:41:13.0628 1716 SCPolicySvc - ok
20:41:13.0640 1716 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:41:13.0642 1716 SDRSVC - ok
20:41:13.0647 1716 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:41:13.0648 1716 secdrv - ok
20:41:13.0658 1716 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:41:13.0659 1716 seclogon - ok
20:41:13.0666 1716 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:41:13.0667 1716 SENS - ok
20:41:13.0673 1716 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:41:13.0675 1716 SensrSvc - ok
20:41:13.0678 1716 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:41:13.0678 1716 Serenum - ok
20:41:13.0698 1716 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:41:13.0698 1716 Serial - ok
20:41:13.0706 1716 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:41:13.0707 1716 sermouse - ok
20:41:13.0719 1716 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:41:13.0720 1716 SessionEnv - ok
20:41:13.0733 1716 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:41:13.0733 1716 sffdisk - ok
20:41:13.0741 1716 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:41:13.0741 1716 sffp_mmc - ok
20:41:13.0751 1716 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:41:13.0752 1716 sffp_sd - ok
20:41:13.0764 1716 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:41:13.0764 1716 sfloppy - ok
20:41:13.0802 1716 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:41:13.0805 1716 SharedAccess - ok
20:41:13.0821 1716 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:41:13.0823 1716 ShellHWDetection - ok
20:41:13.0839 1716 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:41:13.0839 1716 SiSRaid2 - ok
20:41:13.0854 1716 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:41:13.0855 1716 SiSRaid4 - ok
20:41:13.0947 1716 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:41:13.0960 1716 Skype C2C Service - ok
20:41:13.0973 1716 [ 68EA68D03BF58389FE6AD2B38FAD798C ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:41:13.0973 1716 SkypeUpdate - ok
20:41:14.0015 1716 [ C337738BA4BD745E0983EC6EF262798D ] SmartViewService C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
20:41:14.0016 1716 SmartViewService - ok
20:41:14.0037 1716 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:41:14.0038 1716 Smb - ok
20:41:14.0054 1716 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:41:14.0055 1716 SNMPTRAP - ok
20:41:14.0061 1716 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:41:14.0062 1716 spldr - ok
20:41:14.0084 1716 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:41:14.0087 1716 Spooler - ok
20:41:14.0139 1716 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:41:14.0154 1716 sppsvc - ok
20:41:14.0161 1716 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:41:14.0162 1716 sppuinotify - ok
20:41:14.0186 1716 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:41:14.0189 1716 srv - ok
20:41:14.0206 1716 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:41:14.0208 1716 srv2 - ok
20:41:14.0219 1716 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:41:14.0220 1716 srvnet - ok
20:41:14.0244 1716 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:41:14.0245 1716 SSDPSRV - ok
20:41:14.0260 1716 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:41:14.0262 1716 SstpSvc - ok
20:41:14.0275 1716 Steam Client Service - ok
20:41:14.0304 1716 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:41:14.0306 1716 Stereo Service - ok
20:41:14.0320 1716 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:41:14.0320 1716 stexstor - ok
20:41:14.0345 1716 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:41:14.0349 1716 stisvc - ok
20:41:14.0375 1716 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:41:14.0375 1716 storflt - ok
20:41:14.0394 1716 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:41:14.0394 1716 storvsc - ok
20:41:14.0401 1716 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:41:14.0401 1716 swenum - ok
20:41:14.0420 1716 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:41:14.0423 1716 swprv - ok
20:41:14.0441 1716 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
20:41:14.0442 1716 Synth3dVsc - ok
20:41:14.0479 1716 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:41:14.0487 1716 SysMain - ok
20:41:14.0496 1716 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:41:14.0498 1716 TabletInputService - ok
20:41:14.0513 1716 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:41:14.0515 1716 TapiSrv - ok
20:41:14.0521 1716 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:41:14.0522 1716 TBS - ok
20:41:14.0560 1716 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:41:14.0568 1716 Tcpip - ok
20:41:14.0601 1716 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:41:14.0609 1716 TCPIP6 - ok
20:41:14.0621 1716 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:41:14.0622 1716 tcpipreg - ok
20:41:14.0641 1716 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:41:14.0642 1716 TDPIPE - ok
20:41:14.0644 1716 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:41:14.0645 1716 TDTCP - ok
20:41:14.0657 1716 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:41:14.0658 1716 tdx - ok
20:41:14.0669 1716 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:41:14.0669 1716 TermDD - ok
20:41:14.0679 1716 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
20:41:14.0679 1716 terminpt - ok
20:41:14.0699 1716 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:41:14.0703 1716 TermService - ok
20:41:14.0710 1716 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:41:14.0712 1716 Themes - ok
20:41:14.0715 1716 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:41:14.0716 1716 THREADORDER - ok
20:41:14.0730 1716 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:41:14.0732 1716 TrkWks - ok
20:41:14.0771 1716 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:41:14.0773 1716 TrustedInstaller - ok
20:41:14.0781 1716 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:41:14.0782 1716 tssecsrv - ok
20:41:14.0799 1716 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:41:14.0800 1716 TsUsbFlt - ok
20:41:14.0812 1716 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:41:14.0813 1716 TsUsbGD - ok
20:41:14.0828 1716 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
20:41:14.0829 1716 tsusbhub - ok
20:41:14.0852 1716 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:41:14.0852 1716 tunnel - ok
20:41:14.0863 1716 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:41:14.0863 1716 uagp35 - ok
20:41:14.0883 1716 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:41:14.0885 1716 udfs - ok
20:41:14.0920 1716 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:41:14.0921 1716 UI0Detect - ok
20:41:14.0936 1716 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:41:14.0937 1716 uliagpkx - ok
20:41:14.0953 1716 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:41:14.0954 1716 umbus - ok
20:41:14.0965 1716 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:41:14.0966 1716 UmPass - ok
20:41:14.0993 1716 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:41:14.0995 1716 UmRdpService - ok
20:41:15.0066 1716 [ CD114CE02A10FA79C229770788106842 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:41:15.0077 1716 UNS - ok
20:41:15.0097 1716 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:41:15.0100 1716 upnphost - ok
20:41:15.0126 1716 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:41:15.0127 1716 usbaudio - ok
20:41:15.0144 1716 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:41:15.0145 1716 usbccgp - ok
20:41:15.0170 1716 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:41:15.0171 1716 usbcir - ok
20:41:15.0188 1716 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:41:15.0189 1716 usbehci - ok
20:41:15.0205 1716 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:41:15.0206 1716 usbhub - ok
20:41:15.0229 1716 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:41:15.0230 1716 usbohci - ok
20:41:15.0240 1716 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:41:15.0241 1716 usbprint - ok
20:41:15.0255 1716 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:41:15.0256 1716 USBSTOR - ok
20:41:15.0270 1716 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:41:15.0270 1716 usbuhci - ok
20:41:15.0283 1716 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:41:15.0284 1716 UxSms - ok
20:41:15.0287 1716 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:41:15.0288 1716 VaultSvc - ok
20:41:15.0298 1716 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:41:15.0298 1716 vdrvroot - ok
20:41:15.0312 1716 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:41:15.0315 1716 vds - ok
20:41:15.0326 1716 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:41:15.0327 1716 vga - ok
20:41:15.0330 1716 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:41:15.0331 1716 VgaSave - ok
20:41:15.0335 1716 VGPU - ok
20:41:15.0348 1716 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:41:15.0350 1716 vhdmp - ok
20:41:15.0363 1716 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:41:15.0363 1716 viaide - ok
20:41:15.0382 1716 [ D7D9E7C0C64350259C355EFE37AD9CE6 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
20:41:15.0383 1716 VirtuWDDM - ok
20:41:15.0408 1716 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:41:15.0409 1716 vmbus - ok
20:41:15.0420 1716 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:41:15.0420 1716 VMBusHID - ok
20:41:15.0431 1716 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:41:15.0431 1716 volmgr - ok
20:41:15.0444 1716 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:41:15.0446 1716 volmgrx - ok
20:41:15.0464 1716 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:41:15.0466 1716 volsnap - ok
20:41:15.0481 1716 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:41:15.0482 1716 vsmraid - ok
20:41:15.0527 1716 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:41:15.0535 1716 VSS - ok
20:41:15.0548 1716 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:41:15.0549 1716 vwifibus - ok
20:41:15.0568 1716 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:41:15.0569 1716 vwififlt - ok
20:41:15.0580 1716 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:41:15.0582 1716 W32Time - ok
20:41:15.0604 1716 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:41:15.0605 1716 WacomPen - ok
20:41:15.0626 1716 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:41:15.0627 1716 WANARP - ok
20:41:15.0640 1716 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:41:15.0641 1716 Wanarpv6 - ok
20:41:15.0674 1716 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:41:15.0681 1716 WatAdminSvc - ok
20:41:15.0711 1716 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:41:15.0718 1716 wbengine - ok
20:41:15.0735 1716 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:41:15.0737 1716 WbioSrvc - ok
20:41:15.0754 1716 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:41:15.0757 1716 wcncsvc - ok
20:41:15.0762 1716 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:41:15.0764 1716 WcsPlugInService - ok
20:41:15.0778 1716 [ 49496A86C042A681A81E1002412BED3E ] WCUService C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe
20:41:15.0780 1716 WCUService - ok
20:41:15.0783 1716 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:41:15.0784 1716 Wd - ok
20:41:15.0800 1716 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:41:15.0803 1716 Wdf01000 - ok
20:41:15.0815 1716 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:41:15.0816 1716 WdiServiceHost - ok
20:41:15.0819 1716 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:41:15.0821 1716 WdiSystemHost - ok
20:41:15.0833 1716 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:41:15.0835 1716 WebClient - ok
20:41:15.0846 1716 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:41:15.0848 1716 Wecsvc - ok
20:41:15.0860 1716 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:41:15.0862 1716 wercplsupport - ok
20:41:15.0874 1716 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:41:15.0876 1716 WerSvc - ok
20:41:15.0883 1716 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:41:15.0883 1716 WfpLwf - ok
20:41:15.0896 1716 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:41:15.0896 1716 WIMMount - ok
20:41:15.0903 1716 WinDefend - ok
20:41:15.0908 1716 WinHttpAutoProxySvc - ok
20:41:15.0946 1716 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:41:15.0947 1716 Winmgmt - ok
20:41:15.0980 1716 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:41:15.0989 1716 WinRM - ok
20:41:16.0041 1716 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:41:16.0041 1716 WinUSB - ok
20:41:16.0066 1716 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:41:16.0071 1716 Wlansvc - ok
20:41:16.0080 1716 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:41:16.0081 1716 WmiAcpi - ok
20:41:16.0111 1716 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:41:16.0113 1716 wmiApSrv - ok
20:41:16.0128 1716 WMPNetworkSvc - ok
20:41:16.0211 1716 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
20:41:16.0213 1716 WMZuneComm - ok
20:41:16.0229 1716 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:41:16.0231 1716 WPCSvc - ok
20:41:16.0244 1716 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:41:16.0246 1716 WPDBusEnum - ok
20:41:16.0268 1716 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:41:16.0269 1716 ws2ifsl - ok
20:41:16.0291 1716 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:41:16.0293 1716 wscsvc - ok
20:41:16.0296 1716 WSearch - ok
20:41:16.0352 1716 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:41:16.0363 1716 wuauserv - ok
20:41:16.0372 1716 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:41:16.0372 1716 WudfPf - ok
20:41:16.0404 1716 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:41:16.0405 1716 WUDFRd - ok
20:41:16.0414 1716 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:41:16.0416 1716 wudfsvc - ok
20:41:16.0425 1716 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:41:16.0428 1716 WwanSvc - ok
20:41:16.0596 1716 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
20:41:16.0632 1716 ZuneNetworkSvc - ok
20:41:16.0675 1716 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:41:16.0677 1716 ZuneWlanCfgSvc - ok
20:41:16.0680 1716 ================ Scan global ===============================
20:41:16.0697 1716 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:41:16.0719 1716 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:41:16.0724 1716 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:41:16.0750 1716 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:41:16.0775 1716 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:41:16.0777 1716 [Global] - ok
20:41:16.0777 1716 ================ Scan MBR ==================================
20:41:16.0789 1716 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:41:17.0050 1716 \Device\Harddisk0\DR0 - ok
20:41:17.0050 1716 ================ Scan VBR ==================================
20:41:17.0052 1716 [ A1A435A4111DB918145A4501C6024513 ] \Device\Harddisk0\DR0\Partition1
20:41:17.0053 1716 \Device\Harddisk0\DR0\Partition1 - ok
20:41:17.0060 1716 [ 01331138859709DFC764D8E6D8405907 ] \Device\Harddisk0\DR0\Partition2
20:41:17.0061 1716 \Device\Harddisk0\DR0\Partition2 - ok
20:41:17.0062 1716 ============================================================
20:41:17.0062 1716 Scan finished
20:41:17.0062 1716 ============================================================
20:41:17.0069 2952 Detected object count: 0
20:41:17.0069 2952 Actual detected object count: 0

aswMBR log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-09 20:42:37
-----------------------------
20:42:37.214 OS Version: Windows x64 6.1.7601 Service Pack 1
20:42:37.215 Number of processors: 4 586 0x2A07
20:42:37.215 ComputerName: COREY-PC UserName: Corey
20:42:38.883 Initialize success
20:43:24.142 AVAST engine defs: 12100901
20:43:45.443 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:43:45.448 Disk 0 Vendor: WDC_WD1001FALS-00Y6A0 05.01D05 Size: 953869MB BusType: 3
20:43:45.461 Disk 0 MBR read successfully
20:43:45.463 Disk 0 MBR scan
20:43:45.466 Disk 0 Windows 7 default MBR code
20:43:45.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:43:45.491 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:43:45.531 Disk 0 scanning C:\Windows\system32\drivers
20:43:54.435 Service scanning
20:44:14.013 Modules scanning
20:44:14.019 Disk 0 trace - called modules:
20:44:14.027 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:44:14.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db9060]
20:44:14.357 3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> [0xfffffa8007b11520]
20:44:14.360 5 ACPI.sys[fffff88000f867a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b03060]
20:44:16.131 AVAST engine scan C:\Windows
20:44:19.745 AVAST engine scan C:\Windows\system32
20:47:00.891 AVAST engine scan C:\Windows\system32\drivers
20:47:14.019 AVAST engine scan C:\Users\Corey
20:50:51.700 Disk 0 MBR has been saved successfully to "C:\Users\Corey\Desktop\MBR.dat"
20:50:51.733 The log file has been saved successfully to "C:\Users\Corey\Desktop\aswMBR.txt"
  • 0

#6
gringo_pr
Posted 09 October 2012 - 07:42 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
gringo_pr
Posted 11 October 2012 - 11:08 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#8
gringo_pr
Posted 14 October 2012 - 10:08 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#9
gringo_pr
Posted 18 October 2012 - 06:20 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP